html to php conversion for protection

[universal4]

Dan brought up a question that I first denied is possible but now I question if I skewed the original test reults.
https://www.gpwa.org/forum/attention...tml#post781461


The question, if I am understanding it properly is:

Can you simply change html content to php pages in order to stop anyone from mirroring the pages.

My first though is, that would not be enough and to prove that I took an html page, copied and renamed it to php and looked at both pages and could see all content, so I think you could still mirror the page.

However, my test may have been somewhat flawed.

I did a straight copy, I did NOT change the html statement in the documment, the doc type or convert the page into true php.

In order to do that, I would have to add php brackets and change quote tags etc throughout the page to be php compliant.

It has been a while since I have built php pages from scratch, I have to think about this a little.

Rick
Universal4

[DanHorvat]

Since this is in the public thread I won't name the tools or websites used for testing, but I will discuss this with Rick over PMs.

Pure HTML sites are extremely vulnerable to mirroring as it's basically a matter of viewing the page source and copy/pasting everything, either manually or by using some tool.

I was hoping something as simple as translating everything to PHP would do the trick, but now I'm almost certain it won't.

Even if the website drew data from MySQL with PHP, all HTML output can still be mirrored.

[universal4]

I just replied again to the latest question, which pretty much proves the output can be taken quite easily.

Rick
Universal4

[DanHorvat]

Guys on StackOverflow said there's no solution, but I think they weren't creative enough.

What we're looking for here is the solution to make simple HTML sites as difficult to mirror as Wordpress sites.

So, what is it that makes Wordpress sites difficult to mirror?

[universal4]

Well,

The actual content that is shown is processed by the backend and echo'ed or shown coming out of the database. It is not simple content in html format, the wordpress processed the data and presents it in html form.

I guess we could try adding simple code in the html that restricts the "view source" option in browsers, but you and I both know ways around that one, as that would have only delayed my "proof of concept" with our private testing....lol

And, honestly, if someone wanted to put the time into it, they could steal a word press site's content, but it would be much more difficult so most thieves often just go after html since it's easier with automated tools.

If the content can be presented, and indexed, why wouldn't you be able to save and republish? (I don't advocate the above, but reality is it can be done although unethical and predominantly illegal)

Rick
Universal4


Edited to add disclaimer:
By the way, the testing Dan and I performed were utilizing our own pages, our own servers, and simple utilities. In fact I used nothing more than a browser and notepad for most of the "proof of concept" tests.

We did not publish links to our tests since we did not want active links to test pages etc, nor did we want to advertise what content we were pulling and republishing.

[DanHorvat]

Restricting text highlighting and right click sitewide is enough to take care of the simple thieves. And that's all you can do regarding the "View Source". Some joker on some forum advised people to use this: < body viewsource=no >

You can't clone a Wordpress site as far as I know, at least not without doing more work than the original designer has done.

People can steal your Wordpress HTML output and display it as a HTML page, but they won't have the full Wordpress functionality as they'd lose all links between output and WP, theme and WP, plugins...etc.

You can get the output of a file, but you can't get the source code of a PHP file unless you hack your way in. PHP is a server-side language and can't be read from anywhere else but the server. The entire internet is depending on this single feature.

So people don't mirror Wordpress sites, although they could, because in the process they lose the Wordpress functionality even though they got the same site output.

[TheGooner]

Indeed.

PHP does not send itself to the browser - it interacts with the server and sends echo / print output to the browser.
So you can't steal a PHP site - just a copy of the site output pushed to a browser - to a particular geo-location at a certain point in time.

e.g People could steal a copy of my german_football.php index page output right now (please don't - but you could).

It currently has links to the latest reviews, latest odds, and adverts specific to whomever is viewing it.
But all they are stealing is the html output from that page of code - that was required to be sent to the browser to display the information.

Within 5 minutes it's probably out of date.
Within a day it certainly is as reviews / odds / news / ads and links have all changed on the REAL page.

But if all the PHP does is echo static HTML commands to the browser that never changes ... then you can effectively steal the site.

[GCG]

there are lots of programs that mimic browsers and can steal the entire content html/php and WP driven, the layout and what links you have put on is not of interest for someone who wants to copy your page(s) like the hackers have done.

[DanHorvat]

My recommendation for all webmasters with static HTML websites would be to switch to Wordpress to protect themselves. (the irony)

The only HTML webmasters who are safe(r) are those who rely heavily on PHP and MySQL, though I've heard some horror stories as well.

There is not a single tool that can mirror a Wordpress website. WP has its own security issues, but these can be addressed - there ARE solutions for each and every one of them. For this HTML thing there is no solution and you're serving your entire content on a silver platter. It takes me maybe 2-3 minutes to mirror your entire site.

At some point you've got to do something about security, otherwise you'll learn the lesson the hard way.

[universal4]

The content itself can always be taken though. (call it what is echoed if you like)

If Google and any other engine can index the content, if a visitor can read the content, it can be scraped and taken.

Wordpress or any other cms does not stop this from taking place.

I do agree that security is a big concern, and that most cms's make it more difficult to "mirror" a site.

Rick
Universal4