You are right, you can use Zend Encoder, Ion Cubeor something like Source Guardianto encrypt your source code.

你是对的，你可以使用Zend Encoder、Ion Cube或Source Guardian 之类的东西来加密你的源代码。

Its not really needed unless you are giving away your code and dont want people to steal it though.

它不是真的需要，除非你放弃你的代码并且不希望人们窃取它。

What is it about your server that you think its insecure?

您认为服务器不安全的地方是什么？

1. Periodically check the open ports on you server
2. Do not trust the data coming from the browser - verify it and validate it.
3. Periodically do an audit of the processes on your machine and who can access them
4. Only have files in the document root that should be accessible by the outside world. Include files etc should not exist here
5. Check the log files periodically to check for suspect access.
6. For PHP errors/warnings - find a mechanism that does not give the client (browser) any info what has gone wrong. Send that to yourself. This is true for MySql as well.

1. 定期检查服务器上的开放端口
2. 不要相信来自浏览器的数据 - 验证它并验证它。
3. 定期审核您机器上的进程以及谁可以访问它们
4. 文档根目录中只有可供外界访问的文件。此处不应存在包含文件等
5. 定期检查日志文件以检查可疑访问。
6. 对于 PHP 错误/警告 - 找到一种不会向客户端（浏览器）提供任何出错信息的机制。发给自己。MySql 也是如此。

If the file-system on your server has been compromised, then all is already lost. The best you can do is restrict folders, which are writable by web-server's user.

如果您服务器上的文件系统遭到破坏，那么一切都已经丢失。您能做的最好的事情是限制网络服务器用户可写的文件夹。

Also keep the application code outside the DOCUMENT_ROOT. Publicly available should only be the file you actually intend to show user, or which would not show any sensitive informations: like an index.php file which contains and include ../app/bootstrap.php.

还将应用程序代码保留在DOCUMENT_ROOT. 公开可用的应该只是您实际打算向用户显示的文件，或者不会显示任何敏感信息的文件：例如包含 和 的 index.php 文件include ../app/bootstrap.php。

You could use Zend Guard, but this would impact owner of the code. You might not be always the one maintaining it.

您可以使用Zend Guard，但这会影响代码的所有者。您可能并不总是维护它。