Hide My WP Ghost – Security Plugin - Version 5.0.15

Version Description

(06 Sept 2022)= * Fixed - URL Mapping for Nginx servers to prevent 404 pages * Fixed - PHP error in Security Check when the X-Powered-By header is not string * Fixed - Compatibility with Wp-Rocket last version * Fixed - Brute force math issue on woocommerce login when third party woocommerce logins * Fixed - Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo * Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled * Update - Compatibility with Nicepage Builder plugin * Update - Compatibility with WP 6.0.2

Download this release

Release Info

Developer johndarrel
Plugin Icon 128x128 Hide My WP Ghost – Security Plugin
Version 5.0.15
Comparing to
See all releases

Code changes from version 5.0.14 to 5.0.15

classes/Tools.php CHANGED
@@ -114,7 +114,12 @@ class HMWP_Classes_Tools
114
  public static function getOptions( $safe = false )
115
  {
116
  $keymeta = HMWP_OPTION;
117
- $homepath = ltrim(parse_url(site_url(), PHP_URL_PATH), '/');
 
 
 
 
 
118
  $pluginurl = ltrim(parse_url(plugins_url(), PHP_URL_PATH), '/');
119
  $contenturl = ltrim(parse_url(content_url(), PHP_URL_PATH), '/');
120
 
@@ -1170,6 +1175,10 @@ class HMWP_Classes_Tools
1170
  return true;
1171
  }
1172
 
 
 
 
 
1173
  return (isset($_SERVER['SERVER_SOFTWARE']) && stripos($_SERVER['SERVER_SOFTWARE'], 'Flywheel') !== false);
1174
  }
1175
 
114
  public static function getOptions( $safe = false )
115
  {
116
  $keymeta = HMWP_OPTION;
117
+
118
+ $homepath = '';
119
+ if(parse_url(site_url(), PHP_URL_PATH)){
120
+ $homepath = ltrim(parse_url(site_url(), PHP_URL_PATH), '/');
121
+ }
122
+
123
  $pluginurl = ltrim(parse_url(plugins_url(), PHP_URL_PATH), '/');
124
  $contenturl = ltrim(parse_url(content_url(), PHP_URL_PATH), '/');
125
 
1175
  return true;
1176
  }
1177
 
1178
+ if (isset($_SERVER['SERVER']) && stripos($_SERVER['SERVER'], 'Flywheel') !== false) {
1179
+ return true;
1180
+ }
1181
+
1182
  return (isset($_SERVER['SERVER_SOFTWARE']) && stripos($_SERVER['SERVER_SOFTWARE'], 'Flywheel') !== false);
1183
  }
1184
 
controllers/Rewrite.php CHANGED
@@ -102,12 +102,12 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
102
  //actions
103
  add_action('login_init', array($this->model, 'login_init'), PHP_INT_MAX);
104
  add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);
105
- add_action('login_title', array($this->model, 'login_title'), PHP_INT_MAX, 1);
106
  add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
107
  add_action('check_admin_referer', array($this->model, 'check_admin_referer'), PHP_INT_MAX, 2);
108
  //change the admin urlhmwp_login_init
109
  add_filter('lostpassword_url', array($this->model, 'lostpassword_url'), PHP_INT_MAX, 1);
110
- add_filter('register', array($this->model, 'register_url'), PHP_INT_MAX, 1);
 
111
  add_filter('login_url', array($this->model, 'login_url'), PHP_INT_MAX, 1);
112
  add_filter('logout_url', array($this->model, 'logout_url'), PHP_INT_MAX, 2);
113
  add_filter('admin_url', array($this->model, 'admin_url'), PHP_INT_MAX, 3);
@@ -154,7 +154,6 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
154
  add_action('the_content_feed', array($this->model, 'find_replace'));
155
  add_action('rss2_head', array($this->model, 'find_replace'));
156
  add_action('commentsrss2_head', array($this->model, 'find_replace'));
157
- add_action('get_site_icon_url', array($this->model, 'find_replace'));
158
  }
159
 
160
  //Check the buffer on shutdown
102
  //actions
103
  add_action('login_init', array($this->model, 'login_init'), PHP_INT_MAX);
104
  add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);
 
105
  add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
106
  add_action('check_admin_referer', array($this->model, 'check_admin_referer'), PHP_INT_MAX, 2);
107
  //change the admin urlhmwp_login_init
108
  add_filter('lostpassword_url', array($this->model, 'lostpassword_url'), PHP_INT_MAX, 1);
109
+ add_filter('login_title', array($this->model, 'login_title'), PHP_INT_MAX, 1);
110
+ add_filter('register', array($this->model, 'register_url'), PHP_INT_MAX, 1);
111
  add_filter('login_url', array($this->model, 'login_url'), PHP_INT_MAX, 1);
112
  add_filter('logout_url', array($this->model, 'logout_url'), PHP_INT_MAX, 2);
113
  add_filter('admin_url', array($this->model, 'admin_url'), PHP_INT_MAX, 3);
154
  add_action('the_content_feed', array($this->model, 'find_replace'));
155
  add_action('rss2_head', array($this->model, 'find_replace'));
156
  add_action('commentsrss2_head', array($this->model, 'find_replace'));
 
157
  }
158
 
159
  //Check the buffer on shutdown
controllers/SecurityCheck.php CHANGED
@@ -364,7 +364,7 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
364
  'value' => false,
365
  'valid' => false,
366
  'warning' => false,
367
- 'message' => sprintf(__("Having the admin URL visible in the source code it's awful because hackers will immediately know your secret admin path and start a Brute Force attack. The custom admin path should not appear in the ajax URL. <br /><br />Find solutions for %s how to hide the path from source code %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/how-to-hide-wp-admin-and-wp-login-php-from-source-code/" target="_blank">', '</a>'),
368
  'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Hide wp-admin from ajax URL%s. Hide any reference to admin path from the installed plugins.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=ajax').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>', '<strong>', '</strong>'),
369
  ),
370
  'checkLoginPath' => array(
@@ -372,7 +372,7 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
372
  'value' => false,
373
  'valid' => false,
374
  'warning' => false,
375
- 'message' => sprintf(__("Having the login URL visible in the source code is awful because hackers will immediately know your secret login path and start a Brute Force attack. <br /><br />The custom login path should be kept secret, and you should have Brute Force Protection activated for it. <br ><br />Find solutions for %s hiding the login path from source code here %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/how-to-hide-wp-admin-and-wp-login-php-from-source-code/" target="_blank">', '</a>'),
376
  'solution' => sprintf(esc_html__("%sHide the login path%s from theme menu or widget.", 'hide-my-wp'), '<strong>', '</strong>'),
377
  ),
378
  'checkOldLogin' => array(
364
  'value' => false,
365
  'valid' => false,
366
  'warning' => false,
367
+ 'message' => sprintf(__("Having the admin URL visible in the source code it's awful because hackers will immediately know your secret admin path and start a Brute Force attack. The custom admin path should not appear in the ajax URL. <br /><br />Find solutions for %s how to hide the path from source code %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/hide-wpadmin-and-wplogin-php-from-source-code/" target="_blank">', '</a>'),
368
  'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Hide wp-admin from ajax URL%s. Hide any reference to admin path from the installed plugins.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=ajax').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>', '<strong>', '</strong>'),
369
  ),
370
  'checkLoginPath' => array(
372
  'value' => false,
373
  'valid' => false,
374
  'warning' => false,
375
+ 'message' => sprintf(__("Having the login URL visible in the source code is awful because hackers will immediately know your secret login path and start a Brute Force attack. <br /><br />The custom login path should be kept secret, and you should have Brute Force Protection activated for it. <br ><br />Find solutions for %s hiding the login path from source code here %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/hide-wpadmin-and-wplogin-php-from-source-code/" target="_blank">', '</a>'),
376
  'solution' => sprintf(esc_html__("%sHide the login path%s from theme menu or widget.", 'hide-my-wp'), '<strong>', '</strong>'),
377
  ),
378
  'checkOldLogin' => array(
index.php CHANGED
@@ -6,9 +6,9 @@
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9
- Version: 5.0.14
10
  Author: WPPlugins - WordPress Security Plugins
11
- Author URI: https://hidemywp.co
12
  License: GPLv2 or later
13
  License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14
  Text Domain: hide-my-wp
@@ -22,7 +22,7 @@
22
  if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
 
24
  //Set current plugin version
25
- define( 'HMWP_VERSION', '5.0.14' );
26
 
27
  //Set the last stable version of the plugin
28
  define( 'HMWP_STABLE_VERSION', '5.0.13' );
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9
+ Version: 5.0.15
10
  Author: WPPlugins - WordPress Security Plugins
11
+ Author URI: https://hidemywp.com
12
  License: GPLv2 or later
13
  License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14
  Text Domain: hide-my-wp
22
  if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
 
24
  //Set current plugin version
25
+ define( 'HMWP_VERSION', '5.0.15' );
26
 
27
  //Set the last stable version of the plugin
28
  define( 'HMWP_STABLE_VERSION', '5.0.13' );
models/Brute.php CHANGED
@@ -535,11 +535,6 @@ class HMWP_Models_Brute
535
  );
536
  }
537
 
538
- }else{
539
- $user = new WP_Error(
540
- 'authentication_failed',
541
- sprintf(esc_html__('%sYou failed to correctly answer the math problem.%s Please try again', 'hide-my-wp'), '<strong>', '</strong>')
542
- );
543
  }
544
 
545
  return $user;
535
  );
536
  }
537
 
 
 
 
 
 
538
  }
539
 
540
  return $user;
models/Compatibility.php CHANGED
@@ -71,6 +71,17 @@ class HMWP_Models_Compatibility
71
 
72
  }
73
 
 
 
 
 
 
 
 
 
 
 
 
74
  } else {
75
 
76
  //If in preview mode of the front page
@@ -630,6 +641,9 @@ class HMWP_Models_Compatibility
630
  'bricks',//Bricks plugin
631
  'zionbuilder-preview',//Zion Builder plugin
632
  'customize_theme',//WordPress Customize
 
 
 
633
  );
634
 
635
  foreach ( $builder_paramas as $param ) {
71
 
72
  }
73
 
74
+ //Compatibility with Breakdance plugin
75
+ if (HMWP_Classes_Tools::isAjax() ) {
76
+ if (HMWP_Classes_Tools::getValue('action') == 'query-attachments' ||
77
+ HMWP_Classes_Tools::getValue('action') == 'breakdance_load_document' ||
78
+ HMWP_Classes_Tools::getValue('action') == 'breakdance_image_metadata' ||
79
+ HMWP_Classes_Tools::getValue('action') == 'breakdance_image_sizes') {
80
+ //Stop Hide My WP Ghost from loading while on editor
81
+ add_filter('hmwp_process_buffer', '__return_false');
82
+ }
83
+ }
84
+
85
  } else {
86
 
87
  //If in preview mode of the front page
641
  'bricks',//Bricks plugin
642
  'zionbuilder-preview',//Zion Builder plugin
643
  'customize_theme',//WordPress Customize
644
+ 'breakdance',//Breakdance plugin
645
+ 'breakdance_iframe',//Breakdance plugin
646
+ 'np_new',//Nicepage plugin
647
  );
648
 
649
  foreach ( $builder_paramas as $param ) {
models/Rewrite.php CHANGED
@@ -826,6 +826,30 @@ class HMWP_Models_Rewrite
826
  }
827
 
828
  return $success;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
829
  } elseif ((HMWP_Classes_Tools::isApache() || HMWP_Classes_Tools::isLitespeed()) ) {
830
  //if there are no rewrites, return true
831
  if (!empty($this->_rewrites) ) {
@@ -1314,17 +1338,14 @@ class HMWP_Models_Rewrite
1314
  add_filter('login_headerurl', array($this, 'login_url'), 99, 1);
1315
 
1316
  if (HMWP_Classes_Tools::getOption('hmwp_remove_third_hooks') ) {
1317
- $logo = false;
1318
-
1319
  if (function_exists('get_theme_mod') && function_exists('wp_get_attachment_image_src') ) {
1320
  $custom_logo_id = get_theme_mod('custom_logo');
1321
  $image = wp_get_attachment_image_src($custom_logo_id, 'full');
1322
 
1323
  if (isset($image[0]) ) {
1324
- $logo = $image[0];
1325
  }
1326
  }
1327
- echo '<style>#login h1 a, .login h1 a {background-image: ' . ($logo ? "url($logo)" : "none") . ' !important; ' . ($logo ? "background-position: center;" : "width: 1px !important;height: 1px !important;") . '}</style>';
1328
  }
1329
 
1330
  }
826
  }
827
 
828
  return $success;
829
+
830
+ } elseif (HMWP_Classes_Tools::isFlywheel() ) {
831
+ $success = true;
832
+
833
+ //Add the URL Mapping rules
834
+ if (!empty($this->_umrewrites)) {
835
+ foreach ( $this->_umrewrites as $rewrite ) {
836
+ $rewritecode .= 'Source: <strong>^' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: 301 Permanent;<br />";
837
+ }
838
+ }
839
+
840
+ //Add the New Paths rules
841
+ if (!empty($this->_rewrites) ) {
842
+ foreach ( $this->_rewrites as $rewrite ) {
843
+ $rewritecode .= 'Source: <strong>^/' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: Break;<br />";
844
+ }
845
+ }
846
+
847
+ if ($rewritecode <> '' ) {
848
+ HMWP_Classes_Error::setError(sprintf(esc_html__('Flywheel detected. Add the redirects in the Flywheel Redirect rules panel %s.', 'hide-my-wp'), '<strong><a href="https://getflywheel.com/wordpress-support/flywheel-redirects/" target="_blank" style="color: red">' . esc_html__("Learn How To Add the Code", 'hide-my-wp') . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form),'notice',false);
849
+ $success = false; //always show the Flywheel Rules as manually action
850
+ }
851
+
852
+ return $success;
853
  } elseif ((HMWP_Classes_Tools::isApache() || HMWP_Classes_Tools::isLitespeed()) ) {
854
  //if there are no rewrites, return true
855
  if (!empty($this->_rewrites) ) {
1338
  add_filter('login_headerurl', array($this, 'login_url'), 99, 1);
1339
 
1340
  if (HMWP_Classes_Tools::getOption('hmwp_remove_third_hooks') ) {
 
 
1341
  if (function_exists('get_theme_mod') && function_exists('wp_get_attachment_image_src') ) {
1342
  $custom_logo_id = get_theme_mod('custom_logo');
1343
  $image = wp_get_attachment_image_src($custom_logo_id, 'full');
1344
 
1345
  if (isset($image[0]) ) {
1346
+ echo '<style>#login h1 a, .login h1 a {background-image: ' . "url($image[0])" . ' !important; background-position: center;}</style>';
1347
  }
1348
  }
 
1349
  }
1350
 
1351
  }
readme.txt CHANGED
@@ -4,8 +4,7 @@ Tags: security,firewall,hide,antivirus,wp-login,wp-admin,hide wordpress,hide wp,
4
  Requires at least: 4.3
5
  Tested up to: 6.0
6
  Requires PHP: 5.6
7
- Stable tag: 5.0.14
8
- Donate link:
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -275,6 +274,16 @@ Enjoy!
275
  9. Customize the wp-admin path while logged in as an administrator
276
 
277
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
278
  = 5.0.14 (17 June 2022)=
279
  * Update - Compatibility with Coming Soon & Maintenance Mode PRO
280
  * Update - Compatibility with WordPress 6.0
4
  Requires at least: 4.3
5
  Tested up to: 6.0
6
  Requires PHP: 5.6
7
+ Stable tag: 5.0.15
 
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
274
  9. Customize the wp-admin path while logged in as an administrator
275
 
276
  == Changelog ==
277
+ = 5.0.15 (06 Sept 2022)=
278
+ * Fixed - URL Mapping for Nginx servers to prevent 404 pages
279
+ * Fixed - PHP error in Security Check when the X-Powered-By header is not string
280
+ * Fixed - Compatibility with Wp-Rocket last version
281
+ * Fixed - Brute force math issue on woocommerce login when third party woocommerce logins
282
+ * Fixed - Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo
283
+ * Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled
284
+ * Update - Compatibility with Nicepage Builder plugin
285
+ * Update - Compatibility with WP 6.0.2
286
+
287
  = 5.0.14 (17 June 2022)=
288
  * Update - Compatibility with Coming Soon & Maintenance Mode PRO
289
  * Update - Compatibility with WordPress 6.0
view/Permalinks.php CHANGED
@@ -1005,16 +1005,10 @@
1005
  <?php if (HMWP_Classes_Tools::getOption('test_frontend') || HMWP_Classes_Tools::getOption('logout') || HMWP_Classes_Tools::getOption('error') ) { ?>
1006
  <div class="col-sm-12 m-0 p-2">
1007
  <button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
1008
- <?php if(HMWP_Classes_Tools::getOption('hmwp_plugin_name') == _HMWP_PLUGIN_FULL_NAME_) { ?>
1009
- <a href="https://wordpress.org/support/plugin/hide-my-wp/reviews/?rate=5#new-post" target="_blank" ><i class="dashicons dashicons-heart text-danger align-middle"></i> <?php echo sprintf(esc_html__('Love %s? Show us ;)', 'hide-my-wp'), HMWP_Classes_Tools::getOption('hmwp_plugin_name')); ?></a>
1010
- <?php }?>
1011
  </div>
1012
  <?php } else { ?>
1013
  <div class="col-sm-12 m-0 p-2 bg-light text-center" style="position: fixed; bottom: 0; right: 0; z-index: 100; box-shadow: 0 0 8px -3px #444;">
1014
  <button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
1015
- <?php if(HMWP_Classes_Tools::getOption('hmwp_plugin_name') == _HMWP_PLUGIN_FULL_NAME_) { ?>
1016
- <a href="https://wordpress.org/support/plugin/hide-my-wp/reviews/?rate=5#new-post" target="_blank" ><i class="dashicons dashicons-heart text-danger align-middle"></i> <?php echo sprintf(esc_html__('Love %s? Show us ;)', 'hide-my-wp'), HMWP_Classes_Tools::getOption('hmwp_plugin_name')); ?></a>
1017
- <?php }?>
1018
  </div>
1019
  <?php } ?>
1020
 
1005
  <?php if (HMWP_Classes_Tools::getOption('test_frontend') || HMWP_Classes_Tools::getOption('logout') || HMWP_Classes_Tools::getOption('error') ) { ?>
1006
  <div class="col-sm-12 m-0 p-2">
1007
  <button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
 
 
 
1008
  </div>
1009
  <?php } else { ?>
1010
  <div class="col-sm-12 m-0 p-2 bg-light text-center" style="position: fixed; bottom: 0; right: 0; z-index: 100; box-shadow: 0 0 8px -3px #444;">
1011
  <button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
 
 
 
1012
  </div>
1013
  <?php } ?>
1014