Hide My WP Ghost – Security Plugin

Version Description

(08 Mar 2022)= * Update - Added compatibility with Backup Guard Plugin * Update - Prevent affecting the cron processes on Wordfence & changing the paths during the cron process * Update - Change the WP-Rocket cache files on all subsites for WP Multisite * Update - Automatically add the CDN URL if WP_CONTENT_URL is set as a different domain * Update - Compatibility with WordPress 5.9.1 * Fixed - Change Paths for Logged Users issue * Fixed - Show the feature icon in the feature list * Fixed - Show all the rewrite paths for WpEngine with PHP >7.4 * Fixed - Frontend test when the plugins paths are not changed

Download this release

Release Info

Developer	johndarrel
Plugin	Hide My WP Ghost – Security Plugin
Version	5.0.12
Comparing to
See all releases

Code changes from version 5.0.11 to 5.0.12

Files changed (13) hide show

classes/Tools.php +3 -3
config/config.php +1 -0
controllers/Cron.php +2 -2
controllers/Rewrite.php +9 -4
controllers/SecurityCheck.php +9 -8
index.php +17 -24
models/Cache.php +21 -16
models/Compatibility.php +128 -63
models/Files.php +7 -0
models/Rewrite.php +16 -17
models/Rules.php +1 -1
readme.txt +41 -32
view/Overview.php +1 -1

classes/Tools.php CHANGED Viewed

	@@ -591,11 +591,11 @@ class HMWP_Classes_Tools
591	}
592
593	//If not admin
594	- if (!is_admin() && !is_network_admin() ) {
595
596	//if process the change paths
597	- if (HMWP_Classes_Tools::getOption('hmwp_hide_loggedusers')
598	- \|\| (function_exists('is_user_logged_in') && !is_user_logged_in() )
599	) {
600	return true;
601	}


591	}
592
593	//If not admin
594	+ if ((!is_admin() && !is_network_admin()) \|\| HMWP_Classes_Tools::isAjax() ) {
595
596	//if process the change paths
597	+ if (HMWP_Classes_Tools::getOption('hmwp_hide_loggedusers')
598	+ \|\| (function_exists('is_user_logged_in') && !is_user_logged_in() )
599	) {
600	return true;
601	}

config/config.php CHANGED Viewed

	@@ -37,3 +37,4 @@ define('HMWP_OPTION_SAFE', 'hmwp_options_safe');
37	define('HMWP_SECURITY_CHECK', 'hmwp_securitycheck');
38	define('HMWP_SECURITY_CHECK_IGNORE', 'hmwp_securitycheck_ignore');
39	define('HMWP_SECURITY_CHECK_TIME', 'hmwp_securitycheck_time');


37	define('HMWP_SECURITY_CHECK', 'hmwp_securitycheck');
38	define('HMWP_SECURITY_CHECK_IGNORE', 'hmwp_securitycheck_ignore');
39	define('HMWP_SECURITY_CHECK_TIME', 'hmwp_securitycheck_time');
40	+ define('HMWP_CRON', 'hmwp_cron_process');

controllers/Cron.php CHANGED Viewed

	@@ -18,8 +18,8 @@ class HMWP_Controllers_Cron
18	add_filter('cron_schedules', array($this, 'setInterval'));
19
20	//Activate the cron job if not exists.
21	- if (!wp_next_scheduled(~~'hmwp_cron_process'~~)) {
22	- wp_schedule_event(time(), 'hmwp_every_minute', ~~'hmwp_cron_process'~~);
23	}
24	}
25


18	add_filter('cron_schedules', array($this, 'setInterval'));
19
20	//Activate the cron job if not exists.
21	+ if (!wp_next_scheduled(HMWP_CRON)) {
22	+ wp_schedule_event(time(), 'hmwp_every_minute', HMWP_CRON);
23	}
24	}
25

controllers/Rewrite.php CHANGED Viewed

	@@ -21,10 +21,15 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
21	{
22	parent::__construct();
23
24	- //If the plugin is set to be deactivated
25	- if (defined('HMWP_DISABLE') && HMWP_DISABLE ) {
26	- return;
27	- }





28
29	//If safe parameter is set, clear the banned IPs and let the default paths
30	if (HMWP_Classes_Tools::getIsset(HMWP_Classes_Tools::getOption('hmwp_disable_name')) ) {


21	{
22	parent::__construct();
23
24	+ //If the plugin is set to be deactivated, return
25	+ if (defined('HMWP_DISABLE') && HMWP_DISABLE ) {
26	+ return;
27	+ }
28	+
29	+ //If doing cron, return
30	+ if(defined('DOING_CRON') && DOING_CRON){
31	+ return;
32	+ }
33
34	//If safe parameter is set, clear the banned IPs and let the default paths
35	if (HMWP_Classes_Tools::getIsset(HMWP_Classes_Tools::getOption('hmwp_disable_name')) ) {

controllers/SecurityCheck.php CHANGED Viewed

	@@ -579,17 +579,18 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
579
580	//Propare the URL
581	$hmwpPath = dirname(HMWP_BASENAME);
582	- $pluginsPath = HMWP_Classes_Tools::getOption('hmwp_plugin_url') ;
583	$plugins = HMWP_Classes_Tools::getOption('hmwp_plugins');
584	- if(~~isset~~(~~$plugins[~~'~~from~~']) ~~&& !empty($plugins['from']~~)) {
585	- if(isset($plugins['to']~~[array_search~~(~~$hmwpPath~~ ~~.'/',~~ $plugins['from'])])){
586	- ~~$hmwpPath~~ = ~~trim~~($plugins['to'][array_search($hmwpPath .'/', $plugins['from'])] , ~~'/'~~);
587	- }
588	- }
589	-

590	//set hmwp_brokenfiles to false to not load the broken paths with WordPress rules
591	$url = site_url() . '/' . $pluginsPath . '/' . $hmwpPath . '/view/assets/img/logo.png?hmwp_brokenfiles=0&test=' . mt_rand(11111,99999);
592	- $response = HMWP_Classes_Tools::hmwp_localcall($url, array('cookies' => false));
593
594	if (!is_wp_error($response) ) {
595


579
580	//Propare the URL
581	$hmwpPath = dirname(HMWP_BASENAME);
582	+ $pluginsPath = HMWP_Classes_Tools::getOption('hmwp_plugin_url');
583	$plugins = HMWP_Classes_Tools::getOption('hmwp_plugins');
584	+ if(HMWP_Classes_Tools::getOption('hmwp_hide_plugins')) {
585	+ if ( isset( $plugins['from'] ) && ! empty( $plugins['from'] ) ) {
586	+ if ( isset( $plugins['to'][ array_search( $hmwpPath . '/', $plugins['from'] ) ] ) ) {
587	+ $hmwpPath = trim( $plugins['to'][ array_search( $hmwpPath . '/', $plugins['from'] ) ], '/' );
588	+ }
589	+ }
590	+ }
591	//set hmwp_brokenfiles to false to not load the broken paths with WordPress rules
592	$url = site_url() . '/' . $pluginsPath . '/' . $hmwpPath . '/view/assets/img/logo.png?hmwp_brokenfiles=0&test=' . mt_rand(11111,99999);
593	+ $response = HMWP_Classes_Tools::hmwp_localcall($url, array('cookies' => false));
594
595	if (!is_wp_error($response) ) {
596

index.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9	- Version: 5.0.11
10	Author: WPPlugins - WordPress Security Plugins
11	Author URI: https://hidemywp.co
12	License: GPLv2 or later
	@@ -22,7 +22,7 @@
22	if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
24	//Set current plugin version
25	- define( 'HMWP_VERSION', '5.0.11' );
26
27	//Set the last stable version of the plugin
28	define( 'HMWP_STABLE_VERSION', '4.1.11' );
	@@ -36,46 +36,39 @@ if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
36	//Set the HMWP id for later verification
37	defined( 'HMWP_VERSION_ID' ) \|\| define( 'HMWP_VERSION_ID', (int)str_replace( '.', '', HMWP_VERSION ) );
38
39	- /* important to check the PHP version */
40	try {
41
42	- /* Call config files */
43	require(dirname( __FILE__ ) . '/config/config.php');
44
45	- /* inport main classes */
46	require_once(_HMWP_CLASSES_DIR_ . 'ObjController.php');
47
48	if(class_exists('HMWP_Classes_ObjController')) {
49
50	- /* Load Exception, Error and Tools class */
51	HMWP_Classes_ObjController::getClass('HMWP_Classes_Error');
52	HMWP_Classes_ObjController::getClass('HMWP_Classes_Tools');
53
54	- /* Load Front Controller */
55	HMWP_Classes_ObjController::getClass('HMWP_Classes_FrontController');
56
57	- /* if the disable signal is on, return */
58	- if ~~(defined('HMWP_DISABLE')~~ && ~~HMWP_DISABLE) {~~

59	return;
60	- }
61	-
62	- //don't run cron hooks and update if there are installs
63	- if (!is_multisite() && defined('WP_INSTALLING') && WP_INSTALLING) {
64	return;
65	} elseif (is_multisite() && defined('WP_INSTALLING_NETWORK') && WP_INSTALLING_NETWORK) {
66	return;
67	}
68
69	- ~~//don~~'t ~~load~~ ~~bruteforce~~ ~~and activity log in cron jobs~~
70	- if ( ~~defined(~~ ~~'DOING_CRON'~~ ~~) && DOING_CRON ){~~
71	- ~~//don't~~ ~~hide~~ ~~the~~ ~~paths.~~ ~~Compatibility~~ ~~with~~ ~~Wordfence virus scan~~
72	- ~~add_filter~~(~~'hmwp_process_hide_urls',~~ '~~__return_false~~' );
73	- }~~else {~~
74	- ~~//If Brute Force is activated~~
75	- if (HMWP_Classes_Tools::getOption('hmwp_bruteforce')) {
76	- HMWP_Classes_ObjController::getClass('HMWP_Controllers_Brute');
77	- }
78	- }
79
80	if (is_admin() \|\| is_network_admin()) {
81
	@@ -105,7 +98,7 @@ if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
105	if (HMWP_Classes_Tools::getOption('hmwp_change_in_cache') \|\| HMWP_Classes_Tools::getOption('hmwp_mapping_file')) {
106	//Run the HMWP crons
107	HMWP_Classes_ObjController::getClass('HMWP_Controllers_Cron');
108	- add_action(~~'hmwp_cron_process'~~, array(HMWP_Classes_ObjController::getClass('HMWP_Controllers_Cron'), 'processCron'));
109	}
110	}
111


6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9	+ Version: 5.0.12
10	Author: WPPlugins - WordPress Security Plugins
11	Author URI: https://hidemywp.co
12	License: GPLv2 or later

22	if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
24	//Set current plugin version
25	+ define( 'HMWP_VERSION', '5.0.12' );
26
27	//Set the last stable version of the plugin
28	define( 'HMWP_STABLE_VERSION', '4.1.11' );

36	//Set the HMWP id for later verification
37	defined( 'HMWP_VERSION_ID' ) \|\| define( 'HMWP_VERSION_ID', (int)str_replace( '.', '', HMWP_VERSION ) );
38

39	try {
40
41	+ //Call config files
42	require(dirname( __FILE__ ) . '/config/config.php');
43
44	+ //inport main classes
45	require_once(_HMWP_CLASSES_DIR_ . 'ObjController.php');
46
47	if(class_exists('HMWP_Classes_ObjController')) {
48
49	+ //Load Exception, Error and Tools class
50	HMWP_Classes_ObjController::getClass('HMWP_Classes_Error');
51	HMWP_Classes_ObjController::getClass('HMWP_Classes_Tools');
52
53	+ //Load Front Controller
54	HMWP_Classes_ObjController::getClass('HMWP_Classes_FrontController');
55
56	+ //if the disable signal is on, return
57	+ //don't run cron hooks and update if there are installs
58	+ if (defined('HMWP_DISABLE') && HMWP_DISABLE) {
59	return;
60	+ }elseif (!is_multisite() && defined('WP_INSTALLING') && WP_INSTALLING) {



61	return;
62	} elseif (is_multisite() && defined('WP_INSTALLING_NETWORK') && WP_INSTALLING_NETWORK) {
63	return;
64	}
65
66	+ if(!defined('DOING_CRON') \|\| !DOING_CRON) {
67	+ //If Brute Force is activated
68	+ if ( HMWP_Classes_Tools::getOption( 'hmwp_bruteforce' ) ) {
69	+ HMWP_Classes_ObjController::getClass( 'HMWP_Controllers_Brute' );
70	+ }
71	+ }




72
73	if (is_admin() \|\| is_network_admin()) {
74

98	if (HMWP_Classes_Tools::getOption('hmwp_change_in_cache') \|\| HMWP_Classes_Tools::getOption('hmwp_mapping_file')) {
99	//Run the HMWP crons
100	HMWP_Classes_ObjController::getClass('HMWP_Controllers_Cron');
101	+ add_action(HMWP_CRON, array(HMWP_Classes_ObjController::getClass('HMWP_Controllers_Cron'), 'processCron'));
102	}
103	}
104

models/Cache.php CHANGED Viewed

	@@ -132,11 +132,13 @@ class HMWP_Models_Cache
132	continue;
133	}
134
135	- //find replace the content
136	- $~~content~~ = $this->findReplace($content);
137	-
138	- //~~write~~ ~~into file~~
139	- ~~$this->writeFile($~~file~~, $content);~~


140
141	}
142	}
	@@ -174,12 +176,13 @@ class HMWP_Models_Cache
174	continue;
175	}
176
177	- //find replace the content
178	- $~~content~~ = $this->findReplace($content);
179	-
180	- //~~write~~ ~~into file~~
181	- ~~$this->writeFile($~~file~~, $content);~~
182	-

183	}
184	}
185	}
	@@ -228,11 +231,13 @@ class HMWP_Models_Cache
228	//get the file content
229	$content = $wp_filesystem->get_contents($file);
230
231	- //find replace the content
232	- $~~content~~ = $this->findReplace($content);
233	-
234	- //~~write~~ ~~into file~~
235	- ~~$this->writeFile($~~file~~, $content);~~


236	}
237	}
238	}


132	continue;
133	}
134
135	+ //find replace the content
136	+ $newcontent = $this->findReplace($content);
137	+ if($newcontent <> $content){
138	+ //echo $newcontent;exit();
139	+ //write into file
140	+ $this->writeFile($file, $newcontent);
141	+ }
142
143	}
144	}

176	continue;
177	}
178
179	+ //find replace the content
180	+ $newcontent = $this->findReplace($content);
181	+ if($newcontent <> $content){
182	+ //echo $newcontent;exit();
183	+ //write into file
184	+ $this->writeFile($file, $newcontent);
185	+ }
186	}
187	}
188	}

231	//get the file content
232	$content = $wp_filesystem->get_contents($file);
233
234	+ //find replace the content
235	+ $newcontent = $this->findReplace($content);
236	+ if($newcontent <> $content){
237	+ //echo $newcontent;exit();
238	+ //write into file
239	+ $this->writeFile($file, $newcontent);
240	+ }
241	}
242	}
243	}

models/Compatibility.php CHANGED Viewed

@@ -58,10 +58,6 @@ class HMWP_Models_Compatibility
                             );
+                        }
-            -
                        //if
-            -
                        if(HMWP_Classes_Tools::getValue('action') == 'wordfence_scan' && HMWP_Classes_Tools::isPluginActive('wordfence/wordfence.php')) {
-            -
                            set_transient('hmwp_disable_hide_urls', 1, 3600);
-            -
                        }
                     } else {
@@ -386,10 +382,27 @@ class HMWP_Models_Compatibility
                                     add_filter('hmwp_process_hide_urls', '__return_false');
+                                }
-            -
                                //If there is a process that need to access the wp-admin
-            -
                                if (get_transient('hmwp_disable_hide_urls')) {
-            -
                                    add_filter('hmwp_process_hide_urls', '__return_false');
-            -
                                }
+                            }
                         }, 10
                     );
@@ -623,22 +636,6 @@ class HMWP_Models_Compatibility
                     $wp_filesystem = HMWP_Classes_ObjController::initFilesystem();
                     $content_dir = $wp_filesystem->wp_content_dir();
-            -
                    //Change the paths in the cached css
-            -
                    if (HMWP_Classes_Tools::isPluginActive('elementor/elementor.php') ) {
-            -
                        //Set the cache directory for this plugin
-            -
                        $path = $content_dir . HMWP_Classes_Tools::$default['hmwp_upload_url'] . '/elementor/css/';
-            -
                        if($wp_filesystem->is_dir($path)) {
-            -
                            HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->setCachePath($path);
-            -
-            -
                            //change the paths in css
-            -
                            HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInCss();
-            -
                            //change the paths in js
-            -
                            HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInJs();
-            -
-            -
                            //mark as cache changed
-            -
                            $changed = true;
-            -
                        }
-            -
                    }
                     //Change the paths in the cached css
                     if (HMWP_Classes_Tools::isPluginActive('fusion-builder/fusion-builder.php') ) {
@@ -797,33 +794,57 @@ class HMWP_Models_Compatibility
+                    }
                     //For WP-Rocket
-            -
                    if (HMWP_Classes_Tools::isPluginActive('wp-rocket/wp-rocket.php') ) {
-            -
                        if (function_exists('get_rocket_option') ) {
-            -
                            $concatenate = get_rocket_option('minify_concatenate_css');
-            -
-            -
                            if ($concatenate ) {
-            -
                                //Set the cache directory for this plugin
-            -
                                $path = $content_dir . 'cache/min/';
-            -
                                if (function_exists('get_current_blog_id') ) {
-            -
                                    $path .= get_current_blog_id() . '/';
-            -
                                }
-            -
                                if($wp_filesystem->is_dir($path)) {
-            -
                                    HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->setCachePath($path);
-            -
                                    //change the paths in css
-            -
                                    HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInCss();
-            -
                                    //change the paths in js
-            -
                                    HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInJs();
-            -
                                    //mark as cache changed
-            -
                                    $changed = true;
-            -
                                }
-            -
                            }
-            -
                        }
-            -
                    }
                     //For Autoptimizer
                     if (HMWP_Classes_Tools::isPluginActive('autoptimize/autoptimize.php') ) {
@@ -927,6 +948,23 @@ class HMWP_Models_Compatibility
+                    }
                     //IF none of these plugins are installed. Search whole directory.
                     if (!$changed || HMWP_Classes_Tools::getOption('hmwp_change_in_cache_directory') <> '') {
                         //Set the cache directory for this plugin
@@ -1156,22 +1194,39 @@ class HMWP_Models_Compatibility
                                         $home_root = '/';
+                                    }
-            -
                                    $busting_url = HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->find_replace_url(WP_ROCKET_CACHE_BUSTING_URL);
-            -
                                    if ($busting_url = HMWP_Classes_Tools::getRelativePath($busting_url) ) {
-            -
                                        foreach ( $blog_ids as $blog_id ) {
-            -
                                            //mapp the wp-rocket busting wp-content
-            -
                                            if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
-            -
                                                $hmwp_url_mapping['from'][] = '/' . $busting_url . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
-            -
                                                $hmwp_url_mapping['to'][] = '/' . $busting_url . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
-            -
                                            }
-            -
-            -
                                            //mapp the wp-rocket busting wp-includes
-            -
                                            if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
-            -
                                                $hmwp_url_mapping['from'][] = '/' . $busting_url . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
-            -
                                                $hmwp_url_mapping['to'][] = '/' . $busting_url . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
-            -
                                            }
-            -
                                        }
-            -
                                    }
                                     HMWP_Classes_Tools::saveOptions('hmwp_url_mapping', json_encode($hmwp_url_mapping));
+                                }
@@ -1189,7 +1244,17 @@ class HMWP_Models_Compatibility
+                {
                     $domains = array();
-            -
                    //WP Rocket CDN Integration
                     if (HMWP_Classes_Tools::isPluginActive('wp-rocket/wp-rocket.php') && function_exists('get_rocket_option') ) {
                         $cnames = get_rocket_option('cdn_cnames', array());
                         foreach ($cnames as $_urls ) {


58	);
59	}
60




61
62	} else {
63

382	add_filter('hmwp_process_hide_urls', '__return_false');
383	}
384
385	+ //If Ajax
386	+ if(HMWP_Classes_Tools::isAjax()) {
387	+ //?action=backup_guard_awake on backupguard scans
388	+ if (HMWP_Classes_Tools::getValue('action') == 'backup_guard_awake' && HMWP_Classes_Tools::isPluginActive('backup-guard-gold/backup-guard-pro.php')) {
389	+ add_filter('hmwp_process_hide_urls', '__return_false');
390	+ }
391	+ //?action=wp_async_request on Wordfence cron scans
392	+ if ((HMWP_Classes_Tools::getValue('action') == 'wordfence_doScan' \|\| HMWP_Classes_Tools::getValue('action') == 'wordfence_testAjax') && HMWP_Classes_Tools::isPluginActive('wordfence/wordfence.php')) {
393	+ set_transient('hmwp_disable_hide_urls', 1, 60);
394	+ add_filter('hmwp_process_hide_urls', '__return_false');
395	+ }
396	+ //?action=hmbkp_cron_test on backupguard scans
397	+ if (HMWP_Classes_Tools::getValue('action') == 'hmbkp_cron_test' && HMWP_Classes_Tools::isPluginActive('backupwordpress/backupwordpress.php')) {
398	+ add_filter('hmwp_process_hide_urls', '__return_false');
399	+ }
400	+ }
401	+
402	+ //If there is a process that need to access the wp-admin
403	+ if (get_transient('hmwp_disable_hide_urls')) {
404	+ add_filter('hmwp_process_hide_urls', '__return_false');
405	+ }
406	}
407	}, 10
408	);

636	$wp_filesystem = HMWP_Classes_ObjController::initFilesystem();
637	$content_dir = $wp_filesystem->wp_content_dir();
638
















639
640	//Change the paths in the cached css
641	if (HMWP_Classes_Tools::isPluginActive('fusion-builder/fusion-builder.php') ) {

794	}
795
796	//For WP-Rocket
797	+ if (HMWP_Classes_Tools::isPluginActive('wp-rocket/wp-rocket.php') ) {
798	+ if (function_exists('get_rocket_option') ) {








799
800	+ if (get_rocket_option('minify_concatenate_css') && defined('WP_ROCKET_MINIFY_CACHE_PATH') ) {

801
802	+ if (HMWP_Classes_Tools::isMultisites() ) {
803	+ //get all blogs
804	+ global $wpdb;
805	+ $this->paths = array();
806
807	+ if($blogs = $wpdb->get_results( "SELECT blog_id FROM " . $wpdb->blogs . " where blog_id > 1" )) {
808	+ foreach ($blogs as $blog) {



809
810	+ //Set the cache directory for this plugin
811	+ $path = WP_ROCKET_MINIFY_CACHE_PATH . $blog->blog_id . '/';
812	+
813	+ if($wp_filesystem->is_dir($path)) {
814	+
815	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->setCachePath($path);
816	+
817	+ //change the paths in css
818	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInCss();
819	+ //change the paths in js
820	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInJs();
821	+
822	+ //mark as cache changed
823	+ $changed = true;
824	+ }
825	+ }
826	+ }
827	+ }
828	+
829	+ //Set the cache directory for this plugin
830	+ $path = WP_ROCKET_MINIFY_CACHE_PATH . get_current_blog_id() . '/';
831	+
832	+ if($wp_filesystem->is_dir($path)) {
833	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->setCachePath($path);
834	+
835	+ //change the paths in css
836	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInCss();
837	+ //change the paths in js
838	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInJs();
839	+
840	+ //mark as cache changed
841	+ $changed = true;
842	+ }
843	+ }
844	+ }
845
846	+
847	+ }
848
849	//For Autoptimizer
850	if (HMWP_Classes_Tools::isPluginActive('autoptimize/autoptimize.php') ) {

948
949	}
950
951	+ //Change the paths in the cached css
952	+ if (HMWP_Classes_Tools::isPluginActive('elementor/elementor.php') ) {
953	+ //Set the cache directory for this plugin
954	+ $path = $content_dir . HMWP_Classes_Tools::$default['hmwp_upload_url'] . '/elementor/css/';
955	+ if($wp_filesystem->is_dir($path)) {
956	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->setCachePath($path);
957	+
958	+ //change the paths in css
959	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInCss();
960	+ //change the paths in js
961	+ HMWP_Classes_ObjController::getClass('HMWP_Models_Cache')->changePathsInJs();
962	+
963	+ //mark as cache changed
964	+ $changed = true;
965	+ }
966	+ }
967	+
968	//IF none of these plugins are installed. Search whole directory.
969	if (!$changed \|\| HMWP_Classes_Tools::getOption('hmwp_change_in_cache_directory') <> '') {
970	//Set the cache directory for this plugin

1194	$home_root = '/';
1195	}
1196
1197	+ $busting_url = HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->find_replace_url(WP_ROCKET_CACHE_BUSTING_URL);
1198	+ if ($busting_url = HMWP_Classes_Tools::getRelativePath($busting_url) ) {
1199	+ foreach ( $blog_ids as $blog_id ) {
1200	+ //mapp the wp-rocket busting wp-content
1201	+ if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
1202	+ $hmwp_url_mapping['from'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
1203	+ $hmwp_url_mapping['to'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
1204	+ }
1205	+
1206	+ //mapp the wp-rocket busting wp-includes
1207	+ if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
1208	+ $hmwp_url_mapping['from'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
1209	+ $hmwp_url_mapping['to'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
1210	+ }
1211	+ }
1212	+ }
1213	+
1214	+ $minify_url = HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->find_replace_url(WP_ROCKET_MINIFY_CACHE_URL);
1215	+ if ($minify_url = HMWP_Classes_Tools::getRelativePath($minify_url) ) {
1216	+ foreach ( $blog_ids as $blog_id ) {
1217	+ //mapp the wp-rocket busting wp-content
1218	+ if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
1219	+ $hmwp_url_mapping['from'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
1220	+ $hmwp_url_mapping['to'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
1221	+ }
1222	+
1223	+ //mapp the wp-rocket busting wp-includes
1224	+ if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
1225	+ $hmwp_url_mapping['from'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
1226	+ $hmwp_url_mapping['to'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
1227	+ }
1228	+ }
1229	+ }
1230
1231	HMWP_Classes_Tools::saveOptions('hmwp_url_mapping', json_encode($hmwp_url_mapping));
1232	}

1244	{
1245	$domains = array();
1246
1247	+ //If WP_CONTENT_URL is set as a different domain
1248	+ if(defined('WP_CONTENT_URL') && WP_CONTENT_URL <> ''){
1249	+ $cdn = parse_url(WP_CONTENT_URL, PHP_URL_HOST);
1250	+ $domain = parse_url(home_url(), PHP_URL_HOST);
1251	+
1252	+ if($cdn <> '' && $domain <> '' && $cdn <> $domain){
1253	+ $domains[] = $cdn;
1254	+ }
1255	+ }
1256	+
1257	+ //WP Rocket CDN Integration
1258	if (HMWP_Classes_Tools::isPluginActive('wp-rocket/wp-rocket.php') && function_exists('get_rocket_option') ) {
1259	$cnames = get_rocket_option('cdn_cnames', array());
1260	foreach ($cnames as $_urls ) {

models/Files.php CHANGED Viewed

	@@ -502,6 +502,13 @@ class HMWP_Models_Files
502
503	} elseif ($url <> $new_url ) {
504	if (!HMWP_Classes_Tools::getValue('noredirect') ) {







505	wp_safe_redirect(add_query_arg(array('noredirect' => true), $new_url), 301);
506	exit();
507	}


502
503	} elseif ($url <> $new_url ) {
504	if (!HMWP_Classes_Tools::getValue('noredirect') ) {
505	+
506	+ $uri = parse_url($url, PHP_URL_QUERY);
507	+
508	+ if($uri && strpos($new_url, '?') === false){
509	+ $new_url .= '?' . $uri;
510	+ }
511	+
512	wp_safe_redirect(add_query_arg(array('noredirect' => true), $new_url), 301);
513	exit();
514	}

models/Rewrite.php CHANGED Viewed

	@@ -102,14 +102,11 @@ class HMWP_Models_Rewrite
102
103	//If ajax call
104	if (HMWP_Classes_Tools::isAjax() ) {

105	//if change the ajax paths
106	if(HMWP_Classes_Tools::getOption('hmwp_hideajax_paths')) {
107	- //is ~~change~~ ~~ajax~~ ~~for~~ ~~logged users or not logged users~~
108	- if ~~(HMWP_Classes_Tools::getOption('hmwp_hide_loggedusers')~~ \|\| (~~function_exists('is_user_logged_in'~~) ~~&& !is_user_logged_in())) {~~
109	- //replace the buffer in Ajax
110	- $buffer = $this->find_replace($buffer);
111	- }
112	-
113	}
114
115	} else {
	@@ -784,16 +781,18 @@ class HMWP_Models_Rewrite
784	HMWP_Classes_ObjController::getClass('HMWP_Models_Rules')->writeInHtaccess('', 'HMWP_RULES');
785	}
786
787	- $rewritecode = '';
788	- if (!empty($this->_rewrites) ) {
789	- foreach ( $this->_rewrites as $rewrite ) {
790	- if (PHP_VERSION_ID >= 70400 ~~\|\| (strpos($rewrite['to'], 'index.php'~~) ~~=== false && (strpos($rewrite['to'], HMWP_Classes_Tools::$default['hmwp_wp-content_url']) !== false \|\| strpos($rewrite['to'], HMWP_Classes_Tools::$default['hmwp_wp-includes_url']) !== false)) )~~ {
791	- if (~~strpos~~(~~$rewrite[~~'to'], ~~HMWP_Classes_Tools::$default[~~'~~hmwp_login_url~~']) ~~===~~ ~~false~~ ~~&& strpos(~~$rewrite['to'], ~~HMWP_Classes_Tools::$default~~['~~hmwp_admin_url~~']) ~~===~~ ~~false~~ ) {
792	- ~~$rewritecode~~ ~~.= 'Source: <strong>^/' . str_replace~~(~~array~~('~~.css~~', '.js'), ~~array('\.css',~~ ~~'\.js'),~~ $rewrite['~~from~~']) . '~~</strong> Destination: <strong>~~' . ~~$home_root~~ . $rewrite['to'] . ~~"</strong>~~ ~~Redirect~~ ~~type: Break;<br />";~~
793	- }
794	- }
795	- }
796	- }


797
798	if ($rewritecode <> '' ) {
799	HMWP_Classes_Error::setError(sprintf(esc_html__('WpEngine detected. Add the redirects in the WpEngine Redirect rules panel %s.', 'hide-my-wp'), '<strong><a href="https://wpengine.com/support/redirect/" target="_blank" style="color: red">' . esc_html__("Learn How To Add the Code", 'hide-my-wp') . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form),'notice',false);
	@@ -2098,7 +2097,7 @@ class HMWP_Models_Rewrite
2098	public function find_replace( $content)
2099	{
2100
2101	- if (apply_filters('hmwp_process_find_replace', true) ) {
2102
2103	if (is_string($content) && $content <> '') {
2104


102
103	//If ajax call
104	if (HMWP_Classes_Tools::isAjax() ) {
105	+
106	//if change the ajax paths
107	if(HMWP_Classes_Tools::getOption('hmwp_hideajax_paths')) {
108	+ //replace the buffer in Ajax
109	+ $buffer = $this->find_replace($buffer);




110	}
111
112	} else {

781	HMWP_Classes_ObjController::getClass('HMWP_Models_Rules')->writeInHtaccess('', 'HMWP_RULES');
782	}
783
784	+ $rewritecode = '';
785	+ if (!empty($this->_rewrites) ) {
786	+ foreach ( $this->_rewrites as $rewrite ) {
787	+ if(PHP_VERSION_ID >= 70400 ){
788	+ $rewritecode .= 'Source: <strong>^/' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: Break;<br />";
789	+ }elseif (strpos($rewrite['to'], 'index.php') === false && (strpos($rewrite['to'], HMWP_Classes_Tools::$default['hmwp_wp-content_url']) !== false \|\| strpos($rewrite['to'], HMWP_Classes_Tools::$default['hmwp_wp-includes_url']) !== false)) {
790	+ if (strpos($rewrite['to'], HMWP_Classes_Tools::$default['hmwp_login_url']) === false && strpos($rewrite['to'], HMWP_Classes_Tools::$default['hmwp_admin_url']) === false ) {
791	+ $rewritecode .= 'Source: <strong>^/' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: Break;<br />";
792	+ }
793	+ }
794	+ }
795	+ }
796
797	if ($rewritecode <> '' ) {
798	HMWP_Classes_Error::setError(sprintf(esc_html__('WpEngine detected. Add the redirects in the WpEngine Redirect rules panel %s.', 'hide-my-wp'), '<strong><a href="https://wpengine.com/support/redirect/" target="_blank" style="color: red">' . esc_html__("Learn How To Add the Code", 'hide-my-wp') . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form),'notice',false);

2097	public function find_replace( $content)
2098	{
2099
2100	+ if (HMWP_Classes_Tools::doChangePaths() && apply_filters('hmwp_process_find_replace', true) ) {
2101
2102	if (is_string($content) && $content <> '') {
2103

models/Rules.php CHANGED Viewed

	@@ -421,7 +421,7 @@ class HMWP_Models_Rules
421	$rules .= "RewriteCond %{QUERY_STRING} GLOBALS(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
422	$rules .= "RewriteCond %{QUERY_STRING} _REQUEST(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
423
424	- if ( ! HMWP_Classes_Tools::isPluginActive( 'wp-reset/wp-reset.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-statistics/wp-statistics.php' ) ) {
425	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).script.(\\>\|%3E) [NC,OR]" . PHP_EOL;
426	$rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^s]s)+cript.(>\|%3E) [NC,OR]" . PHP_EOL;
427	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).embed.(\\>\|%3E) [NC,OR]" . PHP_EOL;


421	$rules .= "RewriteCond %{QUERY_STRING} GLOBALS(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
422	$rules .= "RewriteCond %{QUERY_STRING} _REQUEST(=\|\\[\|\\%[0-9A-Z]{0,2}) [NC,OR]" . PHP_EOL;
423
424	+ if ( ! HMWP_Classes_Tools::isPluginActive( 'backup-guard-gold/backup-guard-pro.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-reset/wp-reset.php' ) && ! HMWP_Classes_Tools::isPluginActive( 'wp-statistics/wp-statistics.php' ) ) {
425	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).script.(\\>\|%3E) [NC,OR]" . PHP_EOL;
426	$rules .= "RewriteCond %{QUERY_STRING} (<\|%3C)([^s]s)+cript.(>\|%3E) [NC,OR]" . PHP_EOL;
427	$rules .= "RewriteCond %{QUERY_STRING} (\\<\|%3C).embed.(\\>\|%3E) [NC,OR]" . PHP_EOL;

readme.txt CHANGED Viewed

	@@ -1,15 +1,15 @@
1	=== Hide My WP Ghost - Security Plugin ===
2	Contributors: johndarrel
3	- Tags: security, ~~wordpress security,~~ firewall, hide ~~my wp~~, ~~hide~~ wp-~~admin~~, ~~hide~~ wp-~~login~~, hide wordpress, hide wp, security plugin~~, ocultar mi wp, hide my site, hide my wordpress, hide, hack, antivirus~~
4	Requires at least: 4.3
5	Tested up to: 5.9
6	Requires PHP: 5.6
7	- Stable tag: 5.0.10
8	Donate link: https://hidemywpghost.com/hide-my-wp-pricing/
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12	- Hide ~~all~~ ~~common~~ paths, wp-admin, wp-login, wp-content, plugins, themes, authors, ~~comments,~~ XML-RPC, etc. Add Firewall, Brute Force protection & more.
13
14	== Description ==
15
	@@ -100,7 +100,7 @@ Hide My WP Ghost is packed with awesome security features:
100	> * Security Header X-Content-Type-Options
101	> * Security Header X-Frame-Options
102	> * Firewall agains Script Injections and SQL Injection
103	- > * 7G Firewall Filter
104	>
105	> <strong>Hide Options:</strong>
106	>
	@@ -195,12 +195,15 @@ Hide My WP Ghost is packed with awesome security features:
195
196	Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
197
198	- Plugins Compatibility updates: **~~ManageWP~~, ~~WPML~~, W3 Total Cache, Gravity, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache,
199	- Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress,
200	- All In One SEO, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security,
201	- Back-Up WordPress, Elementor Page Builder, Weglot Translate, AddToAny Share Btn, ~~WordFence~~ ~~Security~~, ~~Sucuri~~ Security, Asset CleanUp**
202
203	- ~~Hosting~~ Compatibility ~~checked~~: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Litespeed Hosting, Flywheels Hosting



204
205	Being able to protect the common paths is critical because you get to keep hacker bots away from sensitive website data.
206
	@@ -212,12 +215,12 @@ If you don't protect yourself, you will end up having a hacked website sooner or
212
213	This is a free version of the plugin, so you can use it for all your websites without any restrictions.
214
215	- Secure your website in just minutes with Hide My WP Ghost plugin. Protect your WordPress site against hacker bots and spammers!
216
217	Please support us and translate the plugin in your language:
218	<a href="https://translate.wordpress.org/projects/wp-plugins/hide-my-wp">https://translate.wordpress.org/projects/wp-plugins/hide-my-wp</a>
219
220	- Thank you all for your trust, support and positive reviews!
221
222
223	<strong>Important!</strong> This is not the Hide My WP Nulled version of the Hide My Wp Codecanyon plugin.
	@@ -266,6 +269,17 @@ Enjoy!
266	9. Customize the wp-admin path while logged in as administrator
267
268	== Changelog ==











269	= 5.0.11 (22 Feb 2022)=
270	* Update - Added 7G Firewall option in Hide My WP > Change Paths > Firewall & Headers > Firewall Against Script Injection
271	* Update - Fixed the menu hidden issue when other security plugins are active
	@@ -274,13 +288,6 @@ Enjoy!
274	* Fixed - Library loading ID in HMWP Ghost
275
276	= 5.0.10 (17 Feb 2022)=
277	- * Launched to stable version
278	-
279	- = 5.0.02 (Beta Version)=
280	- * Update - Added the option to prevent slow loading websites
281	- * Fix - Debug parameters number hook error
282	-
283	- = 5.0.01 (Beta Version)=
284	* Update - Added new option in Login Security: Hide the language switcher option on the login page
285	* Update - Added the option to reset all settings to default
286	* Update - Added the Ctrl + Shift + C restriction when Inspect Element option is active
	@@ -340,7 +347,7 @@ Enjoy!
340	* Update - Show the change in cache files option for more cache plugins
341	* Update - Removed the WordPress title tag from login/register pages
342	* Fix - Brute Force blocking Wordfence Cron Job
343	- * Fix - ~~Infinit~~ loop when POST action on unknown paths
344	* Fix - Remove the login URL from the logo on the custom login page
345	* Fix - Set Filesystem to direct connection for file management
346	* Fix - Don't show the rewrite alert messages if nothing was changed in HMWP
	@@ -502,7 +509,7 @@ Enjoy!
502	* Update - The Security Check report task
503	* Update - Plugin security on Security Check
504	* Update - The plugins list in Hide My WP
505	- * Fixed - Removed the map URL from bootstrap ~~css~~ and js
506	* Fixed - CSS in Hide My WP Settings
507
508	= 4.0.04 (16 June 2020 ) =
	@@ -559,7 +566,7 @@ Enjoy!
559	* Update - Checked and Updated compatibility with other plugins
560	* Update - Added the Mapping feature in the menu
561	* Update - Added Hide RSD (Really Simple Directory) header
562	- * Update - Hide ~~Emojicons~~
563	* Update - Disable authentification for XML-RPC
564	* Update - Disable Embed Script WP library
565	* Update - Disable WLW Manifest scripts
	@@ -623,7 +630,7 @@ Enjoy!
623
624	= 3.3.01 (15 Jun 2019) =
625	* Update - Added the define('HMW_RULES_IN_WP_RULES', false); if you want to remove HMW Rules from WordPress rewrite definition in .htaccess
626	- * Don't show HMW update when new plugins and themes are added if the names and plugins of the themes ~~names~~ are not changed
627	* Show 100% security status if all the security tasks are completed
628	* Don't show the speedometer if the security check didn't run yet
629
	@@ -674,8 +681,8 @@ Enjoy!
674	= 3.0.08 (08 Apr 2019) =
675	* Update - Hide the custom wp-content set with WP_CONTENT_DIR constant in wp-config.php
676	* Update - Hide the custom uploads directory set with UPLOADS constant in wp-config.php
677	- * Update - Set ~~Stict~~ Login for the custom login path by default to prevent unusual redirects
678	- * Fix - Hide the old admin ajax after customization
679
680	= 3.0.07 (28 Mar 2019) =
681	* Update - WordPress Security Updates for WP 5.1.1
	@@ -768,7 +775,7 @@ Enjoy!
768	* Fix - Minor bugs
769
770	= 2.0.05 (25 Sept 2018) =
771	- * Fix - ~~Memory~~ limit error when the memory is under 64MB
772	* Fix - Setting other paths when the admin or login paths are already set by other plugins or theme
773	* Update - Security Check table
774	* Update - Compatibility check with top WordPress plugins
	@@ -784,7 +791,7 @@ Enjoy!
784	* Update - Compatible with Woocommerce 3.4
785	* Fix - Compatibility with WP-Rocket
786	* Fix - Compatibility with Autoptimize
787	- * Fix - Rewrite paths when moving from Lite mode to Default in Apache, Nginx and IIS
788	* Fix - Restore settings didn't save the config rewrites
789
790	= 2.0.03 (15 Sept 2018) =
	@@ -808,15 +815,17 @@ Enjoy!
808	* Update - Security Check and options to fix the issues
809	* Update - Install and Activate recommended plugins
810
811	- Security

812	Ocultar Mi WP - Plugin de seguridad de WordPress
813	Ocultar meu WP - Segurança do WordPress
814	Cacher mon WordPress - Plugin de sécurité WordPress
815	Verstecken Sie mein WordPress - WordPress Sicherheits-Plugin
816	Hide My WP - WordPress Security Plugin

817	Security Plugin
818	- Hide my wp free download
819	- Hide my wp login ~~url~~
820
821	== Frequently Asked Questions ==
822	= Does this plugin work on WP Multisite? =
	@@ -827,7 +836,7 @@ The plugin also works with Apache, Nginx, IIS, and LiteSpeed servers
827
828	= Is Hide My WP Ghost working on Nginx Server? =
829
830	- Yes, the plugin works on Nginx Server and you will be guided for the redirects and ~~nginx~~.conf settings.
831
832	The plugin also works with Apache, IIS, and LiteSpeed servers
833
	@@ -867,7 +876,7 @@ If you already activated Hide My Wp on WordPress.com, remove the directory /wp-c
867
868	No. You need to have custom permalinks set to 'on' in Settings > Permalinks.
869
870	- You will get a notification in the Settings page if something is not set ~~up right~~.
871
872
873	= What do I need to do before I deactivate the plugin? =
	@@ -880,7 +889,7 @@ _______________________________________________________________________
880
881	= Is this Plugin free of charge? =
882
883	- Yes. The Lite features of Hide My WP Ghost plugin will always be free.
884
885	We will include all the required WordPress Security updates.
886


1	=== Hide My WP Ghost - Security Plugin ===
2	Contributors: johndarrel
3	+ Tags: security,firewall,hide,antivirus,wp-login,wp-admin,hide wordpress,hide wp,security plugin
4	Requires at least: 4.3
5	Tested up to: 5.9
6	Requires PHP: 5.6
7	+ Stable tag: 5.0.12
8	Donate link: https://hidemywpghost.com/hide-my-wp-pricing/
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12	+ Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, etc. Add 7G Firewall Security, Brute Force protection & more.
13
14	== Description ==
15

100	> * Security Header X-Content-Type-Options
101	> * Security Header X-Frame-Options
102	> * Firewall agains Script Injections and SQL Injection
103	+ > * 7G Firewall Security Filter
104	>
105	> <strong>Hide Options:</strong>
106	>

195
196	Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
197
198	+ Plugins Compatibility updates: **WPML, WPMUDEV, W3 Total Cache, Gravity, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache, SiteGround Optimizer,
199	+ Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress, Manage WP,
200	+ All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security,
201	+ Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer and more**
202
203	+ Compatibility Plugins List: https://hidemywpghost.com/hide-my-wp-compatibility-plugins-list/
204	+ Compatibility Theme List: https://hidemywpghost.com/hide-my-wp-ghost-compatibility-themes-list/
205	+
206	+ Hosting Compatibility checked: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, RunCloud
207
208	Being able to protect the common paths is critical because you get to keep hacker bots away from sensitive website data.
209

215
216	This is a free version of the plugin, so you can use it for all your websites without any restrictions.
217
218	+ Secure your website in just minutes with the Hide My WP Ghost plugin. Protect your WordPress site against hacker bots and spammers!
219
220	Please support us and translate the plugin in your language:
221	<a href="https://translate.wordpress.org/projects/wp-plugins/hide-my-wp">https://translate.wordpress.org/projects/wp-plugins/hide-my-wp</a>
222
223	+ Thank you all for your trust, support, and positive reviews!
224
225
226	<strong>Important!</strong> This is not the Hide My WP Nulled version of the Hide My Wp Codecanyon plugin.

269	9. Customize the wp-admin path while logged in as administrator
270
271	== Changelog ==
272	+ = 5.0.12 (08 Mar 2022)=
273	+ * Update - Added compatibility with Backup Guard Plugin
274	+ * Update - Prevent affecting the cron processes on Wordfence & changing the paths during the cron process
275	+ * Update - Change the WP-Rocket cache files on all subsites for WP Multisite
276	+ * Update - Automatically add the CDN URL if WP_CONTENT_URL is set as a different domain
277	+ * Update - Compatibility with WordPress 5.9.1
278	+ * Fixed - Change Paths for Logged Users issue
279	+ * Fixed - Show the feature icon in the feature list
280	+ * Fixed - Show all the rewrite paths for WpEngine with PHP >7.4
281	+ * Fixed - Frontend test when the plugins paths are not changed
282	+
283	= 5.0.11 (22 Feb 2022)=
284	* Update - Added 7G Firewall option in Hide My WP > Change Paths > Firewall & Headers > Firewall Against Script Injection
285	* Update - Fixed the menu hidden issue when other security plugins are active

288	* Fixed - Library loading ID in HMWP Ghost
289
290	= 5.0.10 (17 Feb 2022)=







291	* Update - Added new option in Login Security: Hide the language switcher option on the login page
292	* Update - Added the option to reset all settings to default
293	* Update - Added the Ctrl + Shift + C restriction when Inspect Element option is active

347	* Update - Show the change in cache files option for more cache plugins
348	* Update - Removed the WordPress title tag from login/register pages
349	* Fix - Brute Force blocking Wordfence Cron Job
350	+ * Fix - Infinite loop when POST action on unknown paths
351	* Fix - Remove the login URL from the logo on the custom login page
352	* Fix - Set Filesystem to direct connection for file management
353	* Fix - Don't show the rewrite alert messages if nothing was changed in HMWP

509	* Update - The Security Check report task
510	* Update - Plugin security on Security Check
511	* Update - The plugins list in Hide My WP
512	+ * Fixed - Removed the map URL from bootstrap CSS and js
513	* Fixed - CSS in Hide My WP Settings
514
515	= 4.0.04 (16 June 2020 ) =

566	* Update - Checked and Updated compatibility with other plugins
567	* Update - Added the Mapping feature in the menu
568	* Update - Added Hide RSD (Really Simple Directory) header
569	+ * Update - Hide Emoticons
570	* Update - Disable authentification for XML-RPC
571	* Update - Disable Embed Script WP library
572	* Update - Disable WLW Manifest scripts

630
631	= 3.3.01 (15 Jun 2019) =
632	* Update - Added the define('HMW_RULES_IN_WP_RULES', false); if you want to remove HMW Rules from WordPress rewrite definition in .htaccess
633	+ * Don't show HMW update when new plugins and themes are added if the names and plugins of the names of the themes are not changed
634	* Show 100% security status if all the security tasks are completed
635	* Don't show the speedometer if the security check didn't run yet
636

681	= 3.0.08 (08 Apr 2019) =
682	* Update - Hide the custom wp-content set with WP_CONTENT_DIR constant in wp-config.php
683	* Update - Hide the custom uploads directory set with UPLOADS constant in wp-config.php
684	+ * Update - Set Strict Login for the custom login path by default to prevent unusual redirects
685	+ * Fix - Hide the old admin-ajax after customization
686
687	= 3.0.07 (28 Mar 2019) =
688	* Update - WordPress Security Updates for WP 5.1.1

775	* Fix - Minor bugs
776
777	= 2.0.05 (25 Sept 2018) =
778	+ * Fix - memory limit error when the memory is under 64MB
779	* Fix - Setting other paths when the admin or login paths are already set by other plugins or theme
780	* Update - Security Check table
781	* Update - Compatibility check with top WordPress plugins

791	* Update - Compatible with Woocommerce 3.4
792	* Fix - Compatibility with WP-Rocket
793	* Fix - Compatibility with Autoptimize
794	+ * Fix - Rewrite paths when moving from Lite mode to Default in Apache, Nginx, and IIS
795	* Fix - Restore settings didn't save the config rewrites
796
797	= 2.0.03 (15 Sept 2018) =

815	* Update - Security Check and options to fix the issues
816	* Update - Install and Activate recommended plugins
817
818	+ Security:
819	+ WordPress Security Plugin
820	Ocultar Mi WP - Plugin de seguridad de WordPress
821	Ocultar meu WP - Segurança do WordPress
822	Cacher mon WordPress - Plugin de sécurité WordPress
823	Verstecken Sie mein WordPress - WordPress Sicherheits-Plugin
824	Hide My WP - WordPress Security Plugin
825	+ Hide WordPress
826	Security Plugin
827	+ Hide My WP free download
828	+ Hide wp-login URL
829
830	== Frequently Asked Questions ==
831	= Does this plugin work on WP Multisite? =

836
837	= Is Hide My WP Ghost working on Nginx Server? =
838
839	+ Yes, the plugin works on Nginx Server and you will be guided for the redirects and Nginx. conf settings.
840
841	The plugin also works with Apache, IIS, and LiteSpeed servers
842

876
877	No. You need to have custom permalinks set to 'on' in Settings > Permalinks.
878
879	+ You will get a notification on the Settings page if something is not set upright.
880
881
882	= What do I need to do before I deactivate the plugin? =

889
890	= Is this Plugin free of charge? =
891
892	+ Yes. The Lite features of the Hide My WP Ghost plugin will always be free.
893
894	We will include all the required WordPress Security updates.
895

view/Overview.php CHANGED Viewed

	@@ -80,7 +80,7 @@ if(!$sorted) {
80	<div id="hmwp_feature_<?php echo esc_attr($index) ?>" class="hmwp_feature card h-100 p-0 shadow-0 rounded-0 <?php echo ($feature['free'] ? (!$feature['active'] ? 'bg-light' : 'active') : 'hmwp_pro') ?>">
81	<div class="card-body m-0 p-0">
82	<div class="m-0 p-0 text-center">
83	- <div class="m-0 py-4 <?php echo ~~esc_url~~($feature['logo']) ?>" style="font-size: 1.9rem; line-height: 30px; color:#71512794"></div>
84	<h5 class="py-0 m-0">
85	<?php if($feature['link'] ) { ?>
86	<a href="<?php echo esc_url($feature['link']) ?>" class="text-dark" style="text-decoration: none"><?php echo wp_kses_post($feature['title']) ?></a>


80	<div id="hmwp_feature_<?php echo esc_attr($index) ?>" class="hmwp_feature card h-100 p-0 shadow-0 rounded-0 <?php echo ($feature['free'] ? (!$feature['active'] ? 'bg-light' : 'active') : 'hmwp_pro') ?>">
81	<div class="card-body m-0 p-0">
82	<div class="m-0 p-0 text-center">
83	+ <div class="m-0 py-4 <?php echo esc_attr($feature['logo']) ?>" style="font-size: 1.9rem; line-height: 30px; color:#71512794"></div>
84	<h5 class="py-0 m-0">
85	<?php if($feature['link'] ) { ?>
86	<a href="<?php echo esc_url($feature['link']) ?>" class="text-dark" style="text-decoration: none"><?php echo wp_kses_post($feature['title']) ?></a>

Hide My WP Ghost – Security Plugin - Version 5.0.12

Version Description

Release Info

Code changes from version 5.0.11 to 5.0.12