About
Modern tools for a problem nobody updated
The problem
PHP runs an outsize share of the web, and a lot of that PHP is commercial — plugins, themes, internal tools, vertical SaaS. Protecting that code matters. The tools available to do it haven't kept up. Most still ship AES-CTR (no authentication), bolt the license system on as an extra purchase, and refuse to give you your source back. We thought that was worth fixing.
Our approach
Oxrion is built on AES-128-GCM and RSA-2048, with a file format designed so visibility metadata can't be tampered with. The encoder and loader are split deliberately — production servers run a free, minimal loader; the paid encoder lives only on developer machines. The license system is included with every paid tier. None of these are unusual choices on their own; together, they're a meaningful step forward.
Our promise
Developer-first. No lock-in: every file you encrypt can be decrypted back to source with your private key. Documentation that tells you what's actually happening. Support that doesn't gatekeep behind a sales call. Pricing that scales with usage, not seats. If we ever shut down, the loader stays open and the encrypted format stays documented — your customers don't get stranded.
Where we're going
Next on the roadmap: an online license server for centralized revocation, a polished PHAR loader for hosts without extension support, and eventually similar protection for other languages our community asks for. We build in public on GitHub — issues and feature requests are read and replied to.
Try it on a small project first
The free tier exists for exactly this. Encrypt something real, see how it feels.