I prefer base64 encoding using custom tables.
Then, if you want to hide the actual string from being seen in the decompilation process, then you can build it instead of declaring it.
Example:
PHP Code:
new const szString[] = "Exolent"
// build it:
new szString[8]
szString[0] = 0x45;
szString[1] = 0x78;
szString[2] = 0x6f;
szString[3] = 0x6c;
szString[4] = 0x65;
szString[5] = 0x6e;
szString[6] = 0x74;
Of course that wouldn't be hard to decompile if you knew how to decompile plugins.
That method is really only good for the people who don't know how to decompile and only look at the defined strings.
To trick the people who can decompile, you can get more fancy at building strings than the obvious way that I showed in the example.
Another method if you wanted to use sockets would be to access a PHP script on your website that would give a string result.
In that PHP script, you can check to see if the given IP address is allowed to access that string and if not then output a random different string.
There's a lot of things you can do to make it very complicated.
It just depends on what approach you want to take.
__________________