How do you secure you php app?

I have developed a complex and useful PHP app for my local market using Laravel 4,5,5.1, the app doesn’t even need to run “online” its designed for local use. After almost a year and half of development by myself I’m ready to “sell” the license to “use” my app.

What I’m thinking in doing is:

1-Sell it as SSaS on my own hosted server.
2-When the app needs to be hosted locally, I will deliver the physical server with no access whatsoever other than http and the harddrive encrypted in case someone wants to take it apart.

My question is: Are those two methods secure enough? how do seasoned programmers protect their PHP code? i really don’t want to waste 1.5 years of hard work by someone just stealing my code.

BTW, the law on my country sucks, so it will be more expensive to seek legal action after someone has “already” stolen my code.

Depending on how the databases are set , I would just use a subscription model. Start it small and grow your hardware side as you need it to scale, I’m betting you can’t to a dedicated or cloud server, yet.

You can use obfuscation, but it can still be pulled apart. If they have the code you loose the control.

Here in the “States”, everything is online. You could redesign your “app” which sounds like just a PHP
program, not really an app, so that it uses your server. Then, they would need a subscription to your
server and pay you a small fee each month. Giving them the code makes it easy for them to alter it or
even improve it and therefore take it away from you. Either way, you need to price it so that you can
earn your 1.5 years of income from it.

Curious on why someone would need an online system and sometimes a local one…