Fiveium PHPSecPHP Protection Platform
PHPSec documentation

Protect, package, and deploy PHP applications.

This guide covers the customer workflow: selecting a compatible loader, installing it on the destination server, encoding an application, applying protection policies, and verifying the protected release.

Use PHPSec only for applications you own or are authorized to protect.

1. Choose the correct loader

The loader must match the PHP major and minor version, module API, thread-safety mode, CPU architecture, and operating-system ABI.

php -v
php -i | grep -E 'PHP API|Thread Safety|extension_dir'
uname -m
cat /etc/os-release

2. Install the PHPSec loader

tar -xzf fiveium-phpsec-loader-*.tar.gz
php-config --extension-dir
sudo install -m 0755 phpsec.so "$(php-config --extension-dir)/phpsec.so"
echo 'extension=phpsec.so' | sudo tee /etc/php.d/99-phpsec.ini

Restart the PHP service used by the website and clear OPcache. CLI and PHP-FPM can use different configuration directories.

3. cPanel EA-PHP 8.2 example

/opt/cpanel/ea-php82/root/usr/bin/php-config --extension-dir
sudo install -m 0755 phpsec.so "$(/opt/cpanel/ea-php82/root/usr/bin/php-config --extension-dir)/phpsec.so"
echo 'extension=phpsec.so' | sudo tee /opt/cpanel/ea-php82/root/etc/php.d/99-phpsec.ini
sudo /usr/local/cpanel/scripts/restartsrv_apache_php_fpm --hard
sudo /usr/local/cpanel/scripts/restartsrv_httpd

4. Verify activation

php -r 'var_dump(extension_loaded("phpsec"));'
php -r 'var_dump(function_exists("phpsec_s"));'

Repeat the checks with the exact PHP binary used by the target domain.

5. Encode a file or project

  1. Sign in to PHPSec Encoder Studio.
  2. Choose single-file or ZIP-project encoding.
  3. Upload the application.
  4. Configure product and licensing details.
  5. Start the encoding job.
  6. Download the protected output when processing completes.

6. Configure the protection policy

Available options can include the product name, customer identifier, authorized domains, expiry date, command-line permission, project profile, and file exclusions.

Test the selected policy in a staging environment before delivering a production release.

7. Deploy the protected application

Install the compatible loader first, upload the protected release, confirm file ownership and permissions, then test the application through the same PHP SAPI used in production.

8. Troubleshooting

PHP fails after enabling the extension

Disable the PHPSec ini line, then confirm that the loader matches the exact PHP API, NTS/ZTS mode, architecture, and operating system.

CLI works but the website does not

Enable the extension in the PHP-FPM or web-server ini scan directory and restart the correct service.

The application reports a licensing error

Confirm the licensed domain, expiry date, server clock, and command-line policy.

The loader is active but a file does not run

Confirm that the file was encoded for the installed PHPSec release and re-download the protected package if integrity checks fail.