In WhiteSource's report “Total Known Open Source Vulnerabilities Per Language,” PHP is ranked second after C, with 17 percent of all reported vulnerabilities in the last ten years. One of the disadvantages of PHP-based applications is it built without being compiled into machine language instructions. Web servers process the plain source code; consequently, hijackers can easily change, replicate, or redistribute source code without the developer's approval. Obfuscation is one of the solutions to this problem. This paper aims to add layout obfuscation to the former obfuscation approach to improve security. For the first time, a layout obfuscation technique was combined with an AES-256 encryption algorithm. The Design Research Methodology will be used in this paper. In addition, performance tests, functional tests, obfuscated file sizes, and security tests will be performed on the implementation results. The test results imply that the PHP Extension produced in this paper can run according to the designed functional and non-functional requirements.