Hide My WP Ghost – Security Plugin - Version 5.0.14

Version Description

(17 June 2022)= * Update - Compatibility with Coming Soon & Maintenance Mode PRO * Update - Compatibility with WordPress 6.0 * Update - Add the option to automatically redirect to admin when access the login page and the user is logged * Fixed - Avoid showing 404 error on Litespeed WP Multisite when a new site is created * Fixed - Avoid showing 404 error on Litespeed WP Multisite when a new taxonomy is created * Fixed - Brute force math security when the math field is deleted * Fixed the hidden URLs process

Download this release

Release Info

Developer johndarrel
Plugin Icon 128x128 Hide My WP Ghost – Security Plugin
Version 5.0.14
Comparing to
See all releases

Code changes from version 5.0.13 to 5.0.14

Files changed (11) hide show
  1. classes/Tools.php +14 -9
  2. controllers/Brute.php +1 -2
  3. controllers/Rewrite.php +1 -1
  4. controllers/SecurityCheck.php +2 -2
  5. controllers/Settings.php +5 -2
  6. index.php +6 -6
  7. models/Brute.php +6 -1
  8. models/Compatibility.php +41 -10
  9. models/Rewrite.php +357 -214
  10. readme.txt +64 -17
  11. view/Tweaks.php +12 -0
classes/Tools.php CHANGED
@@ -13,9 +13,9 @@ class HMWP_Classes_Tools
13
  {
14
 
15
  /**
16
- *
17
  *
18
- * @var array Saved options in database
 
19
  */
20
  public static $init = array(), $default = array(), $lite = array();
21
  public static $options = array();
@@ -23,9 +23,9 @@ class HMWP_Classes_Tools
23
  public static $active_plugins;
24
 
25
  /**
26
- *
27
  *
28
- * @var integer Count the errors in site
 
29
  */
30
  static $errors_count = 0;
31
 
@@ -259,6 +259,7 @@ class HMWP_Classes_Tools
259
  //redirects
260
  'hmwp_url_redirect' => '.',
261
  'hmwp_do_redirects' => 0,
 
262
  'hmwp_url_redirects' => array('default' => array('login' => '', 'logout' => '')),
263
  'hmwp_signup_template' => 0,
264
 
@@ -347,8 +348,8 @@ class HMWP_Classes_Tools
347
  'hmwp_admin-ajax_url' => 'admin-ajax.php',
348
  'hmwp_hideajax_admin' => 0,
349
  'hmwp_hideajax_paths' => 0,
350
- 'hmwp_plugin_url' => 'modules',
351
- 'hmwp_themes_url' => 'views',
352
  'hmwp_upload_url' => 'storage',
353
  'hmwp_wp-content_url' => 'core',
354
  'hmwp_wp-includes_url' => 'lib',
@@ -625,8 +626,8 @@ class HMWP_Classes_Tools
625
  //If not admin
626
  if (!is_admin() && !is_network_admin() ) {
627
  //if process the change paths
628
- if (HMWP_Classes_Tools::getOption('hmwp_hide_loggedusers')
629
- || (function_exists('is_user_logged_in') && !is_user_logged_in() )
630
  ) {
631
  return true;
632
  }
@@ -1085,6 +1086,10 @@ class HMWP_Classes_Tools
1085
  */
1086
  public static function isAWS()
1087
  {
 
 
 
 
1088
  $headers = headers_list();
1089
 
1090
  foreach ($headers as $header){
@@ -1570,7 +1575,7 @@ class HMWP_Classes_Tools
1570
  if (!HMWP_Classes_Tools::getOption('error') && !HMWP_Classes_Tools::getOption('logout') ) {
1571
 
1572
  //Build the redirect table
1573
- HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->clearRedirect()->buildRedirect()->setRewriteRules()->flushRewrites();
1574
 
1575
  //INSERT SEURITY RULES
1576
  if (!HMWP_Classes_Tools::isIIS() ) {
13
  {
14
 
15
  /**
 
16
  *
17
+ *
18
+ * @var array Saved options in database
19
  */
20
  public static $init = array(), $default = array(), $lite = array();
21
  public static $options = array();
23
  public static $active_plugins;
24
 
25
  /**
 
26
  *
27
+ *
28
+ * @var integer Count the errors in site
29
  */
30
  static $errors_count = 0;
31
 
259
  //redirects
260
  'hmwp_url_redirect' => '.',
261
  'hmwp_do_redirects' => 0,
262
+ 'hmwp_logged_users_redirect' => 0,
263
  'hmwp_url_redirects' => array('default' => array('login' => '', 'logout' => '')),
264
  'hmwp_signup_template' => 0,
265
 
348
  'hmwp_admin-ajax_url' => 'admin-ajax.php',
349
  'hmwp_hideajax_admin' => 0,
350
  'hmwp_hideajax_paths' => 0,
351
+ 'hmwp_plugin_url' => 'core/modules',
352
+ 'hmwp_themes_url' => 'core/views',
353
  'hmwp_upload_url' => 'storage',
354
  'hmwp_wp-content_url' => 'core',
355
  'hmwp_wp-includes_url' => 'lib',
626
  //If not admin
627
  if (!is_admin() && !is_network_admin() ) {
628
  //if process the change paths
629
+ if (HMWP_Classes_Tools::getOption('hmwp_hide_loggedusers')
630
+ || (function_exists('is_user_logged_in') && !is_user_logged_in() )
631
  ) {
632
  return true;
633
  }
1086
  */
1087
  public static function isAWS()
1088
  {
1089
+ if(isset($_SERVER["DOCUMENT_ROOT"]) && strpos($_SERVER["DOCUMENT_ROOT"], "/bitnami/")){
1090
+ return true;
1091
+ }
1092
+
1093
  $headers = headers_list();
1094
 
1095
  foreach ($headers as $header){
1575
  if (!HMWP_Classes_Tools::getOption('error') && !HMWP_Classes_Tools::getOption('logout') ) {
1576
 
1577
  //Build the redirect table
1578
+ HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->clearRedirect()->setRewriteRules()->flushRewrites();
1579
 
1580
  //INSERT SEURITY RULES
1581
  if (!HMWP_Classes_Tools::isIIS() ) {
controllers/Brute.php CHANGED
@@ -231,8 +231,7 @@ class HMWP_Controllers_Brute extends HMWP_Classes_FrontController
231
 
232
  //Check if Woocommerce login support is loaded
233
  if(HMWP_Classes_Tools::isPluginActive('woocommerce/woocommerce.php')
234
- && !HMWP_Classes_Tools::getOption('hmwp_bruteforce_woocommerce')
235
- && HMWP_Classes_Tools::getValue('woocommerce-login-nonce')) {
236
 
237
  return $user;
238
  }
231
 
232
  //Check if Woocommerce login support is loaded
233
  if(HMWP_Classes_Tools::isPluginActive('woocommerce/woocommerce.php')
234
+ && HMWP_Classes_Tools::getValue('woocommerce-login-nonce')) {
 
235
 
236
  return $user;
237
  }
controllers/Rewrite.php CHANGED
@@ -101,7 +101,7 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
101
 
102
  //actions
103
  add_action('login_init', array($this->model, 'login_init'), PHP_INT_MAX);
104
- add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);
105
  add_action('login_title', array($this->model, 'login_title'), PHP_INT_MAX, 1);
106
  add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
107
  add_action('check_admin_referer', array($this->model, 'check_admin_referer'), PHP_INT_MAX, 2);
101
 
102
  //actions
103
  add_action('login_init', array($this->model, 'login_init'), PHP_INT_MAX);
104
+ add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);
105
  add_action('login_title', array($this->model, 'login_title'), PHP_INT_MAX, 1);
106
  add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
107
  add_action('check_admin_referer', array($this->model, 'check_admin_referer'), PHP_INT_MAX, 2);
controllers/SecurityCheck.php CHANGED
@@ -1036,10 +1036,10 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
1036
 
1037
  $check = false;
1038
  if (isset($this->headers) && !empty($this->headers) ) {
1039
- if (isset($this->headers['X-Powered-By']) && stripos($this->headers['X-Powered-By'], 'PHP') !== false ) {
1040
  $check = true;
1041
  }
1042
- if (isset($this->headers['server']) && stripos($this->headers['server'], 'PHP') !== false ) {
1043
  $check = true;
1044
  }
1045
  }else {
1036
 
1037
  $check = false;
1038
  if (isset($this->headers) && !empty($this->headers) ) {
1039
+ if (isset($this->headers['X-Powered-By']) && is_string($this->headers['X-Powered-By']) && stripos($this->headers['X-Powered-By'], 'PHP') !== false ) {
1040
  $check = true;
1041
  }
1042
+ if (isset($this->headers['server']) && is_string($this->headers['server']) && stripos($this->headers['server'], 'PHP') !== false ) {
1043
  $check = true;
1044
  }
1045
  }else {
controllers/Settings.php CHANGED
@@ -338,6 +338,9 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
338
  $cookies = HMWP_Classes_ObjController::newInstance('HMWP_Models_Cookies');
339
 
340
  if (HMWP_Classes_Tools::isNginx() || $cookies->setCookiesCurrentPath() ) {
 
 
 
341
  //set logout to false
342
  HMWP_Classes_Tools::saveOptions('logout', false);
343
  //activate frontend test
@@ -345,7 +348,7 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
345
 
346
  remove_all_filters('wp_redirect');
347
  remove_all_filters('admin_url');
348
- wp_safe_redirect(HMWP_Classes_Tools::getSettingsUrl(HMWP_Classes_Tools::getValue('page')));
349
  exit();
350
  }
351
  }
@@ -643,7 +646,7 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
643
 
644
  remove_all_filters('wp_redirect');
645
  remove_all_filters('admin_url');
646
- wp_safe_redirect(HMWP_Classes_Tools::getSettingsUrl(HMWP_Classes_Tools::getValue('page')));
647
  exit();
648
  }
649
 
338
  $cookies = HMWP_Classes_ObjController::newInstance('HMWP_Models_Cookies');
339
 
340
  if (HMWP_Classes_Tools::isNginx() || $cookies->setCookiesCurrentPath() ) {
341
+ //whait for the server
342
+ sleep(3);
343
+
344
  //set logout to false
345
  HMWP_Classes_Tools::saveOptions('logout', false);
346
  //activate frontend test
348
 
349
  remove_all_filters('wp_redirect');
350
  remove_all_filters('admin_url');
351
+ wp_redirect(HMWP_Classes_Tools::getSettingsUrl(HMWP_Classes_Tools::getValue('page')));
352
  exit();
353
  }
354
  }
646
 
647
  remove_all_filters('wp_redirect');
648
  remove_all_filters('admin_url');
649
+ wp_redirect(HMWP_Classes_Tools::getSettingsUrl(HMWP_Classes_Tools::getValue('page')));
650
  exit();
651
  }
652
 
index.php CHANGED
@@ -5,8 +5,8 @@
5
 
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
- Description: The best solution for WordPress Security. Hide wp-admin, wp-login, wp-content, plugins, themes etc. Add Firewall, Brute Force protection & more. <br /> <a href="https://hidemywpghost.com/wordpress" target="_blank"><strong>Unlock all features</strong></a>
9
- Version: 5.0.13
10
  Author: WPPlugins - WordPress Security Plugins
11
  Author URI: https://hidemywp.co
12
  License: GPLv2 or later
@@ -22,10 +22,10 @@
22
  if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
 
24
  //Set current plugin version
25
- define( 'HMWP_VERSION', '5.0.13' );
26
 
27
  //Set the last stable version of the plugin
28
- define( 'HMWP_STABLE_VERSION', '5.0.12' );
29
 
30
  //Set the plugin basename
31
  define( 'HMWP_BASENAME', plugin_basename(__FILE__) );
@@ -75,8 +75,8 @@ if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
75
  //Check the user roles
76
  HMWP_Classes_ObjController::getClass('HMWP_Models_RoleManager');
77
 
78
- //Make sure to write the rewrites with other plugins
79
- add_action('rewrite_rules_array', array(HMWP_Classes_ObjController::getClass('HMWP_Classes_Tools'), 'checkRewriteUpdate'));
80
 
81
  //hook activation and deactivation
82
  register_activation_hook(__FILE__, array(HMWP_Classes_ObjController::getClass('HMWP_Classes_Tools'), 'hmwp_activate'));
5
 
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
+ Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9
+ Version: 5.0.14
10
  Author: WPPlugins - WordPress Security Plugins
11
  Author URI: https://hidemywp.co
12
  License: GPLv2 or later
22
  if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
 
24
  //Set current plugin version
25
+ define( 'HMWP_VERSION', '5.0.14' );
26
 
27
  //Set the last stable version of the plugin
28
+ define( 'HMWP_STABLE_VERSION', '5.0.13' );
29
 
30
  //Set the plugin basename
31
  define( 'HMWP_BASENAME', plugin_basename(__FILE__) );
75
  //Check the user roles
76
  HMWP_Classes_ObjController::getClass('HMWP_Models_RoleManager');
77
 
78
+ //Make sure to write the rewrites with other plugins
79
+ add_action('rewrite_rules_array', array(HMWP_Classes_ObjController::getClass('HMWP_Classes_Tools'), 'checkRewriteUpdate'), 11, 1);
80
 
81
  //hook activation and deactivation
82
  register_activation_hook(__FILE__, array(HMWP_Classes_ObjController::getClass('HMWP_Classes_Tools'), 'hmwp_activate'));
models/Brute.php CHANGED
@@ -521,7 +521,7 @@ class HMWP_Models_Brute
521
  public function brute_math_authenticate($user, $response)
522
  {
523
 
524
- if (HMWP_Classes_Tools::getValue('brute_ck', false)) {
525
 
526
  $salt = HMWP_Classes_Tools::getOption('hmwp_disable') . get_site_option('admin_email');
527
  $ans = (int)HMWP_Classes_Tools::getValue('brute_num', 0);
@@ -535,6 +535,11 @@ class HMWP_Models_Brute
535
  );
536
  }
537
 
 
 
 
 
 
538
  }
539
 
540
  return $user;
521
  public function brute_math_authenticate($user, $response)
522
  {
523
 
524
+ if (HMWP_Classes_Tools::getValue('brute_ck')) {
525
 
526
  $salt = HMWP_Classes_Tools::getOption('hmwp_disable') . get_site_option('admin_email');
527
  $ans = (int)HMWP_Classes_Tools::getValue('brute_num', 0);
535
  );
536
  }
537
 
538
+ }else{
539
+ $user = new WP_Error(
540
+ 'authentication_failed',
541
+ sprintf(esc_html__('%sYou failed to correctly answer the math problem.%s Please try again', 'hide-my-wp'), '<strong>', '</strong>')
542
+ );
543
  }
544
 
545
  return $user;
models/Compatibility.php CHANGED
@@ -39,7 +39,7 @@ class HMWP_Models_Compatibility
39
  {
40
 
41
  //If Admin
42
- if (is_admin() ) {
43
 
44
  add_filter('rocket_cache_reject_uri', array($this, 'rocket_reject_url'), PHP_INT_MAX);
45
 
@@ -58,6 +58,19 @@ class HMWP_Models_Compatibility
58
  );
59
  }
60
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
  } else {
62
 
63
  //If in preview mode of the front page
@@ -177,7 +190,25 @@ class HMWP_Models_Compatibility
177
  }
178
 
179
  if(HMWP_Classes_Tools::isPluginActive('minimal-coming-soon-maintenance-mode/minimal-coming-soon-maintenance-mode.php') ) {
180
- $headers = headers_list();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
181
 
182
  if(!empty($headers)) {
183
  $iscontenttype = false;
@@ -1262,14 +1293,14 @@ class HMWP_Models_Compatibility
1262
  foreach ( $blog_ids as $blog_id ) {
1263
  //mapp the wp-rocket busting wp-content
1264
  if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
1265
- $hmwp_url_mapping['from'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
1266
- $hmwp_url_mapping['to'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
1267
  }
1268
 
1269
  //mapp the wp-rocket busting wp-includes
1270
  if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
1271
- $hmwp_url_mapping['from'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
1272
- $hmwp_url_mapping['to'][] = '/' . rtrim($busting_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
1273
  }
1274
  }
1275
  }
@@ -1279,14 +1310,14 @@ class HMWP_Models_Compatibility
1279
  foreach ( $blog_ids as $blog_id ) {
1280
  //mapp the wp-rocket busting wp-content
1281
  if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
1282
- $hmwp_url_mapping['from'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
1283
- $hmwp_url_mapping['to'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
1284
  }
1285
 
1286
  //mapp the wp-rocket busting wp-includes
1287
  if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
1288
- $hmwp_url_mapping['from'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
1289
- $hmwp_url_mapping['to'][] = '/' . rtrim($minify_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
1290
  }
1291
  }
1292
  }
39
  {
40
 
41
  //If Admin
42
+ if (is_admin() || is_network_admin()) {
43
 
44
  add_filter('rocket_cache_reject_uri', array($this, 'rocket_reject_url'), PHP_INT_MAX);
45
 
58
  );
59
  }
60
 
61
+ //Refresh rewrites when a new website or new term is created on Litespeed server
62
+ if(HMWP_Classes_Tools::isLitespeed()) {
63
+
64
+ add_action('wp_initialize_site', function($site_id){
65
+ HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
66
+ }, 11, 1);
67
+
68
+ add_action('create_term', function($tem_id){
69
+ HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
70
+ }, 11, 1);
71
+
72
+ }
73
+
74
  } else {
75
 
76
  //If in preview mode of the front page
190
  }
191
 
192
  if(HMWP_Classes_Tools::isPluginActive('minimal-coming-soon-maintenance-mode/minimal-coming-soon-maintenance-mode.php') ) {
193
+
194
+ if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
195
+ add_filter('csmm_get_options', function ($signals_csmm_options){
196
+ $signals_csmm_options['custom_login_url'] = HMWP_Classes_Tools::getOption('hmwp_login_url');
197
+
198
+ return $signals_csmm_options;
199
+ });
200
+
201
+ if(isset($_SERVER["REQUEST_URI"])) {
202
+ $url = untrailingslashit(strtok($_SERVER["REQUEST_URI"], '?'));
203
+
204
+ if (strpos($url , home_url('wp-login.php', 'relative')) !== false){
205
+ add_filter('csmm_force_display', "__return_false");
206
+ }
207
+
208
+ }
209
+ }
210
+
211
+ $headers = headers_list();
212
 
213
  if(!empty($headers)) {
214
  $iscontenttype = false;
1293
  foreach ( $blog_ids as $blog_id ) {
1294
  //mapp the wp-rocket busting wp-content
1295
  if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
1296
+ $hmwp_url_mapping['from'][] = '/' . trim($busting_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
1297
+ $hmwp_url_mapping['to'][] = '/' . trim($busting_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
1298
  }
1299
 
1300
  //mapp the wp-rocket busting wp-includes
1301
  if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
1302
+ $hmwp_url_mapping['from'][] = '/' . trim($busting_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
1303
+ $hmwp_url_mapping['to'][] = '/' . trim($busting_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
1304
  }
1305
  }
1306
  }
1310
  foreach ( $blog_ids as $blog_id ) {
1311
  //mapp the wp-rocket busting wp-content
1312
  if (HMWP_Classes_Tools::$default['hmwp_wp-content_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-content_url') ) {
1313
+ $hmwp_url_mapping['from'][] = '/' . trim($minify_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-content_url'] . '/';
1314
+ $hmwp_url_mapping['to'][] = '/' . trim($minify_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-content_url') . '/';
1315
  }
1316
 
1317
  //mapp the wp-rocket busting wp-includes
1318
  if (HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] <> HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') ) {
1319
+ $hmwp_url_mapping['from'][] = '/' . trim($minify_url,'/') . '/' . $blog_id . $home_root . HMWP_Classes_Tools::$default['hmwp_wp-includes_url'] . '/';
1320
+ $hmwp_url_mapping['to'][] = '/' . trim($minify_url,'/') . '/' . $blog_id . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-includes_url') . '/';
1321
  }
1322
  }
1323
  }
models/Rewrite.php CHANGED
@@ -20,7 +20,8 @@ class HMWP_Models_Rewrite
20
  public $_replace = array();
21
  public $paths;
22
  //
23
- protected $_rewrites;
 
24
 
25
  /**
26
  * Triggered after the paths are changed
@@ -33,7 +34,7 @@ class HMWP_Models_Rewrite
33
  *
34
  * @var string
35
  */
36
- protected $_blogurl = '';
37
  protected $_pass;
38
  //
39
  /**
@@ -52,11 +53,11 @@ class HMWP_Models_Rewrite
52
  $siteurl = site_url();
53
 
54
  //Set the blog URL
55
- $this->_blogurl = str_replace('www.', '', parse_url($siteurl, PHP_URL_HOST) . parse_url($siteurl, PHP_URL_PATH));
56
 
57
  //Add the PORT if different from 80
58
  if(parse_url($siteurl, PHP_URL_PORT) && parse_url($siteurl, PHP_URL_PORT) <> 80) {
59
- $this->_blogurl = str_replace('www.', '', parse_url($siteurl, PHP_URL_HOST) . ':' . parse_url($siteurl, PHP_URL_PORT) . parse_url($siteurl, PHP_URL_PATH));
60
  }
61
 
62
  }
@@ -66,9 +67,9 @@ class HMWP_Models_Rewrite
66
  *
67
  * @return string
68
  */
69
- public function getBlog()
70
  {
71
- return $this->_blogurl;
72
  }
73
 
74
  /**
@@ -144,7 +145,7 @@ class HMWP_Models_Rewrite
144
  }
145
 
146
  /************************************
147
- *
148
  * BUID & FLUSH REWRITES
149
  ****************************************/
150
  /**
@@ -168,13 +169,15 @@ class HMWP_Models_Rewrite
168
  */
169
  public function buildRedirect()
170
  {
171
- add_action('home_url', array($this, 'home_url'), PHP_INT_MAX, 1);
172
 
173
  if (!empty($this->_replace) ) {
174
  return $this;
175
  }
176
 
177
- if (HMWP_Classes_Tools::getOption('hmwp_mode') <> 'default' ) {
 
 
 
178
  if (HMWP_Classes_Tools::isMultisiteWithPath() ) {
179
  //get all blogs
180
  global $wpdb;
@@ -187,8 +190,8 @@ class HMWP_Models_Rewrite
187
  }
188
 
189
  //Redirect the AJAX
190
- if (HMWP_Classes_Tools::$default['hmwp_admin_url'] . '/' . HMWP_Classes_Tools::$default['hmwp_admin-ajax_url'] <> HMWP_Classes_Tools::getOption('hmwp_admin-ajax_url')
191
- && HMWP_Classes_Tools::$default['hmwp_admin-ajax_url'] <> HMWP_Classes_Tools::getOption('hmwp_admin-ajax_url')
192
  ) {
193
  $this->_replace['from'][] = HMWP_Classes_Tools::$default['hmwp_admin_url'] . '/' . HMWP_Classes_Tools::$default['hmwp_admin-ajax_url'];
194
  $this->_replace['to'][] = HMWP_Classes_Tools::getOption('hmwp_admin-ajax_url');
@@ -476,6 +479,7 @@ class HMWP_Models_Rewrite
476
  public function setRewriteRules()
477
  {
478
  $this->_rewrites = array();
 
479
  include_once ABSPATH . 'wp-admin/includes/misc.php';
480
  include_once ABSPATH . 'wp-admin/includes/file.php';
481
 
@@ -490,29 +494,29 @@ class HMWP_Models_Rewrite
490
  'hmwp_iis_hide_files_rules', array(
491
  HMWP_Classes_ObjController::getClass('HMWP_Models_Rules'),
492
  'getInjectionRewrite'
493
- )
494
  );
495
 
496
  add_filter('iis7_url_rewrite_rules', array($this, 'getIISRules'));
497
 
498
  } else {
499
- //URL Mapping
500
- $hmwp_url_mapping = json_decode(HMWP_Classes_Tools::getOption('hmwp_url_mapping'), true);
501
- if (isset($hmwp_url_mapping['from']) && !empty($hmwp_url_mapping['from']) ) {
502
- foreach ( $hmwp_url_mapping['from'] as $index => $row ) {
503
- if (substr($hmwp_url_mapping['from'][$index], -1) == '/' ) {
504
- $this->_rewrites[] = array(
505
- 'from' => '([_0-9a-zA-Z-]+/)?' . str_replace(array(home_url() . '/'), '', ltrim($hmwp_url_mapping['to'][$index], '/')) . '(.*)',
506
- 'to' => str_replace(array(home_url() . '/'), '', ltrim($hmwp_url_mapping['from'][$index], '/')) . "$" . (substr_count($hmwp_url_mapping['from'][$index], '(') + 2),
507
- );
508
- } else {
509
- $this->_rewrites[] = array(
510
- 'from' => '([_0-9a-zA-Z-]+/)?' . str_replace(array(home_url() . '/'), '', ltrim($hmwp_url_mapping['to'][$index], '/')) . '$',
511
- 'to' => str_replace(array(home_url() . '/'), '', ltrim($hmwp_url_mapping['from'][$index], '/')),
512
- );
513
- }
514
- }
515
- }
516
 
517
  if (HMW_RULES_IN_CONFIG ) { //if set to add the HMW rules into config file
518
  foreach ( $this->_replace['to'] as $key => $row ) {
@@ -534,14 +538,15 @@ class HMWP_Models_Rewrite
534
  }
535
 
536
  //Hook the rewrites rules
537
- $this->_rewrites = apply_filters('hmwp_rewrites', $this->_rewrites);
 
538
 
539
  return $this;
540
  }
541
 
542
  /********
543
- *
544
- * IIS
545
  **********/
546
  /**
547
  * @param string $wrules
@@ -768,7 +773,15 @@ class HMWP_Models_Rewrite
768
  $rewritecode .= "RewriteEngine On" . PHP_EOL;
769
  $rewritecode .= "RewriteBase $home_root" . PHP_EOL;
770
 
771
- foreach ( $this->_rewrites as $rewrite ) {
 
 
 
 
 
 
 
 
772
  if (strpos($rewrite['to'], 'index.php') === false ) {
773
  $rewritecode .= 'RewriteRule ^' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . " [QSA,L]" . PHP_EOL;
774
  }
@@ -786,6 +799,15 @@ class HMWP_Models_Rewrite
786
  }
787
 
788
  $rewritecode = '';
 
 
 
 
 
 
 
 
 
789
  if (!empty($this->_rewrites) ) {
790
  foreach ( $this->_rewrites as $rewrite ) {
791
  if(PHP_VERSION_ID >= 70400 ){
@@ -852,7 +874,16 @@ class HMWP_Models_Rewrite
852
  $rewritecode .= "<IfModule mod_rewrite.c>" . PHP_EOL;
853
  $rewritecode .= "RewriteEngine On" . PHP_EOL;
854
  $rewritecode .= "RewriteBase $home_root" . PHP_EOL;
855
- foreach ( $this->_rewrites as $rewrite ) {
 
 
 
 
 
 
 
 
 
856
  if (strpos($rewrite['to'], 'index.php') === false ) {
857
  $rewritecode .= 'RewriteRule ^' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . " [QSA,L]" . PHP_EOL;
858
  }
@@ -882,7 +913,15 @@ class HMWP_Models_Rewrite
882
  $cachecode .= '}' . PHP_EOL . PHP_EOL;
883
  }
884
 
885
- foreach ( $this->_rewrites as $rewrite ) {
 
 
 
 
 
 
 
 
886
  if (strpos($rewrite['to'], 'index.php') === false ) {
887
  if (strpos($rewrite['from'], '$') ) {
888
  $rewritecode .= 'rewrite ^/' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . ";<br />";
@@ -934,7 +973,7 @@ class HMWP_Models_Rewrite
934
  }
935
 
936
  //Build the redirect table
937
- $this->clearRedirect()->buildRedirect()->setRewriteRules()->flushRewrites();
938
 
939
  //Change the rest api for the rewrite process
940
  add_filter('rest_url_prefix', array($this, 'replace_rest_api'));
@@ -959,7 +998,7 @@ class HMWP_Models_Rewrite
959
  $options = HMWP_Classes_Tools::getOptions();
960
  $lastsafeoptions = HMWP_Classes_Tools::getOptions(true);
961
 
962
- if ($lastsafeoptions['hmwp_admin_url'] <> $options['hmwp_admin_url']
963
  || $lastsafeoptions['hmwp_login_url'] <> $options['hmwp_login_url']
964
  ) {
965
  HMWP_Classes_Tools::sendEmail();
@@ -983,16 +1022,156 @@ class HMWP_Models_Rewrite
983
  }
984
 
985
  /*******************************
986
- *
987
- * RENAME URLS
988
  **************************************************/
989
 
990
- public function home_url( $url )
991
- {
992
- $scheme = (((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") || (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN) || (function_exists('is_ssl') && is_ssl())) ? 'https' : 'http');
993
- return set_url_scheme($url, $scheme);
 
 
 
 
 
 
 
 
 
 
994
 
995
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
996
 
997
  /**
998
  * Get the new admin URL
@@ -1037,15 +1216,17 @@ class HMWP_Models_Rewrite
1037
 
1038
  }
1039
 
1040
- /**
1041
- * Change the admin URL for multisites
1042
- *
1043
- * @param string $url
1044
- * @param string $path
1045
- *
1046
- * @return array|string|string[]
1047
- */
1048
- public function network_admin_url( $url, $path = '' )
 
 
1049
  {
1050
  $find = $replace = array();
1051
 
@@ -1084,69 +1265,6 @@ class HMWP_Models_Rewrite
1084
 
1085
  }
1086
 
1087
- /**
1088
- * Get the new Site URL
1089
- *
1090
- * @param string $url
1091
- * @param string $path
1092
- *
1093
- * @return string
1094
- */
1095
- public function site_url( $url, $path = '' )
1096
- {
1097
-
1098
- if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
1099
-
1100
- if (strpos($url, 'wp-login') !== false ) {
1101
-
1102
- //check if disable and do not redirect to log in
1103
- if (HMWP_Classes_Tools::getIsset(HMWP_Classes_Tools::getOption('hmwp_disable_name')) ) {
1104
- if (HMWP_Classes_Tools::getValue(HMWP_Classes_Tools::getOption('hmwp_disable_name')) == HMWP_Classes_Tools::getOption('hmwp_disable') ) {
1105
- //add the disabled param in order to work without issues
1106
- return add_query_arg(array(HMWP_Classes_Tools::getOption('hmwp_disable_name') => HMWP_Classes_Tools::getOption('hmwp_disable')), $url);
1107
- }
1108
- }
1109
-
1110
- $query = '';
1111
- if ($path <> '' ) {
1112
- $parsed = @parse_url($path);
1113
- if (isset($parsed['query']) && $parsed['query'] <> '' ) {
1114
- $query = '?' . $parsed['query'];
1115
- }
1116
- }
1117
-
1118
- if ($query == '?action=lostpassword' && HMWP_Classes_Tools::getOption('hmwp_lostpassword_url') <> '' ) {
1119
- $url = site_url(HMWP_Classes_Tools::getOption('hmwp_lostpassword_url'));
1120
- } elseif ($query == '?action=register' && HMWP_Classes_Tools::getOption('hmwp_register_url') <> '' ) {
1121
- $url = site_url(HMWP_Classes_Tools::getOption('hmwp_register_url'));
1122
- } else {
1123
- $url = site_url() . '/' . HMWP_Classes_Tools::getOption('hmwp_login_url') . $query;
1124
-
1125
- if (HMWP_Classes_Tools::getValue('noredirect') ) {
1126
- $url = add_query_arg(array('noredirect' => true), $url);
1127
- }
1128
- }
1129
- }
1130
-
1131
- }
1132
-
1133
- if (HMWP_Classes_Tools::$default['hmwp_activate_url'] <> HMWP_Classes_Tools::getOption('hmwp_activate_url') ) {
1134
- if (strpos($url, 'wp-activate.php') !== false ) {
1135
- $query = '';
1136
- if ($path <> '' ) {
1137
- $parsed = @parse_url($path);
1138
- if (isset($parsed['query']) && $parsed['query'] <> '' ) {
1139
- $query = '?' . $parsed['query'];
1140
- }
1141
- }
1142
- $url = site_url() . '/' . HMWP_Classes_Tools::getOption('hmwp_activate_url') . $query;
1143
- }
1144
- }
1145
-
1146
-
1147
- return $url;
1148
- }
1149
-
1150
  /**
1151
  * Change the plugin URL with the new paths
1152
  * for some plugins
@@ -1222,7 +1340,7 @@ class HMWP_Models_Rewrite
1222
  {
1223
 
1224
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url')
1225
- && strpos($url, HMWP_Classes_Tools::$default['hmwp_login_url']) !== false
1226
  ) {
1227
 
1228
  //check if disable and do not redirect to log in
@@ -1233,7 +1351,7 @@ class HMWP_Models_Rewrite
1233
  }
1234
  }
1235
 
1236
- $url = site_url(HMWP_Classes_Tools::getOption('hmwp_login_url'));
1237
  }
1238
 
1239
  return $url;
@@ -1326,9 +1444,30 @@ class HMWP_Models_Rewrite
1326
  add_filter('login_display_language_dropdown', '__return_false');
1327
  }
1328
 
 
 
 
 
 
1329
  do_action('hmwp_login_init');
1330
  }
1331
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1332
  /**
1333
  * Change the password confirm URL with the new URL
1334
  *
@@ -1336,7 +1475,7 @@ class HMWP_Models_Rewrite
1336
  */
1337
  public function lostpassword_redirect()
1338
  {
1339
- return site_url('wp-login.php?checkemail=confirm');
1340
  }
1341
 
1342
  /**
@@ -1346,7 +1485,7 @@ class HMWP_Models_Rewrite
1346
  */
1347
  public function registration_redirect()
1348
  {
1349
- return site_url('wp-login.php?checkemail=registered');
1350
  }
1351
 
1352
  /**
@@ -1406,12 +1545,12 @@ class HMWP_Models_Rewrite
1406
  if (!isset($args['_wpnonce']) ) {
1407
  $args['_wpnonce'] = wp_create_nonce('log-out');
1408
  //correct the logout URL
1409
- $url = add_query_arg(array('_wpnonce' => $args['_wpnonce']), site_url('wp-login.php?action=logout', 'login'));
1410
  }
1411
 
1412
  if (HMWP_Classes_Tools::getOption('hmwp_logout_url') <> '' ) {
1413
  //add the new URL
1414
- $url = site_url() . '/' . add_query_arg(array('_wpnonce' => $args['_wpnonce']), HMWP_Classes_Tools::getOption('hmwp_logout_url'));
1415
  }
1416
 
1417
  return $url;
@@ -1438,8 +1577,8 @@ class HMWP_Models_Rewrite
1438
  }
1439
 
1440
  /********************************
1441
- *
1442
- * HOOK REDIRECTS
1443
  *************************************************/
1444
 
1445
  /**
@@ -1532,7 +1671,7 @@ class HMWP_Models_Rewrite
1532
 
1533
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
1534
  if (strpos($redirect, 'wp-login') !== false ) {
1535
- $redirect = site_url(HMWP_Classes_Tools::getOption('hmwp_login_url'));
1536
  }
1537
  }
1538
 
@@ -1578,7 +1717,7 @@ class HMWP_Models_Rewrite
1578
  if (HMWP_Classes_Tools::isMultisites() && !$user->has_cap('read') ) {
1579
  $redirect = get_dashboard_url($user->ID);
1580
  } elseif (!$user->has_cap('edit_posts') ) {
1581
- $redirect = $user->has_cap('read') ? admin_url('profile.php') : site_url();
1582
  }
1583
 
1584
  }
@@ -1627,6 +1766,11 @@ class HMWP_Models_Rewrite
1627
 
1628
  if (HMWP_Classes_Tools::getOption('hmwp_hide_wplogin') || HMWP_Classes_Tools::getOption('hmwp_hide_login') ) {
1629
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
 
 
 
 
 
1630
  if (function_exists('is_user_logged_in') && is_user_logged_in() ) {
1631
  $paths = array(
1632
  site_url('wp-login.php', 'relative'),
@@ -1651,9 +1795,13 @@ class HMWP_Models_Rewrite
1651
  $paths = array_unique($paths);
1652
  }
1653
 
 
 
 
 
1654
  if ($this->searchInString($url, $paths) ) {
1655
- if (site_url(HMWP_Classes_Tools::getOption('hmwp_login_url'), 'relative') <> $url ) {
1656
- return add_query_arg(array('noredirect' => true), site_url(HMWP_Classes_Tools::getOption('hmwp_login_url')));
1657
  }
1658
  }
1659
  }
@@ -1673,11 +1821,16 @@ class HMWP_Models_Rewrite
1673
  //Check if is valid for moving on
1674
  if(HMWP_Classes_Tools::doHideURLs() ) {
1675
 
 
 
 
 
1676
  $url = untrailingslashit(strtok($_SERVER["REQUEST_URI"], '?'));
1677
  $http_post = (isset($_SERVER['REQUEST_METHOD']) && 'POST' == $_SERVER['REQUEST_METHOD']);
1678
 
1679
  //if user is logged in and is not set to hide the admin urls
1680
  if (is_user_logged_in()) {
 
1681
  //redirect if no final slash is added
1682
  if ($_SERVER['REQUEST_URI'] == site_url(HMWP_Classes_Tools::getOption('hmwp_admin_url'), 'relative')) {
1683
  wp_safe_redirect($url . '/');
@@ -1732,7 +1885,7 @@ class HMWP_Models_Rewrite
1732
  $this->getNotFound($url);
1733
  }
1734
  }
1735
- } elseif (!is_user_logged_in()) {
1736
  if (strpos($url, '/wp-admin') !== false && strpos($url, admin_url('admin-ajax.php', 'relative')) === false && HMWP_Classes_Tools::getOption('hmwp_hide_admin')) {
1737
  $this->getNotFound($url);
1738
  }
@@ -1757,33 +1910,25 @@ class HMWP_Models_Rewrite
1757
  if (HMWP_Classes_Tools::getOption('hmwp_hide_wplogin') || HMWP_Classes_Tools::getOption('hmwp_hide_login')) {
1758
 
1759
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url')) {
1760
- if (is_user_logged_in()) {
1761
- $paths = array(
1762
- site_url('wp-login.php', 'relative'),
1763
- site_url('wp-login', 'relative'),
1764
- );
1765
- } else {
1766
- $paths = array(
1767
- home_url('wp-login.php', 'relative'),
1768
- home_url('wp-login', 'relative'),
1769
- site_url('wp-login.php', 'relative'),
1770
- site_url('wp-login', 'relative'),
1771
- );
1772
-
1773
- if (HMWP_Classes_Tools::getOption('hmwp_hide_login')) {
1774
-
1775
- $paths[] = home_url('login', 'relative');
1776
- $paths[] = site_url('login', 'relative');
1777
 
1778
- }
1779
 
1780
- $paths = array_unique($paths);
 
1781
 
1782
- }
 
 
1783
 
1784
  if ($this->searchInString($url, $paths)) {
1785
 
1786
- if (site_url(HMWP_Classes_Tools::getOption('hmwp_login_url'), 'relative') <> $url) {
1787
  $this->getNotFound($url);
1788
  }
1789
  }
@@ -1845,6 +1990,10 @@ class HMWP_Models_Rewrite
1845
  }
1846
  }
1847
 
 
 
 
 
1848
  }
1849
  }
1850
 
@@ -1880,7 +2029,7 @@ class HMWP_Models_Rewrite
1880
  global $wp_query;
1881
  $wp_query->is_404 = true;
1882
 
1883
- wp_safe_redirect(site_url('404'));
1884
  } else {
1885
  $this->get404Page();
1886
  }
@@ -1890,10 +2039,10 @@ class HMWP_Models_Rewrite
1890
  $this->get403Error();
1891
  } elseif (HMWP_Classes_Tools::getOption('hmwp_url_redirect') == '.' ) {
1892
  //redirect to front page
1893
- wp_safe_redirect(site_url());
1894
  } else {
1895
  //redirect to custom page
1896
- wp_safe_redirect(site_url(HMWP_Classes_Tools::getOption('hmwp_url_redirect')));
1897
  }
1898
 
1899
  die();
@@ -1964,8 +2113,8 @@ class HMWP_Models_Rewrite
1964
  }
1965
 
1966
  /*************************************
1967
- *
1968
- * FIND AND REPLACE
1969
  *****************************************/
1970
  /**
1971
  * repare the replace function
@@ -2019,7 +2168,7 @@ class HMWP_Models_Rewrite
2019
  array(
2020
  $this,
2021
  'changeEncodedURLFinal'
2022
- ), (array)$this->_replace['from']
2023
  );
2024
 
2025
  $replaceencodedfinal = array_map(array($this, 'changeEncodedURLFinal'), (array)$this->_replace['to']);
@@ -2052,8 +2201,8 @@ class HMWP_Models_Rewrite
2052
  */
2053
  public function addDomainUrl( $url )
2054
  {
2055
- if (strpos($url, $this->_blogurl) === false ) {
2056
- return $this->_blogurl . '/' . $url;
2057
  }
2058
 
2059
  return $url;
@@ -2069,8 +2218,8 @@ class HMWP_Models_Rewrite
2069
  */
2070
  public function changeEncodedURL( $url )
2071
  {
2072
- if (strpos($url, $this->_blogurl) === false ) {
2073
- return str_replace('/', '\/', $this->_blogurl . '/' . $url);
2074
  }
2075
 
2076
  return $url;
@@ -2083,8 +2232,8 @@ class HMWP_Models_Rewrite
2083
  */
2084
  public function changeEncodedURLFinal( $url )
2085
  {
2086
- if (strpos($url, $this->_blogurl) === false ) {
2087
- return str_replace('/', '\/', rtrim($this->_blogurl . '/' . $url, '/'));
2088
  }
2089
 
2090
  return $url;
@@ -2106,27 +2255,24 @@ class HMWP_Models_Rewrite
2106
  if (is_string($content) && $content <> '') {
2107
 
2108
  //if the changes were made already, return the content
2109
- if (strpos($content, HMWP_Classes_Tools::$default['hmwp_wp-content_url']) === false
2110
- && strpos($content, HMWP_Classes_Tools::$default['hmwp_wp-includes_url']) === false
2111
  && $this->_replaced
2112
  ) {
2113
  return $content;
2114
  }
2115
 
2116
- //change and replace paths
2117
- if (empty($this->_replace)) {
2118
- //builder the redirects
2119
- $this->buildRedirect();
 
 
2120
 
2121
- //make sure to include the blog url
2122
- $this->prepareFindReplace();
2123
-
2124
- //fix the relative links before
2125
- if (HMWP_Classes_Tools::getOption('hmwp_fix_relative')) {
2126
- $content = $this->fixRelativeLinks($content);
2127
- }
2128
-
2129
- }
2130
 
2131
  //Find & Replace the tags and headers
2132
  $content = $this->replaceHeadersAndTags($content);
@@ -2146,9 +2292,9 @@ class HMWP_Models_Rewrite
2146
  if (HMW_DYNAMIC_FILES && !is_admin()) {
2147
  $content = preg_replace(
2148
  array(
2149
- '/(<link[^>]+' . str_replace('/', '\/', $this->_blogurl) . '[^>]+).(css|scss)([\'|"|\?][^>]+type=[\'"]text\/css[\'"][^>]+>)/i',
2150
- '/(<link[^>]+type=[\'"]text\/css[\'"][^>]+' . str_replace('/', '\/', $this->_blogurl) . '[^>]+).(css|scss)([\'|"|\?][^>]+>)/i',
2151
- '/(<script[^>]+' . str_replace('/', '\/', $this->_blogurl) . '[^>]+).(js)([\'|"|\?][^>]+>)/i',
2152
  ), '$1.$2h$3', $content
2153
  );
2154
  }
@@ -2188,8 +2334,8 @@ class HMWP_Models_Rewrite
2188
 
2189
  foreach ( $this->_replace['rewrite'] as $index => $value ) {
2190
  //add only the paths or the design path
2191
- if (($index && isset($this->_replace['to'][$index]) && substr($this->_replace['to'][$index], -1) == '/')
2192
- || strpos($this->_replace['to'][$index], '/' . HMWP_Classes_Tools::getOption('hmwp_themes_style'))
2193
  ) {
2194
  $this->_replace['from'][] = $this->_replace['from'][$index];
2195
  $this->_replace['to'][] = $this->_replace['to'][$index];
@@ -2230,23 +2376,16 @@ class HMWP_Models_Rewrite
2230
  */
2231
  public function fixRelativeLinks( $content )
2232
  {
2233
- $content = preg_replace_callback(
2234
- '~(\s(href|src)\s*[=|:]\s*[\"\'])([^\"\']+)([\"\'])~i',
2235
- array($this, 'replaceLinks'),
2236
- $content
2237
- );
2238
- $content = preg_replace_callback(
2239
- '~(\W(url\s*)[\(\"\']+)([^\)\"\']+)([\)\"\']+)~i',
2240
- array($this, 'replaceLinks'),
2241
- $content
2242
- );
2243
- $content = preg_replace_callback(
2244
- '~(([\"\']url[\"\']\s*\:)\s*[\"\'])([^\"\']+)([\"\'])~i',
2245
- array($this, 'replaceLinks'),
2246
- $content
2247
- );
2248
-
2249
- return $content;
2250
  }
2251
 
2252
  /**
@@ -2297,7 +2436,7 @@ class HMWP_Models_Rewrite
2297
  }
2298
 
2299
  // parse base URL and convert to local variables: $scheme, $host, $path
2300
- extract(parse_url(site_url()));
2301
 
2302
  //add the scheme to the URL
2303
  if (strpos($rel, "//") === 0 ) {
@@ -2313,7 +2452,7 @@ class HMWP_Models_Rewrite
2313
 
2314
  // queries and anchors
2315
  if ($rel[0] == '#' || $rel[0] == '?' ) {
2316
- return site_url() . $rel;
2317
  }
2318
 
2319
  // dirty absolute URL
@@ -2361,7 +2500,7 @@ class HMWP_Models_Rewrite
2361
  if (HMWP_Classes_Tools::getOption('hmwp_hide_unsafe_headers')) {
2362
 
2363
  //Remove WordPress link from headers
2364
- header(sprintf('%s: %s', 'Link', '<' . site_url() . '>; rel=shortlink'), true);
2365
 
2366
  if (function_exists('header_remove') ) {
2367
  header_remove("x-powered-by");
@@ -2416,16 +2555,16 @@ class HMWP_Models_Rewrite
2416
  $findtextmapping = array();
2417
 
2418
  //Change the text in css and js files only for visitors
2419
- if (HMWP_Classes_Tools::getOption('hmwp_mapping_file')
2420
- && function_exists('is_user_logged_in') && is_user_logged_in()
2421
  ) {
2422
  return $content;
2423
  }
2424
 
2425
  //Replace custom classes
2426
  $hmwp_text_mapping = json_decode(HMWP_Classes_Tools::getOption('hmwp_text_mapping'), true);
2427
- if (isset($hmwp_text_mapping['from']) && !empty($hmwp_text_mapping['from'])
2428
- && isset($hmwp_text_mapping['to']) && !empty($hmwp_text_mapping['to'])
2429
  ) {
2430
 
2431
  foreach ( $hmwp_text_mapping['to'] as &$value ) {
@@ -2459,7 +2598,7 @@ class HMWP_Models_Rewrite
2459
  $findtextmapping, array(
2460
  $this,
2461
  'replaceText'
2462
- ), $content
2463
  );
2464
  }
2465
 
@@ -2565,11 +2704,14 @@ class HMWP_Models_Rewrite
2565
  //Force to change the URL for xml content types
2566
  if (HMWP_Classes_Tools::isContentHeader(array('text/xml','application/xml'))) {
2567
 
2568
- //check if the redirects are built
2569
- if (empty($this->_replace) ) { $this->buildRedirect();
2570
- }
 
 
 
2571
 
2572
- $content = ob_get_contents();
2573
 
2574
  if($content <> '') {
2575
  $content = str_ireplace($this->_replace['from'], $this->_replace['to'], $content);
@@ -2594,9 +2736,10 @@ class HMWP_Models_Rewrite
2594
  //Force to change the URL for xml content types
2595
  if (HMWP_Classes_Tools::isContentHeader(array('text/plain'))) {
2596
 
2597
- //check if the redirects are built
2598
- if (empty($this->_replace) ) { $this->buildRedirect();
2599
- }
 
2600
 
2601
  $content = ob_get_contents();
2602
 
20
  public $_replace = array();
21
  public $paths;
22
  //
23
+ protected $_rewrites = array();
24
+ protected $_umrewrites = array();
25
 
26
  /**
27
  * Triggered after the paths are changed
34
  *
35
  * @var string
36
  */
37
+ protected $_siteurl = '';
38
  protected $_pass;
39
  //
40
  /**
53
  $siteurl = site_url();
54
 
55
  //Set the blog URL
56
+ $this->_siteurl = str_replace('www.', '', parse_url($siteurl, PHP_URL_HOST) . parse_url($siteurl, PHP_URL_PATH));
57
 
58
  //Add the PORT if different from 80
59
  if(parse_url($siteurl, PHP_URL_PORT) && parse_url($siteurl, PHP_URL_PORT) <> 80) {
60
+ $this->_siteurl = str_replace('www.', '', parse_url($siteurl, PHP_URL_HOST) . ':' . parse_url($siteurl, PHP_URL_PORT) . parse_url($siteurl, PHP_URL_PATH));
61
  }
62
 
63
  }
67
  *
68
  * @return string
69
  */
70
+ public function getSiteUrl()
71
  {
72
+ return $this->_siteurl;
73
  }
74
 
75
  /**
145
  }
146
 
147
  /************************************
148
+ *
149
  * BUID & FLUSH REWRITES
150
  ****************************************/
151
  /**
169
  */
170
  public function buildRedirect()
171
  {
 
172
 
173
  if (!empty($this->_replace) ) {
174
  return $this;
175
  }
176
 
177
+ add_action('home_url', array($this, 'home_url'), PHP_INT_MAX, 1);
178
+
179
+
180
+ if (HMWP_Classes_Tools::getOption('hmwp_mode') <> 'default' ) {
181
  if (HMWP_Classes_Tools::isMultisiteWithPath() ) {
182
  //get all blogs
183
  global $wpdb;
190
  }
191
 
192
  //Redirect the AJAX
193
+ if (HMWP_Classes_Tools::$default['hmwp_admin_url'] . '/' . HMWP_Classes_Tools::$default['hmwp_admin-ajax_url'] <> HMWP_Classes_Tools::getOption('hmwp_admin-ajax_url')
194
+ && HMWP_Classes_Tools::$default['hmwp_admin-ajax_url'] <> HMWP_Classes_Tools::getOption('hmwp_admin-ajax_url')
195
  ) {
196
  $this->_replace['from'][] = HMWP_Classes_Tools::$default['hmwp_admin_url'] . '/' . HMWP_Classes_Tools::$default['hmwp_admin-ajax_url'];
197
  $this->_replace['to'][] = HMWP_Classes_Tools::getOption('hmwp_admin-ajax_url');
479
  public function setRewriteRules()
480
  {
481
  $this->_rewrites = array();
482
+ $this->_umrewrites = array();
483
  include_once ABSPATH . 'wp-admin/includes/misc.php';
484
  include_once ABSPATH . 'wp-admin/includes/file.php';
485
 
494
  'hmwp_iis_hide_files_rules', array(
495
  HMWP_Classes_ObjController::getClass('HMWP_Models_Rules'),
496
  'getInjectionRewrite'
497
+ )
498
  );
499
 
500
  add_filter('iis7_url_rewrite_rules', array($this, 'getIISRules'));
501
 
502
  } else {
503
+ //URL Mapping
504
+ $hmwp_url_mapping = json_decode(HMWP_Classes_Tools::getOption('hmwp_url_mapping'), true);
505
+ if (isset($hmwp_url_mapping['from']) && !empty($hmwp_url_mapping['from']) ) {
506
+ foreach ( $hmwp_url_mapping['from'] as $index => $row ) {
507
+ if (substr($hmwp_url_mapping['from'][$index], -1) == '/' ) {
508
+ $this->_umrewrites[] = array(
509
+ 'from' => '([_0-9a-zA-Z-]+/)?' . str_replace(home_url() . '/', '', ltrim($hmwp_url_mapping['to'][$index], '/')) . '(.*)',
510
+ 'to' => str_replace(home_url() . '/', '', ltrim($hmwp_url_mapping['from'][$index], '/')) . "$" . (substr_count($hmwp_url_mapping['from'][$index], '(') + 2),
511
+ );
512
+ } else {
513
+ $this->_umrewrites[] = array(
514
+ 'from' => '([_0-9a-zA-Z-]+/)?' . str_replace(home_url() . '/', '', ltrim($hmwp_url_mapping['to'][$index], '/')) . '$',
515
+ 'to' => str_replace(home_url() . '/', '', ltrim($hmwp_url_mapping['from'][$index], '/')),
516
+ );
517
+ }
518
+ }
519
+ }
520
 
521
  if (HMW_RULES_IN_CONFIG ) { //if set to add the HMW rules into config file
522
  foreach ( $this->_replace['to'] as $key => $row ) {
538
  }
539
 
540
  //Hook the rewrites rules
541
+ $this->_umrewrites = apply_filters('hmwp_umrewrites', $this->_umrewrites);
542
+ $this->_rewrites = apply_filters('hmwp_rewrites', $this->_rewrites);
543
 
544
  return $this;
545
  }
546
 
547
  /********
548
+ *
549
+ * IIS
550
  **********/
551
  /**
552
  * @param string $wrules
773
  $rewritecode .= "RewriteEngine On" . PHP_EOL;
774
  $rewritecode .= "RewriteBase $home_root" . PHP_EOL;
775
 
776
+ //Add the URL Mapping rules
777
+ if (!empty($this->_umrewrites) ) {
778
+ foreach ( $this->_umrewrites as $rewrite ) {
779
+ $rewritecode .= 'RewriteRule ^' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . " [QSA,L]" . PHP_EOL;
780
+ }
781
+ }
782
+
783
+ //Add the New Paths rules
784
+ foreach ( $this->_rewrites as $rewrite ) {
785
  if (strpos($rewrite['to'], 'index.php') === false ) {
786
  $rewritecode .= 'RewriteRule ^' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . " [QSA,L]" . PHP_EOL;
787
  }
799
  }
800
 
801
  $rewritecode = '';
802
+
803
+ //Add the URL Mapping rules
804
+ if (!empty($this->_umrewrites)) {
805
+ foreach ( $this->_umrewrites as $rewrite ) {
806
+ $rewritecode .= 'Source: <strong>^' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: 301 Permanent;<br />";
807
+ }
808
+ }
809
+
810
+ //Add the New Paths rules
811
  if (!empty($this->_rewrites) ) {
812
  foreach ( $this->_rewrites as $rewrite ) {
813
  if(PHP_VERSION_ID >= 70400 ){
874
  $rewritecode .= "<IfModule mod_rewrite.c>" . PHP_EOL;
875
  $rewritecode .= "RewriteEngine On" . PHP_EOL;
876
  $rewritecode .= "RewriteBase $home_root" . PHP_EOL;
877
+
878
+ //Add the URL Mapping rules
879
+ if (!empty($this->_umrewrites) ) {
880
+ foreach ( $this->_umrewrites as $rewrite ) {
881
+ $rewritecode .= 'RewriteRule ^' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . " [QSA,L]" . PHP_EOL;
882
+ }
883
+ }
884
+
885
+ //Add the New Paths rules
886
+ foreach ( $this->_rewrites as $rewrite ) {
887
  if (strpos($rewrite['to'], 'index.php') === false ) {
888
  $rewritecode .= 'RewriteRule ^' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . " [QSA,L]" . PHP_EOL;
889
  }
913
  $cachecode .= '}' . PHP_EOL . PHP_EOL;
914
  }
915
 
916
+ //Add the URL Mapping rules
917
+ if (!empty($this->_umrewrites) ) {
918
+ foreach ( $this->_umrewrites as $rewrite ) {
919
+ $rewritecode .= 'rewrite ^/' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . ";<br />";
920
+ }
921
+ }
922
+
923
+ //Add the New Paths rules
924
+ foreach ( $this->_rewrites as $rewrite ) {
925
  if (strpos($rewrite['to'], 'index.php') === false ) {
926
  if (strpos($rewrite['from'], '$') ) {
927
  $rewritecode .= 'rewrite ^/' . $rewrite['from'] . ' ' . $home_root . $rewrite['to'] . ";<br />";
973
  }
974
 
975
  //Build the redirect table
976
+ $this->clearRedirect()->setRewriteRules()->flushRewrites();
977
 
978
  //Change the rest api for the rewrite process
979
  add_filter('rest_url_prefix', array($this, 'replace_rest_api'));
998
  $options = HMWP_Classes_Tools::getOptions();
999
  $lastsafeoptions = HMWP_Classes_Tools::getOptions(true);
1000
 
1001
+ if ($lastsafeoptions['hmwp_admin_url'] <> $options['hmwp_admin_url']
1002
  || $lastsafeoptions['hmwp_login_url'] <> $options['hmwp_login_url']
1003
  ) {
1004
  HMWP_Classes_Tools::sendEmail();
1022
  }
1023
 
1024
  /*******************************
1025
+ *
1026
+ * RENAME URLS
1027
  **************************************************/
1028
 
1029
+ /**
1030
+ * Filters the home URL.
1031
+ *
1032
+ * @param string $url The complete site URL including scheme and path.
1033
+ * @param string $path Path relative to the site URL. Blank string if no path is specified.
1034
+ * @param string|null $scheme Scheme to give the site URL context. Accepts 'http', 'https', 'login',
1035
+ * 'login_post', 'admin', 'relative' or null.
1036
+ * @param int|null $blog_id Site ID, or null for the current site.
1037
+ */
1038
+ public function home_url( $url, $path = '', $scheme = null )
1039
+ {
1040
+ if(!apply_filters('hmwp_change_home_url', true)){
1041
+ return $url;
1042
+ }
1043
 
1044
+ if(!isset($scheme)) {
1045
+ $scheme = (((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") || (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN) || (function_exists('is_ssl') && is_ssl())) ? 'https' : 'http');
1046
+ }
1047
+
1048
+ $url = set_url_scheme($url, $scheme);
1049
+
1050
+ if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
1051
+
1052
+ if (strpos($url, 'wp-login') !== false ) {
1053
+
1054
+ //check if disable and do not redirect to log in
1055
+ if (HMWP_Classes_Tools::getIsset(HMWP_Classes_Tools::getOption('hmwp_disable_name')) ) {
1056
+ if (HMWP_Classes_Tools::getValue(HMWP_Classes_Tools::getOption('hmwp_disable_name')) == HMWP_Classes_Tools::getOption('hmwp_disable') ) {
1057
+ //add the disabled param in order to work without issues
1058
+ return add_query_arg(array(HMWP_Classes_Tools::getOption('hmwp_disable_name') => HMWP_Classes_Tools::getOption('hmwp_disable')), $url);
1059
+ }
1060
+ }
1061
+
1062
+ $query = '';
1063
+ if ($path <> '' ) {
1064
+ $parsed = @parse_url($path);
1065
+ if (isset($parsed['query']) && $parsed['query'] <> '' ) {
1066
+ $query = '?' . $parsed['query'];
1067
+ }
1068
+ }
1069
+
1070
+ if ($query == '?action=lostpassword' && HMWP_Classes_Tools::getOption('hmwp_lostpassword_url') <> '' ) {
1071
+ $url = home_url(HMWP_Classes_Tools::getOption('hmwp_lostpassword_url'), $scheme);
1072
+ } elseif ($query == '?action=register' && HMWP_Classes_Tools::getOption('hmwp_register_url') <> '' ) {
1073
+ $url = home_url(HMWP_Classes_Tools::getOption('hmwp_register_url'), $scheme);
1074
+ } else {
1075
+ $url = home_url('', $scheme) . '/' . HMWP_Classes_Tools::getOption('hmwp_login_url') . $query;
1076
+
1077
+ if (HMWP_Classes_Tools::getValue('noredirect') ) {
1078
+ $url = add_query_arg(array('noredirect' => true), $url);
1079
+ }
1080
+ }
1081
+ }
1082
+
1083
+ }
1084
+
1085
+ if (HMWP_Classes_Tools::$default['hmwp_activate_url'] <> HMWP_Classes_Tools::getOption('hmwp_activate_url') ) {
1086
+ if (strpos($url, 'wp-activate.php') !== false ) {
1087
+ $query = '';
1088
+ if ($path <> '' ) {
1089
+ $parsed = @parse_url($path);
1090
+ if (isset($parsed['query']) && $parsed['query'] <> '' ) {
1091
+ $query = '?' . $parsed['query'];
1092
+ }
1093
+ }
1094
+ $url = home_url('', $scheme) . '/' . HMWP_Classes_Tools::getOption('hmwp_activate_url') . $query;
1095
+ }
1096
+ }
1097
+
1098
+
1099
+ return $url;
1100
+
1101
+ }
1102
+
1103
+ /**
1104
+ * Filters the site URL.
1105
+ *
1106
+ * @param string $url The complete site URL including scheme and path.
1107
+ * @param string $path Path relative to the site URL. Blank string if no path is specified.
1108
+ * @param string|null $scheme Scheme to give the site URL context. Accepts 'http', 'https', 'login',
1109
+ * 'login_post', 'admin', 'relative' or null.
1110
+ * @param int|null $blog_id Site ID, or null for the current site.
1111
+ */
1112
+ public function site_url( $url, $path = '', $scheme = null )
1113
+ {
1114
+ if(!apply_filters('hmwp_change_site_url', true)){
1115
+ return $url;
1116
+ }
1117
+
1118
+ if(!isset($scheme)) {
1119
+ $scheme = (((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") || (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN) || (function_exists('is_ssl') && is_ssl())) ? 'https' : 'http');
1120
+ }
1121
+
1122
+ $url = set_url_scheme($url, $scheme);
1123
+
1124
+ if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
1125
+
1126
+ if (strpos($url, 'wp-login') !== false ) {
1127
+
1128
+ //check if disable and do not redirect to log in
1129
+ if (HMWP_Classes_Tools::getIsset(HMWP_Classes_Tools::getOption('hmwp_disable_name')) ) {
1130
+ if (HMWP_Classes_Tools::getValue(HMWP_Classes_Tools::getOption('hmwp_disable_name')) == HMWP_Classes_Tools::getOption('hmwp_disable') ) {
1131
+ //add the disabled param in order to work without issues
1132
+ return add_query_arg(array(HMWP_Classes_Tools::getOption('hmwp_disable_name') => HMWP_Classes_Tools::getOption('hmwp_disable')), $url);
1133
+ }
1134
+ }
1135
+
1136
+ $query = '';
1137
+ if ($path <> '' ) {
1138
+ $parsed = @parse_url($path);
1139
+ if (isset($parsed['query']) && $parsed['query'] <> '' ) {
1140
+ $query = '?' . $parsed['query'];
1141
+ }
1142
+ }
1143
+
1144
+ if ($query == '?action=lostpassword' && HMWP_Classes_Tools::getOption('hmwp_lostpassword_url') <> '' ) {
1145
+ $url = site_url(HMWP_Classes_Tools::getOption('hmwp_lostpassword_url'), $scheme);
1146
+ } elseif ($query == '?action=register' && HMWP_Classes_Tools::getOption('hmwp_register_url') <> '' ) {
1147
+ $url = site_url(HMWP_Classes_Tools::getOption('hmwp_register_url'), $scheme);
1148
+ } else {
1149
+ $url = site_url('', $scheme) . '/' . HMWP_Classes_Tools::getOption('hmwp_login_url') . $query;
1150
+
1151
+ if (HMWP_Classes_Tools::getValue('noredirect') ) {
1152
+ $url = add_query_arg(array('noredirect' => true), $url);
1153
+ }
1154
+ }
1155
+ }
1156
+
1157
+ }
1158
+
1159
+ if (HMWP_Classes_Tools::$default['hmwp_activate_url'] <> HMWP_Classes_Tools::getOption('hmwp_activate_url') ) {
1160
+ if (strpos($url, 'wp-activate.php') !== false ) {
1161
+ $query = '';
1162
+ if ($path <> '' ) {
1163
+ $parsed = @parse_url($path);
1164
+ if (isset($parsed['query']) && $parsed['query'] <> '' ) {
1165
+ $query = '?' . $parsed['query'];
1166
+ }
1167
+ }
1168
+ $url = site_url('', $scheme) . '/' . HMWP_Classes_Tools::getOption('hmwp_activate_url') . $query;
1169
+ }
1170
+ }
1171
+
1172
+
1173
+ return $url;
1174
+ }
1175
 
1176
  /**
1177
  * Get the new admin URL
1216
 
1217
  }
1218
 
1219
+ /**
1220
+ * Change the admin URL for multisites
1221
+ * Filters the network admin URL.
1222
+ *
1223
+ * @param string $url The complete network admin URL including scheme and path.
1224
+ * @param string $path Path relative to the network admin URL. Blank string if
1225
+ * no path is specified.
1226
+ * @param string|null $scheme The scheme to use. Accepts 'http', 'https',
1227
+ * 'admin', or null. Default is 'admin', which obeys force_ssl_admin() and is_ssl().
1228
+ */
1229
+ public function network_admin_url( $url, $path = '', $scheme = null )
1230
  {
1231
  $find = $replace = array();
1232
 
1265
 
1266
  }
1267
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1268
  /**
1269
  * Change the plugin URL with the new paths
1270
  * for some plugins
1340
  {
1341
 
1342
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url')
1343
+ && strpos($url, HMWP_Classes_Tools::$default['hmwp_login_url']) !== false
1344
  ) {
1345
 
1346
  //check if disable and do not redirect to log in
1351
  }
1352
  }
1353
 
1354
+ $url = home_url(HMWP_Classes_Tools::getOption('hmwp_login_url'));
1355
  }
1356
 
1357
  return $url;
1444
  add_filter('login_display_language_dropdown', '__return_false');
1445
  }
1446
 
1447
+ //Hook the login page and check if the user is already logged in
1448
+ if(HMWP_Classes_Tools::getOption('hmwp_logged_users_redirect')) {
1449
+ $this->dashboard_redirect();
1450
+ }
1451
+
1452
  do_action('hmwp_login_init');
1453
  }
1454
 
1455
+ /**
1456
+ * Hook the login page and check if the user is already logged in
1457
+ *
1458
+ * @return string
1459
+ */
1460
+ public function dashboard_redirect()
1461
+ {
1462
+ global $current_user;
1463
+ //If the user is already logged in
1464
+ if ((!isset( $_REQUEST['action'] ) || $_REQUEST['action'] == 'login') && isset($current_user->ID) && $current_user->ID > 0) {
1465
+ //redirect to admin dashboard
1466
+ wp_redirect(apply_filters('hmwp_url_login_redirect', admin_url()));
1467
+ exit();
1468
+ }
1469
+ }
1470
+
1471
  /**
1472
  * Change the password confirm URL with the new URL
1473
  *
1475
  */
1476
  public function lostpassword_redirect()
1477
  {
1478
+ return home_url('wp-login.php?checkemail=confirm');
1479
  }
1480
 
1481
  /**
1485
  */
1486
  public function registration_redirect()
1487
  {
1488
+ return home_url('wp-login.php?checkemail=registered');
1489
  }
1490
 
1491
  /**
1545
  if (!isset($args['_wpnonce']) ) {
1546
  $args['_wpnonce'] = wp_create_nonce('log-out');
1547
  //correct the logout URL
1548
+ $url = add_query_arg(array('_wpnonce' => $args['_wpnonce']), home_url('wp-login.php?action=logout', 'login'));
1549
  }
1550
 
1551
  if (HMWP_Classes_Tools::getOption('hmwp_logout_url') <> '' ) {
1552
  //add the new URL
1553
+ $url = home_url() . '/' . add_query_arg(array('_wpnonce' => $args['_wpnonce']), HMWP_Classes_Tools::getOption('hmwp_logout_url'));
1554
  }
1555
 
1556
  return $url;
1577
  }
1578
 
1579
  /********************************
1580
+ *
1581
+ * HOOK REDIRECTS
1582
  *************************************************/
1583
 
1584
  /**
1671
 
1672
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
1673
  if (strpos($redirect, 'wp-login') !== false ) {
1674
+ $redirect = home_url(HMWP_Classes_Tools::getOption('hmwp_login_url'));
1675
  }
1676
  }
1677
 
1717
  if (HMWP_Classes_Tools::isMultisites() && !$user->has_cap('read') ) {
1718
  $redirect = get_dashboard_url($user->ID);
1719
  } elseif (!$user->has_cap('edit_posts') ) {
1720
+ $redirect = $user->has_cap('read') ? admin_url('profile.php') : home_url();
1721
  }
1722
 
1723
  }
1766
 
1767
  if (HMWP_Classes_Tools::getOption('hmwp_hide_wplogin') || HMWP_Classes_Tools::getOption('hmwp_hide_login') ) {
1768
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url') ) {
1769
+
1770
+ //temporary deativate the change of home and site url
1771
+ add_filter('hmwp_change_home_url', '__return_false');
1772
+ add_filter('hmwp_change_site_url', '__return_false');
1773
+
1774
  if (function_exists('is_user_logged_in') && is_user_logged_in() ) {
1775
  $paths = array(
1776
  site_url('wp-login.php', 'relative'),
1795
  $paths = array_unique($paths);
1796
  }
1797
 
1798
+ //reactivate the change of the paths in home and site url
1799
+ add_filter('hmwp_change_home_url', '__return_true');
1800
+ add_filter('hmwp_change_site_url', '__return_true');
1801
+
1802
  if ($this->searchInString($url, $paths) ) {
1803
+ if (home_url(HMWP_Classes_Tools::getOption('hmwp_login_url'), 'relative') <> $url ) {
1804
+ return add_query_arg(array('noredirect' => true), home_url(HMWP_Classes_Tools::getOption('hmwp_login_url')));
1805
  }
1806
  }
1807
  }
1821
  //Check if is valid for moving on
1822
  if(HMWP_Classes_Tools::doHideURLs() ) {
1823
 
1824
+ //temporary deativate the change of home and site url
1825
+ add_filter('hmwp_change_home_url', '__return_false');
1826
+ add_filter('hmwp_change_site_url', '__return_false');
1827
+
1828
  $url = untrailingslashit(strtok($_SERVER["REQUEST_URI"], '?'));
1829
  $http_post = (isset($_SERVER['REQUEST_METHOD']) && 'POST' == $_SERVER['REQUEST_METHOD']);
1830
 
1831
  //if user is logged in and is not set to hide the admin urls
1832
  if (is_user_logged_in()) {
1833
+
1834
  //redirect if no final slash is added
1835
  if ($_SERVER['REQUEST_URI'] == site_url(HMWP_Classes_Tools::getOption('hmwp_admin_url'), 'relative')) {
1836
  wp_safe_redirect($url . '/');
1885
  $this->getNotFound($url);
1886
  }
1887
  }
1888
+ } else {
1889
  if (strpos($url, '/wp-admin') !== false && strpos($url, admin_url('admin-ajax.php', 'relative')) === false && HMWP_Classes_Tools::getOption('hmwp_hide_admin')) {
1890
  $this->getNotFound($url);
1891
  }
1910
  if (HMWP_Classes_Tools::getOption('hmwp_hide_wplogin') || HMWP_Classes_Tools::getOption('hmwp_hide_login')) {
1911
 
1912
  if (HMWP_Classes_Tools::$default['hmwp_login_url'] <> HMWP_Classes_Tools::getOption('hmwp_login_url')) {
1913
+ $paths = array(
1914
+ home_url('wp-login.php', 'relative'),
1915
+ home_url('wp-login', 'relative'),
1916
+ site_url('wp-login.php', 'relative'),
1917
+ site_url('wp-login', 'relative'),
1918
+ );
 
 
 
 
 
 
 
 
 
 
 
1919
 
1920
+ if (HMWP_Classes_Tools::getOption('hmwp_hide_login')) {
1921
 
1922
+ $paths[] = home_url('login', 'relative');
1923
+ $paths[] = site_url('login', 'relative');
1924
 
1925
+ }
1926
+
1927
+ $paths = array_unique($paths);
1928
 
1929
  if ($this->searchInString($url, $paths)) {
1930
 
1931
+ if (home_url(HMWP_Classes_Tools::getOption('hmwp_login_url'), 'relative') <> $url) {
1932
  $this->getNotFound($url);
1933
  }
1934
  }
1990
  }
1991
  }
1992
 
1993
+ //reactivate the change of the paths in home and site url
1994
+ add_filter('hmwp_change_home_url', '__return_true');
1995
+ add_filter('hmwp_change_site_url', '__return_true');
1996
+
1997
  }
1998
  }
1999
 
2029
  global $wp_query;
2030
  $wp_query->is_404 = true;
2031
 
2032
+ wp_safe_redirect(home_url('404'));
2033
  } else {
2034
  $this->get404Page();
2035
  }
2039
  $this->get403Error();
2040
  } elseif (HMWP_Classes_Tools::getOption('hmwp_url_redirect') == '.' ) {
2041
  //redirect to front page
2042
+ wp_safe_redirect(home_url());
2043
  } else {
2044
  //redirect to custom page
2045
+ wp_safe_redirect(home_url(HMWP_Classes_Tools::getOption('hmwp_url_redirect')));
2046
  }
2047
 
2048
  die();
2113
  }
2114
 
2115
  /*************************************
2116
+ *
2117
+ * FIND AND REPLACE
2118
  *****************************************/
2119
  /**
2120
  * repare the replace function
2168
  array(
2169
  $this,
2170
  'changeEncodedURLFinal'
2171
+ ), (array)$this->_replace['from']
2172
  );
2173
 
2174
  $replaceencodedfinal = array_map(array($this, 'changeEncodedURLFinal'), (array)$this->_replace['to']);
2201
  */
2202
  public function addDomainUrl( $url )
2203
  {
2204
+ if (strpos($url, $this->getSiteUrl()) === false ) {
2205
+ return $this->getSiteUrl() . '/' . $url;
2206
  }
2207
 
2208
  return $url;
2218
  */
2219
  public function changeEncodedURL( $url )
2220
  {
2221
+ if (strpos($url, $this->getSiteUrl()) === false ) {
2222
+ return str_replace('/', '\/', $this->getSiteUrl() . '/' . $url);
2223
  }
2224
 
2225
  return $url;
2232
  */
2233
  public function changeEncodedURLFinal( $url )
2234
  {
2235
+ if (strpos($url, $this->getSiteUrl()) === false ) {
2236
+ return str_replace('/', '\/', rtrim($this->getSiteUrl() . '/' . $url, '/'));
2237
  }
2238
 
2239
  return $url;
2255
  if (is_string($content) && $content <> '') {
2256
 
2257
  //if the changes were made already, return the content
2258
+ if (strpos($content, HMWP_Classes_Tools::$default['hmwp_wp-content_url']) === false
2259
+ && strpos($content, HMWP_Classes_Tools::$default['hmwp_wp-includes_url']) === false
2260
  && $this->_replaced
2261
  ) {
2262
  return $content;
2263
  }
2264
 
2265
+ //change and replace paths
2266
+ $this->clearRedirect();
2267
+ //builder the redirects
2268
+ $this->buildRedirect();
2269
+ //make sure to include the blog url
2270
+ $this->prepareFindReplace();
2271
 
2272
+ //fix the relative links before
2273
+ if (HMWP_Classes_Tools::getOption('hmwp_fix_relative')) {
2274
+ $content = $this->fixRelativeLinks($content);
2275
+ }
 
 
 
 
 
2276
 
2277
  //Find & Replace the tags and headers
2278
  $content = $this->replaceHeadersAndTags($content);
2292
  if (HMW_DYNAMIC_FILES && !is_admin()) {
2293
  $content = preg_replace(
2294
  array(
2295
+ '/(<link[^>]+' . str_replace('/', '\/', $this->getSiteUrl()) . '[^>]+).(css|scss)([\'|"|\?][^>]+type=[\'"]text\/css[\'"][^>]+>)/i',
2296
+ '/(<link[^>]+type=[\'"]text\/css[\'"][^>]+' . str_replace('/', '\/', $this->getSiteUrl()) . '[^>]+).(css|scss)([\'|"|\?][^>]+>)/i',
2297
+ '/(<script[^>]+' . str_replace('/', '\/', $this->getSiteUrl()) . '[^>]+).(js)([\'|"|\?][^>]+>)/i',
2298
  ), '$1.$2h$3', $content
2299
  );
2300
  }
2334
 
2335
  foreach ( $this->_replace['rewrite'] as $index => $value ) {
2336
  //add only the paths or the design path
2337
+ if (($index && isset($this->_replace['to'][$index]) && substr($this->_replace['to'][$index], -1) == '/')
2338
+ || strpos($this->_replace['to'][$index], '/' . HMWP_Classes_Tools::getOption('hmwp_themes_style'))
2339
  ) {
2340
  $this->_replace['from'][] = $this->_replace['from'][$index];
2341
  $this->_replace['to'][] = $this->_replace['to'][$index];
2376
  */
2377
  public function fixRelativeLinks( $content )
2378
  {
2379
+ $content = preg_replace_callback(
2380
+ array('~(\s(href|src)\s*[=|:]\s*[\"\'])([^\"\']+)([\"\'])~i',
2381
+ '~(\W(url\s*)[\(\"\']+)([^\)\"\']+)([\)\"\']+)~i',
2382
+ '~(([\"\']url[\"\']\s*:)\s*[\"\'])([^\"\']+)([\"\'])~i',
2383
+ '~((=|:)\s*[\"\'])(\\\/[^\"\']+)([\"\'])~i'
2384
+ ),
2385
+ array($this, 'replaceLinks'),
2386
+ $content
2387
+ );
2388
+ return $content;
 
 
 
 
 
 
 
2389
  }
2390
 
2391
  /**
2436
  }
2437
 
2438
  // parse base URL and convert to local variables: $scheme, $host, $path
2439
+ extract(parse_url(home_url()));
2440
 
2441
  //add the scheme to the URL
2442
  if (strpos($rel, "//") === 0 ) {
2452
 
2453
  // queries and anchors
2454
  if ($rel[0] == '#' || $rel[0] == '?' ) {
2455
+ return home_url() . $rel;
2456
  }
2457
 
2458
  // dirty absolute URL
2500
  if (HMWP_Classes_Tools::getOption('hmwp_hide_unsafe_headers')) {
2501
 
2502
  //Remove WordPress link from headers
2503
+ header(sprintf('%s: %s', 'Link', '<' . home_url() . '>; rel=shortlink'), true);
2504
 
2505
  if (function_exists('header_remove') ) {
2506
  header_remove("x-powered-by");
2555
  $findtextmapping = array();
2556
 
2557
  //Change the text in css and js files only for visitors
2558
+ if (HMWP_Classes_Tools::getOption('hmwp_mapping_file')
2559
+ && function_exists('is_user_logged_in') && is_user_logged_in()
2560
  ) {
2561
  return $content;
2562
  }
2563
 
2564
  //Replace custom classes
2565
  $hmwp_text_mapping = json_decode(HMWP_Classes_Tools::getOption('hmwp_text_mapping'), true);
2566
+ if (isset($hmwp_text_mapping['from']) && !empty($hmwp_text_mapping['from'])
2567
+ && isset($hmwp_text_mapping['to']) && !empty($hmwp_text_mapping['to'])
2568
  ) {
2569
 
2570
  foreach ( $hmwp_text_mapping['to'] as &$value ) {
2598
  $findtextmapping, array(
2599
  $this,
2600
  'replaceText'
2601
+ ), $content
2602
  );
2603
  }
2604
 
2704
  //Force to change the URL for xml content types
2705
  if (HMWP_Classes_Tools::isContentHeader(array('text/xml','application/xml'))) {
2706
 
2707
+ //change and replace paths
2708
+ $this->clearRedirect();
2709
+ //builder the redirects
2710
+ $this->buildRedirect();
2711
+ //make sure to include the blog url
2712
+ $this->prepareFindReplace();
2713
 
2714
+ $content = ob_get_contents();
2715
 
2716
  if($content <> '') {
2717
  $content = str_ireplace($this->_replace['from'], $this->_replace['to'], $content);
2736
  //Force to change the URL for xml content types
2737
  if (HMWP_Classes_Tools::isContentHeader(array('text/plain'))) {
2738
 
2739
+ //change and replace paths
2740
+ $this->clearRedirect();
2741
+ //builder the redirects
2742
+ $this->buildRedirect();
2743
 
2744
  $content = ob_get_contents();
2745
 
readme.txt CHANGED
@@ -4,18 +4,18 @@ Tags: security,firewall,hide,antivirus,wp-login,wp-admin,hide wordpress,hide wp,
4
  Requires at least: 4.3
5
  Tested up to: 6.0
6
  Requires PHP: 5.6
7
- Stable tag: 5.0.13
8
- Donate link: https://hidemywpghost.com/hide-my-wp-pricing/
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
12
- Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, etc. Add 7G Firewall Security, Brute Force protection & more.
13
 
14
  == Description ==
15
 
16
  **Hide My WP Ghost** is a **WordPress Security plugin**. It gives you the best security solutions with its powerful and easy-to-use features. Without physically changing any directory or file, Hide My WP Ghost can take your website’s security to the next level.
17
 
18
- Over **100.000 secured websites**, over **1,600,000 brute force attempts protection** and over **9.000 email alerts** and counting.
19
 
20
  The plugin **adds filters and security layers** to prevent Scripts and SQL Injections, Brute Force attacks, XML-RPC attacks, XSS, and more.
21
 
@@ -26,6 +26,7 @@ Note! **No file or directory is physically changed**. All the changes are made b
26
  After the common paths are changed, **all the common paths are hidden from hackers** to protect all the plugins and themes.
27
 
28
  [youtube https://www.youtube.com/watch?v=gwRKHQTNkh0]
 
29
 
30
  > Check the Demo Website source code:
31
  > <a href="https://demo.wpplugins.tips/">https://demo.wpplugins.tips/</a>
@@ -194,10 +195,10 @@ Hide My WP Ghost is packed with awesome security features:
194
  > * Recommended by WPML
195
  >
196
  > <strong>See All FREE Security Features (over 40):</strong>
197
- > <a href="https://hidemywp.co/security-features/">https://hidemywp.co/security-features/</a>
198
 
199
- > <strong>See All Premium Security Features (over 60):</strong>
200
- > <a href="https://hidemywpghost.com/hide-my-wp-ghost-security-features/">https://hidemywpghost.com/hide-my-wp-ghost-security-features/</a>
201
 
202
  Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
203
 
@@ -206,8 +207,8 @@ Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contac
206
  All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security,
207
  Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer, and more**
208
 
209
- Compatibility Plugins List: https://hidemywpghost.com/hide-my-wp-compatibility-plugins-list/
210
- Compatibility Theme List: https://hidemywpghost.com/hide-my-wp-ghost-compatibility-themes-list/
211
 
212
  Hosting Compatibility checked: **WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, RunCloud**
213
 
@@ -229,7 +230,7 @@ Please support us and **translate the plugin in your language**:
229
  Thank you all for your trust, support, and positive reviews!
230
 
231
 
232
- <strong>Important!</strong> This is not the Hide My WP Nulled version of the Hide My Wp Codecanyon plugin.
233
 
234
  <strong>Ready To Protect Your Website From Hackers With The Most USER-FRIENDLY WordPress Security Plugin?</strong>
235
 
@@ -260,8 +261,7 @@ Enjoy!
260
 
261
  [youtube https://youtu.be/zhvRGHMjKic]
262
 
263
- > Hide My WP Ghost <strong>Knowledge Base</strong>:
264
- > <a href="https://hidemywpghost.com/knowledge-base/">https://hidemywpghost.com</a>
265
 
266
  == Screenshots ==
267
  1. Change wp-admin and wp-login.php paths and show 404 Error instead. This is a very important WordPress Security step.
@@ -275,6 +275,15 @@ Enjoy!
275
  9. Customize the wp-admin path while logged in as an administrator
276
 
277
  == Changelog ==
 
 
 
 
 
 
 
 
 
278
  = 5.0.13 (03 May 2022)=
279
  * Update - Compatibility with WordPress 5.9.3
280
  * Update - Compatibility with BackUpWordPress plugin
@@ -868,8 +877,7 @@ You can find useful information here: https://hidemywpghost.com/knowledge-base/
868
 
869
  Don't panic.
870
 
871
- You can still access your site with the secure parameter
872
- http://domainname/wp-login.php?hmw_disable=[your_code]
873
 
874
  = Locked out of my site! I set the plugin, and after I logged out I couldn't get back in =
875
 
@@ -906,7 +914,7 @@ Yes. The Lite features of the Hide My WP Ghost plugin will always be free.
906
 
907
  We will include all the required WordPress Security updates.
908
 
909
- To unlock all the features, please visit: <a href="https://hidemywpghost.com/hide-my-wp-pricing/">https://hidemywpghost.com/hide-my-wp-pricing/</a>
910
 
911
  = How to set the plugin on the Nginx server? =
912
 
@@ -915,6 +923,13 @@ Please follow this tutorial step by step to set up the Hide My WP Ghost for Ngin
915
  <a href="https://hidemywpghost.com/how-to-setup-hide-my-wp-on-nginx-server/" target="_blank">Setup Hide My WP Ghost on Nginx Server</a>
916
  <a href="https://hidemywpghost.com/how-to-configure-hide-my-wp-on-nginx-web-server-with-virtual-private-server/" target="_blank">Configure Hide My Wp Ghost On Nginx Web Server With Virtual Private Server</a>
917
 
 
 
 
 
 
 
 
918
  = How to Hide Your Site From WordPress Theme Detectors? =
919
 
920
  Changing the common WordPress paths will not guarantee that the WordPress CMS is completely hidden.
@@ -925,7 +940,39 @@ Read more: <a href="https://hidemywpghost.com/how-to-hide-from-wordpress-theme-d
925
 
926
  = Is this plugin enough to protect my website from all hackers? =
927
 
928
- The Free version of Hide My WP Ghost hides the wp-admin and wp-login as described but will not protect you from all hacker attacks.
929
-
930
 
931
  Hide My WP Ghost hides all the common paths and patterns used but bots to detect that you are using WordPress.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4
  Requires at least: 4.3
5
  Tested up to: 6.0
6
  Requires PHP: 5.6
7
+ Stable tag: 5.0.14
8
+ Donate link:
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
12
+ Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
13
 
14
  == Description ==
15
 
16
  **Hide My WP Ghost** is a **WordPress Security plugin**. It gives you the best security solutions with its powerful and easy-to-use features. Without physically changing any directory or file, Hide My WP Ghost can take your website’s security to the next level.
17
 
18
+ Over **100.000 secured websites**, over **2,200,000 brute force attempts protection** and over **140.000 monthly hacks stopped** and counting.
19
 
20
  The plugin **adds filters and security layers** to prevent Scripts and SQL Injections, Brute Force attacks, XML-RPC attacks, XSS, and more.
21
 
26
  After the common paths are changed, **all the common paths are hidden from hackers** to protect all the plugins and themes.
27
 
28
  [youtube https://www.youtube.com/watch?v=gwRKHQTNkh0]
29
+ YouTube - Why You Must Have <a href="https://hidemywpghost.com/">Hide My WP</a>
30
 
31
  > Check the Demo Website source code:
32
  > <a href="https://demo.wpplugins.tips/">https://demo.wpplugins.tips/</a>
195
  > * Recommended by WPML
196
  >
197
  > <strong>See All FREE Security Features (over 40):</strong>
198
+ > <a href="https://hidemywp.co/security-features/">Hide My WP Free Features</a>
199
 
200
+ > <strong>See All Premium Security Features (over 65):</strong>
201
+ > <a href="https://hidemywpghost.com/hide-my-wp-ghost-security-features/">Hide My WP Premium Feature</a>
202
 
203
  Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.
204
 
207
  All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security,
208
  Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer, and more**
209
 
210
+ Compatibility Plugins List: <a href="https://hidemywpghost.com/hide-my-wp-compatibility-plugins-list/">Hide My WP Compatibility Plugins</a>
211
+ Compatibility Theme List: <a href="https://hidemywpghost.com/hide-my-wp-ghost-compatibility-themes-list/">Hide My WP Compatibility Themes</a>
212
 
213
  Hosting Compatibility checked: **WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, RunCloud**
214
 
230
  Thank you all for your trust, support, and positive reviews!
231
 
232
 
233
+ <strong>Important!</strong> This is not the Hide My WP Nulled version of the Hide My WP Codecanyon plugin.
234
 
235
  <strong>Ready To Protect Your Website From Hackers With The Most USER-FRIENDLY WordPress Security Plugin?</strong>
236
 
261
 
262
  [youtube https://youtu.be/zhvRGHMjKic]
263
 
264
+ > <a href="https://hidemywpghost.com/knowledge-base/">Hide My WP Ghost Knowledge Base</a>:
 
265
 
266
  == Screenshots ==
267
  1. Change wp-admin and wp-login.php paths and show 404 Error instead. This is a very important WordPress Security step.
275
  9. Customize the wp-admin path while logged in as an administrator
276
 
277
  == Changelog ==
278
+ = 5.0.14 (17 June 2022)=
279
+ * Update - Compatibility with Coming Soon & Maintenance Mode PRO
280
+ * Update - Compatibility with WordPress 6.0
281
+ * Update - Add the option to automatically redirect to admin when access the login page and the user is logged
282
+ * Fixed - Avoid showing 404 error on Litespeed WP Multisite when a new site is created
283
+ * Fixed - Avoid showing 404 error on Litespeed WP Multisite when a new taxonomy is created
284
+ * Fixed - Brute force math security when the math field is deleted
285
+ * Fixed the hidden URLs process
286
+
287
  = 5.0.13 (03 May 2022)=
288
  * Update - Compatibility with WordPress 5.9.3
289
  * Update - Compatibility with BackUpWordPress plugin
877
 
878
  Don't panic.
879
 
880
+ You can still access your site with the Safe URL that was downloaded when you saved the settings
 
881
 
882
  = Locked out of my site! I set the plugin, and after I logged out I couldn't get back in =
883
 
914
 
915
  We will include all the required WordPress Security updates.
916
 
917
+ To unlock all the features, please visit: <a href="https://hidemywpghost.com/hide-my-wp-pricing/">Hide My WP - Pricing Plan</a>
918
 
919
  = How to set the plugin on the Nginx server? =
920
 
923
  <a href="https://hidemywpghost.com/how-to-setup-hide-my-wp-on-nginx-server/" target="_blank">Setup Hide My WP Ghost on Nginx Server</a>
924
  <a href="https://hidemywpghost.com/how-to-configure-hide-my-wp-on-nginx-web-server-with-virtual-private-server/" target="_blank">Configure Hide My Wp Ghost On Nginx Web Server With Virtual Private Server</a>
925
 
926
+ <a href="https://hidemywpghost.com/kinsta-server-hide-my-wp-ghost-setup/" target="_blank">Install Hide My WP on Kinsta Server</a>
927
+ <a href="https://hidemywpghost.com/setup-hide-my-wp-on-runcloud/" target="_blank">Install Hide My WP on RunCloud Server</a>
928
+ <a href="https://hidemywpghost.com/wpmudev-server-hide-my-wp-ghost-setup/" target="_blank">Install Hide My WP on WPMUDEV Server</a>
929
+ <a href="https://hidemywpghost.com/setup-hide-my-wp-on-ploi-io/" target="_blank">Install Hide My WP on Ploi.io Server</a>
930
+ <a href="https://hidemywpghost.com/how-to-setup-hide-my-wp-on-flywheel-server/" target="_blank">Install Hide My WP on Flywheel Server</a>
931
+ <a href="https://hidemywpghost.com/how-to-setup-hide-my-wp-on-amazon-aws-lightsail/" target="_blank">Install Hide My WP on Amazon AWS Lightsail Server</a>
932
+
933
  = How to Hide Your Site From WordPress Theme Detectors? =
934
 
935
  Changing the common WordPress paths will not guarantee that the WordPress CMS is completely hidden.
940
 
941
  = Is this plugin enough to protect my website from all hackers? =
942
 
943
+ The Free version of Hide My WP Ghost will not protect you from all hacker attacks. For extra security you need the premium version.
 
944
 
945
  Hide My WP Ghost hides all the common paths and patterns used but bots to detect that you are using WordPress.
946
+
947
+ = How Can I Change The WP Paths In Admin Dashboard? =
948
+
949
+ By default, Hide My WP Ghost changes the paths only in frontend.
950
+
951
+ We don’t recommend this but if you want to change the path also in the admin dashboard, add this line in wp-config.php file
952
+
953
+ `define('HMW_ALWAYS_CHANGE_PATHS', true);`
954
+
955
+ Save the settings in Hide My WP Ghost and the WordPress paths will be changed in admin backend area.
956
+
957
+ = How To Remove The HMW Rewrite Rules From WP Definition In .htaccess? =
958
+
959
+ By default, Hide My WP Ghost adds the rewrite rules in 2 places in .htaccess to avoid errors when other plugins are deleting the rules from .htaccess.
960
+
961
+ If you want to have the Hide My WP Ghost rewrite rules only inside the #BEGIN HMWP_RULES … #END HMWP_RULES add this line in the wp-config.php file.
962
+
963
+ `define( 'HMW_RULES_IN_WP_RULES', false );`
964
+
965
+ Save the settings in Hide My WP > Change Paths and the plugin will remove the rewrite rules from WordPress definition #BEGIN WordPress …. #END WordPress
966
+
967
+ = Why The New Admin Path Is Redirected To Front Page? =
968
+
969
+ By default, when you set Hide My WP Ghost plugin in Ghost Mode, you can login only with the new login path.
970
+
971
+ To activate the option to access the new admin path and to be redirected to the new login path, do this:
972
+
973
+ Switch OFF the option <strong>Hide My WP > Change Paths > Admin Security > Hide the New Admin Path</strong>
974
+
975
+ Once you switch off the option and save the settings, when you access the new admin path, it will redirect to the new login path.
976
+
977
+ <a href="https://hidemywpghost.com/kb/customize-paths-in-hide-my-wp-ghost/">Customize Paths in Hide My WP Ghost</a>
978
+
view/Tweaks.php CHANGED
@@ -149,6 +149,18 @@
149
 
150
  </div>
151
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
152
  </div>
153
  </div>
154
 
149
 
150
  </div>
151
  </div>
152
+
153
+ <div class="col-sm-12 row mb-1 ml-1 p-2">
154
+ <div class="checker col-sm-12 row my-2 py-1">
155
+ <div class="col-sm-12 p-0 switch switch-sm">
156
+ <input type="hidden" name="hmwp_logged_users_redirect" value="0"/>
157
+ <input type="checkbox" id="hmwp_logged_users_redirect" name="hmwp_logged_users_redirect" class="switch" <?php echo(HMWP_Classes_Tools::getOption('hmwp_logged_users_redirect') ? 'checked="checked"' : '') ?> value="1"/>
158
+ <label for="hmwp_logged_users_redirect"><?php echo esc_html__('Redirect Logged Users To Dashboard', 'hide-my-wp'); ?></label>
159
+ <div class="offset-1 text-black-50"><?php echo esc_html__("Automatically redirect the logged in users to the admin dashboard", 'hide-my-wp'); ?>.</div>
160
+ </div>
161
+ </div>
162
+ </div>
163
+
164
  </div>
165
  </div>
166