Hide My WP Ghost – Security Plugin

Version Description

(22 Feb 2022)= * Update - Added 7G Firewall option in Hide My WP > Change Paths > Firewall & Headers > Firewall Against Script Injection * Update - Fixed the menu hidden issue when other security plugins are active * Update - Compatibility with Login/Signup Popup plugin when Brute Force Google reCaptcha is activated * Update - Compatibility with Buy Me A Cofee plugin * Fixed - Library loading ID in HMWP Ghost

Download this release

Release Info

Developer	johndarrel
Plugin	Hide My WP Ghost – Security Plugin
Version	5.0.11
Comparing to
See all releases

Code changes from version 5.0.10 to 5.0.11

Files changed (3) hide show

index.php +2 -2
models/Rules.php +12 -17
readme.txt +11 -0

index.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9	- Version: 5.0.10
10	Author: WPPlugins - WordPress Security Plugins
11	Author URI: https://hidemywp.co
12	License: GPLv2 or later
	@@ -22,7 +22,7 @@
22	if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
24	//Set current plugin version
25	- define( 'HMWP_VERSION', '5.0.10' );
26
27	//Set the last stable version of the plugin
28	define( 'HMWP_STABLE_VERSION', '4.1.11' );


6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9	+ Version: 5.0.11
10	Author: WPPlugins - WordPress Security Plugins
11	Author URI: https://hidemywp.co
12	License: GPLv2 or later

22	if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
24	//Set current plugin version
25	+ define( 'HMWP_VERSION', '5.0.11' );
26
27	//Set the last stable version of the plugin
28	define( 'HMWP_STABLE_VERSION', '4.1.11' );

models/Rules.php CHANGED Viewed

	@@ -383,11 +383,6 @@ class HMWP_Models_Rules
383	if((int)HMWP_Classes_Tools::getOption('hmwp_sqlinjection_level') == 1) {
384	$rules .= "RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]" . PHP_EOL;
385	$rules .= "RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]" . PHP_EOL;
386	-
387	- $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).script.(\\>\|%3E) [NC,OR]" . PHP_EOL;
388	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^s]s)+cript.(>\|%3E) [NC,OR]" . PHP_EOL;
389	- $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).embed.(\\>\|%3E) [NC,OR]" . PHP_EOL;
390	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^e]e)+mbed.(>\|%3E) [NC,OR]" . PHP_EOL;
391	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).object.(\\>\|%3E) [NC,OR]" . PHP_EOL;
392	$rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^o]o)+bject.(>\|%3E) [NC,OR]" . PHP_EOL;
393	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).iframe.(\\>\|%3E) [NC,OR]" . PHP_EOL;
	@@ -421,20 +416,20 @@ class HMWP_Models_Rules
421	$rules .= "RewriteCond %{QUERY_STRING} \\=\\\|w\\\| [NC,OR]" . PHP_EOL;
422	$rules .= "RewriteCond %{QUERY_STRING} ^(.)/self/(.)$ [NC,OR]" . PHP_EOL;
423	$rules .= "RewriteCond %{QUERY_STRING} ^(.)cPath=http://(.)$ [NC,OR]" . PHP_EOL;
424	- $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).script.(\\>\|%3E) [NC,OR]" . PHP_EOL;
425	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^s]s)+cript.(>\|%3E) [NC,OR]" . PHP_EOL;
426	- $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).embed.(\\>\|%3E) [NC,OR]" . PHP_EOL;
427	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^e]e)+mbed.(>\|%3E) [NC,OR]" . PHP_EOL;
428	- $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).object.(\\>\|%3E) [NC,OR]" . PHP_EOL;
429	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^o]o)+bject.(>\|%3E) [NC,OR]" . PHP_EOL;
430	- $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).iframe.(\\>\|%3E) [NC,OR]" . PHP_EOL;
431	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^i]i)+frame.(>\|%3E) [NC,OR]" . PHP_EOL;
432	$rules .= "RewriteCond %{QUERY_STRING} base64_encode.\$.\$ [NC,OR]" . PHP_EOL;
433	$rules .= "RewriteCond %{QUERY_STRING} base64_(en\|de)code[^(]\$[^)]\$ [NC,OR]" . PHP_EOL;
434	$rules .= "RewriteCond %{QUERY_STRING} GLOBALS(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
435	$rules .= "RewriteCond %{QUERY_STRING} _REQUEST(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
436
437	if ( ! HMWP_Classes_Tools::isPluginActive( 'wp-reset/wp-reset.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-statistics/wp-statistics.php' ) ) {








438	$rules .= "RewriteCond %{QUERY_STRING} ^.(\$\|\$\|<\|>\|%3c\|%3e). [NC,OR]" . PHP_EOL;
439	$rules .= "RewriteCond %{QUERY_STRING} (<\|>\|'\|%0A\|%0D\|%3C\|%3E\|%00) [NC,OR]" . PHP_EOL;
440	$rules .= "RewriteCond %{QUERY_STRING} (;\|<\|>\|'\|\"\|\\)\|%0A\|%0D\|%22\|%27\|%3C\|%3E\|%00).(/\\\|union\|select\|insert\|drop\|delete\|cast\|create\|char\|convert\|alter\|declare\|script\|set\|md5\|benchmark\|encode) [NC,OR]" . PHP_EOL;
	@@ -480,10 +475,6 @@ class HMWP_Models_Rules
480	$rules .= "RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]" . PHP_EOL;
481	$rules .= "RewriteCond %{QUERY_STRING} (e\|%65\|%45)(v\|%76\|%56)(a\|%61\|%31)(l\|%6c\|%4c)(.)($\|%28)(.)($\|%29) [NC,OR]" . PHP_EOL;
482	$rules .= "RewriteCond %{QUERY_STRING} (/\|%2f)(=\|%3d\|$&\|_mm\|cgi(\.\|-)\|inurl(:\|%3a)(/\|%2f)\|(mod\|path)(=\|%3d)(\.\|%2e)) [NC,OR]" . PHP_EOL;
483	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(e\|%65\|%45)(m\|%6d\|%4d)(b\|%62\|%42)(e\|%65\|%45)(d\|%64\|%44)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
484	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(i\|%69\|%49)(f\|%66\|%46)(r\|%72\|%52)(a\|%61\|%41)(m\|%6d\|%4d)(e\|%65\|%45)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
485	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(o\|%4f\|%6f)(b\|%62\|%42)(j\|%4a\|%6a)(e\|%65\|%45)(c\|%63\|%43)(t\|%74\|%54)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
486	- $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(s\|%73\|%53)(c\|%63\|%43)(r\|%72\|%52)(i\|%69\|%49)(p\|%70\|%50)(t\|%74\|%54)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
487	$rules .= "RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(d\|%64\|%44)(e\|%65\|%45)(l\|%6c\|%4c)(e\|%65\|%45)(t\|%74\|%54)(e\|%65\|%45)(\+\|%2b\|%20) [NC,OR]" . PHP_EOL;
488	$rules .= "RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(i\|%69\|%49)(n\|%6e\|%4e)(s\|%73\|%53)(e\|%65\|%45)(r\|%72\|%52)(t\|%74\|%54)(\+\|%2b\|%20) [NC,OR]" . PHP_EOL;
489	$rules .= "RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(s\|%73\|%53)(e\|%65\|%45)(l\|%6c\|%4c)(e\|%65\|%45)(c\|%63\|%43)(t\|%74\|%54)(\+\|%2b\|%20) [NC,OR]" . PHP_EOL;
	@@ -498,6 +489,10 @@ class HMWP_Models_Rules
498	$rules .= "RewriteCond %{QUERY_STRING} (concat\|eval)(.*)(\(\|%28) [NC,OR]" . PHP_EOL;
499
500	if ( ! HMWP_Classes_Tools::isPluginActive( 'wp-reset/wp-reset.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-statistics/wp-statistics.php' ) ) {




501	$rules .= "RewriteCond %{QUERY_STRING} (;\|<\|>\|\'\|\\\"\|\)\|%0a\|%0d\|%22\|%27\|%3c\|%3e\|%00)(.)(/\\|alter\|base64\|benchmark\|cast\|concat\|convert\|create\|encode\|declare\|delete\|drop\|insert\|md5\|request\|script\|select\|union\|update) [NC,OR]" . PHP_EOL;
502	}
503


383	if((int)HMWP_Classes_Tools::getOption('hmwp_sqlinjection_level') == 1) {
384	$rules .= "RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]" . PHP_EOL;
385	$rules .= "RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]" . PHP_EOL;





386	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).object.(\\>\|%3E) [NC,OR]" . PHP_EOL;
387	$rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^o]o)+bject.(>\|%3E) [NC,OR]" . PHP_EOL;
388	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).iframe.(\\>\|%3E) [NC,OR]" . PHP_EOL;

416	$rules .= "RewriteCond %{QUERY_STRING} \\=\\\|w\\\| [NC,OR]" . PHP_EOL;
417	$rules .= "RewriteCond %{QUERY_STRING} ^(.)/self/(.)$ [NC,OR]" . PHP_EOL;
418	$rules .= "RewriteCond %{QUERY_STRING} ^(.)cPath=http://(.)$ [NC,OR]" . PHP_EOL;








419	$rules .= "RewriteCond %{QUERY_STRING} base64_encode.\$.\$ [NC,OR]" . PHP_EOL;
420	$rules .= "RewriteCond %{QUERY_STRING} base64_(en\|de)code[^(]\$[^)]\$ [NC,OR]" . PHP_EOL;
421	$rules .= "RewriteCond %{QUERY_STRING} GLOBALS(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
422	$rules .= "RewriteCond %{QUERY_STRING} _REQUEST(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
423
424	if ( ! HMWP_Classes_Tools::isPluginActive( 'wp-reset/wp-reset.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-statistics/wp-statistics.php' ) ) {
425	+ $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).script.(\\>\|%3E) [NC,OR]" . PHP_EOL;
426	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^s]s)+cript.(>\|%3E) [NC,OR]" . PHP_EOL;
427	+ $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).embed.(\\>\|%3E) [NC,OR]" . PHP_EOL;
428	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^e]e)+mbed.(>\|%3E) [NC,OR]" . PHP_EOL;
429	+ $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).object.(\\>\|%3E) [NC,OR]" . PHP_EOL;
430	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^o]o)+bject.(>\|%3E) [NC,OR]" . PHP_EOL;
431	+ $rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).iframe.(\\>\|%3E) [NC,OR]" . PHP_EOL;
432	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^i]i)+frame.(>\|%3E) [NC,OR]" . PHP_EOL;
433	$rules .= "RewriteCond %{QUERY_STRING} ^.(\$\|\$\|<\|>\|%3c\|%3e). [NC,OR]" . PHP_EOL;
434	$rules .= "RewriteCond %{QUERY_STRING} (<\|>\|'\|%0A\|%0D\|%3C\|%3E\|%00) [NC,OR]" . PHP_EOL;
435	$rules .= "RewriteCond %{QUERY_STRING} (;\|<\|>\|'\|\"\|\\)\|%0A\|%0D\|%22\|%27\|%3C\|%3E\|%00).(/\\\|union\|select\|insert\|drop\|delete\|cast\|create\|char\|convert\|alter\|declare\|script\|set\|md5\|benchmark\|encode) [NC,OR]" . PHP_EOL;

475	$rules .= "RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]" . PHP_EOL;
476	$rules .= "RewriteCond %{QUERY_STRING} (e\|%65\|%45)(v\|%76\|%56)(a\|%61\|%31)(l\|%6c\|%4c)(.)($\|%28)(.)($\|%29) [NC,OR]" . PHP_EOL;
477	$rules .= "RewriteCond %{QUERY_STRING} (/\|%2f)(=\|%3d\|$&\|_mm\|cgi(\.\|-)\|inurl(:\|%3a)(/\|%2f)\|(mod\|path)(=\|%3d)(\.\|%2e)) [NC,OR]" . PHP_EOL;




478	$rules .= "RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(d\|%64\|%44)(e\|%65\|%45)(l\|%6c\|%4c)(e\|%65\|%45)(t\|%74\|%54)(e\|%65\|%45)(\+\|%2b\|%20) [NC,OR]" . PHP_EOL;
479	$rules .= "RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(i\|%69\|%49)(n\|%6e\|%4e)(s\|%73\|%53)(e\|%65\|%45)(r\|%72\|%52)(t\|%74\|%54)(\+\|%2b\|%20) [NC,OR]" . PHP_EOL;
480	$rules .= "RewriteCond %{QUERY_STRING} (\+\|%2b\|%20)(s\|%73\|%53)(e\|%65\|%45)(l\|%6c\|%4c)(e\|%65\|%45)(c\|%63\|%43)(t\|%74\|%54)(\+\|%2b\|%20) [NC,OR]" . PHP_EOL;

489	$rules .= "RewriteCond %{QUERY_STRING} (concat\|eval)(.*)(\(\|%28) [NC,OR]" . PHP_EOL;
490
491	if ( ! HMWP_Classes_Tools::isPluginActive( 'wp-reset/wp-reset.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-statistics/wp-statistics.php' ) ) {
492	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(e\|%65\|%45)(m\|%6d\|%4d)(b\|%62\|%42)(e\|%65\|%45)(d\|%64\|%44)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
493	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(i\|%69\|%49)(f\|%66\|%46)(r\|%72\|%52)(a\|%61\|%41)(m\|%6d\|%4d)(e\|%65\|%45)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
494	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(o\|%4f\|%6f)(b\|%62\|%42)(j\|%4a\|%6a)(e\|%65\|%45)(c\|%63\|%43)(t\|%74\|%54)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
495	+ $rules .= "RewriteCond %{QUERY_STRING} (<\|%3c)(.)(s\|%73\|%53)(c\|%63\|%43)(r\|%72\|%52)(i\|%69\|%49)(p\|%70\|%50)(t\|%74\|%54)(.)(>\|%3e) [NC,OR]" . PHP_EOL;
496	$rules .= "RewriteCond %{QUERY_STRING} (;\|<\|>\|\'\|\\\"\|\)\|%0a\|%0d\|%22\|%27\|%3c\|%3e\|%00)(.)(/\\|alter\|base64\|benchmark\|cast\|concat\|convert\|create\|encode\|declare\|delete\|drop\|insert\|md5\|request\|script\|select\|union\|update) [NC,OR]" . PHP_EOL;
497	}
498

readme.txt CHANGED Viewed

	@@ -100,6 +100,7 @@ Hide My WP Ghost is packed with awesome security features:
100	> * Security Header X-Content-Type-Options
101	> * Security Header X-Frame-Options
102	> * Firewall agains Script Injections and SQL Injection

103	>
104	> <strong>Hide Options:</strong>
105	>
	@@ -265,6 +266,16 @@ Enjoy!
265	9. Customize the wp-admin path while logged in as administrator
266
267	== Changelog ==










268	= 5.0.02 (Beta Version)=
269	* Update - Added the option to prevent slow loading websites
270	* Fix - Debug parameters number hook error


100	> * Security Header X-Content-Type-Options
101	> * Security Header X-Frame-Options
102	> * Firewall agains Script Injections and SQL Injection
103	+ > * 7G Firewall Filter
104	>
105	> <strong>Hide Options:</strong>
106	>

266	9. Customize the wp-admin path while logged in as administrator
267
268	== Changelog ==
269	+ = 5.0.11 (22 Feb 2022)=
270	+ * Update - Added 7G Firewall option in Hide My WP > Change Paths > Firewall & Headers > Firewall Against Script Injection
271	+ * Update - Fixed the menu hidden issue when other security plugins are active
272	+ * Update - Compatibility with Login/Signup Popup plugin when Brute Force Google reCaptcha is activated
273	+ * Update - Compatibility with Buy Me A Cofee plugin
274	+ * Fixed - Library loading ID in HMWP Ghost
275	+
276	+ = 5.0.10 (17 Feb 2022)=
277	+ * Launched to stable version
278	+
279	= 5.0.02 (Beta Version)=
280	* Update - Added the option to prevent slow loading websites
281	* Fix - Debug parameters number hook error

Hide My WP Ghost – Security Plugin - Version 5.0.11

Version Description

Release Info

Code changes from version 5.0.10 to 5.0.11