Is there any way to limit the visibility in PHP in the same way as "package" visibility works in Java or at least "friend" visibility in C++? What's the best practice to maintain large OOP project and not to let anyone use any part of code?

I use private and protected visibility as much as I can but sometimes it's not enough. I know about this request: https://bugs.php.net/bug.php?id=55331. Is there any progress in implementing such thing to PHP? Is there any workaround to protect your code (methods, class variables) from being accessed from anywhere?

As stated here:

No. You can set a variable after declaring a namespace, but variables will always exist in the global scope. They are never bound to namespaces. You can deduce that from the absence of any name resolution descriptions in http://www.php.net/manual/en/language.namespaces.faq.php

Until today there's no language construct to limit the visibility. But you can annotate your class with phpDocumentor's @internal:

The @internal tag can be used as counterpart of the @api tag, indicating that the associated Structural Elements are used purely for the internal workings of this piece of software.

It's up to the API user to follow that suggestion.