Hide My WP Ghost – Security Plugin

Version Description

= * Update - Compatibility with Manage WP plugin * Update - Added the option to disable the REST API wp-json in Hide My WP - Permalinks * Update - Add the plugin as Must Use plugin for better security and compatibility with other plugins * Update - Compatibility with Really Simple SSL plugin * Update - New UX for better understanding of the redirects in Hide My WP > Tweaks * Update - Compatibility with WPML when setting custom wp-admin and admin-ajax * Update - Compatibility with WPML when RTL languages are set in dashboard * Update - Compatibility with bbPress plugin * Update - Compatibility with JetPack plugin * Update - Compatibility with Newspaper theme on XMLWPC.php access * Update - Added Compatibility with WP 5.5.3

Download this release

Release Info

Developer	johndarrel
Plugin	Hide My WP Ghost – Security Plugin
Version	4.1.02
Comparing to
See all releases

Code changes from version 4.1.03 to 4.1.02

Files changed (8) hide show

classes/Error.php +3 -2
controllers/SecurityCheck.php +6 -6
controllers/Settings.php +73 -35
index.php +3 -3
models/Compatibility.php +5 -55
models/Rewrite.php +10 -6
models/Settings.php +0 -12
readme.txt +29 -67

classes/Error.php CHANGED Viewed

	@@ -65,13 +65,14 @@ class HMW_Classes_Error extends HMW_Classes_FrontController {
65	* This hook will show the error in WP header
66	*/
67	public function hookNotices() {

68
69	if (is_array(self::$errors) &&
70	((is_string(HMW_Classes_Tools::getValue('page', '')) && stripos(HMW_Classes_Tools::getValue('page', ''), _HMW_NAMESPACE_) !== false) \|\|
71	(is_string(HMW_Classes_Tools::getValue('plugin', '')) && stripos(HMW_Classes_Tools::getValue('plugin', ''), _HMW_PLUGIN_NAME_) !== false))
72	) {

73
74	- foreach (self::$errors as $error) {
75	switch ($error['type']) {
76	case 'fatal':
77	self::showError(ucfirst(_HMW_PLUGIN_NAME_ . " " . $error['type']) . ': ' . $error['text'], $error['type']);
	@@ -92,7 +93,7 @@ class HMW_Classes_Error extends HMW_Classes_FrontController {
92	* @param string $type
93	*/
94	public static function showError($message, $type = '') {
95	- if (file_exists(_HMW_THEME_DIR_ . 'Notices.php')) {
96	include(_HMW_THEME_DIR_ . 'Notices.php');
97	} else {
98	echo $message;


65	* This hook will show the error in WP header
66	*/
67	public function hookNotices() {
68	+ HMW_Classes_ObjController::getClass('HMW_Classes_DisplayController')->loadMedia('alert');
69
70	if (is_array(self::$errors) &&
71	((is_string(HMW_Classes_Tools::getValue('page', '')) && stripos(HMW_Classes_Tools::getValue('page', ''), _HMW_NAMESPACE_) !== false) \|\|
72	(is_string(HMW_Classes_Tools::getValue('plugin', '')) && stripos(HMW_Classes_Tools::getValue('plugin', ''), _HMW_PLUGIN_NAME_) !== false))
73	) {
74	+ foreach (self::$errors as $error) {
75

76	switch ($error['type']) {
77	case 'fatal':
78	self::showError(ucfirst(_HMW_PLUGIN_NAME_ . " " . $error['type']) . ': ' . $error['text'], $error['type']);

93	* @param string $type
94	*/
95	public static function showError($message, $type = '') {
96	+ if (file_exists(_HMW_THEME_DIR_ . 'Notices.php')) {
97	include(_HMW_THEME_DIR_ . 'Notices.php');
98	} else {
99	echo $message;

controllers/SecurityCheck.php CHANGED Viewed

	@@ -143,7 +143,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
143	'valid' => false,
144	'warning' => false,
145	'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use WP_DEBUG. <br /><br />Unfortunately, many developers forget the debug mode, even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
146	- 'solution' => __( "Disable WP_DEBUG for live websites in ~~wp-config~~.php <code>define('WP_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
147	'javascript' => "javascript::void(0);",
148	),
149	'checkDBDebug' => array(
	@@ -161,7 +161,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
161	'valid' => false,
162	'warning' => false,
163	'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use SCRIPT_DEBUG. Unfortunately, many developers forget the debug mode even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
164	- 'solution' => __( "Disable SCRIPT_DEBUG for live websites in ~~wp-config~~.php <code>define('SCRIPT_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
165	'javascript' => "javascript::void(0);",
166	),
167	'checkDisplayErrors' => array(
	@@ -170,7 +170,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
170	'valid' => false,
171	'warning' => false,
172	'message' => __( "Displaying any kind of debug info in the frontend is extremely bad. If any PHP errors happen on your site they should be logged in a safe place and not displayed to visitors or potential attackers.", _HMW_PLUGIN_NAME_ ),
173	- 'solution' => __( "Edit ~~wp-config~~.php and add <code>ini_set('display_errors', 0);</code>", _HMW_PLUGIN_NAME_ ),
174	),
175	'checkSSL' => array(
176	'name' => __( 'Backend under SSL', _HMW_PLUGIN_NAME_ ),
	@@ -267,7 +267,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
267	'valid' => false,
268	'warning' => false,
269	'message' => __( "There is no such thing as an \"unimportant password\"! The same goes for your WordPress database password. <br />Although most servers are configured so that the database can't be accessed from other hosts (or from outside of the local network), that doesn't mean your database password should be \"12345\" or no password at all.", _HMW_PLUGIN_NAME_ ),
270	- 'solution' => __( "Choose a proper database password, at least 8 characters long with a combination of letters, numbers and special characters. After you change it, set the new password in the ~~wp-config~~.php file <code>define('DB_PASSWORD', 'NEW_DB_PASSWORD_GOES_HERE');</code>", _HMW_PLUGIN_NAME_ ),
271	),
272	// 'checkBlogSiteURL' => array(
273	// 'name' => __("Same Backend and Frontend URLs", _HMW_PLUGIN_NAME_),
	@@ -319,7 +319,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
319	'solution' => sprintf( __( "Change the wp-login from %sHide My Wp > Custom login URL%s and Switch on %sHide My Wp > Brute Force Protection%s", _HMW_PLUGIN_NAME_ ), '<strong>', '</strong>', '<strong>', '</strong>' ),
320	),
321	'checkConfigChmod' => array(
322	- 'name' => __( "/~~wp-config~~.php file is writable", _HMW_PLUGIN_NAME_ ),
323	'value' => false,
324	'valid' => false,
325	'warning' => false,
	@@ -391,7 +391,7 @@ class HMW_Controllers_SecurityCheck extends HMW_Classes_FrontController {
391	'valid' => false,
392	'warning' => false,
393	'message' => __( "The plugins and themes file editor is a very convenient tool because it enables you to make quick changes without the need to use FTP. <br /><br />Unfortunately, it's also a security issue because it not only shows the PHP source code, it also enables attackers to inject malicious code into your site if they manage to gain access to admin.", _HMW_PLUGIN_NAME_ ),
394	- 'solution' => __( "Disable DISALLOW_FILE_EDIT for live websites in ~~wp-config~~.php <code>define('DISALLOW_FILE_EDIT', true);</code>", _HMW_PLUGIN_NAME_ ),
395	'javascript' => "javascript::void(0);",
396	),
397	'checkUploadsBrowsable' => array(


143	'valid' => false,
144	'warning' => false,
145	'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use WP_DEBUG. <br /><br />Unfortunately, many developers forget the debug mode, even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
146	+ 'solution' => __( "Disable WP_DEBUG for live websites in wp_config.php <code>define('WP_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
147	'javascript' => "javascript::void(0);",
148	),
149	'checkDBDebug' => array(

161	'valid' => false,
162	'warning' => false,
163	'message' => __( "Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use SCRIPT_DEBUG. Unfortunately, many developers forget the debug mode even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", _HMW_PLUGIN_NAME_ ),
164	+ 'solution' => __( "Disable SCRIPT_DEBUG for live websites in wp_config.php <code>define('SCRIPT_DEBUG', false);</code>", _HMW_PLUGIN_NAME_ ),
165	'javascript' => "javascript::void(0);",
166	),
167	'checkDisplayErrors' => array(

170	'valid' => false,
171	'warning' => false,
172	'message' => __( "Displaying any kind of debug info in the frontend is extremely bad. If any PHP errors happen on your site they should be logged in a safe place and not displayed to visitors or potential attackers.", _HMW_PLUGIN_NAME_ ),
173	+ 'solution' => __( "Edit wp_config.php and add <code>ini_set('display_errors', 0);</code>", _HMW_PLUGIN_NAME_ ),
174	),
175	'checkSSL' => array(
176	'name' => __( 'Backend under SSL', _HMW_PLUGIN_NAME_ ),

267	'valid' => false,
268	'warning' => false,
269	'message' => __( "There is no such thing as an \"unimportant password\"! The same goes for your WordPress database password. <br />Although most servers are configured so that the database can't be accessed from other hosts (or from outside of the local network), that doesn't mean your database password should be \"12345\" or no password at all.", _HMW_PLUGIN_NAME_ ),
270	+ 'solution' => __( "Choose a proper database password, at least 8 characters long with a combination of letters, numbers and special characters. After you change it, set the new password in the wp_config.php file <code>define('DB_PASSWORD', 'NEW_DB_PASSWORD_GOES_HERE');</code>", _HMW_PLUGIN_NAME_ ),
271	),
272	// 'checkBlogSiteURL' => array(
273	// 'name' => __("Same Backend and Frontend URLs", _HMW_PLUGIN_NAME_),

319	'solution' => sprintf( __( "Change the wp-login from %sHide My Wp > Custom login URL%s and Switch on %sHide My Wp > Brute Force Protection%s", _HMW_PLUGIN_NAME_ ), '<strong>', '</strong>', '<strong>', '</strong>' ),
320	),
321	'checkConfigChmod' => array(
322	+ 'name' => __( "/wp_config.php file is writable", _HMW_PLUGIN_NAME_ ),
323	'value' => false,
324	'valid' => false,
325	'warning' => false,

391	'valid' => false,
392	'warning' => false,
393	'message' => __( "The plugins and themes file editor is a very convenient tool because it enables you to make quick changes without the need to use FTP. <br /><br />Unfortunately, it's also a security issue because it not only shows the PHP source code, it also enables attackers to inject malicious code into your site if they manage to gain access to admin.", _HMW_PLUGIN_NAME_ ),
394	+ 'solution' => __( "Disable DISALLOW_FILE_EDIT for live websites in wp_config.php <code>define('DISALLOW_FILE_EDIT', true);</code>", _HMW_PLUGIN_NAME_ ),
395	'javascript' => "javascript::void(0);",
396	),
397	'checkUploadsBrowsable' => array(

controllers/Settings.php CHANGED Viewed

	@@ -11,6 +11,13 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
11	public function __construct() {
12	parent::__construct();
13







14	//If save settings is required, show the alert
15	if ( HMW_Classes_Tools::getOption( 'changes' ) ) {
16	add_action( 'admin_notices', array( $this, 'showSaveRequires' ) );
	@@ -25,21 +32,21 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
25	}
26
27	/**
28	- * Initialize the Hide My WP Ghost Settings
29	* @return void
30	*/
31	public function init() {
32	- //Get the current Page
33	$page = HMW_Classes_Tools::getValue( 'page' );
34
35	//If the page is not for Hide My WP Settings, return
36	- if ( $page <> 'hmw_settings' ) {
37	- if ( strpos( $page, '-' ) !== false ) {
38	- if ( substr( $page, 0, strpos( $page, '-' ) ) <> 'hmw_settings' ) {
39	- return;
40	- }
41	- }
42	- }
43
44	//Check if it's a subpage
45	if ( strpos( $page, '-' ) !== false ) {
	@@ -75,7 +82,6 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
75	}
76
77	//Check compatibilities with other plugins
78	- HMW_Classes_ObjController::getClass( 'HMW_Classes_DisplayController' )->loadMedia( 'alert' );
79	HMW_Classes_ObjController::getClass( 'HMW_Models_Compatibility' )->getAlerts();
80
81	//Load the css for Settings
	@@ -116,6 +122,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
116	$this->tabs = $this->model->getTabs();
117
118

119	//Show the Tab Content
120	foreach ( $this->tabs as $slug => $value ) {
121	if ( HMW_Classes_Tools::getValue( 'tab', 'hmw_permalinks' ) == $slug ) {
	@@ -136,9 +143,6 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
136	if ( HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) \|\| HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) ) {
137	global $pagenow;
138	if ( $pagenow == 'plugins.php' \|\| HMW_Classes_Tools::getValue( 'page' ) == 'hmw_settings' ) {
139	-
140	- HMW_Classes_ObjController::getClass( 'HMW_Classes_DisplayController' )->loadMedia( 'alert' );
141	-
142	?>
143	<div class="hmw_notice error notice" style="margin-left: 0;">
144	<div style="display: inline-block;">
	@@ -157,6 +161,39 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
157	}
158
159

































160	/**
161	* Get the Admin Toolbar
162	*
	@@ -197,7 +234,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
197	}
198
199	/**
200	- * Called when an action is triggered
201	* @throws Exception
202	*/
203	public function action() {
	@@ -215,31 +252,32 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
215	$this->model->savePermalinks( $_POST );
216	}
217
218	- //If no errors and no reconnect required
219	if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
220	-
221	//Force the rechck security notification
222	delete_option( 'hmw_securitycheck_time' );
223	//Clear the cache if there are no errors
224	HMW_Classes_Tools::emptyCache();
225	//Flush the WordPress rewrites
226	HMW_Classes_Tools::flushWPRewrites();

227
228	- //~~Flush~~ ~~the~~ ~~changes~~
229	- ~~HMW_Classes_ObjController~~::~~getClass~~( '~~HMW_Models_Rewrite~~' )~~->flushChanges(~~);
230
231	- if ( ! ~~HMW_Classes_Error~~::~~isError~~() ) {



232
233	- if ( ! HMW_Classes_Tools::getOption( 'logout' ) \|\| HMW_Classes_Tools::getOption( 'hmw_mode' ) == 'default' ) {
234	- //Save the working options into backup
235	- HMW_Classes_Tools::saveOptionsBackup();
236	- }
237
238	- ~~HMW_Classes_Error::setError(~~ ~~__(~~ ~~'Saved'~~ ), ~~'success'~~ );

239
240	- //~~Send~~ ~~email notification about~~ the ~~path changed~~
241	- HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->~~sendEmail~~();
242


243
244	if ( HMW_Classes_Tools::isNginx() && ! HMW_Classes_Tools::getOption( 'test_frontend' ) && HMW_Classes_Tools::getOption( 'hmw_mode' ) <> 'default' ) {
245	$config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
	@@ -368,7 +406,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
368	}
369
370	//Clear the cache if there are no errors
371	- if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
372
373	if ( ! HMW_Classes_Tools::getOption( 'logout' ) ) {
374	//Save the working options into backup
	@@ -384,17 +422,12 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
384
385	break;
386	case 'hmw_abort':
387	- //get the token
388	- $hmw_token = HMW_Classes_Tools::getOption( 'hmw_token' );
389	//get the safe options from database
390	HMW_Classes_Tools::$options = HMW_Classes_Tools::getOptions( true );
391	//set th eprevious admin path
392	- if(~~$hmw_token)~~ HMW_Classes_Tools::~~saveOptions~~( '~~hmw_token~~'~~,$hmw_token~~);
393	HMW_Classes_Tools::saveOptions( 'error', false );
394	- ~~//set~~ logout to ~~false~~
395	- HMW_Classes_Tools::saveOptions( 'logout', false );
396	- //set test frontend to false
397	- HMW_Classes_Tools::saveOptions( 'test_frontend', false );
398
399	//Clear the cache if there are no errors
400	HMW_Classes_Tools::emptyCache();
	@@ -410,6 +443,11 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
410	$cookies = HMW_Classes_ObjController::newInstance( 'HMW_Models_Cookies' );
411
412	if ( HMW_Classes_Tools::isNginx() \|\| $cookies->setCookiesCurrentPath() ) {





413	remove_all_filters( 'wp_redirect' );
414	remove_all_filters( 'admin_url' );
415	wp_safe_redirect( HMW_Classes_Tools::getSettingsUrl() );
	@@ -445,7 +483,7 @@ class HMW_Controllers_Settings extends HMW_Classes_FrontController {
445	//Flush the changes
446	HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
447
448	- if ( ! HMW_Classes_Error::isError() ) {
449	HMW_Classes_Error::setError( __( 'The list of plugins and themes was updated with success!' ), 'success' );
450	}
451	break;


11	public function __construct() {
12	parent::__construct();
13
14	+ //Show the errors when not on Hide My WP Settings
15	+ if ( HMW_Classes_Tools::getOption( 'logout' ) && ! HMW_Classes_Tools::getOption( 'error' ) ) {
16	+ if ( HMW_Classes_Tools::getValue( 'action' ) == '' && HMW_Classes_Tools::getValue( 'page' ) <> 'hmw_settings' ) {
17	+ add_action( 'admin_notices', array( $this, 'showReconnectError' ) );
18	+ }
19	+ }
20	+
21	//If save settings is required, show the alert
22	if ( HMW_Classes_Tools::getOption( 'changes' ) ) {
23	add_action( 'admin_notices', array( $this, 'showSaveRequires' ) );

32	}
33
34	/**
35	+ * Initialize the Hide My WP Ghost Settings
36	* @return void
37	*/
38	public function init() {
39	+ //Get the current Page
40	$page = HMW_Classes_Tools::getValue( 'page' );
41
42	//If the page is not for Hide My WP Settings, return
43	+ if($page <> 'hmw_settings'){
44	+ if ( strpos( $page, '-' ) !== false ) {
45	+ if(substr( $page, 0, strpos( $page, '-' ) ) <> 'hmw_settings'){
46	+ return;
47	+ }
48	+ }
49	+ }
50
51	//Check if it's a subpage
52	if ( strpos( $page, '-' ) !== false ) {

82	}
83
84	//Check compatibilities with other plugins

85	HMW_Classes_ObjController::getClass( 'HMW_Models_Compatibility' )->getAlerts();
86
87	//Load the css for Settings

122	$this->tabs = $this->model->getTabs();
123
124
125	+
126	//Show the Tab Content
127	foreach ( $this->tabs as $slug => $value ) {
128	if ( HMW_Classes_Tools::getValue( 'tab', 'hmw_permalinks' ) == $slug ) {

143	if ( HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) \|\| HMW_Classes_Tools::getOption( 'hmw_hide_plugins' ) ) {
144	global $pagenow;
145	if ( $pagenow == 'plugins.php' \|\| HMW_Classes_Tools::getValue( 'page' ) == 'hmw_settings' ) {



146	?>
147	<div class="hmw_notice error notice" style="margin-left: 0;">
148	<div style="display: inline-block;">

161	}
162
163
164	+ /**
165	+ * Show the reconnect alert on all pages
166	+ */
167	+ public function showReconnectError() {
168	+ HMW_Classes_ObjController::getClass( 'HMW_Classes_DisplayController' )->loadMedia( 'alert' );
169	+ ?>
170	+ <div class="hmw_notice error notice" style="margin-left: 0; padding: 5px;">
171	+ <div style="display: inline-block;">
172	+ <p>
173	+ <?php echo sprintf( __( "To activate the new %sHide My WP %s %s settings you need to confirm and re-login!", _HMW_PLUGIN_NAME_ ), '<strong>', _HMW_VER_NAME_, '</strong>' ); ?>
174	+ </p>
175	+ </div>
176	+
177	+ <div class="hmw_logout">
178	+ <form method="POST" action="<?php echo HMW_Classes_Tools::getSettingsUrl() ?>">
179	+ <?php wp_nonce_field( 'hmw_logout', 'hmw_nonce' ) ?>
180	+ <input type="hidden" name="action" value="hmw_logout"/>
181	+ <input type="submit" class="hmw_btn hmw_btn-success" value="<?php echo __( "Yes, I'm ready to re-login", _HMW_PLUGIN_NAME_ ) ?>"/>
182	+ </form>
183	+ </div>
184	+ <div class="hmw_abort" style="display: inline-block;">
185	+ <form method="POST" action="<?php echo HMW_Classes_Tools::getSettingsUrl() ?>">
186	+ <?php wp_nonce_field( 'hmw_abort', 'hmw_nonce' ) ?>
187	+ <input type="hidden" name="action" value="hmw_abort"/>
188	+ <input type="submit" class="hmw_btn hmw_btn-warning" value="<?php echo __( "No, abort", _HMW_PLUGIN_NAME_ ) ?>"/>
189	+ </form>
190	+ </div>
191	+
192	+ </div>
193	+ <?php
194	+ }
195	+
196	+
197	/**
198	* Get the Admin Toolbar
199	*

234	}
235
236	/**
237	+ * Called when an action is triggered
238	* @throws Exception
239	*/
240	public function action() {

252	$this->model->savePermalinks( $_POST );
253	}
254

255	if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {

256	//Force the rechck security notification
257	delete_option( 'hmw_securitycheck_time' );
258	//Clear the cache if there are no errors
259	HMW_Classes_Tools::emptyCache();
260	//Flush the WordPress rewrites
261	HMW_Classes_Tools::flushWPRewrites();
262	+ }
263
264	+ //If no errors and no reconnect required
265	+ if ( ! HMW_Classes_Tools::getOption( 'error' ) ) {
266
267	+ if ( ! HMW_Classes_Tools::getOption( 'logout' ) \|\| HMW_Classes_Tools::getOption( 'hmw_mode' ) == 'default' ) {
268	+ //Save the working options into backup
269	+ HMW_Classes_Tools::saveOptionsBackup();
270	+ }
271




272
273	+ //Send email notification about the path changed
274	+ HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->sendEmail();
275
276	+ //Flush the changes
277	+ HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
278
279	+ if ( ! HMW_Classes_Error::isError() ) {
280	+ HMW_Classes_Error::setError( __( 'Saved' ), 'success' );
281
282	if ( HMW_Classes_Tools::isNginx() && ! HMW_Classes_Tools::getOption( 'test_frontend' ) && HMW_Classes_Tools::getOption( 'hmw_mode' ) <> 'default' ) {
283	$config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();

406	}
407
408	//Clear the cache if there are no errors
409	+ if ( !HMW_Classes_Tools::getOption( 'error' ) ) {
410
411	if ( ! HMW_Classes_Tools::getOption( 'logout' ) ) {
412	//Save the working options into backup

422
423	break;
424	case 'hmw_abort':


425	//get the safe options from database
426	HMW_Classes_Tools::$options = HMW_Classes_Tools::getOptions( true );
427	//set th eprevious admin path
428	+ HMW_Classes_Tools::saveOptions( 'hmw_admin_url', HMW_Classes_Tools::getOption( 'hmw_admin_url' ) );
429	HMW_Classes_Tools::saveOptions( 'error', false );
430	+ HMW_Classes_Tools::saveOptions( 'logout', false );



431
432	//Clear the cache if there are no errors
433	HMW_Classes_Tools::emptyCache();

443	$cookies = HMW_Classes_ObjController::newInstance( 'HMW_Models_Cookies' );
444
445	if ( HMW_Classes_Tools::isNginx() \|\| $cookies->setCookiesCurrentPath() ) {
446	+ //set logout to false
447	+ HMW_Classes_Tools::saveOptions( 'logout', false );
448	+ //activate frontend test
449	+ HMW_Classes_Tools::saveOptions( 'test_frontend', true );
450	+
451	remove_all_filters( 'wp_redirect' );
452	remove_all_filters( 'admin_url' );
453	wp_safe_redirect( HMW_Classes_Tools::getSettingsUrl() );

483	//Flush the changes
484	HMW_Classes_ObjController::getClass( 'HMW_Models_Rewrite' )->flushChanges();
485
486	+ if ( !HMW_Classes_Error::isError() ) {
487	HMW_Classes_Error::setError( __( 'The list of plugins and themes was updated with success!' ), 'success' );
488	}
489	break;

index.php CHANGED Viewed

	@@ -6,9 +6,9 @@
6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9	- Version: 4.1.03
10	Author: WPPlugins - WordPress Security Plugins
11	- Author URI: https://~~hidemywp~~.co
12	License: GPLv2 or later
13	License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14	Text Domain: hide-my-wp
	@@ -16,7 +16,7 @@
16	*/
17
18	if (defined( 'NONCE_KEY' ) && defined( 'ABSPATH' ) && ! defined( 'HMW_VERSION' ) ) {
19	- define( 'HMW_VERSION', '4.1.03' );
20	/* Call config files */
21	require( dirname( __FILE__ ) . '/debug/index.php' );
22	require( dirname( __FILE__ ) . '/config/config.php' );


6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9	+ Version: 4.1.02
10	Author: WPPlugins - WordPress Security Plugins
11	+ Author URI: https://wpplugins.tips
12	License: GPLv2 or later
13	License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14	Text Domain: hide-my-wp

16	*/
17
18	if (defined( 'NONCE_KEY' ) && defined( 'ABSPATH' ) && ! defined( 'HMW_VERSION' ) ) {
19	+ define( 'HMW_VERSION', '4.1.02' );
20	/* Call config files */
21	require( dirname( __FILE__ ) . '/debug/index.php' );
22	require( dirname( __FILE__ ) . '/config/config.php' );

models/Compatibility.php CHANGED Viewed

	@@ -9,7 +9,7 @@ class HMW_Models_Compatibility {
9
10	//Check compatibility with Really Simple SSL
11	if ( HMW_Classes_Tools::isPluginActive( 'really-simple-ssl/rlrsssl-really-simple-ssl.php' ) ) {
12	- add_action( 'hmw_flushed_rewrites', array( $this, 'checkSimpleSSLRewrites' ) );
13	}
14	} else {
15	defined( 'WPFC_REMOVE_FOOTER_COMMENT' ) \|\| define( 'WPFC_REMOVE_FOOTER_COMMENT', true );
	@@ -67,10 +67,6 @@ class HMW_Models_Compatibility {
67	if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
68	$_SERVER['HTTP_REFERER'] = HMW_Classes_ObjController::getClass( 'HMW_Models_Files' )->getOriginalUrl( $_SERVER['HTTP_REFERER'] );
69	}
70	-
71	- // add the correct text direction for WPML plugin
72	- add_action( 'admin_print_styles', array( $this, 'setTextDirection' ), 1 );
73	-
74	}
75
76	//Compativility with iThemes security plugin
	@@ -85,12 +81,6 @@ class HMW_Models_Compatibility {
85	}
86	}
87
88	-
89	- //Add Compatibility with PPress plugin
90	- if ( HMW_Classes_Tools::isPluginActive( 'ppress/profilepress.php' ) ) {
91	- add_action( 'hmw_login_init', array( $this, 'ppressCompatibility' ) );
92	- }
93	-
94	if ( ! is_admin() ) {
95	try {
96	//Robots.txt compatibility with other plugins
	@@ -544,10 +534,10 @@ class HMW_Models_Compatibility {
544	if ( method_exists( $wp_filesystem, 'get_contents' ) && method_exists( $wp_filesystem, 'put_contents' ) ) {
545
546	$config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
547	- $htaccess = $wp_filesystem->get_contents( $config_file );
548	preg_match( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", $htaccess, $match );
549
550	- if ( isset( $match[0] ) && ! empty( $match[0] ) ) {
551	$htaccess = preg_replace( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", "", $htaccess );
552	$htaccess = $match[0] . PHP_EOL . $htaccess;
553	$htaccess = preg_replace( "/\n+/", "\n", $htaccess );
	@@ -585,9 +575,7 @@ class HMW_Models_Compatibility {
585
586	/**
587	* The MU plugin content
588	- *
589	* @param $pluginBasename
590	- *
591	* @return string
592	*/
593	public function buildLoaderContent( $pluginBasename ) {
	@@ -607,7 +595,6 @@ class HMW_Models_Compatibility {
607
608	/**
609	* Add the MU file
610	- *
611	* @param $loaderName
612	* @param $loaderContent
613	*/
	@@ -636,53 +623,16 @@ class HMW_Models_Compatibility {
636
637	/**
638	* Delete the MU file
639	- *
640	* @param $loaderName
641	*/
642	public function deregisterMUPlugin( $loaderName ) {
643	$mustUsePluginDir = rtrim( WPMU_PLUGIN_DIR, '/' );
644	- $loaderPath = $mustUsePluginDir . '/' . $loaderName;
645
646	- if ( ! file_exists( $loaderPath ) ) {
647	return;
648	}
649
650	@unlink( $loaderPath );
651	}
652	-
653	- /**
654	- * Force the DB text direction for some themes and plugins
655	- */
656	- public function setTextDirection() {
657	-
658	- if ( function_exists( 'get_current_user_id' ) ) {
659	- $user_id = get_current_user_id();
660	- $direction = get_user_meta( $user_id, 'rtladminbar', true );
661	-
662	- global $wp_styles;
663	- if ( isset( $wp_styles->text_direction ) ) {
664	- $wp_styles->text_direction = $direction;
665	- }
666	- }
667	-
668	- }
669	-
670	- /**
671	- * Add Compatibility with PPress plugin
672	- * Load the post from Ppress for the login page
673	- */
674	- public function ppressCompatibility() {
675	- //Add compatibility with PPress plugin
676	- $data = get_option( 'pp_settings_data' );
677	- if ( class_exists( 'WP_Query' ) && isset( $data['set_login_url'] ) && (int) $data['set_login_url'] > 0 ) {
678	- $query = new WP_Query( array( 'p' => $data['set_login_url'], 'post_type' => 'any' ) );
679	- if ( $query->have_posts() ) {
680	- $query->the_post();
681	- get_header();
682	- the_content();
683	- get_footer();
684	- }
685	- exit();
686	- }
687	- }
688	}


9
10	//Check compatibility with Really Simple SSL
11	if ( HMW_Classes_Tools::isPluginActive( 'really-simple-ssl/rlrsssl-really-simple-ssl.php' ) ) {
12	+ add_action( 'hmw_flushed_rewrites', array($this, 'checkSimpleSSLRewrites') );
13	}
14	} else {
15	defined( 'WPFC_REMOVE_FOOTER_COMMENT' ) \|\| define( 'WPFC_REMOVE_FOOTER_COMMENT', true );

67	if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
68	$_SERVER['HTTP_REFERER'] = HMW_Classes_ObjController::getClass( 'HMW_Models_Files' )->getOriginalUrl( $_SERVER['HTTP_REFERER'] );
69	}




70	}
71
72	//Compativility with iThemes security plugin

81	}
82	}
83






84	if ( ! is_admin() ) {
85	try {
86	//Robots.txt compatibility with other plugins

534	if ( method_exists( $wp_filesystem, 'get_contents' ) && method_exists( $wp_filesystem, 'put_contents' ) ) {
535
536	$config_file = HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->getConfFile();
537	+ $htaccess = $wp_filesystem->get_contents( $config_file );
538	preg_match( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", $htaccess, $match );
539
540	+ if ( isset( $match[0] ) && !empty( $match[0] ) ) {
541	$htaccess = preg_replace( "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", "", $htaccess );
542	$htaccess = $match[0] . PHP_EOL . $htaccess;
543	$htaccess = preg_replace( "/\n+/", "\n", $htaccess );

575
576	/**
577	* The MU plugin content

578	* @param $pluginBasename

579	* @return string
580	*/
581	public function buildLoaderContent( $pluginBasename ) {

595
596	/**
597	* Add the MU file

598	* @param $loaderName
599	* @param $loaderContent
600	*/

623
624	/**
625	* Delete the MU file

626	* @param $loaderName
627	*/
628	public function deregisterMUPlugin( $loaderName ) {
629	$mustUsePluginDir = rtrim( WPMU_PLUGIN_DIR, '/' );
630	+ $loaderPath = $mustUsePluginDir . '/' . $loaderName;
631
632	+ if ( !file_exists( $loaderPath ) ) {
633	return;
634	}
635
636	@unlink( $loaderPath );
637	}




































638	}

models/Rewrite.php CHANGED Viewed

	@@ -645,7 +645,8 @@ class HMW_Models_Rewrite {
645	$rewritecode .= $this->getIISRules( '' );
646	if ( $rewritecode <> '' ) {
647	HMW_Classes_Error::setError( sprintf( __( 'IIS detected. You need to update your %s file by adding the following lines after <rules> tag: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
648	- ~~return false; //always show IIS rewrites~~

649	}
650
651	}
	@@ -687,7 +688,7 @@ class HMW_Models_Rewrite {
687
688	if ( $rewritecode <> '' ) {
689	HMW_Classes_Error::setError( sprintf( __( 'WpEngine detected. Add the redirects in the WpEngine Redirect rules panel %s', _HMW_PLUGIN_NAME_ ), '<strong><a href="https://wpengine.com/support/redirect/" target="_blank" style="color: red">' . __( "Learn How To Add the Code", _HMW_PLUGIN_NAME_ ) . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form . '<br />' ) );
690	- $success = false; ~~//always show WpEngine rewrites~~
691	}
692
693	return $success;
	@@ -787,8 +788,11 @@ class HMW_Models_Rewrite {
787
788
789	if ( $rewritecode <> '' ) {
790	- if ( !HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInHtaccess( $rewritecode, 'HMWP_RULES' ) ) {


791	HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You need to update your %s file by adding the following lines at the beginning of the file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );

792	return false;
793	}
794	} else {
	@@ -820,12 +824,13 @@ class HMW_Models_Rewrite {
820	if ( $rewritecode <> '' ) {
821	if ( ! HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( $rewritecode, 'HMWP_RULES' ) ) {
822	HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You have to added it manually at the beginning of the %s file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong># BEGIN HMWP_RULES<br />' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '# END HMW_RULES</strong></pre>' ) );
823	- return false;
824	}
825	} else {
826	HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( '', 'HMWP_RULES' );
827	}
828


829	}
830
831	return true;
	@@ -1134,6 +1139,7 @@ class HMW_Models_Rewrite {
1134	), HMW_VERSION_ID, true );
1135	/////////////////////////////////////////////////////////
1136

1137	//remove clasiera theme loop
1138	remove_action( "login_init", "classiera_cubiq_login_init" );
1139	remove_filter( "login_redirect", "buddyboss_redirect_previous_page" );
	@@ -1159,8 +1165,6 @@ class HMW_Models_Rewrite {
1159
1160	HMW_Classes_ObjController::getClass( 'HMW_Models_Cookies' )->setTestCookie();
1161	}
1162	-
1163	- do_action('hmw_login_init');
1164	}
1165
1166	/**


645	$rewritecode .= $this->getIISRules( '' );
646	if ( $rewritecode <> '' ) {
647	HMW_Classes_Error::setError( sprintf( __( 'IIS detected. You need to update your %s file by adding the following lines after <rules> tag: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
648	+
649	+ return false;
650	}
651
652	}

688
689	if ( $rewritecode <> '' ) {
690	HMW_Classes_Error::setError( sprintf( __( 'WpEngine detected. Add the redirects in the WpEngine Redirect rules panel %s', _HMW_PLUGIN_NAME_ ), '<strong><a href="https://wpengine.com/support/redirect/" target="_blank" style="color: red">' . __( "Learn How To Add the Code", _HMW_PLUGIN_NAME_ ) . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form . '<br />' ) );
691	+ $success = false;
692	}
693
694	return $success;

788
789
790	if ( $rewritecode <> '' ) {
791	+ if ( HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInHtaccess( $rewritecode, 'HMWP_RULES' ) ) {
792	+ return true;
793	+ } else {
794	HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You need to update your %s file by adding the following lines at the beginning of the file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong>' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '</strong></pre>' . $form ) );
795	+
796	return false;
797	}
798	} else {

824	if ( $rewritecode <> '' ) {
825	if ( ! HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( $rewritecode, 'HMWP_RULES' ) ) {
826	HMW_Classes_Error::setError( sprintf( __( 'Config file is not writable. You have to added it manually at the beginning of the %s file: %s', _HMW_PLUGIN_NAME_ ), '<strong>' . $config_file . '</strong>', '<br /><br /><pre><strong># BEGIN HMWP_RULES<br />' . htmlentities( str_replace( ' ', ' ', $rewritecode ) ) . '# END HMW_RULES</strong></pre>' ) );

827	}
828	} else {
829	HMW_Classes_ObjController::getClass( 'HMW_Models_Rules' )->writeInNginx( '', 'HMWP_RULES' );
830	}
831
832	+ return false;
833	+
834	}
835
836	return true;

1139	), HMW_VERSION_ID, true );
1140	/////////////////////////////////////////////////////////
1141
1142	+
1143	//remove clasiera theme loop
1144	remove_action( "login_init", "classiera_cubiq_login_init" );
1145	remove_filter( "login_redirect", "buddyboss_redirect_previous_page" );

1165
1166	HMW_Classes_ObjController::getClass( 'HMW_Models_Cookies' )->setTestCookie();
1167	}


1168	}
1169
1170	/**

models/Settings.php CHANGED Viewed

	@@ -67,84 +67,72 @@ class HMW_Models_Settings {
67	'title' => __("SEO SQUIRRLY"),
68	'banner' => '//ps.w.org/squirrly-seo/assets/banner-772x250.png?rev=2302934',
69	'description' => __("A.I.-based Private SEO Consultant. In a Plugin. Powered by Machine Learning and Cloud Services. Over 300 functionalities for SEO now available when you need them.") . '<div class="text-success my-2">' . 'SEO Plugin' . '</div>',
70	- 'path' => 'squirrly-seo/squirrly.php',
71	'url' => 'https://wpplugins.tips/plugin/squirrly-seo'
72	),
73	'wp-rocket' => array(
74	'title' => __("WP-Rocket"),
75	'banner' => _HMW_THEME_URL_ . 'img/plugins/wp-rocket-banner.jpg',
76	'description' => __("WP Rocket is in fact the only cache plugin which integrates more than 80% of web performance best practices even without any options activated. ") . '<div class="text-success my-2">' . 'Cache Plugin' . '</div>',
77	- 'path' => 'wp-rocket/wp-rocket.php',
78	'url' => 'https://wpplugins.tips/plugin/wp-rocket'
79	),
80	'autoptimize' => array(
81	'title' => __("Autoptimize"),
82	'banner' => '//ps.w.org/autoptimize/assets/banner-772x250.jpg?rev=1315920',
83	'description' => __("Autoptimize speeds up your website by optimizing JS, CSS and HTML, async-ing JavaScript, removing emoji cruft, optimizing Google Fonts and more.") . '<div class="text-success my-2">' . 'Cache plugin' . '</div>',
84	- 'path' => 'autoptimize/autoptimize.php',
85	'url' => 'https://wordpress.org/plugins/autoptimize/'
86	),
87	'ninjaforms' => array(
88	'title' => __("Ninja Forms"),
89	'banner' => '//ps.w.org/ninja-forms/assets/banner-772x250.png?rev=2069024',
90	'description' => __("Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',
91	- 'path' => 'minify-html-markup/minify-html.php',
92	'url' => 'https://wpplugins.tips/plugin/ninja-forms'
93	),
94	'wpforms' => array(
95	'title' => __("WP Forms"),
96	'banner' => '//ps.w.org/wpforms-lite/assets/banner-772x250.png?rev=1371112',
97	'description' => __("WPForms allows you to create beautiful contact forms, feedback form, subscription forms, payment forms, and other types of forms for your site in minutes, not hours!") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',
98	- 'path' => 'wpforms-lite/wpforms.php',
99	'url' => 'https://wpplugins.tips/plugin/wp-forms'
100	),
101	'better-wp-security' => array(
102	'title' => __("iThemes Security"),
103	'banner' => '//ps.w.org/better-wp-security/assets/banner-772x250.png?rev=881897',
104	'description' => __("iThemes Security gives you over 30+ ways to secure and protect your WP site. WP sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',
105	- 'path' => 'better-wp-security/better-wp-security.php',
106	'url' => 'https://wpplugins.tips/plugin/ithemes'
107	),
108	'sucuri-scanner' => array(
109	'title' => __("Sucuri Security"),
110	'banner' => '//ps.w.org/sucuri-scanner/assets/banner-772x250.png?rev=1235419',
111	'description' => __("The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',
112	- 'path' => 'sucuri-scanner/sucuri.php',
113	'url' => 'https://wordpress.org/plugins/sucuri-scanner/'
114	),
115	'backupwordpress' => array(
116	'title' => __("Back Up WordPress"),
117	'banner' => '//ps.w.org/backupwordpress/assets/banner-772x250.jpg?rev=904756',
118	'description' => __("Simple automated backups of your WordPress-powered website. Back Up WordPress will back up your entire site including your database and all your files on a schedule that suits you.") . '<div class="text-success my-2">' . 'Backup Plugin' . '</div>',
119	- 'path' => 'backupwordpress/backupwordpress.php',
120	'url' => 'https://wordpress.org/plugins/backupwordpress/'
121	),
122	'elementor' => array(
123	'title' => __("Elementor Builder"),
124	'banner' => '//ps.w.org/elementor/assets/banner-772x250.png?rev=1475479',
125	'description' => __("The most advanced frontend drag & drop page builder. Create high-end, pixel perfect websites at record speeds. Any theme, any page, any design.") . '<div class="text-success my-2">' . 'Page Builder' . '</div>',
126	- 'path' => 'elementor/elementor.php',
127	'url' => 'https://wpplugins.tips/plugin/elementor'
128	),
129	'weglot' => array(
130	'title' => __("Weglot Translate"),
131	'banner' => '//ps.w.org/weglot/assets/banner-772x250.png?rev=2186774',
132	'description' => __("Translate your website into multiple languages without any code. Weglot Translate is fully SEO compatible and follows Google's best practices.") . '<div class="text-success my-2">' . 'Multilingual' . '</div>',
133	- 'path' => 'weglot/weglot.php',
134	'url' => 'https://wordpress.org/plugins/weglot/'
135	),
136	'facebook-pixel' => array(
137	'title' => __("Facebook Pixel"),
138	'banner' => '//ps.w.org/pixelyoursite/assets/banner-772x250.jpg?rev=2163168',
139	'description' => __("Manage your Facebook Pixel or Google Analytics code with a single plugin and add ANY other script (Head & Footer feature). The Pinterest Tag can be implemented via free add-on.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',
140	- 'path' => 'pixelyoursite/pixelyoursite.php',
141	'url' => 'https://wpplugins.tips/plugin/facebook-pixel'
142	),
143	'maintenance' => array(
144	'title' => __("Maintenance"),
145	'banner' => '//ps.w.org/maintenance/assets/banner-772x250.png?rev=1637471',
146	'description' => __("Maintenance plugin allows the WordPress site administrator to close the website for maintenance, set a temporary page with authorization, which can be edited via the plugin settings.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',
147	- 'path' => 'add-to-any/add-to-any.php',
148	'url' => 'https://wordpress.org/plugins/maintenance/'
149	),
150	);


67	'title' => __("SEO SQUIRRLY"),
68	'banner' => '//ps.w.org/squirrly-seo/assets/banner-772x250.png?rev=2302934',
69	'description' => __("A.I.-based Private SEO Consultant. In a Plugin. Powered by Machine Learning and Cloud Services. Over 300 functionalities for SEO now available when you need them.") . '<div class="text-success my-2">' . 'SEO Plugin' . '</div>',

70	'url' => 'https://wpplugins.tips/plugin/squirrly-seo'
71	),
72	'wp-rocket' => array(
73	'title' => __("WP-Rocket"),
74	'banner' => _HMW_THEME_URL_ . 'img/plugins/wp-rocket-banner.jpg',
75	'description' => __("WP Rocket is in fact the only cache plugin which integrates more than 80% of web performance best practices even without any options activated. ") . '<div class="text-success my-2">' . 'Cache Plugin' . '</div>',

76	'url' => 'https://wpplugins.tips/plugin/wp-rocket'
77	),
78	'autoptimize' => array(
79	'title' => __("Autoptimize"),
80	'banner' => '//ps.w.org/autoptimize/assets/banner-772x250.jpg?rev=1315920',
81	'description' => __("Autoptimize speeds up your website by optimizing JS, CSS and HTML, async-ing JavaScript, removing emoji cruft, optimizing Google Fonts and more.") . '<div class="text-success my-2">' . 'Cache plugin' . '</div>',

82	'url' => 'https://wordpress.org/plugins/autoptimize/'
83	),
84	'ninjaforms' => array(
85	'title' => __("Ninja Forms"),
86	'banner' => '//ps.w.org/ninja-forms/assets/banner-772x250.png?rev=2069024',
87	'description' => __("Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',

88	'url' => 'https://wpplugins.tips/plugin/ninja-forms'
89	),
90	'wpforms' => array(
91	'title' => __("WP Forms"),
92	'banner' => '//ps.w.org/wpforms-lite/assets/banner-772x250.png?rev=1371112',
93	'description' => __("WPForms allows you to create beautiful contact forms, feedback form, subscription forms, payment forms, and other types of forms for your site in minutes, not hours!") . '<div class="text-success my-2">' . 'Form Plugin' . '</div>',

94	'url' => 'https://wpplugins.tips/plugin/wp-forms'
95	),
96	'better-wp-security' => array(
97	'title' => __("iThemes Security"),
98	'banner' => '//ps.w.org/better-wp-security/assets/banner-772x250.png?rev=881897',
99	'description' => __("iThemes Security gives you over 30+ ways to secure and protect your WP site. WP sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',

100	'url' => 'https://wpplugins.tips/plugin/ithemes'
101	),
102	'sucuri-scanner' => array(
103	'title' => __("Sucuri Security"),
104	'banner' => '//ps.w.org/sucuri-scanner/assets/banner-772x250.png?rev=1235419',
105	'description' => __("The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.") . '<div class="text-success my-2">' . 'Security Plugin' . '</div>',

106	'url' => 'https://wordpress.org/plugins/sucuri-scanner/'
107	),
108	'backupwordpress' => array(
109	'title' => __("Back Up WordPress"),
110	'banner' => '//ps.w.org/backupwordpress/assets/banner-772x250.jpg?rev=904756',
111	'description' => __("Simple automated backups of your WordPress-powered website. Back Up WordPress will back up your entire site including your database and all your files on a schedule that suits you.") . '<div class="text-success my-2">' . 'Backup Plugin' . '</div>',

112	'url' => 'https://wordpress.org/plugins/backupwordpress/'
113	),
114	'elementor' => array(
115	'title' => __("Elementor Builder"),
116	'banner' => '//ps.w.org/elementor/assets/banner-772x250.png?rev=1475479',
117	'description' => __("The most advanced frontend drag & drop page builder. Create high-end, pixel perfect websites at record speeds. Any theme, any page, any design.") . '<div class="text-success my-2">' . 'Page Builder' . '</div>',

118	'url' => 'https://wpplugins.tips/plugin/elementor'
119	),
120	'weglot' => array(
121	'title' => __("Weglot Translate"),
122	'banner' => '//ps.w.org/weglot/assets/banner-772x250.png?rev=2186774',
123	'description' => __("Translate your website into multiple languages without any code. Weglot Translate is fully SEO compatible and follows Google's best practices.") . '<div class="text-success my-2">' . 'Multilingual' . '</div>',

124	'url' => 'https://wordpress.org/plugins/weglot/'
125	),
126	'facebook-pixel' => array(
127	'title' => __("Facebook Pixel"),
128	'banner' => '//ps.w.org/pixelyoursite/assets/banner-772x250.jpg?rev=2163168',
129	'description' => __("Manage your Facebook Pixel or Google Analytics code with a single plugin and add ANY other script (Head & Footer feature). The Pinterest Tag can be implemented via free add-on.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',

130	'url' => 'https://wpplugins.tips/plugin/facebook-pixel'
131	),
132	'maintenance' => array(
133	'title' => __("Maintenance"),
134	'banner' => '//ps.w.org/maintenance/assets/banner-772x250.png?rev=1637471',
135	'description' => __("Maintenance plugin allows the WordPress site administrator to close the website for maintenance, set a temporary page with authorization, which can be edited via the plugin settings.") . '<div class="text-success my-2">' . 'Tracking Plugin' . '</div>',

136	'url' => 'https://wordpress.org/plugins/maintenance/'
137	),
138	);

readme.txt CHANGED Viewed

	@@ -2,10 +2,10 @@
2	Contributors: johndarrel
3	Tags: security, wordpress security, firewall, hide my wp, hide wp-admin, hide wp-login, hide wordpress, hide wp, security plugin, ocultar mi wp, hide my site, hide my wordpress
4	Requires at least: 4.3
5	- Tested up to: 5.6
6	Requires PHP: 5.6
7	Stable tag: trunk
8	- Donate link: https://~~hidemywpghost~~.~~com~~/~~hide-my-wp-pricing/~~
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
	@@ -62,7 +62,7 @@ Please support us and translate the plugin in your language:
62
63	Thank you all for your trust, support and positive reviews!
64
65	- > Hide My WP Ghost ~~FREE~~ Security Features ~~(over 40 free security options)~~:
66	>
67	> * <strong>Hide WordPress wp-admin</strong> URL and redirect it to 404 page or a custom page
68	> * <strong>Hide WordPress wp-login.php</strong> and redirect it to 404 page or a custom page
	@@ -70,11 +70,9 @@ Thank you all for your trust, support and positive reviews!
70	> * <strong>Change lost password</strong> URL
71	> * <strong>Change register</strong> URL
72	> * <strong>Change logout</strong> URL
73	- > * <strong>Change activation</strong> URL
74	> * <strong>Change admin-ajax</strong> URL
75	> * <strong>Change wp-content</strong> URL
76	> * <strong>Change wp-includes</strong> URL
77	- > * <strong>Change uploads</strong> URL
78	> * <strong>Change comments</strong> URL
79	> * <strong>Change author</strong> URL
80	> * <strong>Change plugins name</strong> URL
	@@ -82,30 +80,14 @@ Thank you all for your trust, support and positive reviews!
82	> * <strong>Change category</strong> URL
83	> * <strong>Change tags</strong> URL
84	>
85	- > * <strong>Custom login redirects</strong> based on useer role
86	- > * <strong>Custom logout redirects</strong> based on useer role
87	- >
88	- > * <strong>Change URLs from Relative to Absolute</strong>
89	- > * <strong>Change URLs in Ajax calls</strong>
90	- > * <strong>Change URLs for Logged Users</strong>
91	- > * <strong>Change paths in Sitemap.xml</strong>
92	- > * <strong>Change paths in Robots.txt</strong>
93	- >
94	> Hidden Paths:
95	>
96	- > * <strong>Hide /wp-admin Path</strong>
97	- > * <strong>Hide /wp-login Path</strong>
98	- > * <strong>Hide /login Path</strong>
99	- > * <strong>Hide plugins Paths</strong>
100	- > * <strong>Hide themes Paths</strong>
101	- > * <strong>Hide REST API wp-json</strong>
102	> * <strong>Hide WordPress HTML comments</strong>
103	> * <strong>Hide Version and WordPress Tags</strong>
104	> * <strong>Hide DNS Prefetch WordPress link</strong>
105	> * <strong>Hide WordPress Generator Meta</strong>
106	> * <strong>Hide RSD (Really Simple Directory) header</strong>
107	> * <strong>Hide Emojicons if you don't use them</strong>
108	-
109	>
110	> Disable Paths:
111	>
	@@ -126,18 +108,16 @@ Thank you all for your trust, support and positive reviews!
126	> * <strong>Cache CSS, JS and Images</strong> to optimize the loading speed
127	> * <strong>Weekly security check and reports</strong>
128	>
129	- > See All FREE Security Features:
130	- > <a href="https://hidemywp.co/security-features/">https://hidemywp.co/security-features/</a>
131	-
132
133	Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
134
135	- Plugins Compatibility updates: **~~ManageWP,~~ WPML, W3 Total Cache, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache,
136	Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress,
137	All In One SEO, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security,
138	Back-Up WordPress, Elementor Page Builder, Weglot Translate, AddToAny Share Btn, WordFence Security, Sucuri Security, Asset CleanUp**
139
140	- Hosting Compatibility checked: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Litespeed Hosting, Flyweels Hosting

141
142
143	To hide all the common WordPress paths you need Hide My WP Ghost version. Check all the Ghost security features below.
	@@ -163,11 +143,11 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
163
164	> Hide My WP Ghost Premium security features:
165	>
166	- > * Hide WordPress /wp-admin ~~path~~
167	- > * Hide WordPress /wp-login.php ~~path~~
168	- > * Hide WordPress /wp-login/ ~~path~~
169	- > * Hide WordPress /login ~~path~~
170	- > * Custom wp-admin and wp-login ~~paths~~
171	> * Custom admin-ajax.php URLs
172	> * Custom lost password URL
173	> * Custom register URL
	@@ -175,7 +155,7 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
175	> * Custom logout URL
176	> * Custom wp-includes path
177	> * Custom wp-content path
178	- > * Custom ~~REST API~~ wp-json path
179	> * Custom plugins name
180	> * Custom themes name
181	> * Custom themes style name
	@@ -186,27 +166,22 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
186	> * Custom category path
187	> * Custom tags path
188	>
189	- > * Custom login redirects based on useer role
190	- > * Custom logout redirects based on useer role
191	- >
192	> Hidden Paths:
193	>
194	> * Hide plugins name
195	> * Hide themes name
196	> * Hide style IDs and META IDs
197	> * Hide author by ID URL
198	- > * Hide WordPress common paths like: wp-content, wp-includes, /plugins, /themes, upgrade.php
199	> * Hide WordPress common files like: upgrade.php, install.php, activate.php, wp-config.php, etc.
200	> * Hide RSD (Really Simple Directory) header
201	> * Hide DNS Prefetch WordPress link
202	> * Hide WordPress Generator Meta
203	> * Add Firewall against SQL/Script injection
204	- > * Hide wp-~~caption, wp-~~image, ~~wp-blocks,~~ wp-post classes ~~and ids, and more~~
205	> * Hide Emojicons if you don't use them
206	- > * Change URLs in ~~Ajax~~ calls
207	- > * Change URLs in all ~~Caches~~ files
208	- > * Change paths in Sitemap.xml
209	- > * Change paths in Robots.txt
210	>
211	> Mapping Text and URLs:
212	>
	@@ -250,22 +225,11 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
250	> * Support for IIS
251	> * Support for LiteSpeed
252	> * Support for Apache
253	- > * Support for WP ~~Engine~~
254	- > * Support for Inmotion ~~Hosting~~
255	- > * Support for Hostgator Hosting
256	- > * Support for Godaddy Hosting
257	- > * Support for Host1plus
258	- > * Support for Payperhost
259	- > * Support for Fastcomet
260	- > * Support for Dreamhost
261	- > * Support for Bitnami Apache
262	- > * Support for Bitnami Nginx
263	- > * Support for Google Cloud Hosting
264	- > * Support for Litespeed Hosting
265	- > * Support for Flyweels Hosting
266	>
267	- > * Recommended by Wp Rocket
268	- > * Recommended by WPML
269	>
270	> Protection against:
271	>
	@@ -275,12 +239,18 @@ Note: The plugin requires custom permalinks. Make sure you have it activated at
275	> * Cross Site Scripting (XSS)
276	> * and more
277	>
278	- > See ~~All~~ ~~Premium~~ ~~Security~~ Features:
279	> <a href="https://shrsl.com/2jfym">https://hidemywpghost.com</a>
280	>



281	> Check the Demo Website:
282	> <a href="https://demo.wpplugins.tips/">https://demo.wpplugins.tips/</a>
283	-



284
285
286	Once you use the Hide My WP Ghost plugin you will get custom upload paths, author paths, plugin paths and so on.
	@@ -340,15 +310,7 @@ Enjoy!
340	8. Run a security check for your website and see all the vulnerabilities
341
342	== Changelog ==
343	- = 4.1.~~03 (11 Dec 2020)~~ =
344	- * Update - The rules update on adding new plugin or theme
345	- * Update - Compatibility with PPress plugin on Login Page
346	- * Fixed - Rollback the settings when pressing the Abort button
347	- * Fixed - Fixed Backup/Restore rules flash
348	- * Fixed - Add the correct text direction for WPML while in Posts and Pages
349	- * Fixed - Compatibility with WordPress 5.6
350	-
351	- = 4.1.02 (11 Oct 2020 ) =
352	* Update - Compatibility with Manage WP plugin
353	* Update - Added the option to disable the REST API wp-json in Hide My WP - Permalinks
354	* Update - Add the plugin as Must Use plugin for better security and compatibility with other plugins


2	Contributors: johndarrel
3	Tags: security, wordpress security, firewall, hide my wp, hide wp-admin, hide wp-login, hide wordpress, hide wp, security plugin, ocultar mi wp, hide my site, hide my wordpress
4	Requires at least: 4.3
5	+ Tested up to: 5.5
6	Requires PHP: 5.6
7	Stable tag: trunk
8	+ Donate link: https://wpplugins.tips/wordpress
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

62
63	Thank you all for your trust, support and positive reviews!
64
65	+ > Hide My WP Ghost Lite Security Features:
66	>
67	> * <strong>Hide WordPress wp-admin</strong> URL and redirect it to 404 page or a custom page
68	> * <strong>Hide WordPress wp-login.php</strong> and redirect it to 404 page or a custom page

70	> * <strong>Change lost password</strong> URL
71	> * <strong>Change register</strong> URL
72	> * <strong>Change logout</strong> URL

73	> * <strong>Change admin-ajax</strong> URL
74	> * <strong>Change wp-content</strong> URL
75	> * <strong>Change wp-includes</strong> URL

76	> * <strong>Change comments</strong> URL
77	> * <strong>Change author</strong> URL
78	> * <strong>Change plugins name</strong> URL

80	> * <strong>Change category</strong> URL
81	> * <strong>Change tags</strong> URL
82	>









83	> Hidden Paths:
84	>






85	> * <strong>Hide WordPress HTML comments</strong>
86	> * <strong>Hide Version and WordPress Tags</strong>
87	> * <strong>Hide DNS Prefetch WordPress link</strong>
88	> * <strong>Hide WordPress Generator Meta</strong>
89	> * <strong>Hide RSD (Really Simple Directory) header</strong>
90	> * <strong>Hide Emojicons if you don't use them</strong>

91	>
92	> Disable Paths:
93	>

108	> * <strong>Cache CSS, JS and Images</strong> to optimize the loading speed
109	> * <strong>Weekly security check and reports</strong>
110	>



111
112	Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
113
114	+ Plugins Compatibility updates: **WPML, W3 Total Cache, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache,
115	Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress,
116	All In One SEO, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security,
117	Back-Up WordPress, Elementor Page Builder, Weglot Translate, AddToAny Share Btn, WordFence Security, Sucuri Security, Asset CleanUp**
118
119	+ Hosting Compatibility checked: **WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus,
120	+ Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Litespeed Hosting**
121
122
123	To hide all the common WordPress paths you need Hide My WP Ghost version. Check all the Ghost security features below.

143
144	> Hide My WP Ghost Premium security features:
145	>
146	+ > * Hide WordPress /wp-admin
147	+ > * Hide WordPress /wp-login.php
148	+ > * Hide WordPress /wp-login/
149	+ > * Hide WordPress /login URL
150	+ > * Custom wp-admin and wp-login URLs
151	> * Custom admin-ajax.php URLs
152	> * Custom lost password URL
153	> * Custom register URL

155	> * Custom logout URL
156	> * Custom wp-includes path
157	> * Custom wp-content path
158	+ > * Custom wp-json API path
159	> * Custom plugins name
160	> * Custom themes name
161	> * Custom themes style name

166	> * Custom category path
167	> * Custom tags path
168	>



169	> Hidden Paths:
170	>
171	> * Hide plugins name
172	> * Hide themes name
173	> * Hide style IDs and META IDs
174	> * Hide author by ID URL
175	+ > * Hide WordPress common paths like: wp-content, wp-includes, /plugins, /themes,upgrade.php
176	> * Hide WordPress common files like: upgrade.php, install.php, activate.php, wp-config.php, etc.
177	> * Hide RSD (Really Simple Directory) header
178	> * Hide DNS Prefetch WordPress link
179	> * Hide WordPress Generator Meta
180	> * Add Firewall against SQL/Script injection
181	+ > * Hide wp-image and wp-post classes
182	> * Hide Emojicons if you don't use them
183	+ > * Change URLs in ajax calls
184	+ > * Change URLs in all caches files


185	>
186	> Mapping Text and URLs:
187	>

225	> * Support for IIS
226	> * Support for LiteSpeed
227	> * Support for Apache
228	+ > * Support for Bitnami Servers
229	+ > * Support for Inmotion Servers











230	>
231	+ > * Recommended by Wp Rocket plugin
232	+ > https://goo.gl/VTPYWV
233	>
234	> Protection against:
235	>

239	> * Cross Site Scripting (XSS)
240	> * and more
241	>
242	+ > See all the Ghost features:
243	> <a href="https://shrsl.com/2jfym">https://hidemywpghost.com</a>
244	>
245	+ > Hide My WP Ghost Knowledge Base:
246	+ > <a href="https://shrsl.com/2jixr">https://hidemywpghost.com</a>
247	+ >
248	> Check the Demo Website:
249	> <a href="https://demo.wpplugins.tips/">https://demo.wpplugins.tips/</a>
250	+ >
251	+ > Other websites for Hide My WP Ghost Free:
252	+ > <a href="https://hidemywp.app">https://hidemywp.app</a>
253	+ > <a href="https://hidemywp.co">https://hidemywp.co</a>
254
255
256	Once you use the Hide My WP Ghost plugin you will get custom upload paths, author paths, plugin paths and so on.

310	8. Run a security check for your website and see all the vulnerabilities
311
312	== Changelog ==
313	+ = 4.1.02 =








314	* Update - Compatibility with Manage WP plugin
315	* Update - Added the option to disable the REST API wp-json in Hide My WP - Permalinks
316	* Update - Add the plugin as Must Use plugin for better security and compatibility with other plugins

Hide My WP Ghost – Security Plugin - Version 4.1.02

Version Description

Release Info

Code changes from version 4.1.03 to 4.1.02