Hide My WP Ghost – Security Plugin - Version 4.1.02

Version Description

= * Update - Compatibility with Manage WP plugin * Update - Added the option to disable the REST API wp-json in Hide My WP - Permalinks * Update - Add the plugin as Must Use plugin for better security and compatibility with other plugins * Update - Compatibility with Really Simple SSL plugin * Update - New UX for better understanding of the redirects in Hide My WP > Tweaks * Update - Compatibility with WPML when setting custom wp-admin and admin-ajax * Update - Compatibility with WPML when RTL languages are set in dashboard * Update - Compatibility with bbPress plugin * Update - Compatibility with JetPack plugin * Update - Compatibility with Newspaper theme on XMLWPC.php access * Update - Added Compatibility with WP 5.5.3

Download this release

Release Info

Developer johndarrel
Plugin Icon 128x128 Hide My WP Ghost – Security Plugin
Version 4.1.02
Comparing to
See all releases

Code changes from version 4.1.03 to 4.1.02

classes/Error.php CHANGED
@@ -65,13 +65,14 @@ class HMW_Classes_Error extends HMW_Classes_FrontController {
65
  * This hook will show the error in WP header
66
  */
67
  public function hookNotices() {
 
68
 
69
  if (is_array(self::$errors) &&
70
  ((is_string(HMW_Classes_Tools::getValue('page', '')) && stripos(HMW_Classes_Tools::getValue('page', ''), _HMW_NAMESPACE_) !== false) ||
71
  (is_string(HMW_Classes_Tools::getValue('plugin', '')) && stripos(HMW_Classes_Tools::getValue('plugin', ''), _HMW_PLUGIN_NAME_) !== false))
72
  ) {
 
73
 
74
- foreach (self::$errors as $error) {
75
  switch ($error['type']) {
76
  case 'fatal':
77
  self::showError(ucfirst(_HMW_PLUGIN_NAME_ . " " . $error['type']) . ': ' . $error['text'], $error['type']);
@@ -92,7 +93,7 @@ class HMW_Classes_Error extends HMW_Classes_FrontController {
92
  * @param string $type
93
  */
94
  public static function showError($message, $type = '') {
95
- if (file_exists(_HMW_THEME_DIR_ . 'Notices.php')) {
96
  include(_HMW_THEME_DIR_ . 'Notices.php');
97
  } else {
98
  echo $message;
65
  * This hook will show the error in WP header
66
  */
67
  public function hookNotices() {
68
+ HMW_Classes_ObjController::getClass('HMW_Classes_DisplayController')->loadMedia('alert');
69
 
70
  if (is_array(self::$errors) &&
71
  ((is_string(HMW_Classes_Tools::getValue('page', '')) && stripos(HMW_Classes_Tools::getValue('page', ''), _HMW_NAMESPACE_) !== false) ||
72
  (is_string(HMW_Classes_Tools::getValue('plugin', '')) && stripos(HMW_Classes_Tools::getValue('plugin', ''), _HMW_PLUGIN_NAME_) !== false))
73
  ) {
74
+ foreach (self::$errors as $error) {
75
 
 
76
  switch ($error['type']) {
77
  case 'fatal':
78
  self::showError(ucfirst(_HMW_PLUGIN_NAME_ . " " . $error['type']) . ': ' . $error['text'], $error['type']);
93
  * @param string $type
94
  */
95
  public static function showError($message, $type = '') {
96
+ if (file_exists(_HMW_THEME_DIR_ . 'Notices.php')) {
97
  include(_HMW_THEME_DIR_ . 'Notices.php');
98
  } else {
99
  echo $message;
controllers/SecurityCheck.php CHANGED
@@ -143,7 +143,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
143
  'valid' => false,
144
  'warning' => false,
145
  'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use WP_DEBUG. <br /><br />Unfortunately, many developers forget the debug mode, even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
146
- 'solution' => __( "Disable WP_DEBUG for live websites in wp-config.php <code>define('WP_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
147
  'javascript' => "javascript::void(0);",
148
  ),
149
  'checkDBDebug' => array(
@@ -161,7 +161,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
161
  'valid' => false,
162
  'warning' => false,
163
  'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use SCRIPT_DEBUG. Unfortunately, many developers forget the debug mode even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
164
- 'solution' => __( "Disable SCRIPT_DEBUG for live websites in wp-config.php <code>define('SCRIPT_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
165
  'javascript' => "javascript::void(0);",
166
  ),
167
  'checkDisplayErrors' => array(
@@ -170,7 +170,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
170
  'valid' => false,
171
  'warning' => false,
172
  'message' => __( "Displaying any kind of debug info in the frontend is extremely bad. If any PHP errors happen on your site they should be logged in a safe place and not displayed to visitors or potential attackers.", _HMW_PLUGIN_NAME_ ),
173
- 'solution' => __( "Edit wp-config.php and add <code>ini_set('display_errors', 0);</code>", _HMW_PLUGIN_NAME_ ),
174
  ),
175
  'checkSSL' => array(
176
  'name' => __( 'Backend under SSL', _HMW_PLUGIN_NAME_ ),
@@ -267,7 +267,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
267
  'valid' => false,
268
  'warning' => false,
269
  'message' => __( "There is no such thing as an \"unimportant password\"! The same goes for your WordPress database password. <br />Although most servers are configured so that the database can't be accessed from other hosts (or from outside of the local network), that doesn't mean your database password should be \"12345\" or no password at all.", _HMW_PLUGIN_NAME_ ),
270
- 'solution' => __( "Choose a proper database password, at least 8 characters long with a combination of letters, numbers and special characters. After you change it, set the new password in the wp-config.php file <code>define('DB_PASSWORD', 'NEW_DB_PASSWORD_GOES_HERE');</code>", _HMW_PLUGIN_NAME_ ),
271
  ),
272
  // 'checkBlogSiteURL' => array(
273
  // 'name' => __("Same Backend and Frontend URLs", _HMW_PLUGIN_NAME_),
@@ -319,7 +319,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
319
  'solution' => sprintf( __( "Change the wp-login from %sHide My Wp > Custom login URL%s and Switch on %sHide My Wp > Brute Force Protection%s", _HMW_PLUGIN_NAME_ ), '<strong>', '</strong>', '<strong>', '</strong>' ),
320
  ),
321
  'checkConfigChmod' => array(
322
- 'name' => __( "/wp-config.php file is writable", _HMW_PLUGIN_NAME_ ),
323
  'value' => false,
324
  'valid' => false,
325
  'warning' => false,
@@ -391,7 +391,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
391
  'valid' => false,
392
  'warning' => false,
393
  'message' => __( "The plugins and themes file editor is a very convenient tool because it enables you to make quick changes without the need to use FTP. <br /><br />Unfortunately, it's also a security issue because it not only shows the PHP source code, it also enables attackers to inject malicious code into your site if they manage to gain access to admin.", _HMW_PLUGIN_NAME_ ),
394
- 'solution' => __( "Disable DISALLOW_FILE_EDIT for live websites in wp-config.php <code>define('DISALLOW_FILE_EDIT', true);</code>", _HMW_PLUGIN_NAME_ ),
395
  'javascript' => "javascript::void(0);",
396
  ),
397
  'checkUploadsBrowsable' => array(
143
  'valid' => false,
144
  'warning' => false,
145
  'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use WP_DEBUG. <br /><br />Unfortunately, many developers forget the debug mode, even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
146
+ 'solution' => __( "Disable WP_DEBUG for live websites in wp_config.php <code>define('WP_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
147
  'javascript' => "javascript::void(0);",
148
  ),
149
  'checkDBDebug' => array(
161
  'valid' => false,
162
  'warning' => false,
163
  'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use SCRIPT_DEBUG. Unfortunately, many developers forget the debug mode even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
164
+ 'solution' => __( "Disable SCRIPT_DEBUG for live websites in wp_config.php <code>define('SCRIPT_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
165
  'javascript' => "javascript::void(0);",
166
  ),
167
  'checkDisplayErrors' => array(
170
  'valid' => false,
171
  'warning' => false,
172
  'message' => __( "Displaying any kind of debug info in the frontend is extremely bad. If any PHP errors happen on your site they should be logged in a safe place and not displayed to visitors or potential attackers.", _HMW_PLUGIN_NAME_ ),
173
+ 'solution' => __( "Edit wp_config.php and add <code>ini_set('display_errors', 0);</code>", _HMW_PLUGIN_NAME_ ),
174
  ),
175
  'checkSSL' => array(
176
  'name' => __( 'Backend under SSL', _HMW_PLUGIN_NAME_ ),
267
  'valid' => false,
268
  'warning' => false,
269
  'message' => __( "There is no such thing as an \"unimportant password\"! The same goes for your WordPress database password. <br />Although most servers are configured so that the database can't be accessed from other hosts (or from outside of the local network), that doesn't mean your database password should be \"12345\" or no password at all.", _HMW_PLUGIN_NAME_ ),
270
+ 'solution' => __( "Choose a proper database password, at least 8 characters long with a combination of letters, numbers and special characters. After you change it, set the new password in the wp_config.php file <code>define('DB_PASSWORD', 'NEW_DB_PASSWORD_GOES_HERE');</code>", _HMW_PLUGIN_NAME_ ),
271
  ),
272
  // 'checkBlogSiteURL' => array(
273
  // 'name' => __("Same Backend and Frontend URLs", _HMW_PLUGIN_NAME_),
319
  'solution' => sprintf( __( "Change the wp-login from %sHide My Wp > Custom login URL%s and Switch on %sHide My Wp > Brute Force Protection%s", _HMW_PLUGIN_NAME_ ), '<strong>', '</strong>', '<strong>', '</strong>' ),
320
  ),
321
  'checkConfigChmod' => array(
322
+ 'name' => __( "/wp_config.php file is writable", _HMW_PLUGIN_NAME_ ),
323
  'value' => false,
324
  'valid' => false,
325
  'warning' => false,
391
  'valid' => false,
392
  'warning' => false,
393
  'message' => __( "The plugins and themes file editor is a very convenient tool because it enables you to make quick changes without the need to use FTP. <br /><br />Unfortunately, it's also a security issue because it not only shows the PHP source code, it also enables attackers to inject malicious code into your site if they manage to gain access to admin.", _HMW_PLUGIN_NAME_ ),
394
+ 'solution' => __( "Disable DISALLOW_FILE_EDIT for live websites in wp_config.php <code>define('DISALLOW_FILE_EDIT', true);</code>", _HMW_PLUGIN_NAME_ ),
395
  'javascript' => "javascript::void(0);",
396
  ),
397
  'checkUploadsBrowsable' => array(
controllers/Settings.php CHANGED
@@ -11,6 +11,13 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
11
  public function __construct() {
12
  parent::__construct();
13
 
 
 
 
 
 
 
 
14
  //If save settings is required, show the alert
15
  if ( HMW_Classes_Tools::getOption( 'changes' ) ) {
16
  add_action( 'admin_notices', array( $this, 'showSaveRequires' ) );
@@ -25,21 +32,21 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
25
  }
26
 
27
  /**
28
- * Initialize the Hide My WP Ghost Settings
29
  * @return void
30
  */
31
  public function init() {
32
- //Get the current Page
33
  $page = HMW_Classes_Tools::getValue( 'page' );
34
 
35
  //If the page is not for Hide My WP Settings, return
36
- if ( $page <> 'hmw_settings' ) {
37
- if ( strpos( $page, '-' ) !== false ) {
38
- if ( substr( $page, 0, strpos( $page, '-' ) ) <> 'hmw_settings' ) {
39
- return;
40
- }
41
- }
42
- }
43
 
44
  //Check if it's a subpage
45
  if ( strpos( $page, '-' ) !== false ) {
@@ -75,7 +82,6 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
75
  }
76
 
77
  //Check compatibilities with other plugins
78
- HMW_Classes_ObjController::getClass( 'HMW_Classes_DisplayController' )->loadMedia( 'alert' );
79
  HMW_Classes_ObjController::getClass( 'HMW_Models_Compatibility' )->getAlerts();
80
 
81
  //Load the css for Settings
@@ -116,6 +122,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
116
  $this->tabs = $this->model->getTabs();
117
 
118
 
 
119
  //Show the Tab Content
120
  foreach ( $this->tabs as $slug => $value ) {
121
  if ( HMW_Classes_Tools::getValue( 'tab', 'hmw_permalinks' ) == $slug ) {
@@ -136,9 +143,6 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
136
  if ( HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) || HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) ) {
137
  global $pagenow;
138
  if ( $pagenow == 'plugins.php' || HMW_Classes_Tools::getValue( 'page' ) == 'hmw_settings' ) {
139
-
140
- HMW_Classes_ObjController::getClass( 'HMW_Classes_DisplayController' )->loadMedia( 'alert' );
141
-
142
  ?>
143
  <div class="hmw_notice error notice" style="margin-left: 0;">
144
  <div style="display: inline-block;">
@@ -157,6 +161,39 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
157
  }
158
 
159
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
160
  /**
161
  * Get the Admin Toolbar
162
  *
@@ -197,7 +234,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
197
  }
198
 
199
  /**
200
- * Called when an action is triggered
201
  * @throws Exception
202
  */
203
  public function action() {
@@ -215,31 +252,32 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
215
  $this->model->savePermalinks( $_POST );
216
  }
217
 
218
- //If no errors and no reconnect required
219
  if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
220
-
221
  //Force the rechck security notification
222
  delete_option( 'hmw_securitycheck_time' );
223
  //Clear the cache if there are no errors
224
  HMW_Classes_Tools::emptyCache();
225
  //Flush the WordPress rewrites
226
  HMW_Classes_Tools::flushWPRewrites();
 
227
 
228
- //Flush the changes
229
- HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
230
 
231
- if ( ! HMW_Classes_Error::isError() ) {
 
 
 
232
 
233
- if ( ! HMW_Classes_Tools::getOption( 'logout' ) || HMW_Classes_Tools::getOption( 'hmw_mode' ) == 'default' ) {
234
- //Save the working options into backup
235
- HMW_Classes_Tools::saveOptionsBackup();
236
- }
237
 
238
- HMW_Classes_Error::setError( __( 'Saved' ), 'success' );
 
239
 
240
- //Send email notification about the path changed
241
- HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->sendEmail();
242
 
 
 
243
 
244
  if ( HMW_Classes_Tools::isNginx() && ! HMW_Classes_Tools::getOption( 'test_frontend' ) && HMW_Classes_Tools::getOption( 'hmw_mode' ) <> 'default' ) {
245
  $config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
@@ -368,7 +406,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
368
  }
369
 
370
  //Clear the cache if there are no errors
371
- if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
372
 
373
  if ( ! HMW_Classes_Tools::getOption( 'logout' ) ) {
374
  //Save the working options into backup
@@ -384,17 +422,12 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
384
 
385
  break;
386
  case 'hmw_abort':
387
- //get the token
388
- $hmw_token = HMW_Classes_Tools::getOption( 'hmw_token' );
389
  //get the safe options from database
390
  HMW_Classes_Tools::$options = HMW_Classes_Tools::getOptions( true );
391
  //set th eprevious admin path
392
- if($hmw_token) HMW_Classes_Tools::saveOptions( 'hmw_token',$hmw_token);
393
  HMW_Classes_Tools::saveOptions( 'error', false );
394
- //set logout to false
395
- HMW_Classes_Tools::saveOptions( 'logout', false );
396
- //set test frontend to false
397
- HMW_Classes_Tools::saveOptions( 'test_frontend', false );
398
 
399
  //Clear the cache if there are no errors
400
  HMW_Classes_Tools::emptyCache();
@@ -410,6 +443,11 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
410
  $cookies = HMW_Classes_ObjController::newInstance( 'HMW_Models_Cookies' );
411
 
412
  if ( HMW_Classes_Tools::isNginx() || $cookies->setCookiesCurrentPath() ) {
 
 
 
 
 
413
  remove_all_filters( 'wp_redirect' );
414
  remove_all_filters( 'admin_url' );
415
  wp_safe_redirect( HMW_Classes_Tools::getSettingsUrl() );
@@ -445,7 +483,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
445
  //Flush the changes
446
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
447
 
448
- if ( ! HMW_Classes_Error::isError() ) {
449
  HMW_Classes_Error::setError( __( 'The list of plugins and themes was updated with success!' ), 'success' );
450
  }
451
  break;
11
  public function __construct() {
12
  parent::__construct();
13
 
14
+ //Show the errors when not on Hide My WP Settings
15
+ if ( HMW_Classes_Tools::getOption( 'logout' ) && ! HMW_Classes_Tools::getOption( 'error' ) ) {
16
+ if ( HMW_Classes_Tools::getValue( 'action' ) == '' && HMW_Classes_Tools::getValue( 'page' ) <> 'hmw_settings' ) {
17
+ add_action( 'admin_notices', array( $this, 'showReconnectError' ) );
18
+ }
19
+ }
20
+
21
  //If save settings is required, show the alert
22
  if ( HMW_Classes_Tools::getOption( 'changes' ) ) {
23
  add_action( 'admin_notices', array( $this, 'showSaveRequires' ) );
32
  }
33
 
34
  /**
35
+ * Initialize the Hide My WP Ghost Settings
36
  * @return void
37
  */
38
  public function init() {
39
+ //Get the current Page
40
  $page = HMW_Classes_Tools::getValue( 'page' );
41
 
42
  //If the page is not for Hide My WP Settings, return
43
+ if($page <> 'hmw_settings'){
44
+ if ( strpos( $page, '-' ) !== false ) {
45
+ if(substr( $page, 0, strpos( $page, '-' ) ) <> 'hmw_settings'){
46
+ return;
47
+ }
48
+ }
49
+ }
50
 
51
  //Check if it's a subpage
52
  if ( strpos( $page, '-' ) !== false ) {
82
  }
83
 
84
  //Check compatibilities with other plugins
 
85
  HMW_Classes_ObjController::getClass( 'HMW_Models_Compatibility' )->getAlerts();
86
 
87
  //Load the css for Settings
122
  $this->tabs = $this->model->getTabs();
123
 
124
 
125
+
126
  //Show the Tab Content
127
  foreach ( $this->tabs as $slug => $value ) {
128
  if ( HMW_Classes_Tools::getValue( 'tab', 'hmw_permalinks' ) == $slug ) {
143
  if ( HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) || HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) ) {
144
  global $pagenow;
145
  if ( $pagenow == 'plugins.php' || HMW_Classes_Tools::getValue( 'page' ) == 'hmw_settings' ) {
 
 
 
146
  ?>
147
  <div class="hmw_notice error notice" style="margin-left: 0;">
148
  <div style="display: inline-block;">
161
  }
162
 
163
 
164
+ /**
165
+ * Show the reconnect alert on all pages
166
+ */
167
+ public function showReconnectError() {
168
+ HMW_Classes_ObjController::getClass( 'HMW_Classes_DisplayController' )->loadMedia( 'alert' );
169
+ ?>
170
+ <div class="hmw_notice error notice" style="margin-left: 0; padding: 5px;">
171
+ <div style="display: inline-block;">
172
+ <p>
173
+ <?php echo sprintf( __( "To activate the new %sHide My WP %s %s settings you need to confirm and re-login!", _HMW_PLUGIN_NAME_ ), '<strong>', _HMW_VER_NAME_, '</strong>' ); ?>
174
+ </p>
175
+ </div>
176
+
177
+ <div class="hmw_logout">
178
+ <form method="POST" action="<?php echo HMW_Classes_Tools::getSettingsUrl() ?>">
179
+ <?php wp_nonce_field( 'hmw_logout', 'hmw_nonce' ) ?>
180
+ <input type="hidden" name="action" value="hmw_logout"/>
181
+ <input type="submit" class="hmw_btn hmw_btn-success" value="<?php echo __( "Yes, I'm ready to re-login", _HMW_PLUGIN_NAME_ ) ?>"/>
182
+ </form>
183
+ </div>
184
+ <div class="hmw_abort" style="display: inline-block;">
185
+ <form method="POST" action="<?php echo HMW_Classes_Tools::getSettingsUrl() ?>">
186
+ <?php wp_nonce_field( 'hmw_abort', 'hmw_nonce' ) ?>
187
+ <input type="hidden" name="action" value="hmw_abort"/>
188
+ <input type="submit" class="hmw_btn hmw_btn-warning" value="<?php echo __( "No, abort", _HMW_PLUGIN_NAME_ ) ?>"/>
189
+ </form>
190
+ </div>
191
+
192
+ </div>
193
+ <?php
194
+ }
195
+
196
+
197
  /**
198
  * Get the Admin Toolbar
199
  *
234
  }
235
 
236
  /**
237
+ * Called when an action is triggered
238
  * @throws Exception
239
  */
240
  public function action() {
252
  $this->model->savePermalinks( $_POST );
253
  }
254
 
 
255
  if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
 
256
  //Force the rechck security notification
257
  delete_option( 'hmw_securitycheck_time' );
258
  //Clear the cache if there are no errors
259
  HMW_Classes_Tools::emptyCache();
260
  //Flush the WordPress rewrites
261
  HMW_Classes_Tools::flushWPRewrites();
262
+ }
263
 
264
+ //If no errors and no reconnect required
265
+ if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
266
 
267
+ if ( ! HMW_Classes_Tools::getOption( 'logout' ) || HMW_Classes_Tools::getOption( 'hmw_mode' ) == 'default' ) {
268
+ //Save the working options into backup
269
+ HMW_Classes_Tools::saveOptionsBackup();
270
+ }
271
 
 
 
 
 
272
 
273
+ //Send email notification about the path changed
274
+ HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->sendEmail();
275
 
276
+ //Flush the changes
277
+ HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
278
 
279
+ if ( ! HMW_Classes_Error::isError() ) {
280
+ HMW_Classes_Error::setError( __( 'Saved' ), 'success' );
281
 
282
  if ( HMW_Classes_Tools::isNginx() && ! HMW_Classes_Tools::getOption( 'test_frontend' ) && HMW_Classes_Tools::getOption( 'hmw_mode' ) <> 'default' ) {
283
  $config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
406
  }
407
 
408
  //Clear the cache if there are no errors
409
+ if ( !HMW_Classes_Tools::getOption( 'error' ) ) {
410
 
411
  if ( ! HMW_Classes_Tools::getOption( 'logout' ) ) {
412
  //Save the working options into backup
422
 
423
  break;
424
  case 'hmw_abort':
 
 
425
  //get the safe options from database
426
  HMW_Classes_Tools::$options = HMW_Classes_Tools::getOptions( true );
427
  //set th eprevious admin path
428
+ HMW_Classes_Tools::saveOptions( 'hmw_admin_url', HMW_Classes_Tools::getOption( 'hmw_admin_url' ) );
429
  HMW_Classes_Tools::saveOptions( 'error', false );
430
+ HMW_Classes_Tools::saveOptions( 'logout', false );
 
 
 
431
 
432
  //Clear the cache if there are no errors
433
  HMW_Classes_Tools::emptyCache();
443
  $cookies = HMW_Classes_ObjController::newInstance( 'HMW_Models_Cookies' );
444
 
445
  if ( HMW_Classes_Tools::isNginx() || $cookies->setCookiesCurrentPath() ) {
446
+ //set logout to false
447
+ HMW_Classes_Tools::saveOptions( 'logout', false );
448
+ //activate frontend test
449
+ HMW_Classes_Tools::saveOptions( 'test_frontend', true );
450
+
451
  remove_all_filters( 'wp_redirect' );
452
  remove_all_filters( 'admin_url' );
453
  wp_safe_redirect( HMW_Classes_Tools::getSettingsUrl() );
483
  //Flush the changes
484
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
485
 
486
+ if ( !HMW_Classes_Error::isError() ) {
487
  HMW_Classes_Error::setError( __( 'The list of plugins and themes was updated with success!' ), 'success' );
488
  }
489
  break;
index.php CHANGED
@@ -6,9 +6,9 @@
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9
- Version: 4.1.03
10
  Author: WPPlugins - WordPress Security Plugins
11
- Author URI: https://hidemywp.co
12
  License: GPLv2 or later
13
  License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14
  Text Domain: hide-my-wp
@@ -16,7 +16,7 @@
16
  */
17
 
18
  if (defined( 'NONCE_KEY' ) && defined( 'ABSPATH' ) && ! defined( 'HMW_VERSION' ) ) {
19
- define( 'HMW_VERSION', '4.1.03' );
20
  /* Call config files */
21
  require( dirname( __FILE__ ) . '/debug/index.php' );
22
  require( dirname( __FILE__ ) . '/config/config.php' );
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9
+ Version: 4.1.02
10
  Author: WPPlugins - WordPress Security Plugins
11
+ Author URI: https://wpplugins.tips
12
  License: GPLv2 or later
13
  License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14
  Text Domain: hide-my-wp
16
  */
17
 
18
  if (defined( 'NONCE_KEY' ) && defined( 'ABSPATH' ) && ! defined( 'HMW_VERSION' ) ) {
19
+ define( 'HMW_VERSION', '4.1.02' );
20
  /* Call config files */
21
  require( dirname( __FILE__ ) . '/debug/index.php' );
22
  require( dirname( __FILE__ ) . '/config/config.php' );
models/Compatibility.php CHANGED
@@ -9,7 +9,7 @@ class HMW_Models_Compatibility {
9
 
10
  //Check compatibility with Really Simple SSL
11
  if ( HMW_Classes_Tools::isPluginActive( 'really-simple-ssl/rlrsssl-really-simple-ssl.php' ) ) {
12
- add_action( 'hmw_flushed_rewrites', array( $this, 'checkSimpleSSLRewrites' ) );
13
  }
14
  } else {
15
  defined( 'WPFC_REMOVE_FOOTER_COMMENT' ) || define( 'WPFC_REMOVE_FOOTER_COMMENT', true );
@@ -67,10 +67,6 @@ class HMW_Models_Compatibility {
67
  if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
68
  $_SERVER['HTTP_REFERER'] = HMW_Classes_ObjController::getClass( 'HMW_Models_Files' )->getOriginalUrl( $_SERVER['HTTP_REFERER'] );
69
  }
70
-
71
- // add the correct text direction for WPML plugin
72
- add_action( 'admin_print_styles', array( $this, 'setTextDirection' ), 1 );
73
-
74
  }
75
 
76
  //Compativility with iThemes security plugin
@@ -85,12 +81,6 @@ class HMW_Models_Compatibility {
85
  }
86
  }
87
 
88
-
89
- //Add Compatibility with PPress plugin
90
- if ( HMW_Classes_Tools::isPluginActive( 'ppress/profilepress.php' ) ) {
91
- add_action( 'hmw_login_init', array( $this, 'ppressCompatibility' ) );
92
- }
93
-
94
  if ( ! is_admin() ) {
95
  try {
96
  //Robots.txt compatibility with other plugins
@@ -544,10 +534,10 @@ class HMW_Models_Compatibility {
544
  if ( method_exists( $wp_filesystem, 'get_contents' ) && method_exists( $wp_filesystem, 'put_contents' ) ) {
545
 
546
  $config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
547
- $htaccess = $wp_filesystem->get_contents( $config_file );
548
  preg_match( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", $htaccess, $match );
549
 
550
- if ( isset( $match[0] ) && ! empty( $match[0] ) ) {
551
  $htaccess = preg_replace( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", "", $htaccess );
552
  $htaccess = $match[0] . PHP_EOL . $htaccess;
553
  $htaccess = preg_replace( "/\n+/", "\n", $htaccess );
@@ -585,9 +575,7 @@ class HMW_Models_Compatibility {
585
 
586
  /**
587
  * The MU plugin content
588
- *
589
  * @param $pluginBasename
590
- *
591
  * @return string
592
  */
593
  public function buildLoaderContent( $pluginBasename ) {
@@ -607,7 +595,6 @@ class HMW_Models_Compatibility {
607
 
608
  /**
609
  * Add the MU file
610
- *
611
  * @param $loaderName
612
  * @param $loaderContent
613
  */
@@ -636,53 +623,16 @@ class HMW_Models_Compatibility {
636
 
637
  /**
638
  * Delete the MU file
639
- *
640
  * @param $loaderName
641
  */
642
  public function deregisterMUPlugin( $loaderName ) {
643
  $mustUsePluginDir = rtrim( WPMU_PLUGIN_DIR, '/' );
644
- $loaderPath = $mustUsePluginDir . '/' . $loaderName;
645
 
646
- if ( ! file_exists( $loaderPath ) ) {
647
  return;
648
  }
649
 
650
  @unlink( $loaderPath );
651
  }
652
-
653
- /**
654
- * Force the DB text direction for some themes and plugins
655
- */
656
- public function setTextDirection() {
657
-
658
- if ( function_exists( 'get_current_user_id' ) ) {
659
- $user_id = get_current_user_id();
660
- $direction = get_user_meta( $user_id, 'rtladminbar', true );
661
-
662
- global $wp_styles;
663
- if ( isset( $wp_styles->text_direction ) ) {
664
- $wp_styles->text_direction = $direction;
665
- }
666
- }
667
-
668
- }
669
-
670
- /**
671
- * Add Compatibility with PPress plugin
672
- * Load the post from Ppress for the login page
673
- */
674
- public function ppressCompatibility() {
675
- //Add compatibility with PPress plugin
676
- $data = get_option( 'pp_settings_data' );
677
- if ( class_exists( 'WP_Query' ) && isset( $data['set_login_url'] ) && (int) $data['set_login_url'] > 0 ) {
678
- $query = new WP_Query( array( 'p' => $data['set_login_url'], 'post_type' => 'any' ) );
679
- if ( $query->have_posts() ) {
680
- $query->the_post();
681
- get_header();
682
- the_content();
683
- get_footer();
684
- }
685
- exit();
686
- }
687
- }
688
  }
9
 
10
  //Check compatibility with Really Simple SSL
11
  if ( HMW_Classes_Tools::isPluginActive( 'really-simple-ssl/rlrsssl-really-simple-ssl.php' ) ) {
12
+ add_action( 'hmw_flushed_rewrites', array($this, 'checkSimpleSSLRewrites') );
13
  }
14
  } else {
15
  defined( 'WPFC_REMOVE_FOOTER_COMMENT' ) || define( 'WPFC_REMOVE_FOOTER_COMMENT', true );
67
  if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
68
  $_SERVER['HTTP_REFERER'] = HMW_Classes_ObjController::getClass( 'HMW_Models_Files' )->getOriginalUrl( $_SERVER['HTTP_REFERER'] );
69
  }
 
 
 
 
70
  }
71
 
72
  //Compativility with iThemes security plugin
81
  }
82
  }
83
 
 
 
 
 
 
 
84
  if ( ! is_admin() ) {
85
  try {
86
  //Robots.txt compatibility with other plugins
534
  if ( method_exists( $wp_filesystem, 'get_contents' ) && method_exists( $wp_filesystem, 'put_contents' ) ) {
535
 
536
  $config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
537
+ $htaccess = $wp_filesystem->get_contents( $config_file );
538
  preg_match( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", $htaccess, $match );
539
 
540
+ if ( isset( $match[0] ) && !empty( $match[0] ) ) {
541
  $htaccess = preg_replace( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", "", $htaccess );
542
  $htaccess = $match[0] . PHP_EOL . $htaccess;
543
  $htaccess = preg_replace( "/\n+/", "\n", $htaccess );
575
 
576
  /**
577
  * The MU plugin content
 
578
  * @param $pluginBasename
 
579
  * @return string
580
  */
581
  public function buildLoaderContent( $pluginBasename ) {
595
 
596
  /**
597
  * Add the MU file
 
598
  * @param $loaderName
599
  * @param $loaderContent
600
  */
623
 
624
  /**
625
  * Delete the MU file
 
626
  * @param $loaderName
627
  */
628
  public function deregisterMUPlugin( $loaderName ) {
629
  $mustUsePluginDir = rtrim( WPMU_PLUGIN_DIR, '/' );
630
+ $loaderPath = $mustUsePluginDir . '/' . $loaderName;
631
 
632
+ if ( !file_exists( $loaderPath ) ) {
633
  return;
634
  }
635
 
636
  @unlink( $loaderPath );
637
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
638
  }
models/Rewrite.php CHANGED
@@ -645,7 +645,8 @@ class HMW_Models_Rewrite {
645
  $rewritecode .= $this->getIISRules( '' );
646
  if ( $rewritecode <> '' ) {
647
  HMW_Classes_Error::setError( sprintf( __( 'IIS detected. You need to update your %s file by adding the following lines after &lt;rules&gt; tag: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
648
- return false; //always show IIS rewrites
 
649
  }
650
 
651
  }
@@ -687,7 +688,7 @@ class HMW_Models_Rewrite {
687
 
688
  if ( $rewritecode <> '' ) {
689
  HMW_Classes_Error::setError( sprintf( __( 'WpEngine detected. Add the redirects in the WpEngine Redirect rules panel %s', _HMW_PLUGIN_NAME_ ), '<strong><a href="https://wpengine.com/support/redirect/" target="_blank" style="color: red">' . __( "Learn How To Add the Code", _HMW_PLUGIN_NAME_ ) . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form . '<br />' ) );
690
- $success = false; //always show WpEngine rewrites
691
  }
692
 
693
  return $success;
@@ -787,8 +788,11 @@ class HMW_Models_Rewrite {
787
 
788
 
789
  if ( $rewritecode <> '' ) {
790
- if ( !HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInHtaccess( $rewritecode, 'HMWP_RULES' ) ) {
 
 
791
  HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You need to update your %s file by adding the following lines at the beginning of the file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
 
792
  return false;
793
  }
794
  } else {
@@ -820,12 +824,13 @@ class HMW_Models_Rewrite {
820
  if ( $rewritecode <> '' ) {
821
  if ( ! HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( $rewritecode, 'HMWP_RULES' ) ) {
822
  HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You have to added it manually at the beginning of the %s file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong># BEGIN HMWP_RULES<br />' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '# END HMW_RULES</strong></pre>' ) );
823
- return false;
824
  }
825
  } else {
826
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( '', 'HMWP_RULES' );
827
  }
828
 
 
 
829
  }
830
 
831
  return true;
@@ -1134,6 +1139,7 @@ class HMW_Models_Rewrite {
1134
  ), HMW_VERSION_ID, true );
1135
  /////////////////////////////////////////////////////////
1136
 
 
1137
  //remove clasiera theme loop
1138
  remove_action( "login_init", "classiera_cubiq_login_init" );
1139
  remove_filter( "login_redirect", "buddyboss_redirect_previous_page" );
@@ -1159,8 +1165,6 @@ class HMW_Models_Rewrite {
1159
 
1160
  HMW_Classes_ObjController::getClass( 'HMW_Models_Cookies' )->setTestCookie();
1161
  }
1162
-
1163
- do_action('hmw_login_init');
1164
  }
1165
 
1166
  /**
645
  $rewritecode .= $this->getIISRules( '' );
646
  if ( $rewritecode <> '' ) {
647
  HMW_Classes_Error::setError( sprintf( __( 'IIS detected. You need to update your %s file by adding the following lines after &lt;rules&gt; tag: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
648
+
649
+ return false;
650
  }
651
 
652
  }
688
 
689
  if ( $rewritecode <> '' ) {
690
  HMW_Classes_Error::setError( sprintf( __( 'WpEngine detected. Add the redirects in the WpEngine Redirect rules panel %s', _HMW_PLUGIN_NAME_ ), '<strong><a href="https://wpengine.com/support/redirect/" target="_blank" style="color: red">' . __( "Learn How To Add the Code", _HMW_PLUGIN_NAME_ ) . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form . '<br />' ) );
691
+ $success = false;
692
  }
693
 
694
  return $success;
788
 
789
 
790
  if ( $rewritecode <> '' ) {
791
+ if ( HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInHtaccess( $rewritecode, 'HMWP_RULES' ) ) {
792
+ return true;
793
+ } else {
794
  HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You need to update your %s file by adding the following lines at the beginning of the file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
795
+
796
  return false;
797
  }
798
  } else {
824
  if ( $rewritecode <> '' ) {
825
  if ( ! HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( $rewritecode, 'HMWP_RULES' ) ) {
826
  HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You have to added it manually at the beginning of the %s file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong># BEGIN HMWP_RULES<br />' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '# END HMW_RULES</strong></pre>' ) );
 
827
  }
828
  } else {
829
  HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( '', 'HMWP_RULES' );
830
  }
831
 
832
+ return false;
833
+
834
  }
835
 
836
  return true;
1139
  ), HMW_VERSION_ID, true );
1140
  /////////////////////////////////////////////////////////
1141
 
1142
+
1143
  //remove clasiera theme loop
1144
  remove_action( "login_init", "classiera_cubiq_login_init" );
1145
  remove_filter( "login_redirect", "buddyboss_redirect_previous_page" );
1165
 
1166
  HMW_Classes_ObjController::getClass( 'HMW_Models_Cookies' )->setTestCookie();
1167
  }
 
 
1168
  }
1169
 
1170
  /**
models/Settings.php CHANGED
@@ -67,84 +67,72 @@ class HMW_Models_Settings {
67
  'title' => __("SEO SQUIRRLY"),
68
  'banner' => '//ps.w.org/squirrly-seo/assets/banner-772x250.png?rev=2302934',
69
  'description' => __("A.I.-based Private SEO Consultant. In a Plugin. Powered by Machine Learning and Cloud Services. Over 300 functionalities for SEO now available when you need them.") . '<div class="text-success my-2">' . 'SEO Plugin' . '</div>',
70
- 'path' => 'squirrly-seo/squirrly.php',
71
  'url' => 'https://wpplugins.tips/plugin/squirrly-seo'
72
  ),
73
  'wp-rocket' => array(
74
  'title' => __("WP-Rocket"),
75
  'banner' => _HMW_THEME_URL_ . 'img/plugins/wp-rocket-banner.jpg',
76
  'description' => __("WP Rocket is in fact the only cache plugin which integrates more than 80% of web performance best practices even without any options activated. ") . '<div class="text-success my-2">' . 'Cache Plugin' . '</div>',
77
- 'path' => 'wp-rocket/wp-rocket.php',
78
  'url' => 'https://wpplugins.tips/plugin/wp-rocket'
79
  ),
80
  'autoptimize' => array(
81
  'title' => __("Autoptimize"),
82
  'banner' => '//ps.w.org/autoptimize/assets/banner-772x250.jpg?rev=1315920',
83
  'description' => __("Autoptimize speeds up your website by optimizing JS, CSS and HTML, async-ing JavaScript, removing emoji cruft, optimizing Google Fonts and more.") . '<div class="text-success my-2">' . 'Cache plugin' . '</div>',
84
- 'path' => 'autoptimize/autoptimize.php',
85
  'url' => 'https://wordpress.org/plugins/autoptimize/'
86
  ),
87
  'ninjaforms' => array(
88
  'title' => __("Ninja Forms"),
89
  'banner' => '//ps.w.org/ninja-forms/assets/banner-772x250.png?rev=2069024',
90
  'description' => __("Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',
91
- 'path' => 'minify-html-markup/minify-html.php',
92
  'url' => 'https://wpplugins.tips/plugin/ninja-forms'
93
  ),
94
  'wpforms' => array(
95
  'title' => __("WP Forms"),
96
  'banner' => '//ps.w.org/wpforms-lite/assets/banner-772x250.png?rev=1371112',
97
  'description' => __("WPForms allows you to create beautiful contact forms, feedback form, subscription forms, payment forms, and other types of forms for your site in minutes, not hours!") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',
98
- 'path' => 'wpforms-lite/wpforms.php',
99
  'url' => 'https://wpplugins.tips/plugin/wp-forms'
100
  ),
101
  'better-wp-security' => array(
102
  'title' => __("iThemes Security"),
103
  'banner' => '//ps.w.org/better-wp-security/assets/banner-772x250.png?rev=881897',
104
  'description' => __("iThemes Security gives you over 30+ ways to secure and protect your WP site. WP sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',
105
- 'path' => 'better-wp-security/better-wp-security.php',
106
  'url' => 'https://wpplugins.tips/plugin/ithemes'
107
  ),
108
  'sucuri-scanner' => array(
109
  'title' => __("Sucuri Security"),
110
  'banner' => '//ps.w.org/sucuri-scanner/assets/banner-772x250.png?rev=1235419',
111
  'description' => __("The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',
112
- 'path' => 'sucuri-scanner/sucuri.php',
113
  'url' => 'https://wordpress.org/plugins/sucuri-scanner/'
114
  ),
115
  'backupwordpress' => array(
116
  'title' => __("Back Up WordPress"),
117
  'banner' => '//ps.w.org/backupwordpress/assets/banner-772x250.jpg?rev=904756',
118
  'description' => __("Simple automated backups of your WordPress-powered website. Back Up WordPress will back up your entire site including your database and all your files on a schedule that suits you.") . '<div class="text-success my-2">' . 'Backup Plugin' . '</div>',
119
- 'path' => 'backupwordpress/backupwordpress.php',
120
  'url' => 'https://wordpress.org/plugins/backupwordpress/'
121
  ),
122
  'elementor' => array(
123
  'title' => __("Elementor Builder"),
124
  'banner' => '//ps.w.org/elementor/assets/banner-772x250.png?rev=1475479',
125
  'description' => __("The most advanced frontend drag & drop page builder. Create high-end, pixel perfect websites at record speeds. Any theme, any page, any design.") . '<div class="text-success my-2">' . 'Page Builder' . '</div>',
126
- 'path' => 'elementor/elementor.php',
127
  'url' => 'https://wpplugins.tips/plugin/elementor'
128
  ),
129
  'weglot' => array(
130
  'title' => __("Weglot Translate"),
131
  'banner' => '//ps.w.org/weglot/assets/banner-772x250.png?rev=2186774',
132
  'description' => __("Translate your website into multiple languages without any code. Weglot Translate is fully SEO compatible and follows Google's best practices.") . '<div class="text-success my-2">' . 'Multilingual' . '</div>',
133
- 'path' => 'weglot/weglot.php',
134
  'url' => 'https://wordpress.org/plugins/weglot/'
135
  ),
136
  'facebook-pixel' => array(
137
  'title' => __("Facebook Pixel"),
138
  'banner' => '//ps.w.org/pixelyoursite/assets/banner-772x250.jpg?rev=2163168',
139
  'description' => __("Manage your Facebook Pixel or Google Analytics code with a single plugin and add ANY other script (Head & Footer feature). The Pinterest Tag can be implemented via free add-on.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',
140
- 'path' => 'pixelyoursite/pixelyoursite.php',
141
  'url' => 'https://wpplugins.tips/plugin/facebook-pixel'
142
  ),
143
  'maintenance' => array(
144
  'title' => __("Maintenance"),
145
  'banner' => '//ps.w.org/maintenance/assets/banner-772x250.png?rev=1637471',
146
  'description' => __("Maintenance plugin allows the WordPress site administrator to close the website for maintenance, set a temporary page with authorization, which can be edited via the plugin settings.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',
147
- 'path' => 'add-to-any/add-to-any.php',
148
  'url' => 'https://wordpress.org/plugins/maintenance/'
149
  ),
150
  );
67
  'title' => __("SEO SQUIRRLY"),
68
  'banner' => '//ps.w.org/squirrly-seo/assets/banner-772x250.png?rev=2302934',
69
  'description' => __("A.I.-based Private SEO Consultant. In a Plugin. Powered by Machine Learning and Cloud Services. Over 300 functionalities for SEO now available when you need them.") . '<div class="text-success my-2">' . 'SEO Plugin' . '</div>',
 
70
  'url' => 'https://wpplugins.tips/plugin/squirrly-seo'
71
  ),
72
  'wp-rocket' => array(
73
  'title' => __("WP-Rocket"),
74
  'banner' => _HMW_THEME_URL_ . 'img/plugins/wp-rocket-banner.jpg',
75
  'description' => __("WP Rocket is in fact the only cache plugin which integrates more than 80% of web performance best practices even without any options activated. ") . '<div class="text-success my-2">' . 'Cache Plugin' . '</div>',
 
76
  'url' => 'https://wpplugins.tips/plugin/wp-rocket'
77
  ),
78
  'autoptimize' => array(
79
  'title' => __("Autoptimize"),
80
  'banner' => '//ps.w.org/autoptimize/assets/banner-772x250.jpg?rev=1315920',
81
  'description' => __("Autoptimize speeds up your website by optimizing JS, CSS and HTML, async-ing JavaScript, removing emoji cruft, optimizing Google Fonts and more.") . '<div class="text-success my-2">' . 'Cache plugin' . '</div>',
 
82
  'url' => 'https://wordpress.org/plugins/autoptimize/'
83
  ),
84
  'ninjaforms' => array(
85
  'title' => __("Ninja Forms"),
86
  'banner' => '//ps.w.org/ninja-forms/assets/banner-772x250.png?rev=2069024',
87
  'description' => __("Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',
 
88
  'url' => 'https://wpplugins.tips/plugin/ninja-forms'
89
  ),
90
  'wpforms' => array(
91
  'title' => __("WP Forms"),
92
  'banner' => '//ps.w.org/wpforms-lite/assets/banner-772x250.png?rev=1371112',
93
  'description' => __("WPForms allows you to create beautiful contact forms, feedback form, subscription forms, payment forms, and other types of forms for your site in minutes, not hours!") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',
 
94
  'url' => 'https://wpplugins.tips/plugin/wp-forms'
95
  ),
96
  'better-wp-security' => array(
97
  'title' => __("iThemes Security"),
98
  'banner' => '//ps.w.org/better-wp-security/assets/banner-772x250.png?rev=881897',
99
  'description' => __("iThemes Security gives you over 30+ ways to secure and protect your WP site. WP sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',
 
100
  'url' => 'https://wpplugins.tips/plugin/ithemes'
101
  ),
102
  'sucuri-scanner' => array(
103
  'title' => __("Sucuri Security"),
104
  'banner' => '//ps.w.org/sucuri-scanner/assets/banner-772x250.png?rev=1235419',
105
  'description' => __("The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',
 
106
  'url' => 'https://wordpress.org/plugins/sucuri-scanner/'
107
  ),
108
  'backupwordpress' => array(
109
  'title' => __("Back Up WordPress"),
110
  'banner' => '//ps.w.org/backupwordpress/assets/banner-772x250.jpg?rev=904756',
111
  'description' => __("Simple automated backups of your WordPress-powered website. Back Up WordPress will back up your entire site including your database and all your files on a schedule that suits you.") . '<div class="text-success my-2">' . 'Backup Plugin' . '</div>',
 
112
  'url' => 'https://wordpress.org/plugins/backupwordpress/'
113
  ),
114
  'elementor' => array(
115
  'title' => __("Elementor Builder"),
116
  'banner' => '//ps.w.org/elementor/assets/banner-772x250.png?rev=1475479',
117
  'description' => __("The most advanced frontend drag & drop page builder. Create high-end, pixel perfect websites at record speeds. Any theme, any page, any design.") . '<div class="text-success my-2">' . 'Page Builder' . '</div>',
 
118
  'url' => 'https://wpplugins.tips/plugin/elementor'
119
  ),
120
  'weglot' => array(
121
  'title' => __("Weglot Translate"),
122
  'banner' => '//ps.w.org/weglot/assets/banner-772x250.png?rev=2186774',
123
  'description' => __("Translate your website into multiple languages without any code. Weglot Translate is fully SEO compatible and follows Google's best practices.") . '<div class="text-success my-2">' . 'Multilingual' . '</div>',
 
124
  'url' => 'https://wordpress.org/plugins/weglot/'
125
  ),
126
  'facebook-pixel' => array(
127
  'title' => __("Facebook Pixel"),
128
  'banner' => '//ps.w.org/pixelyoursite/assets/banner-772x250.jpg?rev=2163168',
129
  'description' => __("Manage your Facebook Pixel or Google Analytics code with a single plugin and add ANY other script (Head & Footer feature). The Pinterest Tag can be implemented via free add-on.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',
 
130
  'url' => 'https://wpplugins.tips/plugin/facebook-pixel'
131
  ),
132
  'maintenance' => array(
133
  'title' => __("Maintenance"),
134
  'banner' => '//ps.w.org/maintenance/assets/banner-772x250.png?rev=1637471',
135
  'description' => __("Maintenance plugin allows the WordPress site administrator to close the website for maintenance, set a temporary page with authorization, which can be edited via the plugin settings.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',
 
136
  'url' => 'https://wordpress.org/plugins/maintenance/'
137
  ),
138
  );
readme.txt CHANGED
@@ -2,10 +2,10 @@
2
  Contributors: johndarrel
3
  Tags: security, wordpress security, firewall, hide my wp, hide wp-admin, hide wp-login, hide wordpress, hide wp, security plugin, ocultar mi wp, hide my site, hide my wordpress
4
  Requires at least: 4.3
5
- Tested up to: 5.6
6
  Requires PHP: 5.6
7
  Stable tag: trunk
8
- Donate link: https://hidemywpghost.com/hide-my-wp-pricing/
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -62,7 +62,7 @@ Please support us and **translate the plugin in your language**:
62
 
63
  Thank you all for your trust, support and positive reviews!
64
 
65
- > **Hide My WP Ghost FREE Security Features (over 40 free security options)**:
66
  >
67
  > * <strong>Hide WordPress wp-admin</strong> URL and redirect it to 404 page or a custom page
68
  > * <strong>Hide WordPress wp-login.php</strong> and redirect it to 404 page or a custom page
@@ -70,11 +70,9 @@ Thank you all for your trust, support and positive reviews!
70
  > * <strong>Change lost password</strong> URL
71
  > * <strong>Change register</strong> URL
72
  > * <strong>Change logout</strong> URL
73
- > * <strong>Change activation</strong> URL
74
  > * <strong>Change admin-ajax</strong> URL
75
  > * <strong>Change wp-content</strong> URL
76
  > * <strong>Change wp-includes</strong> URL
77
- > * <strong>Change uploads</strong> URL
78
  > * <strong>Change comments</strong> URL
79
  > * <strong>Change author</strong> URL
80
  > * <strong>Change plugins name</strong> URL
@@ -82,30 +80,14 @@ Thank you all for your trust, support and positive reviews!
82
  > * <strong>Change category</strong> URL
83
  > * <strong>Change tags</strong> URL
84
  >
85
- > * <strong>Custom login redirects</strong> based on useer role
86
- > * <strong>Custom logout redirects</strong> based on useer role
87
- >
88
- > * <strong>Change URLs from Relative to Absolute</strong>
89
- > * <strong>Change URLs in Ajax calls</strong>
90
- > * <strong>Change URLs for Logged Users</strong>
91
- > * <strong>Change paths in Sitemap.xml</strong>
92
- > * <strong>Change paths in Robots.txt</strong>
93
- >
94
  > **Hidden Paths: **
95
  >
96
- > * <strong>Hide /wp-admin Path</strong>
97
- > * <strong>Hide /wp-login Path</strong>
98
- > * <strong>Hide /login Path</strong>
99
- > * <strong>Hide plugins Paths</strong>
100
- > * <strong>Hide themes Paths</strong>
101
- > * <strong>Hide REST API wp-json</strong>
102
  > * <strong>Hide WordPress HTML comments</strong>
103
  > * <strong>Hide Version and WordPress Tags</strong>
104
  > * <strong>Hide DNS Prefetch WordPress link</strong>
105
  > * <strong>Hide WordPress Generator Meta</strong>
106
  > * <strong>Hide RSD (Really Simple Directory) header</strong>
107
  > * <strong>Hide Emojicons if you don't use them</strong>
108
-
109
  >
110
  > **Disable Paths: **
111
  >
@@ -126,18 +108,16 @@ Thank you all for your trust, support and positive reviews!
126
  > * <strong>Cache CSS, JS and Images</strong> to optimize the loading speed
127
  > * <strong>Weekly security check and reports</strong>
128
  >
129
- > **See All FREE Security Features: **
130
- > <a href="https://hidemywp.co/security-features/">https://hidemywp.co/security-features/</a>
131
-
132
 
133
  Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
134
 
135
- Plugins Compatibility updates: **ManageWP, WPML, W3 Total Cache, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache,
136
  Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress,
137
  All In One SEO, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security,
138
  Back-Up WordPress, Elementor Page Builder, Weglot Translate, AddToAny Share Btn, WordFence Security, Sucuri Security, Asset CleanUp**
139
 
140
- Hosting Compatibility checked: **WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Litespeed Hosting, Flyweels Hosting**
 
141
 
142
 
143
  To **hide all the common WordPress paths** you need Hide My WP Ghost version. Check all the Ghost security features below.
@@ -163,11 +143,11 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
163
 
164
  > **Hide My WP Ghost Premium security features**:
165
  >
166
- > * Hide WordPress /wp-admin path
167
- > * Hide WordPress /wp-login.php path
168
- > * Hide WordPress /wp-login/ path
169
- > * Hide WordPress /login path
170
- > * Custom wp-admin and wp-login paths
171
  > * Custom admin-ajax.php URLs
172
  > * Custom lost password URL
173
  > * Custom register URL
@@ -175,7 +155,7 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
175
  > * Custom logout URL
176
  > * Custom wp-includes path
177
  > * Custom wp-content path
178
- > * Custom REST API wp-json path
179
  > * Custom plugins name
180
  > * Custom themes name
181
  > * Custom themes style name
@@ -186,27 +166,22 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
186
  > * Custom category path
187
  > * Custom tags path
188
  >
189
- > * Custom login redirects based on useer role
190
- > * Custom logout redirects based on useer role
191
- >
192
  > **Hidden Paths: **
193
  >
194
  > * Hide plugins name
195
  > * Hide themes name
196
  > * Hide style IDs and META IDs
197
  > * Hide author by ID URL
198
- > * Hide WordPress common paths like: wp-content, wp-includes, /plugins, /themes, upgrade.php
199
  > * Hide WordPress common files like: upgrade.php, install.php, activate.php, wp-config.php, etc.
200
  > * Hide RSD (Really Simple Directory) header
201
  > * Hide DNS Prefetch WordPress link
202
  > * Hide WordPress Generator Meta
203
  > * Add Firewall against SQL/Script injection
204
- > * Hide wp-caption, wp-image, wp-blocks, wp-post classes and ids, and more
205
  > * Hide Emojicons if you don't use them
206
- > * Change URLs in Ajax calls
207
- > * Change URLs in all Caches files
208
- > * Change paths in Sitemap.xml
209
- > * Change paths in Robots.txt
210
  >
211
  > **Mapping Text and URLs: **
212
  >
@@ -250,22 +225,11 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
250
  > * Support for IIS
251
  > * Support for LiteSpeed
252
  > * Support for Apache
253
- > * Support for WP Engine
254
- > * Support for Inmotion Hosting
255
- > * Support for Hostgator Hosting
256
- > * Support for Godaddy Hosting
257
- > * Support for Host1plus
258
- > * Support for Payperhost
259
- > * Support for Fastcomet
260
- > * Support for Dreamhost
261
- > * Support for Bitnami Apache
262
- > * Support for Bitnami Nginx
263
- > * Support for Google Cloud Hosting
264
- > * Support for Litespeed Hosting
265
- > * Support for Flyweels Hosting
266
  >
267
- > * Recommended by Wp Rocket
268
- > * Recommended by WPML
269
  >
270
  > **Protection against: **
271
  >
@@ -275,12 +239,18 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
275
  > * Cross Site Scripting (XSS)
276
  > * and more
277
  >
278
- > **See All Premium Security Features: **
279
  > <a href="https://shrsl.com/2jfym">https://hidemywpghost.com</a>
280
  >
 
 
 
281
  > Check the Demo Website:
282
  > <a href="https://demo.wpplugins.tips/">https://demo.wpplugins.tips/</a>
283
-
 
 
 
284
 
285
 
286
  Once you use the Hide My WP Ghost plugin you will get custom upload paths, author paths, plugin paths and so on.
@@ -340,15 +310,7 @@ Enjoy!
340
  8. Run a security check for your website and see all the vulnerabilities
341
 
342
  == Changelog ==
343
- = 4.1.03 (11 Dec 2020) =
344
- * Update - The rules update on adding new plugin or theme
345
- * Update - Compatibility with PPress plugin on Login Page
346
- * Fixed - Rollback the settings when pressing the Abort button
347
- * Fixed - Fixed Backup/Restore rules flash
348
- * Fixed - Add the correct text direction for WPML while in Posts and Pages
349
- * Fixed - Compatibility with WordPress 5.6
350
-
351
- = 4.1.02 (11 Oct 2020 ) =
352
  * Update - Compatibility with Manage WP plugin
353
  * Update - Added the option to disable the REST API wp-json in Hide My WP - Permalinks
354
  * Update - Add the plugin as Must Use plugin for better security and compatibility with other plugins
2
  Contributors: johndarrel
3
  Tags: security, wordpress security, firewall, hide my wp, hide wp-admin, hide wp-login, hide wordpress, hide wp, security plugin, ocultar mi wp, hide my site, hide my wordpress
4
  Requires at least: 4.3
5
+ Tested up to: 5.5
6
  Requires PHP: 5.6
7
  Stable tag: trunk
8
+ Donate link: https://wpplugins.tips/wordpress
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
62
 
63
  Thank you all for your trust, support and positive reviews!
64
 
65
+ > **Hide My WP Ghost Lite Security Features**:
66
  >
67
  > * <strong>Hide WordPress wp-admin</strong> URL and redirect it to 404 page or a custom page
68
  > * <strong>Hide WordPress wp-login.php</strong> and redirect it to 404 page or a custom page
70
  > * <strong>Change lost password</strong> URL
71
  > * <strong>Change register</strong> URL
72
  > * <strong>Change logout</strong> URL
 
73
  > * <strong>Change admin-ajax</strong> URL
74
  > * <strong>Change wp-content</strong> URL
75
  > * <strong>Change wp-includes</strong> URL
 
76
  > * <strong>Change comments</strong> URL
77
  > * <strong>Change author</strong> URL
78
  > * <strong>Change plugins name</strong> URL
80
  > * <strong>Change category</strong> URL
81
  > * <strong>Change tags</strong> URL
82
  >
 
 
 
 
 
 
 
 
 
83
  > **Hidden Paths: **
84
  >
 
 
 
 
 
 
85
  > * <strong>Hide WordPress HTML comments</strong>
86
  > * <strong>Hide Version and WordPress Tags</strong>
87
  > * <strong>Hide DNS Prefetch WordPress link</strong>
88
  > * <strong>Hide WordPress Generator Meta</strong>
89
  > * <strong>Hide RSD (Really Simple Directory) header</strong>
90
  > * <strong>Hide Emojicons if you don't use them</strong>
 
91
  >
92
  > **Disable Paths: **
93
  >
108
  > * <strong>Cache CSS, JS and Images</strong> to optimize the loading speed
109
  > * <strong>Weekly security check and reports</strong>
110
  >
 
 
 
111
 
112
  Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
113
 
114
+ Plugins Compatibility updates: **WPML, W3 Total Cache, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache,
115
  Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress,
116
  All In One SEO, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security,
117
  Back-Up WordPress, Elementor Page Builder, Weglot Translate, AddToAny Share Btn, WordFence Security, Sucuri Security, Asset CleanUp**
118
 
119
+ Hosting Compatibility checked: **WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus,
120
+ Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Litespeed Hosting**
121
 
122
 
123
  To **hide all the common WordPress paths** you need Hide My WP Ghost version. Check all the Ghost security features below.
143
 
144
  > **Hide My WP Ghost Premium security features**:
145
  >
146
+ > * Hide WordPress /wp-admin
147
+ > * Hide WordPress /wp-login.php
148
+ > * Hide WordPress /wp-login/
149
+ > * Hide WordPress /login URL
150
+ > * Custom wp-admin and wp-login URLs
151
  > * Custom admin-ajax.php URLs
152
  > * Custom lost password URL
153
  > * Custom register URL
155
  > * Custom logout URL
156
  > * Custom wp-includes path
157
  > * Custom wp-content path
158
+ > * Custom wp-json API path
159
  > * Custom plugins name
160
  > * Custom themes name
161
  > * Custom themes style name
166
  > * Custom category path
167
  > * Custom tags path
168
  >
 
 
 
169
  > **Hidden Paths: **
170
  >
171
  > * Hide plugins name
172
  > * Hide themes name
173
  > * Hide style IDs and META IDs
174
  > * Hide author by ID URL
175
+ > * Hide WordPress common paths like: wp-content, wp-includes, /plugins, /themes,upgrade.php
176
  > * Hide WordPress common files like: upgrade.php, install.php, activate.php, wp-config.php, etc.
177
  > * Hide RSD (Really Simple Directory) header
178
  > * Hide DNS Prefetch WordPress link
179
  > * Hide WordPress Generator Meta
180
  > * Add Firewall against SQL/Script injection
181
+ > * Hide wp-image and wp-post classes
182
  > * Hide Emojicons if you don't use them
183
+ > * Change URLs in ajax calls
184
+ > * Change URLs in all caches files
 
 
185
  >
186
  > **Mapping Text and URLs: **
187
  >
225
  > * Support for IIS
226
  > * Support for LiteSpeed
227
  > * Support for Apache
228
+ > * Support for Bitnami Servers
229
+ > * Support for Inmotion Servers
 
 
 
 
 
 
 
 
 
 
 
230
  >
231
+ > * Recommended by Wp Rocket plugin
232
+ > https://goo.gl/VTPYWV
233
  >
234
  > **Protection against: **
235
  >
239
  > * Cross Site Scripting (XSS)
240
  > * and more
241
  >
242
+ > See all the **Ghost features**:
243
  > <a href="https://shrsl.com/2jfym">https://hidemywpghost.com</a>
244
  >
245
+ > Hide My WP Ghost **Knowledge Base**:
246
+ > <a href="https://shrsl.com/2jixr">https://hidemywpghost.com</a>
247
+ >
248
  > Check the Demo Website:
249
  > <a href="https://demo.wpplugins.tips/">https://demo.wpplugins.tips/</a>
250
+ >
251
+ > Other websites for Hide My WP Ghost Free:
252
+ > <a href="https://hidemywp.app">https://hidemywp.app</a>
253
+ > <a href="https://hidemywp.co">https://hidemywp.co</a>
254
 
255
 
256
  Once you use the Hide My WP Ghost plugin you will get custom upload paths, author paths, plugin paths and so on.
310
  8. Run a security check for your website and see all the vulnerabilities
311
 
312
  == Changelog ==
313
+ = 4.1.02 =
 
 
 
 
 
 
 
 
314
  * Update - Compatibility with Manage WP plugin
315
  * Update - Added the option to disable the REST API wp-json in Hide My WP - Permalinks
316
  * Update - Add the plugin as Must Use plugin for better security and compatibility with other plugins