Solution:
- If you encode it with ZendGuard or ionCube, it can’t be modified but will not be GPL friendly so make sure you’re OK with that. Plus it’ll need a runtime installed on server.
- If you ship it plain source, it can be edited and the whole self-verification part can be removed or any obfuscation you do can be reversed.
Scripting languages can’t be properly protected, software either.