Hide My WP Ghost – Security Plugin

Version Description

(06 Sept 2022)= * Fixed - URL Mapping for Nginx servers to prevent 404 pages * Fixed - PHP error in Security Check when the X-Powered-By header is not string * Fixed - Compatibility with Wp-Rocket last version * Fixed - Brute force math issue on woocommerce login when third party woocommerce logins * Fixed - Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo * Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled * Update - Compatibility with Nicepage Builder plugin * Update - Compatibility with WP 6.0.2

Download this release

Release Info

Developer	johndarrel
Plugin	Hide My WP Ghost – Security Plugin
Version	5.0.15
Comparing to
See all releases

Code changes from version 5.0.14 to 5.0.15

Files changed (9) hide show

classes/Tools.php +10 -1
controllers/Rewrite.php +2 -3
controllers/SecurityCheck.php +2 -2
index.php +3 -3
models/Brute.php +0 -5
models/Compatibility.php +14 -0
models/Rewrite.php +25 -4
readme.txt +11 -2
view/Permalinks.php +0 -6

classes/Tools.php CHANGED Viewed

	@@ -114,7 +114,12 @@ class HMWP_Classes_Tools
114	public static function getOptions( $safe = false )
115	{
116	$keymeta = HMWP_OPTION;
117	- ~~$homepath = ltrim(parse_url(site_url(), PHP_URL_PATH), '/');~~





118	$pluginurl = ltrim(parse_url(plugins_url(), PHP_URL_PATH), '/');
119	$contenturl = ltrim(parse_url(content_url(), PHP_URL_PATH), '/');
120
	@@ -1170,6 +1175,10 @@ class HMWP_Classes_Tools
1170	return true;
1171	}
1172




1173	return (isset($_SERVER['SERVER_SOFTWARE']) && stripos($_SERVER['SERVER_SOFTWARE'], 'Flywheel') !== false);
1174	}
1175


114	public static function getOptions( $safe = false )
115	{
116	$keymeta = HMWP_OPTION;
117	+
118	+ $homepath = '';
119	+ if(parse_url(site_url(), PHP_URL_PATH)){
120	+ $homepath = ltrim(parse_url(site_url(), PHP_URL_PATH), '/');
121	+ }
122	+
123	$pluginurl = ltrim(parse_url(plugins_url(), PHP_URL_PATH), '/');
124	$contenturl = ltrim(parse_url(content_url(), PHP_URL_PATH), '/');
125

1175	return true;
1176	}
1177
1178	+ if (isset($_SERVER['SERVER']) && stripos($_SERVER['SERVER'], 'Flywheel') !== false) {
1179	+ return true;
1180	+ }
1181	+
1182	return (isset($_SERVER['SERVER_SOFTWARE']) && stripos($_SERVER['SERVER_SOFTWARE'], 'Flywheel') !== false);
1183	}
1184

controllers/Rewrite.php CHANGED Viewed

	@@ -102,12 +102,12 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
102	//actions
103	add_action('login_init', array($this->model, 'login_init'), PHP_INT_MAX);
104	add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);
105	- add_action('login_title', array($this->model, 'login_title'), PHP_INT_MAX, 1);
106	add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
107	add_action('check_admin_referer', array($this->model, 'check_admin_referer'), PHP_INT_MAX, 2);
108	//change the admin urlhmwp_login_init
109	add_filter('lostpassword_url', array($this->model, 'lostpassword_url'), PHP_INT_MAX, 1);
110	- add_filter('~~register~~', array($this->model, '~~register_url~~'), PHP_INT_MAX, 1);

111	add_filter('login_url', array($this->model, 'login_url'), PHP_INT_MAX, 1);
112	add_filter('logout_url', array($this->model, 'logout_url'), PHP_INT_MAX, 2);
113	add_filter('admin_url', array($this->model, 'admin_url'), PHP_INT_MAX, 3);
	@@ -154,7 +154,6 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
154	add_action('the_content_feed', array($this->model, 'find_replace'));
155	add_action('rss2_head', array($this->model, 'find_replace'));
156	add_action('commentsrss2_head', array($this->model, 'find_replace'));
157	- add_action('get_site_icon_url', array($this->model, 'find_replace'));
158	}
159
160	//Check the buffer on shutdown


102	//actions
103	add_action('login_init', array($this->model, 'login_init'), PHP_INT_MAX);
104	add_action('login_head', array($this->model, 'login_head'), PHP_INT_MAX);

105	add_action('wp_logout', array($this->model, 'wp_logout'), PHP_INT_MAX);
106	add_action('check_admin_referer', array($this->model, 'check_admin_referer'), PHP_INT_MAX, 2);
107	//change the admin urlhmwp_login_init
108	add_filter('lostpassword_url', array($this->model, 'lostpassword_url'), PHP_INT_MAX, 1);
109	+ add_filter('login_title', array($this->model, 'login_title'), PHP_INT_MAX, 1);
110	+ add_filter('register', array($this->model, 'register_url'), PHP_INT_MAX, 1);
111	add_filter('login_url', array($this->model, 'login_url'), PHP_INT_MAX, 1);
112	add_filter('logout_url', array($this->model, 'logout_url'), PHP_INT_MAX, 2);
113	add_filter('admin_url', array($this->model, 'admin_url'), PHP_INT_MAX, 3);

154	add_action('the_content_feed', array($this->model, 'find_replace'));
155	add_action('rss2_head', array($this->model, 'find_replace'));
156	add_action('commentsrss2_head', array($this->model, 'find_replace'));

157	}
158
159	//Check the buffer on shutdown

controllers/SecurityCheck.php CHANGED Viewed

	@@ -364,7 +364,7 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
364	'value' => false,
365	'valid' => false,
366	'warning' => false,
367	- 'message' => sprintf(__("Having the admin URL visible in the source code it's awful because hackers will immediately know your secret admin path and start a Brute Force attack. The custom admin path should not appear in the ajax URL. <br /><br />Find solutions for %s how to hide the path from source code %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/~~how-to-~~hide-wp-~~admin-~~and-wp-~~login-~~php-from-source-code/" target="_blank">', '</a>'),
368	'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Hide wp-admin from ajax URL%s. Hide any reference to admin path from the installed plugins.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=ajax').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>', '<strong>', '</strong>'),
369	),
370	'checkLoginPath' => array(
	@@ -372,7 +372,7 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
372	'value' => false,
373	'valid' => false,
374	'warning' => false,
375	- 'message' => sprintf(__("Having the login URL visible in the source code is awful because hackers will immediately know your secret login path and start a Brute Force attack. <br /><br />The custom login path should be kept secret, and you should have Brute Force Protection activated for it. <br ><br />Find solutions for %s hiding the login path from source code here %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/~~how-to-~~hide-wp-~~admin-~~and-wp-~~login-~~php-from-source-code/" target="_blank">', '</a>'),
376	'solution' => sprintf(esc_html__("%sHide the login path%s from theme menu or widget.", 'hide-my-wp'), '<strong>', '</strong>'),
377	),
378	'checkOldLogin' => array(


364	'value' => false,
365	'valid' => false,
366	'warning' => false,
367	+ 'message' => sprintf(__("Having the admin URL visible in the source code it's awful because hackers will immediately know your secret admin path and start a Brute Force attack. The custom admin path should not appear in the ajax URL. <br /><br />Find solutions for %s how to hide the path from source code %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/hide-wpadmin-and-wplogin-php-from-source-code/" target="_blank">', '</a>'),
368	'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Hide wp-admin from ajax URL%s. Hide any reference to admin path from the installed plugins.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=ajax').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>', '<strong>', '</strong>'),
369	),
370	'checkLoginPath' => array(

372	'value' => false,
373	'valid' => false,
374	'warning' => false,
375	+ 'message' => sprintf(__("Having the login URL visible in the source code is awful because hackers will immediately know your secret login path and start a Brute Force attack. <br /><br />The custom login path should be kept secret, and you should have Brute Force Protection activated for it. <br ><br />Find solutions for %s hiding the login path from source code here %s.", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getOption('hmwp_plugin_website').'/hide-wpadmin-and-wplogin-php-from-source-code/" target="_blank">', '</a>'),
376	'solution' => sprintf(esc_html__("%sHide the login path%s from theme menu or widget.", 'hide-my-wp'), '<strong>', '</strong>'),
377	),
378	'checkOldLogin' => array(

index.php CHANGED Viewed

	@@ -6,9 +6,9 @@
6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9	- Version: 5.0.14
10	Author: WPPlugins - WordPress Security Plugins
11	- Author URI: https://hidemywp.co
12	License: GPLv2 or later
13	License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14	Text Domain: hide-my-wp
	@@ -22,7 +22,7 @@
22	if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
24	//Set current plugin version
25	- define( 'HMWP_VERSION', '5.0.14' );
26
27	//Set the last stable version of the plugin
28	define( 'HMWP_STABLE_VERSION', '5.0.13' );


6	Plugin Name: Hide My WP Ghost Lite
7	Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8	Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9	+ Version: 5.0.15
10	Author: WPPlugins - WordPress Security Plugins
11	+ Author URI: https://hidemywp.com
12	License: GPLv2 or later
13	License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
14	Text Domain: hide-my-wp

22	if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
24	//Set current plugin version
25	+ define( 'HMWP_VERSION', '5.0.15' );
26
27	//Set the last stable version of the plugin
28	define( 'HMWP_STABLE_VERSION', '5.0.13' );

models/Brute.php CHANGED Viewed

	@@ -535,11 +535,6 @@ class HMWP_Models_Brute
535	);
536	}
537
538	- }else{
539	- $user = new WP_Error(
540	- 'authentication_failed',
541	- sprintf(esc_html__('%sYou failed to correctly answer the math problem.%s Please try again', 'hide-my-wp'), '<strong>', '</strong>')
542	- );
543	}
544
545	return $user;


535	);
536	}
537





538	}
539
540	return $user;

models/Compatibility.php CHANGED Viewed

	@@ -71,6 +71,17 @@ class HMWP_Models_Compatibility
71
72	}
73











74	} else {
75
76	//If in preview mode of the front page
	@@ -630,6 +641,9 @@ class HMWP_Models_Compatibility
630	'bricks',//Bricks plugin
631	'zionbuilder-preview',//Zion Builder plugin
632	'customize_theme',//WordPress Customize



633	);
634
635	foreach ( $builder_paramas as $param ) {


71
72	}
73
74	+ //Compatibility with Breakdance plugin
75	+ if (HMWP_Classes_Tools::isAjax() ) {
76	+ if (HMWP_Classes_Tools::getValue('action') == 'query-attachments' \|\|
77	+ HMWP_Classes_Tools::getValue('action') == 'breakdance_load_document' \|\|
78	+ HMWP_Classes_Tools::getValue('action') == 'breakdance_image_metadata' \|\|
79	+ HMWP_Classes_Tools::getValue('action') == 'breakdance_image_sizes') {
80	+ //Stop Hide My WP Ghost from loading while on editor
81	+ add_filter('hmwp_process_buffer', '__return_false');
82	+ }
83	+ }
84	+
85	} else {
86
87	//If in preview mode of the front page

641	'bricks',//Bricks plugin
642	'zionbuilder-preview',//Zion Builder plugin
643	'customize_theme',//WordPress Customize
644	+ 'breakdance',//Breakdance plugin
645	+ 'breakdance_iframe',//Breakdance plugin
646	+ 'np_new',//Nicepage plugin
647	);
648
649	foreach ( $builder_paramas as $param ) {

models/Rewrite.php CHANGED Viewed

	@@ -826,6 +826,30 @@ class HMWP_Models_Rewrite
826	}
827
828	return $success;
























829	} elseif ((HMWP_Classes_Tools::isApache() \|\| HMWP_Classes_Tools::isLitespeed()) ) {
830	//if there are no rewrites, return true
831	if (!empty($this->_rewrites) ) {
	@@ -1314,17 +1338,14 @@ class HMWP_Models_Rewrite
1314	add_filter('login_headerurl', array($this, 'login_url'), 99, 1);
1315
1316	if (HMWP_Classes_Tools::getOption('hmwp_remove_third_hooks') ) {
1317	- $logo = false;
1318	-
1319	if (function_exists('get_theme_mod') && function_exists('wp_get_attachment_image_src') ) {
1320	$custom_logo_id = get_theme_mod('custom_logo');
1321	$image = wp_get_attachment_image_src($custom_logo_id, 'full');
1322
1323	if (isset($image[0]) ) {
1324	- ~~$logo~~ = $image[0];
1325	}
1326	}
1327	- echo '<style>#login h1 a, .login h1 a {background-image: ' . ($logo ? "url($logo)" : "none") . ' !important; ' . ($logo ? "background-position: center;" : "width: 1px !important;height: 1px !important;") . '}</style>';
1328	}
1329
1330	}


826	}
827
828	return $success;
829	+
830	+ } elseif (HMWP_Classes_Tools::isFlywheel() ) {
831	+ $success = true;
832	+
833	+ //Add the URL Mapping rules
834	+ if (!empty($this->_umrewrites)) {
835	+ foreach ( $this->_umrewrites as $rewrite ) {
836	+ $rewritecode .= 'Source: <strong>^' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: 301 Permanent;<br />";
837	+ }
838	+ }
839	+
840	+ //Add the New Paths rules
841	+ if (!empty($this->_rewrites) ) {
842	+ foreach ( $this->_rewrites as $rewrite ) {
843	+ $rewritecode .= 'Source: <strong>^/' . str_replace(array('.css', '.js'), array('\.css', '\.js'), $rewrite['from']) . '</strong> Destination: <strong>' . $home_root . $rewrite['to'] . "</strong> Redirect type: Break;<br />";
844	+ }
845	+ }
846	+
847	+ if ($rewritecode <> '' ) {
848	+ HMWP_Classes_Error::setError(sprintf(esc_html__('Flywheel detected. Add the redirects in the Flywheel Redirect rules panel %s.', 'hide-my-wp'), '<strong><a href="https://getflywheel.com/wordpress-support/flywheel-redirects/" target="_blank" style="color: red">' . esc_html__("Learn How To Add the Code", 'hide-my-wp') . '</a></strong> <br /><br /><pre>' . $rewritecode . '</pre>' . $form),'notice',false);
849	+ $success = false; //always show the Flywheel Rules as manually action
850	+ }
851	+
852	+ return $success;
853	} elseif ((HMWP_Classes_Tools::isApache() \|\| HMWP_Classes_Tools::isLitespeed()) ) {
854	//if there are no rewrites, return true
855	if (!empty($this->_rewrites) ) {

1338	add_filter('login_headerurl', array($this, 'login_url'), 99, 1);
1339
1340	if (HMWP_Classes_Tools::getOption('hmwp_remove_third_hooks') ) {


1341	if (function_exists('get_theme_mod') && function_exists('wp_get_attachment_image_src') ) {
1342	$custom_logo_id = get_theme_mod('custom_logo');
1343	$image = wp_get_attachment_image_src($custom_logo_id, 'full');
1344
1345	if (isset($image[0]) ) {
1346	+ echo '<style>#login h1 a, .login h1 a {background-image: ' . "url($image[0])" . ' !important; background-position: center;}</style>';
1347	}
1348	}

1349	}
1350
1351	}

readme.txt CHANGED Viewed

	@@ -4,8 +4,7 @@ Tags: security,firewall,hide,antivirus,wp-login,wp-admin,hide wordpress,hide wp,
4	Requires at least: 4.3
5	Tested up to: 6.0
6	Requires PHP: 5.6
7	- Stable tag: 5.0.14
8	- Donate link:
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
	@@ -275,6 +274,16 @@ Enjoy!
275	9. Customize the wp-admin path while logged in as an administrator
276
277	== Changelog ==










278	= 5.0.14 (17 June 2022)=
279	* Update - Compatibility with Coming Soon & Maintenance Mode PRO
280	* Update - Compatibility with WordPress 6.0


4	Requires at least: 4.3
5	Tested up to: 6.0
6	Requires PHP: 5.6
7	+ Stable tag: 5.0.15

8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

274	9. Customize the wp-admin path while logged in as an administrator
275
276	== Changelog ==
277	+ = 5.0.15 (06 Sept 2022)=
278	+ * Fixed - URL Mapping for Nginx servers to prevent 404 pages
279	+ * Fixed - PHP error in Security Check when the X-Powered-By header is not string
280	+ * Fixed - Compatibility with Wp-Rocket last version
281	+ * Fixed - Brute force math issue on woocommerce login when third party woocommerce logins
282	+ * Fixed - Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo
283	+ * Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled
284	+ * Update - Compatibility with Nicepage Builder plugin
285	+ * Update - Compatibility with WP 6.0.2
286	+
287	= 5.0.14 (17 June 2022)=
288	* Update - Compatibility with Coming Soon & Maintenance Mode PRO
289	* Update - Compatibility with WordPress 6.0

view/Permalinks.php CHANGED Viewed

	@@ -1005,16 +1005,10 @@
1005	<?php if (HMWP_Classes_Tools::getOption('test_frontend') \|\| HMWP_Classes_Tools::getOption('logout') \|\| HMWP_Classes_Tools::getOption('error') ) { ?>
1006	<div class="col-sm-12 m-0 p-2">
1007	<button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
1008	- <?php if(HMWP_Classes_Tools::getOption('hmwp_plugin_name') == _HMWP_PLUGIN_FULL_NAME_) { ?>
1009	- <a href="https://wordpress.org/support/plugin/hide-my-wp/reviews/?rate=5#new-post" target="_blank" ><i class="dashicons dashicons-heart text-danger align-middle"></i> <?php echo sprintf(esc_html__('Love %s? Show us ;)', 'hide-my-wp'), HMWP_Classes_Tools::getOption('hmwp_plugin_name')); ?></a>
1010	- <?php }?>
1011	</div>
1012	<?php } else { ?>
1013	<div class="col-sm-12 m-0 p-2 bg-light text-center" style="position: fixed; bottom: 0; right: 0; z-index: 100; box-shadow: 0 0 8px -3px #444;">
1014	<button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
1015	- <?php if(HMWP_Classes_Tools::getOption('hmwp_plugin_name') == _HMWP_PLUGIN_FULL_NAME_) { ?>
1016	- <a href="https://wordpress.org/support/plugin/hide-my-wp/reviews/?rate=5#new-post" target="_blank" ><i class="dashicons dashicons-heart text-danger align-middle"></i> <?php echo sprintf(esc_html__('Love %s? Show us ;)', 'hide-my-wp'), HMWP_Classes_Tools::getOption('hmwp_plugin_name')); ?></a>
1017	- <?php }?>
1018	</div>
1019	<?php } ?>
1020


1005	<?php if (HMWP_Classes_Tools::getOption('test_frontend') \|\| HMWP_Classes_Tools::getOption('logout') \|\| HMWP_Classes_Tools::getOption('error') ) { ?>
1006	<div class="col-sm-12 m-0 p-2">
1007	<button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>



1008	</div>
1009	<?php } else { ?>
1010	<div class="col-sm-12 m-0 p-2 bg-light text-center" style="position: fixed; bottom: 0; right: 0; z-index: 100; box-shadow: 0 0 8px -3px #444;">
1011	<button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>



1012	</div>
1013	<?php } ?>
1014

Hide My WP Ghost – Security Plugin - Version 5.0.15

Version Description

Release Info

Code changes from version 5.0.14 to 5.0.15