options can be
: 1) do not give the source code without full payment (show the working version at home - it turns out not to check the code)
2) ask for an advance payment (or if the project is large, pay in installments)
3) do not take on the project

Prepayment (30-40% before the start of development) and work in stages (done, shown on your server, received payment, do it further).

There will be risk anyway. Moreover, it is very important to understand that it is not you who are at risk, but also the customer. Moreover, he is probably even stronger than you - (you only pay for the time, and he pays you, other developers, maybe he is already running around - he promotes the project, and if you suddenly go into a binge or just decide to know nirvana and go to live in Mongolia - then he will actually lose all investments (not only paid to you) and a lot of time.
I use staged payment. We agree on milestones (milestones), and it is important to quickly pass the first milestone, according to which the customer sees at least some result of the work, and you receive some kind of modest payment. Most projects, no matter how well documented, no matter how detailed technical specifications are, still depend heavily on the programmer. Therefore, if the downloader has already paid you something, at least a little bit, you already know that he is ready to pay, and you know that it is not profitable for him to leave you (he needs you more than you need him).
I have a “bonus fund” scheme with some customers, when I regularly receive money from them, but not completely, some share goes to the bonus fund. This is my already earned money, which is kept by the customer. If I disappear from the project halfway through, this is compensation for him to change the programmer (well, for me, the motivation to work further). If everything goes right, then when I reach some milestone (released beta version or released a draft version that at least somehow does some important function), I get this bonus fund.
According to this scheme, there are no technical extra troubles (as with logic bombs or code encryption, etc.), the risk is only in the amount of work per day or week (achieving the first milestone / first payment). And the customer at the same time feels protected, which is also important.

You can use Zend Guard, ionCube or other code obfuscation software, embed a check for the current time in the code, which is taken from the client’s request to make it impossible to translate on the server, set a time limit for several days, give this option until full payment, transfer after payment sources. All this is written quite simply and quickly, and no one has canceled the above options. It is only important that the cost of removing protection is less than the cost of the project =)

If your reputation allows, it is best to work on an advance payment (in extreme cases, 50%) or use the secure transaction service.
Well, as mentioned above - do not give the source until full payment from the customer.

use logic bombs... after payment deactivate it...

Use the mechanisms of legal protection, that is, a contract, it is desirable that a lawyer draw up / check, although our legislation is bad, but nonetheless.

I use the secure transactions service at weblancer.net (I only work there).
Less often, prepaid.
Even less often, I just show the result on my hosting, then I receive money, then I send the source code.
If you use SVN and the customer has access to it, only the first 2 options will do, or a paper contract.

as an option - the contract. But only if there is an IP. There are no individual entrepreneurs or legal entities. face - they can easily run into that you work without a license. If there is an individual entrepreneur - and the contract was drawn up correctly and executed legally correctly - then in case of violation, immediately go to court.
As another option, before giving the project to the customer, you must receive an advance payment no less than the cost of labor costs.
After the return, you get the amount, which is already a net profit from the total cost of the project. Even if smart scammers throw you, you won’t find yourself in a minus in this case.

For me, it doesn’t make sense for a lone freelancer to bother and spend time and money on “safe” ways of working. How much they threw me for 5 years of work is not worth the time spent, although out of context the amount is rather big.
I do not require an advance payment, although it is more convenient for me to work in stages and the customer immediately sees and can do or change something. I don’t take on a big job right away, because it’s important for me to trust people, and trust doesn’t come right away.

I always upload to a test domain, the customer walked around the site and the admin panel. Then I paid and I sent him the site or raised it on his server.
Usually, with this method, customers pay without fear, since it makes no sense for you not to give back the site you have made.