Hide My WP Ghost – Security Plugin - Version 4.0.08

Version Description

(13 Aug 2020 ) = * Update - WordPress Security Updates for WP 5.5 * Update - Compatibility with WPML * Update - Compatibility with the last versions of the popular plugins

Download this release

Release Info

Developer johndarrel
Plugin Icon 128x128 Hide My WP Ghost – Security Plugin
Version 4.0.08
Comparing to
See all releases

Code changes from version 4.0.09 to 4.0.08

Files changed (5) hide show
  1. classes/Tools.php +27 -33
  2. controllers/Rewrite.php +294 -322
  3. index.php +2 -2
  4. models/Compatibility.php +21 -21
  5. readme.txt +1 -6
classes/Tools.php CHANGED
@@ -657,10 +657,6 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
657
  public static function isApache() {
658
  global $is_apache;
659
 
660
- if ( self::isFlywheel() ) { //force Nginx on Flywheel server
661
- return false;
662
- }
663
-
664
  return $is_apache;
665
  }
666
 
@@ -685,20 +681,7 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
685
  * @return bool
686
  */
687
  public static function isLitespeed() {
688
- $litespeed = false;
689
- if ( isset( $_SERVER['SERVER_SOFTWARE'] ) && stristr( $_SERVER['SERVER_SOFTWARE'], 'LiteSpeed' ) !== false ) {
690
- $litespeed = true;
691
- } elseif ( isset( $_SERVER['SERVER_NAME'] ) && stristr( $_SERVER['SERVER_NAME'], 'LiteSpeed' ) !== false ) {
692
- $litespeed = true;
693
- } elseif ( isset( $_SERVER['X-Litespeed-Cache-Control'] ) ) {
694
- $litespeed = true;
695
- }
696
-
697
- if ( self::isFlywheel() ) {
698
- return false;
699
- }
700
-
701
- return $litespeed;
702
  }
703
 
704
  /**
@@ -723,7 +706,6 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
723
  return self::$is_multisite;
724
  }
725
 
726
-
727
  /**
728
  * Returns true if server is nginx
729
  *
@@ -732,10 +714,6 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
732
  public static function isNginx() {
733
  global $is_nginx;
734
 
735
- if ( self::isFlywheel() ) {
736
- return true;
737
- }
738
-
739
  return ( $is_nginx || ( isset( $_SERVER['SERVER_SOFTWARE'] ) && stristr( $_SERVER['SERVER_SOFTWARE'], 'nginx' ) !== false ) );
740
  }
741
 
@@ -766,16 +744,6 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
766
  return ( file_exists( ABSPATH . 'gd-config.php' ) );
767
  }
768
 
769
- /**
770
- * Returns true if server is Wpengine
771
- *
772
- * @return boolean
773
- */
774
- public static function isFlywheel() {
775
- return (isset( $_SERVER['SERVER_SOFTWARE'] ) && stristr( $_SERVER['SERVER_SOFTWARE'], 'Flywheel' ) !== false);
776
- }
777
-
778
-
779
  /**
780
  * Returns true if server is IIS
781
  *
@@ -944,6 +912,10 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
944
  rocket_clean_cache_busting();
945
  }
946
 
 
 
 
 
947
  if ( function_exists( 'opcache_reset' ) ) {
948
  // Remove all opcache if enabled
949
  opcache_reset();
@@ -1218,4 +1190,26 @@ class HMW_Classes_Tools extends HMW_Classes_FrontController {
1218
  return "text/plain";
1219
  }
1220
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1221
  }
657
  public static function isApache() {
658
  global $is_apache;
659
 
 
 
 
 
660
  return $is_apache;
661
  }
662
 
681
  * @return bool
682
  */
683
  public static function isLitespeed() {
684
+ return ( isset( $_SERVER['SERVER_SOFTWARE'] ) && stristr( $_SERVER['SERVER_SOFTWARE'], 'LiteSpeed' ) !== false );
 
 
 
 
 
 
 
 
 
 
 
 
 
685
  }
686
 
687
  /**
706
  return self::$is_multisite;
707
  }
708
 
 
709
  /**
710
  * Returns true if server is nginx
711
  *
714
  public static function isNginx() {
715
  global $is_nginx;
716
 
 
 
 
 
717
  return ( $is_nginx || ( isset( $_SERVER['SERVER_SOFTWARE'] ) && stristr( $_SERVER['SERVER_SOFTWARE'], 'nginx' ) !== false ) );
718
  }
719
 
744
  return ( file_exists( ABSPATH . 'gd-config.php' ) );
745
  }
746
 
 
 
 
 
 
 
 
 
 
 
747
  /**
748
  * Returns true if server is IIS
749
  *
912
  rocket_clean_cache_busting();
913
  }
914
 
915
+ if ( function_exists( 'rocket_purge_cloudflare' ) ) {
916
+ rocket_purge_cloudflare();
917
+ }
918
+
919
  if ( function_exists( 'opcache_reset' ) ) {
920
  // Remove all opcache if enabled
921
  opcache_reset();
1190
  return "text/plain";
1191
  }
1192
 
1193
+ /**
1194
+ * Return false on hooks
1195
+ *
1196
+ * @param string $param
1197
+ *
1198
+ * @return bool
1199
+ */
1200
+ public static function returnFalse( $param = null ) {
1201
+ return false;
1202
+ }
1203
+
1204
+ /**
1205
+ * Return true on hooks
1206
+ *
1207
+ * @param string $param
1208
+ *
1209
+ * @return bool
1210
+ */
1211
+ public static function returnTrue( $param = null ) {
1212
+ return true;
1213
+ }
1214
+
1215
  }
controllers/Rewrite.php CHANGED
@@ -1,329 +1,301 @@
1
  <?php
2
- defined( 'ABSPATH' ) || die( 'Cheatin\' uh?' );
3
 
4
  class HMW_Controllers_Rewrite extends HMW_Classes_FrontController {
5
 
6
- public function __construct() {
7
- parent::__construct();
8
-
9
- if ( defined( 'HMW_DISABLE' ) && HMW_DISABLE ) {
10
- return;
11
- }
12
-
13
- //Start the buffer only if priority is set
14
- if ( HMW_PRIORITY ) {
15
- $this->model->startBuffer();
16
- }
17
-
18
- //Init the main hooks
19
- $this->initHooks();
20
- }
21
-
22
- /**
23
- * Init the hooks for hide my wp
24
- */
25
- public function initHooks() {
26
- if ( HMW_Classes_Tools::isPermalinkStructure() ) {
27
- if ( HMW_Classes_Tools::isApache() && ! HMW_Classes_Tools::isModeRewrite() ) {
28
- return;
29
- }
30
-
31
- if ( ! HMW_Classes_Tools::getOption( 'error' ) && ! HMW_Classes_Tools::getOption( 'logout' ) ) {
32
- //rename the author if set so
33
- add_filter( 'author_rewrite_rules', array( $this->model, 'author_url' ), 99, 1 );
34
- }
35
-
36
- add_filter( 'query_vars', array( $this->model, 'addParams' ), 1, 1 );
37
- add_action( 'login_init', array( $this->model, 'login_init' ), 1 );
38
- add_filter( 'login_redirect', array( $this->model, 'sanitize_login_redirect' ), 9, 3 );
39
- add_filter( 'wp_redirect', array( $this->model, 'sanitize_redirect' ), PHP_INT_MAX, 2 );
40
- add_filter( 'wp_redirect', array( $this->model, 'loopCheck' ), PHP_INT_MAX, 1 );
41
-
42
- add_action( 'login_head', array( $this->model, 'login_head' ), PHP_INT_MAX );
43
- add_action( 'wp_logout', array( $this->model, 'wp_logout' ), PHP_INT_MAX );
44
-
45
- //change the admin url
46
- add_filter( 'lostpassword_url', array( $this->model, 'lostpassword_url' ), PHP_INT_MAX, 1 );
47
- add_filter( 'register', array( $this->model, 'register_url' ), PHP_INT_MAX, 1 );
48
- add_filter( 'login_url', array( $this->model, 'login_url' ), PHP_INT_MAX, 1 );
49
- add_filter( 'logout_url', array( $this->model, 'logout_url' ), PHP_INT_MAX, 2 );
50
- add_filter( 'admin_url', array( $this->model, 'admin_url' ), PHP_INT_MAX, 3 );
51
- add_filter( 'network_admin_url', array( $this->model, 'network_admin_url' ), PHP_INT_MAX, 3 );
52
- add_filter( 'site_url', array( $this->model, 'site_url' ), PHP_INT_MAX, 2 );
53
- add_filter( 'network_site_url', array( $this->model, 'site_url' ), PHP_INT_MAX, 3 );
54
- add_filter( 'wp_php_error_message', array( $this->model, 'replace_error_message' ), PHP_INT_MAX, 2 );
55
-
56
- //check and set the cookied for the modified urls
57
- HMW_Classes_ObjController::getClass( 'HMW_Models_Cookies' );
58
- //load the compatibility class
59
- HMW_Classes_ObjController::getClass( 'HMW_Models_Compatibility' );
60
- }
61
-
62
- //Load the PluginLoaded Hook
63
- add_action( 'plugins_loaded', array( $this, 'hookPreload' ), 1 );
64
- //just to make sure it called in case plugins_loaded is not triggered
65
- add_action( 'template_redirect', array( $this, 'hookPreload' ), 1 );
66
-
67
- //in case of broken URL, try to load it
68
- add_action( 'template_redirect', array(
69
- HMW_Classes_ObjController::getClass( 'HMW_Models_Files' ),
70
- 'checkBrokenFile'
71
- ), PHP_INT_MAX );
72
-
73
- }
74
-
75
-
76
- public function hookPreload() {
77
- //if plugin_loaded then remove template_redirect
78
- if ( ! did_action( 'template_redirect' ) ) {
79
- remove_action( 'template_redirect', array( $this, 'hookPreload' ), 1 );
80
- }
81
-
82
- include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
83
-
84
- //Make sure is permalink set up
85
- if ( HMW_Classes_Tools::isPermalinkStructure() ) {
86
- if ( HMW_Classes_Tools::isApache() && ! HMW_Classes_Tools::isModeRewrite() ) {
87
- return;
88
- }
89
-
90
- //Don't go further if the safe parameter is set
91
- if ( HMW_Classes_Tools::getIsset( HMW_Classes_Tools::getOption( 'hmw_disable_name' ) ) ) {
92
- if ( HMW_Classes_Tools::getValue( HMW_Classes_Tools::getOption( 'hmw_disable_name' ) ) == HMW_Classes_Tools::getOption( 'hmw_disable' ) ) {
93
- return;
94
- }
95
- }
96
-
97
- //Build the find_replace list
98
- $this->model->buildRedirect();
99
-
100
- //don't let to rename and hide the current paths if logout is required
101
- if ( HMW_Classes_Tools::getOption( 'error' ) || HMW_Classes_Tools::getOption( 'logout' ) ) {
102
- return;
103
- }
104
-
105
- //stop here is the option is default.
106
- //the prvious code is needed for settings change and validation
107
- if ( HMW_Classes_Tools::getOption( 'hmw_mode' ) == 'default' ) {
108
- return;
109
- }
110
-
111
- //Hide the paths in ajax
112
- if ( HMW_Classes_Tools::isAjax() ) {
113
- $this->model->startBuffer();
114
-
115
- //hide the URLs from admin and login
116
- add_action( 'init', array( $this->model, 'hideUrls' ), 99 );
117
-
118
- return;
119
- }
120
-
121
- //Check Compatibilities with ther plugins
122
- HMW_Classes_ObjController::getClass( 'HMW_Models_Compatibility' )->checkCompatibility();
123
-
124
- //Start the Buffer if not late loading
125
- $hmw_laterload = apply_filters( 'hmw_laterload', HMW_Classes_Tools::getOption( 'hmw_laterload' ) );
126
-
127
- //check lateload
128
- if ( $hmw_laterload && ! did_action( 'template_redirect' ) ) {
129
- add_action( 'template_redirect', array( $this->model, 'startBuffer' ), PHP_INT_MAX );
130
- } else {
131
- //start the buffer now
132
- $this->model->startBuffer();
133
- }
134
-
135
- //Check the buffer on shutdown
136
- if ( HMW_Classes_Tools::getOption( 'hmw_shutdown_load' ) ) {
137
- add_action( 'shutdown', array( $this->model, 'shutDownBuffer' ), 0 );
138
- }
139
-
140
- //hide the URLs from admin and login
141
- add_action( 'init', array( $this->model, 'hideUrls' ), 99 );
142
-
143
- //hide headers added by plugins
144
- add_action( 'template_redirect', array( $this->model, 'hideHeaders' ), PHP_INT_MAX );
145
-
146
- if ( ! is_admin() ) {
147
- if ( HMW_Classes_Tools::getOption( 'hmw_hide_version' ) ) {
148
- add_filter( 'the_generator', '__return_false', 99, 1 );
149
- remove_action( 'wp_head', 'wp_generator' );
150
- remove_action( 'wp_head', 'wp_resource_hints', 2 );
151
- }
152
-
153
- if ( HMW_Classes_Tools::getOption( 'hmw_disable_emojicons' ) ) {
154
- //disable the emoji icons
155
- $this->disable_emojicons();
156
- }
157
-
158
- if ( HMW_Classes_Tools::getOption( 'hmw_disable_rest_api' ) ) {
159
- //disable the rest_api
160
- if ( ! HMW_Classes_Tools::isPluginActive( 'contact-form-7/wp-contact-form-7.php' ) ) {
161
- if ( ! function_exists( 'is_user_logged_in' ) || ( function_exists( 'is_user_logged_in' ) && ! is_user_logged_in() ) ) {
162
- $this->disable_rest_api();
163
- }
164
- }
165
- }
166
-
167
- if ( HMW_Classes_Tools::getOption( 'hmw_disable_xmlrpc' ) ) {
168
- add_filter( 'xmlrpc_enabled', '__return_false' );
169
- }
170
-
171
- if ( HMW_Classes_Tools::getOption( 'hmw_disable_embeds' ) ) {
172
- //disable the embeds
173
- $this->disable_embeds();
174
- }
175
-
176
- if ( HMW_Classes_Tools::getOption( 'hmw_hide_version' ) ) {
177
- add_filter( 'script_loader_src', array( $this, 'remove_version' ), 15, 1 );
178
- add_filter( 'style_loader_src', array( $this, 'remove_version' ), 15, 1 );
179
- }
180
-
181
- //Windows Live Write
182
- if ( HMW_Classes_Tools::getOption( 'hmw_disable_manifest' ) ) {
183
- //disable the embeds
184
- $this->disable_manifest();
185
- }
186
-
187
- //Really Simple Discovery
188
- if ( HMW_Classes_Tools::getOption( 'hmw_hide_header' ) ) {
189
- $this->disable_rds();
190
- }
191
-
192
- if ( HMW_Classes_Tools::getOption( 'hmw_hide_comments' ) ) {
193
- $this->disable_comments();
194
- }
195
-
196
- //Disable Database Debug
197
- if ( HMW_Classes_Tools::getOption( 'hmw_disable_debug' ) ) {
198
- global $wpdb;
199
- $wpdb->hide_errors();
200
- }
201
- }
202
-
203
- }
204
-
205
-
206
- }
207
-
208
-
209
- /**
210
- * On admin init
211
- * Load the Menu
212
- * If the user changes the Permalink to default ... prevent errors
213
- */
214
- public function hookInit() {
215
- if ( HMW_Classes_Tools::getIsset( HMW_Classes_Tools::getOption( 'hmw_disable_name' ) ) ) {
216
- if ( HMW_Classes_Tools::getValue( HMW_Classes_Tools::getOption( 'hmw_disable_name' ) ) == HMW_Classes_Tools::getOption( 'hmw_disable' ) ) {
217
- return;
218
- }
219
- }
220
-
221
- //If the user changes the Permalink to default ... prevent errors
222
- if ( ! HMW_Classes_Tools::isPermalinkStructure() ) {
223
- if ( current_user_can( 'manage_options' ) ) {
224
- if ( HMW_Classes_Tools::$default['hmw_admin_url'] <> HMW_Classes_Tools::getOption( 'hmw_admin_url' ) ) {
225
- $this->model->flushChanges();
226
- }
227
- }
228
- }
229
-
230
- //Show the menu for admins only
231
- if ( current_user_can( 'manage_options' ) ) {
232
- HMW_Classes_ObjController::getClass( 'HMW_Controllers_Menu' )->hookInit();
233
- }
234
-
235
-
236
- }
237
-
238
-
239
- /**
240
- * Disable the emoji icons
241
- */
242
- public function disable_emojicons() {
243
-
244
- // all actions related to emojis
245
- remove_action( 'admin_print_styles', 'print_emoji_styles' );
246
- remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
247
- remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
248
- remove_action( 'wp_print_styles', 'print_emoji_styles' );
249
- remove_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
250
- remove_filter( 'the_content_feed', 'wp_staticize_emoji' );
251
- remove_filter( 'comment_text_rss', 'wp_staticize_emoji' );
252
- add_filter( 'emoji_svg_url', '__return_false' );
253
-
254
- // filter to remove TinyMCE emojis
255
- add_filter( 'tiny_mce_plugins', array( $this, 'disable_emojicons_tinymce' ) );
256
- }
257
-
258
- function disable_emojicons_tinymce( $plugins ) {
259
- if ( is_array( $plugins ) ) {
260
- return array_diff( $plugins, array( 'wpemoji' ) );
261
- } else {
262
- return array();
263
- }
264
- }
265
-
266
- /**
267
- * Disable the Rest Api access
268
- */
269
- public function disable_rest_api() {
270
- remove_action( 'init', 'rest_api_init' );
271
- remove_action( 'rest_api_init', 'rest_api_default_filters', 10 );
272
- remove_action( 'wp_head', 'rest_output_link_wp_head', 10 );
273
- remove_action( 'parse_request', 'rest_api_loaded' );
274
- remove_action('template_redirect', 'rest_output_link_header', 11);
275
- }
276
-
277
- /**
278
- * Disable the embeds
279
- */
280
- public function disable_embeds() {
281
- // Remove the REST API endpoint.
282
- remove_action( 'rest_api_init', 'wp_oembed_register_route' );
283
-
284
- // Turn off oEmbed auto discovery.
285
- // Don't filter oEmbed results.
286
- remove_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10 );
287
-
288
- // Remove oEmbed discovery links.
289
- remove_action( 'wp_head', 'wp_oembed_add_discovery_links' );
290
-
291
- // Remove oEmbed-specific JavaScript from the front-end and back-end.
292
- remove_action( 'wp_head', 'wp_oembed_add_host_js' );
293
- }
294
-
295
- /**
296
- * Disable Windows Live Write
297
- */
298
- public function disable_manifest() {
299
- remove_action( 'wp_head', 'wlwmanifest_link' );
300
- }
301
-
302
- /**
303
- * Disable Really Simple Discovery
304
- */
305
- public function disable_rds() {
306
- remove_action( 'wp_head', 'rsd_link' );
307
- remove_action( 'wp_head', 'wp_shortlink_wp_head' );
308
- }
309
-
310
- /**
311
- * Remove the version for all JS and CSS
312
- *
313
- * @param $src
314
- *
315
- * @return mixed
316
- */
317
- public function remove_version( $src ) {
318
- $parts = explode( '?', $src );
319
-
320
- return $parts[0];
321
- }
322
-
323
- /**
324
- * Disable the commend from W3 Total Cache
325
- */
326
- public function disable_comments() {
327
  global $wp_super_cache_comments;
328
  remove_all_filters( 'w3tc_footer_comment' );
329
  $wp_super_cache_comments = false;
1
  <?php
2
+ defined('ABSPATH') || die('Cheatin\' uh?');
3
 
4
  class HMW_Controllers_Rewrite extends HMW_Classes_FrontController {
5
 
6
+ public function __construct() {
7
+ parent::__construct();
8
+
9
+ if (defined('HMW_DISABLE') && HMW_DISABLE) {
10
+ return;
11
+ }
12
+
13
+ //Start the buffer only if priority is set
14
+ if (HMW_PRIORITY) {
15
+ $this->model->startBuffer();
16
+ }
17
+
18
+ //Init the main hooks
19
+ $this->initHooks();
20
+ }
21
+
22
+ /**
23
+ * Init the hooks for hide my wp
24
+ */
25
+ public function initHooks() {
26
+ if (HMW_Classes_Tools::isPermalinkStructure()) {
27
+ if (HMW_Classes_Tools::isApache() && !HMW_Classes_Tools::isModeRewrite()) {
28
+ return;
29
+ }
30
+
31
+ if (!HMW_Classes_Tools::getOption('error') && !HMW_Classes_Tools::getOption('logout')) {
32
+ //rename the author if set so
33
+ add_filter('author_rewrite_rules', array($this->model, 'author_url'), 99, 1);
34
+ }
35
+
36
+ add_filter('query_vars', array($this->model, 'addParams'), 1, 1);
37
+ add_action('login_init', array($this->model, 'login_init'), 1);
38
+ add_filter( 'login_redirect', array($this->model, 'sanitize_login_redirect'), 9, 3 );
39
+ add_filter( 'wp_redirect', array($this->model, 'sanitize_redirect'), PHP_INT_MAX, 2 );
40
+ add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);
41
+ add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
42
+
43
+ //change the admin url
44
+ add_filter('lostpassword_url', array($this->model, 'lostpassword_url'), PHP_INT_MAX, 1);
45
+ add_filter('register', array($this->model, 'register_url'), PHP_INT_MAX, 1);
46
+ add_filter('login_url', array($this->model, 'login_url'), PHP_INT_MAX, 1);
47
+ add_filter('logout_url', array($this->model, 'logout_url'), PHP_INT_MAX, 2);
48
+ add_filter('admin_url', array($this->model, 'admin_url'), PHP_INT_MAX, 3);
49
+ add_filter('network_admin_url', array($this->model, 'network_admin_url'), PHP_INT_MAX, 3);
50
+ add_filter('site_url', array($this->model, 'site_url'), PHP_INT_MAX, 2);
51
+ add_filter('network_site_url', array($this->model, 'site_url'), PHP_INT_MAX, 3);
52
+ add_filter( 'wp_php_error_message', array($this->model, 'replace_error_message'), PHP_INT_MAX, 2 );
53
+
54
+ //check and set the cookied for the modified urls
55
+ HMW_Classes_ObjController::getClass('HMW_Models_Cookies');
56
+ //load the compatibility class
57
+ HMW_Classes_ObjController::getClass('HMW_Models_Compatibility');
58
+ }
59
+
60
+ //Load the PluginLoaded Hook
61
+ add_action('plugins_loaded', array($this, 'hookPreload'), 1);
62
+ //just to make sure it called in case plugins_loaded is not triggered
63
+ add_action('template_redirect', array($this, 'hookPreload'), 1);
64
+
65
+ //in case of broken URL, try to load it
66
+ add_action('template_redirect', array(HMW_Classes_ObjController::getClass('HMW_Models_Files'), 'checkBrokenFile'), PHP_INT_MAX);
67
+
68
+ }
69
+
70
+
71
+ public function hookPreload() {
72
+ //if plugin_loaded then remove template_redirect
73
+ if (!did_action('template_redirect')) {
74
+ remove_action('template_redirect', array($this, 'hookPreload'), 1);
75
+ }
76
+
77
+ include_once(ABSPATH . 'wp-admin/includes/plugin.php');
78
+
79
+ //Make sure is permalink set up
80
+ if (HMW_Classes_Tools::isPermalinkStructure()) {
81
+ if (HMW_Classes_Tools::isApache() && !HMW_Classes_Tools::isModeRewrite()) {
82
+ return;
83
+ }
84
+
85
+ //Don't go further if the safe parameter is set
86
+ if (HMW_Classes_Tools::getIsset(HMW_Classes_Tools::getOption('hmw_disable_name'))) {
87
+ if (HMW_Classes_Tools::getValue(HMW_Classes_Tools::getOption('hmw_disable_name')) == HMW_Classes_Tools::getOption('hmw_disable')) {
88
+ return;
89
+ }
90
+ }
91
+
92
+ //Build the find_replace list
93
+ $this->model->buildRedirect();
94
+
95
+ //don't let to rename and hide the current paths if logout is required
96
+ if (HMW_Classes_Tools::getOption('error') || HMW_Classes_Tools::getOption('logout')) {
97
+ return;
98
+ }
99
+
100
+ //stop here is the option is default.
101
+ //the prvious code is needed for settings change and validation
102
+ if (HMW_Classes_Tools::getOption('hmw_mode') == 'default') {
103
+ return;
104
+ }
105
+
106
+ //Hide the paths in ajax
107
+ if (HMW_Classes_Tools::isAjax()) {
108
+ $this->model->startBuffer();
109
+
110
+ //hide the URLs from admin and login
111
+ add_action('init', array($this->model, 'hideUrls'), 99);
112
+
113
+ return;
114
+ }
115
+
116
+ //Check Compatibilities with ther plugins
117
+ HMW_Classes_ObjController::getClass('HMW_Models_Compatibility')->checkCompatibility();
118
+
119
+ //Start the Buffer if not late loading
120
+ $hmw_laterload = apply_filters('hmw_laterload', HMW_Classes_Tools::getOption('hmw_laterload'));
121
+
122
+ //check lateload
123
+ if ($hmw_laterload && !did_action('template_redirect')) {
124
+ add_action('template_redirect', array($this->model, 'startBuffer'), PHP_INT_MAX);
125
+ } else {
126
+ //start the buffer now
127
+ $this->model->startBuffer();
128
+ }
129
+
130
+ //Check the buffer on shutdown
131
+ if (HMW_Classes_Tools::getOption('hmw_shutdown_load')) {
132
+ add_action('shutdown', array($this->model, 'shutDownBuffer'), 0);
133
+ }
134
+
135
+ //hide the URLs from admin and login
136
+ add_action('init', array($this->model, 'hideUrls'), 99);
137
+
138
+ //hide headers added by plugins
139
+ add_action('template_redirect', array($this->model, 'hideHeaders'), PHP_INT_MAX);
140
+
141
+ if (!is_admin()) {
142
+ if ( HMW_Classes_Tools::getOption( 'hmw_hide_version' ) ) {
143
+ add_filter( 'the_generator', array( 'HMW_Classes_Tools', 'returnFalse' ), 99, 1 );
144
+ remove_action( 'wp_head', 'wp_generator' );
145
+ remove_action( 'wp_head', 'wp_resource_hints', 2 );
146
+ }
147
+
148
+ if (HMW_Classes_Tools::getOption('hmw_disable_emojicons')) {
149
+ //disable the emoji icons
150
+ $this->disable_emojicons();
151
+ }
152
+
153
+ if (HMW_Classes_Tools::getOption('hmw_disable_rest_api')) {
154
+ //disable the rest_api
155
+ if (!HMW_Classes_Tools::isPluginActive('contact-form-7/wp-contact-form-7.php')) {
156
+ if (!function_exists('is_user_logged_in') || (function_exists('is_user_logged_in') && !is_user_logged_in())) {
157
+ $this->disable_rest_api();
158
+ }
159
+ }
160
+ }
161
+
162
+ if (HMW_Classes_Tools::getOption('hmw_disable_xmlrpc')) {
163
+ add_filter('xmlrpc_enabled', array('HMW_Classes_Tools', 'returnFalse'));
164
+ }
165
+
166
+ if (HMW_Classes_Tools::getOption('hmw_disable_embeds')) {
167
+ //disable the embeds
168
+ $this->disable_embeds();
169
+ }
170
+
171
+ //Windows Live Write
172
+ if (HMW_Classes_Tools::getOption('hmw_disable_manifest')) {
173
+ //disable the embeds
174
+ $this->disable_manifest();
175
+ }
176
+
177
+ //Really Simple Discovery
178
+ if (HMW_Classes_Tools::getOption('hmw_hide_header')) {
179
+ $this->disable_rds();
180
+ }
181
+
182
+ if (HMW_Classes_Tools::getOption('hmw_hide_comments')) {
183
+ $this->disable_comments();
184
+ }
185
+
186
+ //Disable Database Debug
187
+ if (HMW_Classes_Tools::getOption('hmw_disable_debug')) {
188
+ global $wpdb;
189
+ $wpdb->hide_errors();
190
+ }
191
+ }
192
+
193
+ }
194
+
195
+
196
+ }
197
+
198
+
199
+ /**
200
+ * On admin init
201
+ * Load the Menu
202
+ * If the user changes the Permalink to default ... prevent errors
203
+ */
204
+ public function hookInit() {
205
+ if (HMW_Classes_Tools::getIsset(HMW_Classes_Tools::getOption('hmw_disable_name'))) {
206
+ if (HMW_Classes_Tools::getValue(HMW_Classes_Tools::getOption('hmw_disable_name')) == HMW_Classes_Tools::getOption('hmw_disable')) {
207
+ return;
208
+ }
209
+ }
210
+
211
+ //If the user changes the Permalink to default ... prevent errors
212
+ if (!HMW_Classes_Tools::isPermalinkStructure()) {
213
+ if (current_user_can('manage_options')) {
214
+ if (HMW_Classes_Tools::$default['hmw_admin_url'] <> HMW_Classes_Tools::getOption('hmw_admin_url')) {
215
+ $this->model->flushChanges();
216
+ }
217
+ }
218
+ }
219
+
220
+ //Show the menu for admins only
221
+ if (current_user_can('manage_options')) {
222
+ HMW_Classes_ObjController::getClass('HMW_Controllers_Menu')->hookInit();
223
+ }
224
+
225
+
226
+ }
227
+
228
+
229
+ /**
230
+ * Disable the emoji icons
231
+ */
232
+ public function disable_emojicons() {
233
+
234
+ // all actions related to emojis
235
+ remove_action('admin_print_styles', 'print_emoji_styles');
236
+ remove_action('wp_head', 'print_emoji_detection_script', 7);
237
+ remove_action('admin_print_scripts', 'print_emoji_detection_script');
238
+ remove_action('wp_print_styles', 'print_emoji_styles');
239
+ remove_filter('wp_mail', 'wp_staticize_emoji_for_email');
240
+ remove_filter('the_content_feed', 'wp_staticize_emoji');
241
+ remove_filter('comment_text_rss', 'wp_staticize_emoji');
242
+ add_filter('emoji_svg_url', array('HMW_Classes_Tools','returnFalse'));
243
+
244
+ // filter to remove TinyMCE emojis
245
+ add_filter('tiny_mce_plugins', array($this, 'disable_emojicons_tinymce'));
246
+ }
247
+
248
+ function disable_emojicons_tinymce($plugins) {
249
+ if (is_array($plugins)) {
250
+ return array_diff($plugins, array('wpemoji'));
251
+ } else {
252
+ return array();
253
+ }
254
+ }
255
+
256
+ /**
257
+ * Disable the Rest Api access
258
+ */
259
+ public function disable_rest_api() {
260
+ remove_action('init', 'rest_api_init');
261
+ remove_action('rest_api_init', 'rest_api_default_filters', 10);
262
+ remove_action('wp_head', 'rest_output_link_wp_head', 10);
263
+ remove_action('parse_request', 'rest_api_loaded');
264
+ }
265
+
266
+ /**
267
+ * Disable the embeds
268
+ */
269
+ public function disable_embeds() {
270
+ // Remove the REST API endpoint.
271
+ remove_action('rest_api_init', 'wp_oembed_register_route');
272
+
273
+ // Turn off oEmbed auto discovery.
274
+ // Don't filter oEmbed results.
275
+ remove_filter('oembed_dataparse', 'wp_filter_oembed_result', 10);
276
+
277
+ // Remove oEmbed discovery links.
278
+ remove_action('wp_head', 'wp_oembed_add_discovery_links');
279
+
280
+ // Remove oEmbed-specific JavaScript from the front-end and back-end.
281
+ remove_action('wp_head', 'wp_oembed_add_host_js');
282
+ }
283
+
284
+ /**
285
+ * Disable Windows Live Write
286
+ */
287
+ public function disable_manifest() {
288
+ remove_action('wp_head', 'wlwmanifest_link');
289
+ }
290
+
291
+ /**
292
+ * Disable Really Simple Discovery
293
+ */
294
+ public function disable_rds() {
295
+ remove_action('wp_head', 'rsd_link');
296
+ }
297
+
298
+ public function disable_comments(){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
299
  global $wp_super_cache_comments;
300
  remove_all_filters( 'w3tc_footer_comment' );
301
  $wp_super_cache_comments = false;
index.php CHANGED
@@ -6,7 +6,7 @@
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9
- Version: 4.0.09
10
  Author: WPPlugins - WordPress Security Plugins
11
  Author URI: https://wpplugins.tips
12
  License: GPLv2 or later
@@ -16,7 +16,7 @@
16
  */
17
 
18
  if (defined( 'NONCE_KEY' ) && defined( 'ABSPATH' ) && ! defined( 'HMW_VERSION' ) ) {
19
- define( 'HMW_VERSION', '4.0.09' );
20
  /* Call config files */
21
  require( dirname( __FILE__ ) . '/debug/index.php' );
22
  require( dirname( __FILE__ ) . '/config/config.php' );
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9
+ Version: 4.0.08
10
  Author: WPPlugins - WordPress Security Plugins
11
  Author URI: https://wpplugins.tips
12
  License: GPLv2 or later
16
  */
17
 
18
  if (defined( 'NONCE_KEY' ) && defined( 'ABSPATH' ) && ! defined( 'HMW_VERSION' ) ) {
19
+ define( 'HMW_VERSION', '4.0.08' );
20
  /* Call config files */
21
  require( dirname( __FILE__ ) . '/debug/index.php' );
22
  require( dirname( __FILE__ ) . '/config/config.php' );
models/Compatibility.php CHANGED
@@ -83,8 +83,8 @@ class HMW_Models_Compatibility {
83
  //Chech if the users set to change for logged users users
84
  //don't let cache plugins to change the paths is not needed
85
  if ( ! HMW_Classes_Tools::doChangesAdmin() ) {
86
- add_filter( 'hmw_laterload', '__return_false' );
87
- add_filter( 'hmw_process_buffer', '__return_false' );
88
 
89
  return;
90
  }
@@ -107,7 +107,7 @@ class HMW_Models_Compatibility {
107
 
108
  //Compatibility with WP-rocket plugin
109
  if ( HMW_Classes_Tools::isPluginActive( 'wp-rocket/wp-rocket.php' ) ) {
110
- add_filter( 'hmw_process_buffer', '__return_false' );
111
 
112
  add_filter( 'rocket_buffer', array(
113
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
@@ -129,16 +129,16 @@ class HMW_Models_Compatibility {
129
 
130
  //Compatibility with CDN Enabler
131
  if ( HMW_Classes_Tools::isPluginActive( 'hummingbird-performance/wp-hummingbird.php' ) ) {
132
- add_filter( 'hmw_laterload', '__return_true' );
133
- add_filter( 'hmw_process_buffer', '__return_true' );
134
 
135
  return;
136
  }
137
 
138
  //Compatibility with Wp Super Cache Plugin
139
  if ( HMW_Classes_Tools::isPluginActive( 'wp-super-cache/wp-cache.php' ) ) {
140
-
141
- add_filter( 'hmw_process_buffer', '__return_true' );
142
 
143
  add_filter( 'wpsupercache_buffer', array(
144
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
@@ -150,8 +150,8 @@ class HMW_Models_Compatibility {
150
 
151
  //Compatibility with CDN Enabler
152
  if ( HMW_Classes_Tools::isPluginActive( 'cdn-enabler/cdn-enabler.php' ) ) {
153
- add_filter( 'hmw_laterload', '__return_true' );
154
- add_filter( 'hmw_process_buffer', '__return_true' );
155
 
156
  return;
157
  }
@@ -159,15 +159,15 @@ class HMW_Models_Compatibility {
159
 
160
  //Compatibility with Autoptimize plugin
161
  if ( HMW_Classes_Tools::isPluginActive( 'autoptimize/autoptimize.php' ) ) {
162
- add_filter( 'hmw_laterload', '__return_false' );
163
- add_filter( 'hmw_process_buffer', '__return_true' );
164
 
165
  return;
166
  }
167
 
168
  if ( HMW_Classes_Tools::isPluginActive( 'wp-asset-clean-up/wpacu.php' ) || HMW_Classes_Tools::isPluginActive( 'wp-asset-clean-up-pro/wpacu.php' ) ) {
169
- add_filter( 'hmw_process_buffer', '__return_false' );
170
- add_filter( 'hmw_laterload', '__return_false' );
171
 
172
  add_filter( 'wpacu_html_source', array(
173
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
@@ -179,8 +179,8 @@ class HMW_Models_Compatibility {
179
 
180
  //Patch for WOT Cache plugin
181
  if ( defined( 'WOT_VERSION' ) ) {
182
- add_filter( 'hmw_laterload', '__return_true' );
183
- add_filter( 'hmw_process_buffer', '__return_true' );
184
 
185
  add_filter( 'wot_cache', array(
186
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
@@ -199,16 +199,16 @@ class HMW_Models_Compatibility {
199
  }
200
 
201
  if ( HMW_Classes_Tools::isPluginActive( 'cache-enabler/cache-enabler.php' ) ) {
202
- add_filter( 'hmw_laterload', '__return_false' );
203
- add_filter( 'hmw_process_buffer', '__return_true' );
204
 
205
  return;
206
  }
207
 
208
  //Compatibility with Wp Fastest Cache
209
  if ( HMW_Classes_Tools::isPluginActive( 'wp-fastest-cache/wpFastestCache.php' ) ) {
210
- add_filter( 'hmw_laterload', '__return_true' );
211
- add_filter( 'hmw_process_buffer', '__return_true' );
212
 
213
  return;
214
  }
@@ -218,7 +218,7 @@ class HMW_Models_Compatibility {
218
  global $powered_cache_options;
219
 
220
  if ( apply_filters( 'powered_cache_lazy_load_enabled', true ) ) {
221
- add_filter( 'hmw_process_buffer', '__return_true' );
222
  }
223
 
224
  add_filter( 'powered_cache_page_caching_buffer', array(
@@ -235,7 +235,7 @@ class HMW_Models_Compatibility {
235
  //Compatibility with W3 Total cache
236
  if ( HMW_Classes_Tools::isPluginActive( 'w3-total-cache/w3-total-cache.php' ) ) {
237
  //Don't show comments
238
- add_filter( 'w3tc_can_print_comment', '__return_false', PHP_INT_MAX );
239
 
240
  return;
241
  }
83
  //Chech if the users set to change for logged users users
84
  //don't let cache plugins to change the paths is not needed
85
  if ( ! HMW_Classes_Tools::doChangesAdmin() ) {
86
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnFalse' ) );
87
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnFalse' ) );
88
 
89
  return;
90
  }
107
 
108
  //Compatibility with WP-rocket plugin
109
  if ( HMW_Classes_Tools::isPluginActive( 'wp-rocket/wp-rocket.php' ) ) {
110
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnFalse' ) );
111
 
112
  add_filter( 'rocket_buffer', array(
113
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
129
 
130
  //Compatibility with CDN Enabler
131
  if ( HMW_Classes_Tools::isPluginActive( 'hummingbird-performance/wp-hummingbird.php' ) ) {
132
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnTrue' ) );
133
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
134
 
135
  return;
136
  }
137
 
138
  //Compatibility with Wp Super Cache Plugin
139
  if ( HMW_Classes_Tools::isPluginActive( 'wp-super-cache/wp-cache.php' ) ) {
140
+ //add_filter('hmw_laterload', array('HMW_Classes_Tools', 'returnFalse'));
141
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
142
 
143
  add_filter( 'wpsupercache_buffer', array(
144
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
150
 
151
  //Compatibility with CDN Enabler
152
  if ( HMW_Classes_Tools::isPluginActive( 'cdn-enabler/cdn-enabler.php' ) ) {
153
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnTrue' ) );
154
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
155
 
156
  return;
157
  }
159
 
160
  //Compatibility with Autoptimize plugin
161
  if ( HMW_Classes_Tools::isPluginActive( 'autoptimize/autoptimize.php' ) ) {
162
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnFalse' ) );
163
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
164
 
165
  return;
166
  }
167
 
168
  if ( HMW_Classes_Tools::isPluginActive( 'wp-asset-clean-up/wpacu.php' ) || HMW_Classes_Tools::isPluginActive( 'wp-asset-clean-up-pro/wpacu.php' ) ) {
169
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnFalse' ) );
170
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnFalse' ) );
171
 
172
  add_filter( 'wpacu_html_source', array(
173
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
179
 
180
  //Patch for WOT Cache plugin
181
  if ( defined( 'WOT_VERSION' ) ) {
182
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnTrue' ) );
183
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
184
 
185
  add_filter( 'wot_cache', array(
186
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' ),
199
  }
200
 
201
  if ( HMW_Classes_Tools::isPluginActive( 'cache-enabler/cache-enabler.php' ) ) {
202
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnFalse' ) );
203
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
204
 
205
  return;
206
  }
207
 
208
  //Compatibility with Wp Fastest Cache
209
  if ( HMW_Classes_Tools::isPluginActive( 'wp-fastest-cache/wpFastestCache.php' ) ) {
210
+ add_filter( 'hmw_laterload', array( 'HMW_Classes_Tools', 'returnTrue' ) );
211
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
212
 
213
  return;
214
  }
218
  global $powered_cache_options;
219
 
220
  if ( apply_filters( 'powered_cache_lazy_load_enabled', true ) ) {
221
+ add_filter( 'hmw_process_buffer', array( 'HMW_Classes_Tools', 'returnTrue' ) );
222
  }
223
 
224
  add_filter( 'powered_cache_page_caching_buffer', array(
235
  //Compatibility with W3 Total cache
236
  if ( HMW_Classes_Tools::isPluginActive( 'w3-total-cache/w3-total-cache.php' ) ) {
237
  //Don't show comments
238
+ add_filter( 'w3tc_can_print_comment', array( 'HMW_Classes_Tools', 'returnFalse' ), PHP_INT_MAX );
239
 
240
  return;
241
  }
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: johndarrel
3
  Tags: security, firewall, hide my wp, hide wp-admin, hide wp-login, hide wordpress, admin, ocultar mi wp, hide my site, hide my wordpress
4
  Requires at least: 4.3
5
  Tested up to: 5.5
6
- Requires PHP: 5.6
7
  Stable tag: trunk
8
  Donate link: https://wpplugins.tips/wordpress
9
  License: GPLv2 or later
@@ -305,11 +305,6 @@ Enjoy!
305
  8. Run a security check for your website and see all the vulnerabilities
306
 
307
  == Changelog ==
308
- = 4.0.09 (27 Aug 2020 ) =
309
- * Update - Added the version hook to remove the versions from CSS and JS
310
- * Update - Load the login on WPEngine server with PHP7.4 when the login is set as /login
311
- * Update - Detect Flywheel server and add the rules accordingly
312
-
313
  = 4.0.08 (13 Aug 2020 ) =
314
  * Update - WordPress Security Updates for WP 5.5
315
  * Update - Compatibility with WPML
3
  Tags: security, firewall, hide my wp, hide wp-admin, hide wp-login, hide wordpress, admin, ocultar mi wp, hide my site, hide my wordpress
4
  Requires at least: 4.3
5
  Tested up to: 5.5
6
+ Requires PHP: 5.3
7
  Stable tag: trunk
8
  Donate link: https://wpplugins.tips/wordpress
9
  License: GPLv2 or later
305
  8. Run a security check for your website and see all the vulnerabilities
306
 
307
  == Changelog ==
 
 
 
 
 
308
  = 4.0.08 (13 Aug 2020 ) =
309
  * Update - WordPress Security Updates for WP 5.5
310
  * Update - Compatibility with WPML