Skip to content
Oxrion

Oxrion v2

Modern PHP code protection

An ionCube alternative built with current cryptography. Encrypt PHP files in the cloud or self-host. Authenticated, tamper-proof, two-way.

Try Cloud free View pricing
app.php 
<?php
function calculate($user) {
  return $user->balance * 1.18;
}
Encrypt
app.php protected 
<?php @oxrion;
b64:7yJk2H5aMqW8PfX3vRtGcLbY9NwUzD1eK0iA
S3Vp/oQjLmRxZ4hC7nE8aBdF6gHkM2vWyT5sP1uX
9JqI=:gcm:tag:eyJ2IjoxLCJlbmMiOiJBMTI4R0NN

Designed for the way modern PHP teams ship

AES-128-GCM

Authenticated encryption

RSA-2048

Key envelope

PHP 7.4–8.4

All current versions

Linux + Win

NTS and TS builds

Two products

Pick the one that fits how you ship

Cloud is fastest to start with. Encoder is for teams that need code never to leave their machines. Both produce files that run on the same free loader.

Oxrion Cloud

Encrypt PHP files in the cloud — no installation, no setup.

  • Web UI and REST API
  • Free tier with 10 files/day
  • Same encryption as paid plans
  • Best for solo developers
Learn more

Oxrion Encoder

Self-hosted

Self-hosted PHP extension. Encrypt locally — code never leaves your machine.

  • PHP extension (.so / .dll)
  • License system included
  • CI/CD friendly
  • Best for agencies and teams
Learn more

Built differently

Features that older encoders skipped

Six things you'll notice immediately. The rest live in the docs.

Modern AES-GCM encryption

Authenticated encryption with built-in tamper detection. Most PHP encoders still ship AES-CTR — a generation behind.

Tamper-proof files

Modified bytes are rejected on load. GCM authentication tags catch any change, even a single flipped bit.

Encrypt and decrypt

Recover original sources anytime with your private key. Most competitors are one-way — Oxrion isn't.

License system included

Domain binding, expiry dates, per-customer licenses. Built in. Other tools sell this separately.

Public vs private files

Visibility is sealed inside the encrypted file itself. Public runs anywhere. Private requires a license.

Encoder / loader split

The loader is free and minimal — production servers only need that. The encoder lives on developer machines.

How it works

Three steps, end to end

  1. Step 01

    Encrypt

    Upload your PHP files via web UI, API, or the self-hosted encoder. AES-128-GCM seals each file with a random key.

  2. Step 02

    Distribute

    Ship encrypted files to your customers. Optionally generate per-customer licenses bound to a domain or expiry.

  3. Step 03

    Run

    Customers install the free loader. PHP runs the encrypted files transparently — OPcache and all.

Why Oxrion

A fresh approach to a tired problem

Modern crypto

AES-GCM gives you authenticated encryption. Tampered files fail to load — instantly, not silently. Most legacy tools don't.

No lock-in

Two-way by design. With your private key you can recover every file you've encrypted. We don't hold your code hostage.

Fair pricing

$5 to start. Free tier is real, not a teaser. The license system everyone else upsells is included from day one.

Questions

Frequently asked questions

Can't find what you're looking for? Reach out — we read every message.

  • How is Oxrion different from ionCube or Zend Guard?

    Oxrion uses AES-128-GCM with built-in tamper detection — most older encoders still use AES-CTR. We also include a license system at no extra cost, and we let you decrypt your own files back to source whenever you need them.

  • Will my encrypted files run on shared hosting?

    Yes, in two ways. If your host allows installing PHP extensions, drop in the free oxrion_loader. If they don't, use the PHAR loader — a single file that works on any PHP 7.4+ environment.

  • Can I get my source code back?

    Yes. Oxrion is two-way: with your private key, you can decrypt any file you encrypted. No vendor lock-in.

  • Do I need to keep the encoder on my production server?

    No. Production servers only need the free loader. The encoder is for developer machines and CI runners — that's the point of the split.

  • Can I switch between Cloud and Encoder?

    Yes. Both produce the same file format — anything you encrypt with one runs under the same loader, regardless of which product made it.

  • Do you offer refunds?

    Yes. Within 14 days of your first payment, contact us and we'll refund. Lemon Squeezy handles the transaction directly.

Get started in minutes

No credit card required. Free plan ships with the same crypto as paid plans.

Try Cloud free View pricing