Why It Won’t Work And Hurts You Instead

Every now and then, the question about how to encrypt HTML source code pop into my inbox. People want to do it for many reasons. Some have had their designs ripped off by other people, others don’t want people to know what they are doing in the backend and lot’s more. Regardless what your reasons are, I’m afraid I’ll have to burst your bubble. The simple fact is, you can’t hide your code completely. Allow me to explain.

It really depends who are trying to hide your code from. If you are hiding from web or technologically savvy people, you’re just wasting your time. If it’s a newbie trying to learn how to spy on your keywords and stuff like that, then you’ll probably be successful. But often, you won’t know which end of the spectrum people come from. Most casual website visitors won’t bother to view your source code because they have no reason to. So, hiding your code may just be an extra and unnecessary to do to add on your list.

The other important thing you should know is, many so called code protectors use Javascript to hide the source. Almost all use terms like “encrypt html source code” but in effect it’s not encryption in the real sense, merely masking it or re-writing the code so that humans might not make sense of it but machines can. Many such encryption strategies are very easily decoded and you don’t even need to be a programmer. Just spend a few minutes searching for HTML decryption and you’ll find several tools you can use for free. But that is not the biggest bummer.

For users of Firefox, there is a free webmaster’s tools extension. One of the features is the ability to view generated source code. That means it will show you the source code after the page is processed by the browser. So, an encrypted source code will display in unencrypted form. In the end, all your efforts would be in vain. If you’re confused how this works exactly, I’ve created a quick video, Encrypt HTML Source Code Myth, showing you how easy it is to view a page that is supposed to be protected by tools that cost as much as $50.

What about including an external page with SSI, PHP or Javascript?
On the surface it could work, but someone could still view those pages by visiting them directly. Besides, using the Firefox extension mentioned earlier, you’ll still be betrayed with one click. Or, someone could always view the cached version of your web page and still be able to see the full source code.

The SEO Effect
If you didn’t already know it, search engine bots can’t read Javascript. If you encrypt the whole page with these tools, the bot sees nothing and will not index your page because to them there is nothing to index. If you choose to do part of it, then you stand a better chance with search engine optimization but what if the part you want to encrypt contains keywords that could help your rankings? Now you have a new problem that will probably do you more damage than having someone see your source code.

Knowing all this, should you still encrypt your HTML source code? If you asked me as your advisor, I’d say your time would be better spent learning and applying good internet marketing techniques, logical and long term search engine optimization and keep creating content. If someone is going to rip you off, they will rip you off regardless. Also, a lot of times, these methods employ “No right click” techniques that are completely irritating to legitimate web site visitors because the right click menu could contain shortcuts to applications on their computers. There are some battles not worth fighting; this is one of them.