There are a variety of obfuscation tools that make you source code hard to understand yet still have the same exact functionality. [I make one of these; see my bio].

Using any of them, you can work in the original cleartext form of your source at your development site. You can obfuscate the cleartext to produce the protected version which is then deployed. This means that people with unlimited access to the deployed server only see the obfuscated text, which makes the code very hard to understand.

Of course, you should test the obfuscated version at your development site before deploying it, to make sure the obfuscator didn't break something (or more likely, that you have misconfigured the obfuscator).

It isn't ideal; determined opponents with enough effort can probably reverse-engineer your code. Usually it is enough to discourage them and that's all you need.

Regarding encrypters: these are a very bad idea, because they include the logic to decrypt the source code. So if you deploy encrypted versions of your code, your opponent can use the decrypter you must also supply to get to the cleartext of your program pretty much trivially.

Unless the attacker is explicitly in your server, you don't need to worry about your PHP code because whatever webserver you’re using will parse and run the PHP code previously to sending it outside, so an attacker will not know the code being executed.

However, if you're worried about the data that might be transferred between your server and a client, I recommend using SSL/TLS in order to encrypt any data between your server and your clients - This should be secure enough so your server will stay safe.