PHP is handled server-side. You don’t need to worry about that 😛
HTML is client side and can’t be obfuscated because the client won’t be able to read it.
As for JS, I would recommend something like this.
EDIT: As for seeing if the code is running on an okay domain, use window.location.href in your javascript to check if the URL contains your home URL name. If it doesn’t, cease loading the page.