CommentLuv Premium will soon use IonCube

I am the creator of CommentLuv Premium
You can get your own content published on this site as long as you have CommentLuv installed on your site.

Doing so means you get exposure to thousands and thousands of other CommentLuv users and your posts get sent out to the massive subscriber list.

Google loves this site and indexes it multiple times per day and posts always get lots of comments so you can be sure of some excellent exposure.

See the Write For Us page for more details

btw.. you can get this author box here

no piracy

Some things are changing … soon

I was supposed to be on the new payment model for CommentLuv Premium by now.

but I couldn’t for 2 reasons…

1. health reasons are the main cause

and also,

2. I bought a house!

combine 1 and 2 and you have a recipe for arrrrggghh!

First thing to change…

Before I move everything to a new payment model with 6 monthly subscription for updates (and some really nice extras) I have to set the plugin security to use ionCube

If you don’t know, ionCube is a way to encode a php file so it can’t be reverse engineered or nulled.

You have to have the ioncube loader installed to your server but luckily, almost all decent hosting has it already.

hostgator hosting has it

rackspace does too

and many others

I tried obfuscation of the code and that works up to a point but once it has been cracked, it’s basically game over unless you want to spend ages sending out DMCA notices (which I’ve done before – successfully)


I know it wont be popular with a few people.

mainly those with cheap and nasty hosting or self built or co-located servers where there was no need for the owner to install php with ioncube included.

thankfully I’ve been monitoring CommentLuv Premium stat checks for the past month and a half and the number of sites without ioncube is very small

although, in most cases where ioncube isn’t installed – it can be!

it’s not a security risk and it doesn’t tax the server resources so there’s no reason why a hosting provider can’t install it to someones hosting.


When the new payment model comes in, I want to try some free trial packages


also monthly subscription based payment systems instead of the one big lump sum

having unprotected code with these types of systems is not good if someone cracks it and it goes out on blackhat forums

trust me, I monitor those forums and it constantly surprises me at how quick something appears as nulled so soon after it was released.

I have issued DMCA warnings to some sites and gotten commentluv taken off and added to the ‘don’t crack’ list

but for the time it is up it hurts for two reasons..

1. it means lost money!

2. more than money lost, it is dangerous because cracked or nulled versions can’t get updated and any bugs or worse, vulnerabilities, wont get patched.

the nulled version of commentluv that is going around has a serious security problem.

I managed to fix it very quickly in the legitimate version but the nulled one still has the bug and no chance of getting it patched because, well, it’s an illegal copied version. (btw…no legitimate customer has the bugged version)

(it’s a pretty serious bug too so if you have a nulled version, expect to get your site owned by a hacker soon)


First thing that I need to do is update the plugin and auto update system to not allow updating to a version that has IonCube encoded files if the server doesn’t have the extension installed

then I have to make sure that any auto updates from old versions that don’t send the IonCube status of the server to download the non-ioncube version first.

this is something I have been thinking about for quite a while and I’m pretty sure I know what to do so it is as smooth as possible to transition to the new code


the work starts after the weekend… (if my hands and eyes are working properly) <- health issues!

I’ll be sure to get some knowledgebase articles ready before it gets implemented..


  1. Twitter:
    Hey Andy, Hope you’re doing better bud. Here’s my Q. will the new ioncube version be coded in php 5.2 or php 5.3? because i’m on 5.3, and if CL is coded in 5.2, the new version may not work for me.
    vanita recently posted..Bounce Rate Defined Series: Your Irrelevant SEOMy Profile

  2. You’re pretty right about the nulled versions. i don’t know why there’s always someone who’s willing to leak out something which he purchased with his own money.. just for the sake to generate more traffic and in-turn earn more revenue? Seems you’re taking a right step.. If the code can’t be reverse engineered, maybe you’ll see some increased conversations as every willing user will have to purchase it as nothing will be found at BlackHat forums.
    But, there’s also truth behind the fact that some people (usually beginners) can’t really afford a paid plugin. So just a suggestion if you can also start offering some other ways to purchase (paid surveys or whatever).. Anyways, the Trial Package is a thought in the right direction
    Good Luck with the plugin :)

    • Yes there is a fine line between protection and usability, I think perhaps I might go another way altogether at least until php 5.3 is required by WordPress

      And good idea about offering different ways to pay, I’ll see what I can come up with

  3. Twitter:
    Congres on your health! It’s good to hear that existing member won’t need to get charged for monthly subscription. I’m so glad I have purchased commentluv :D
    Winson Yeung recently posted..How To Get A Google Adwords Promotional CodeMy Profile

  4. Sorry to hear about your bad health – hope you feel better xx

  5. Twitter:
    Thanks! Its really a good article. Also i didn’t know about the disadvantages of using nulled plugins.
    Nitin recently posted..Best Tools to check for Hacked WordPress Themes!My Profile

  6. Twitter:
    I understand the need to use Ioncube, but I remember having to install this on my server for a Joomla component I bought a couple of years ago and it was quite a pain. Don’t understand why people use nulled scripts as most of them are infected with malware. Why jeopardize your site’s safety?
    Samantha recently posted..401(k) vs IRAMy Profile

  7. Twitter:
    Good one any.. waiting to see it.. hope you release it soon…. !!
    Gautam recently posted..How To Download WhatsApp For Pc+InstallationMy Profile

Speak Your Mind


CommentLuv badge