Hide My WP Ghost – Security Plugin - Version 5.0.16

Version Description

(21 Oct 2022)= * Update - Add the Brute Force protection on Register Form to prevent account spam * Update - Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs * Update - Added the option to prioritize the loading of HMWP Ghost plugin for more compatibility with other plugins * Update - Compatibility with LiteSpeed servers and last version of WordPress * Update - Compatibility with Breakdance plugin * Update - Compatibility with Nicepage Builder plugin * Update - Compatibility with WP 6.0.2 * Fixed - Allow self access to hidden paths to avoid cron errors on backup/migration plugins * Fixed - Remove the get_site_icon_url hook to avoid any issue on the login page with other themes * Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled * Fixed - Fixed the ltrim of null error on PHP 8.1 for site_url() path

Download this release

Release Info

Developer johndarrel
Plugin Icon 128x128 Hide My WP Ghost – Security Plugin
Version 5.0.16
Comparing to
See all releases

Code changes from version 5.0.15 to 5.0.16

Files changed (17) hide show
  1. classes/Tools.php +113 -16
  2. controllers/Brute.php +50 -8
  3. controllers/Rewrite.php +8 -18
  4. controllers/SecurityCheck.php +2 -2
  5. controllers/Settings.php +33 -3
  6. index.php +3 -3
  7. models/Brute.php +15 -33
  8. models/Clicks.php +16 -22
  9. models/Compatibility.php +21 -10
  10. models/Rewrite.php +25 -25
  11. models/Rules.php +12 -7
  12. readme.txt +16 -3
  13. view/Advanced.php +15 -2
  14. view/Brute.php +12 -0
  15. view/Permalinks.php +22 -1
  16. view/assets/js/settings.js +8 -0
  17. view/assets/js/settings.min.js +1 -1
classes/Tools.php CHANGED
@@ -157,6 +157,7 @@ class HMWP_Classes_Tools
157
  'prevent_slow_loading' => 0,
158
  //--
159
  'hmwp_firstload' => 0, //load the plugin as Must Use Plugin
 
160
  'hmwp_laterload' => 0, //load the plugin on template redirect
161
 
162
  //--
@@ -169,6 +170,7 @@ class HMWP_Classes_Tools
169
 
170
  //-- Brute Force
171
  'hmwp_bruteforce' => 0,
 
172
  'hmwp_brute_message' => esc_html__('Your IP has been flagged for potential security violations. Please try again in a little while...', 'hide-my-wp'),
173
  'whitelist_ip' => array(),
174
  'banlist_ip' => array(),
@@ -431,7 +433,9 @@ class HMWP_Classes_Tools
431
  $options['hmwp_category_base'] = $category_base;
432
  $options['hmwp_tag_base'] = $tag_base;
433
 
434
- return $options;
 
 
435
  }
436
 
437
  /**
@@ -1369,21 +1373,45 @@ class HMWP_Classes_Tools
1369
  return search_theme_directories();
1370
  }
1371
 
1372
- /**
1373
- * Get the absolute filesystem path to the root of the WordPress installation
1374
- *
1375
- * @return string Full filesystem path to the root of the WordPress installation
1376
- */
1377
- public static function getRootPath()
1378
- {
1379
- if (defined('_HMWP_CONFIGPATH') ) {
1380
- return _HMWP_CONFIGPATH;
1381
- } elseif (self::isFlywheel() && defined('WP_CONTENT_DIR') && dirname(WP_CONTENT_DIR) ) {
1382
- return str_replace('\\', '/', dirname(WP_CONTENT_DIR)) . '/';
1383
- } else {
1384
- return ABSPATH;
1385
- }
1386
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1387
 
1388
  /**
1389
  * Get Relative path for the current blog in case of WP Multisite
@@ -1984,4 +2012,73 @@ class HMWP_Classes_Tools
1984
  return HMWP_Classes_ObjController::initFilesystem();
1985
  }
1986
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1987
  }
157
  'prevent_slow_loading' => 0,
158
  //--
159
  'hmwp_firstload' => 0, //load the plugin as Must Use Plugin
160
+ 'hmwp_priorityload' => 0, //load the plugin on plugin start
161
  'hmwp_laterload' => 0, //load the plugin on template redirect
162
 
163
  //--
170
 
171
  //-- Brute Force
172
  'hmwp_bruteforce' => 0,
173
+ 'hmwp_bruteforce_register' => 0,
174
  'hmwp_brute_message' => esc_html__('Your IP has been flagged for potential security violations. Please try again in a little while...', 'hide-my-wp'),
175
  'whitelist_ip' => array(),
176
  'banlist_ip' => array(),
433
  $options['hmwp_category_base'] = $category_base;
434
  $options['hmwp_tag_base'] = $tag_base;
435
 
436
+ if(HMW_PRIORITY) $options['hmwp_priorityload'] = 1;
437
+
438
+ return $options;
439
  }
440
 
441
  /**
1373
  return search_theme_directories();
1374
  }
1375
 
1376
+ /**
1377
+ * Get the absolute filesystem path to the root of the WordPress installation
1378
+ *
1379
+ * @return string Full filesystem path to the root of the WordPress installation
1380
+ */
1381
+ public static function getRootPath()
1382
+ {
1383
+ $root_path = ABSPATH;
1384
+
1385
+ if (defined('_HMWP_CONFIGPATH') ) {
1386
+ $root_path = _HMWP_CONFIGPATH;
1387
+ } elseif (self::isFlywheel() && defined('WP_CONTENT_DIR') && dirname(WP_CONTENT_DIR) ) {
1388
+ $root_path = str_replace('\\', '/', dirname(WP_CONTENT_DIR)) . '/';
1389
+ }
1390
+
1391
+ return apply_filters('hmwp_root_path', $root_path);
1392
+
1393
+ }
1394
+
1395
+ /**
1396
+ * Get the absolute filesystem path to the root of the WordPress installation
1397
+ *
1398
+ * @return string Full filesystem path to the root of the WordPress installation
1399
+ */
1400
+ public static function getHomeRootPath()
1401
+ {
1402
+ $home_root = '/';
1403
+ if(HMWP_Classes_Tools::isMultisites() && defined('PATH_CURRENT_SITE')){
1404
+ $path = PATH_CURRENT_SITE;
1405
+ }else {
1406
+ $path = parse_url(site_url(), PHP_URL_PATH);
1407
+ }
1408
+
1409
+ if ($path) {
1410
+ $home_root = trailingslashit($path);
1411
+ }
1412
+
1413
+ return apply_filters('hmwp_home_root', $home_root);
1414
+ }
1415
 
1416
  /**
1417
  * Get Relative path for the current blog in case of WP Multisite
2012
  return HMWP_Classes_ObjController::initFilesystem();
2013
  }
2014
 
2015
+ /**
2016
+ * Check if there are whitelisted IPs for accessing the hidden paths
2017
+ * @return bool
2018
+ */
2019
+ public static function isWhitelistedIP($ip){
2020
+ $wl_items = array();
2021
+
2022
+ //jetpack whitelist
2023
+ $wl_jetpack = array(
2024
+ '127.0.0.1',
2025
+ '122.248.245.244/32',
2026
+ '54.217.201.243/32',
2027
+ '54.232.116.4/32',
2028
+ '185.64.140.0/22',
2029
+ '76.74.255.0/22',
2030
+ '192.0.64.0/18',
2031
+ '192.0.65.0/22',
2032
+ '192.0.80.0/22',
2033
+ '192.0.96.0/22',
2034
+ '192.0.112.0/20',
2035
+ '192.0.123.0/22',
2036
+ '195.234.108.0/22',
2037
+ );
2038
+
2039
+ if (HMWP_Classes_Tools::getOption('whitelist_ip')) {
2040
+ $wl_items = json_decode(HMWP_Classes_Tools::getOption('whitelist_ip'), true);
2041
+ }
2042
+
2043
+ $wl_items = array_merge($wl_jetpack, $wl_items);
2044
+
2045
+ foreach ($wl_items as $item) {
2046
+ $item = trim($item);
2047
+
2048
+ if ($ip == $item) {
2049
+ return true;
2050
+ }
2051
+
2052
+ if (strpos($item, '*') === false && strpos($item, '/') === false) { //no match, no wildcard
2053
+ continue;
2054
+ }
2055
+
2056
+ if(strpos($ip,'.') !== false) {
2057
+
2058
+ if(strpos($item,'/') !== false) {
2059
+ list( $range, $bits ) = explode( '/', $item, 2 );
2060
+ $subnet = ip2long( $range );
2061
+ $iplong = ip2long( $ip );
2062
+ $mask = -1 << (32 - $bits);
2063
+ $subnet &= $mask;
2064
+
2065
+ if ( ($iplong & $mask) == $subnet ){
2066
+ return true;
2067
+ }
2068
+
2069
+ }
2070
+
2071
+ $iplong = ip2long($ip);
2072
+ $ip_low = ip2long(str_replace('*', '0', $item));
2073
+ $ip_high = ip2long(str_replace('*', '255', $item));
2074
+
2075
+ if ($iplong >= $ip_low && $iplong <= $ip_high) {//IP is within wildcard range
2076
+ return true;
2077
+ }
2078
+ }
2079
+
2080
+ }
2081
+
2082
+ return false;
2083
+ }
2084
  }
controllers/Brute.php CHANGED
@@ -20,17 +20,30 @@ class HMWP_Controllers_Brute extends HMWP_Classes_FrontController
20
  add_filter('authenticate', array($this, 'hmwp_check_preauth'), 99, 1);
21
  add_action('admin_init', array($this, 'hmwp_update_trusted_headers'), 99);
22
 
 
 
 
 
23
  if (HMWP_Classes_Tools::getOption('brute_use_math')) {
24
  add_action('wp_login_failed', array($this, 'hmwp_failed_attempt'), 99);
25
  add_action('login_form', array($this->model, 'brute_math_form'), 99);
 
 
 
26
  }elseif (HMWP_Classes_Tools::getOption('brute_use_captcha')) {
27
  add_action('wp_login_failed', array($this, 'hmwp_failed_attempt'), 99);
28
  add_action('login_head', array($this->model, 'brute_recaptcha_head'), 99);
29
  add_action('login_form', array($this->model, 'brute_recaptcha_form'), 99);
 
 
 
30
  }elseif (HMWP_Classes_Tools::getOption('brute_use_captcha_v3')) {
31
  add_action('wp_login_failed', array($this, 'hmwp_failed_attempt'), 99);
32
  add_action('login_head', array($this->model, 'brute_recaptcha_head_v3'), 99);
33
  add_action('login_form', array($this->model, 'brute_recaptcha_form_v3'), 99);
 
 
 
34
  }
35
 
36
  }
@@ -74,19 +87,16 @@ class HMWP_Controllers_Brute extends HMWP_Classes_FrontController
74
 
75
  case 'hmwp_brutesettings':
76
  HMWP_Classes_Tools::saveOptions('hmwp_bruteforce', HMWP_Classes_Tools::getValue('hmwp_bruteforce'));
 
77
 
78
  //whitelist_ip
79
  $whitelist = HMWP_Classes_Tools::getValue('whitelist_ip', '', true);
80
  $ips = explode(PHP_EOL, $whitelist);
81
- foreach ($ips as &$ip) {
82
- $ip = $this->model->clean_ip($ip);
 
 
83
 
84
- // If the IP is in a private or reserved range, keep looking
85
- if ($ip == '127.0.0.1' || $ip == '::1') {
86
- HMWP_Classes_Error::setError(esc_html__("Add only real IPs. No local ips needed.", 'hide-my-wp'));
87
- }
88
- }
89
- if (!empty($ips)) {
90
  $ips = array_unique($ips);
91
  HMWP_Classes_Tools::saveOptions('whitelist_ip', json_encode($ips));
92
  }
@@ -216,6 +226,33 @@ class HMWP_Controllers_Brute extends HMWP_Classes_FrontController
216
  return $data;
217
  }
218
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
219
 
220
  /**
221
  * Checks for loginability BEFORE authentication so that bots don't get to go around the login form.
@@ -246,6 +283,11 @@ class HMWP_Controllers_Brute extends HMWP_Classes_FrontController
246
  return $user;
247
  }
248
 
 
 
 
 
 
249
  if (is_wp_error($user)) {
250
  if (method_exists($user, 'get_error_codes')) {
251
  $errors = $user->get_error_codes();
20
  add_filter('authenticate', array($this, 'hmwp_check_preauth'), 99, 1);
21
  add_action('admin_init', array($this, 'hmwp_update_trusted_headers'), 99);
22
 
23
+ if(HMWP_Classes_Tools::getOption('hmwp_bruteforce_register')) {
24
+ add_filter('registration_errors', array($this, 'hmwp_check_registration'), 99, 3);
25
+ }
26
+
27
  if (HMWP_Classes_Tools::getOption('brute_use_math')) {
28
  add_action('wp_login_failed', array($this, 'hmwp_failed_attempt'), 99);
29
  add_action('login_form', array($this->model, 'brute_math_form'), 99);
30
+ if(HMWP_Classes_Tools::getOption('hmwp_bruteforce_register')) {
31
+ add_action('register_form', array($this->model, 'brute_math_form'), 99);
32
+ }
33
  }elseif (HMWP_Classes_Tools::getOption('brute_use_captcha')) {
34
  add_action('wp_login_failed', array($this, 'hmwp_failed_attempt'), 99);
35
  add_action('login_head', array($this->model, 'brute_recaptcha_head'), 99);
36
  add_action('login_form', array($this->model, 'brute_recaptcha_form'), 99);
37
+ if(HMWP_Classes_Tools::getOption('hmwp_bruteforce_register')) {
38
+ add_action('register_form', array($this->model, 'brute_recaptcha_form'), 99);
39
+ }
40
  }elseif (HMWP_Classes_Tools::getOption('brute_use_captcha_v3')) {
41
  add_action('wp_login_failed', array($this, 'hmwp_failed_attempt'), 99);
42
  add_action('login_head', array($this->model, 'brute_recaptcha_head_v3'), 99);
43
  add_action('login_form', array($this->model, 'brute_recaptcha_form_v3'), 99);
44
+ if(HMWP_Classes_Tools::getOption('hmwp_bruteforce_register')) {
45
+ add_action('register_form', array($this->model, 'brute_recaptcha_form_v3'), 99);
46
+ }
47
  }
48
 
49
  }
87
 
88
  case 'hmwp_brutesettings':
89
  HMWP_Classes_Tools::saveOptions('hmwp_bruteforce', HMWP_Classes_Tools::getValue('hmwp_bruteforce'));
90
+ HMWP_Classes_Tools::saveOptions('hmwp_bruteforce_register', HMWP_Classes_Tools::getValue('hmwp_bruteforce_register'));
91
 
92
  //whitelist_ip
93
  $whitelist = HMWP_Classes_Tools::getValue('whitelist_ip', '', true);
94
  $ips = explode(PHP_EOL, $whitelist);
95
+ if (!empty($ips)) {
96
+ foreach ($ips as &$ip) {
97
+ $ip = $this->model->clean_ip($ip);
98
+ }
99
 
 
 
 
 
 
 
100
  $ips = array_unique($ips);
101
  HMWP_Classes_Tools::saveOptions('whitelist_ip', json_encode($ips));
102
  }
226
  return $data;
227
  }
228
 
229
+ /**
230
+ * Checks the form BEFORE register so that bots don't get to go around the register form.
231
+ * @param $errors
232
+ * @param $sanitizedLogin
233
+ * @param $userEmail
234
+ * @return mixed
235
+ */
236
+ function hmwp_check_registration($errors, $sanitizedLogin, $userEmail){
237
+
238
+ $response = $this->model->brute_check_loginability();
239
+
240
+ if (HMWP_Classes_Tools::getOption('brute_use_math')) {
241
+
242
+ $errors = $this->model->brute_math_authenticate($errors, $response);
243
+
244
+ } elseif (HMWP_Classes_Tools::getOption('brute_use_captcha') || HMWP_Classes_Tools::getOption('brute_use_captcha_v3')) {
245
+
246
+ $errors = $this->model->brute_catpcha_authenticate($errors, $response);
247
+
248
+ }
249
+
250
+ if (!is_wp_error($errors)) {
251
+ $this->model->brute_call('clear_ip');
252
+ }
253
+
254
+ return $errors;
255
+ }
256
 
257
  /**
258
  * Checks for loginability BEFORE authentication so that bots don't get to go around the login form.
283
  return $user;
284
  }
285
 
286
+ //If this is a whitelist IP
287
+ if ($this->model->check_whitelisted_ip($this->model->brute_get_ip())) {
288
+ return $user;
289
+ }
290
+
291
  if (is_wp_error($user)) {
292
  if (method_exists($user, 'get_error_codes')) {
293
  $errors = $user->get_error_codes();
controllers/Rewrite.php CHANGED
@@ -143,7 +143,7 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
143
  if(!is_admin() && !is_network_admin()) {
144
 
145
  //Check if buffer priority
146
- if(apply_filters('hmwp_priority_buffer', HMW_PRIORITY)) {
147
  //Starte the buffer
148
  $this->model->startBuffer();
149
  }
@@ -212,7 +212,7 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
212
 
213
 
214
  //Hide the rest_api
215
- if (HMWP_Classes_Tools::getOption('hmwp_hide_rest_api') ) {
216
  $this->model->hideRestApi();
217
  }
218
 
@@ -238,16 +238,6 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
238
  $this->model->disableEmojicons();
239
  }
240
 
241
- //Disable the rest_api
242
- if (HMWP_Classes_Tools::getOption('hmwp_disable_rest_api') ) {
243
- //Compatibility with wp-contact form 7
244
- if (!HMWP_Classes_Tools::isPluginActive('contact-form-7/wp-contact-form-7.php') ) {
245
- if (function_exists('is_user_logged_in') && !is_user_logged_in() ) {
246
- $this->model->disableRestApi();
247
- }
248
- }
249
- }
250
-
251
  //Disable xml-rpc ony if not Apache server
252
  //for apache server add the .htaccess rules
253
  if (HMWP_Classes_Tools::getOption('hmwp_disable_xmlrpc') && !HMWP_Classes_Tools::isApache() ) {
@@ -420,12 +410,12 @@ class HMWP_Controllers_Rewrite extends HMWP_Classes_FrontController
420
  public function hookInit()
421
  {
422
 
423
- //If the user changes the Permalink to default ... prevent errors
424
- if (HMWP_Classes_Tools::userCan('hmwp_manage_settings') && HMWP_Classes_Tools::getValue('settings-updated') ) {
425
- if (HMWP_Classes_Tools::$default['hmwp_admin_url'] <> HMWP_Classes_Tools::getOption('hmwp_admin_url') ) {
426
- $this->model->flushChanges();
427
- }
428
- }
429
 
430
  //Show the menu for admins only
431
  HMWP_Classes_ObjController::getClass('HMWP_Controllers_Menu')->hookInit();
143
  if(!is_admin() && !is_network_admin()) {
144
 
145
  //Check if buffer priority
146
+ if(apply_filters('hmwp_priority_buffer', HMWP_Classes_Tools::getOption('hmwp_priorityload'))) {
147
  //Starte the buffer
148
  $this->model->startBuffer();
149
  }
212
 
213
 
214
  //Hide the rest_api
215
+ if (HMWP_Classes_Tools::getOption('hmwp_hide_rest_api') || HMWP_Classes_Tools::getOption('hmwp_disable_rest_api') ) {
216
  $this->model->hideRestApi();
217
  }
218
 
238
  $this->model->disableEmojicons();
239
  }
240
 
 
 
 
 
 
 
 
 
 
 
241
  //Disable xml-rpc ony if not Apache server
242
  //for apache server add the .htaccess rules
243
  if (HMWP_Classes_Tools::getOption('hmwp_disable_xmlrpc') && !HMWP_Classes_Tools::isApache() ) {
410
  public function hookInit()
411
  {
412
 
413
+ //If the user changes the Permalink to default ... prevent errors
414
+ if (HMWP_Classes_Tools::userCan('hmwp_manage_settings') && HMWP_Classes_Tools::getValue('settings-updated') ) {
415
+ if ('default' <> HMWP_Classes_Tools::getOption('hmwp_mode') ) {
416
+ $this->model->flushChanges();
417
+ }
418
+ }
419
 
420
  //Show the menu for admins only
421
  HMWP_Classes_ObjController::getClass('HMWP_Controllers_Menu')->hookInit();
controllers/SecurityCheck.php CHANGED
@@ -590,7 +590,7 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
590
  }
591
  //set hmwp_brokenfiles to false to not load the broken paths with WordPress rules
592
  $url = site_url() . '/' . $pluginsPath . '/' . $hmwpPath . '/view/assets/img/logo.png?hmwp_brokenfiles=0&test=' . mt_rand(11111,99999);
593
- $response = HMWP_Classes_Tools::hmwp_localcall($url, array('cookies' => false));
594
 
595
  if (!is_wp_error($response) ) {
596
 
@@ -598,7 +598,7 @@ class HMWP_Controllers_SecurityCheck extends HMWP_Classes_FrontController
598
 
599
  if (HMWP_Classes_Tools::$default['hmwp_wp-json'] <> HMWP_Classes_Tools::getOption('hmwp_wp-json') ) {
600
  $url = site_url() . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-json') ;
601
- $response = HMWP_Classes_Tools::hmwp_localcall($url, array('cookies' => false));
602
 
603
  if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) <> 200) {
604
  echo json_encode(
590
  }
591
  //set hmwp_brokenfiles to false to not load the broken paths with WordPress rules
592
  $url = site_url() . '/' . $pluginsPath . '/' . $hmwpPath . '/view/assets/img/logo.png?hmwp_brokenfiles=0&test=' . mt_rand(11111,99999);
593
+ $response = HMWP_Classes_Tools::hmwp_localcall($url, array('cookies' => false, 'redirection' => 0));
594
 
595
  if (!is_wp_error($response) ) {
596
 
598
 
599
  if (HMWP_Classes_Tools::$default['hmwp_wp-json'] <> HMWP_Classes_Tools::getOption('hmwp_wp-json') ) {
600
  $url = site_url() . '/' . HMWP_Classes_Tools::getOption('hmwp_wp-json') ;
601
+ $response = HMWP_Classes_Tools::hmwp_localcall($url, array('cookies' => false, 'redirection' => 0));
602
 
603
  if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) <> 200) {
604
  echo json_encode(
controllers/Settings.php CHANGED
@@ -288,6 +288,25 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
288
  $this->model->savePermalinks($_POST);
289
  }
290
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
291
  //If no change is made on settings, just return
292
  if(!$this->model->checkOptionsChange()) {
293
  return;
@@ -338,14 +357,15 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
338
  $cookies = HMWP_Classes_ObjController::newInstance('HMWP_Models_Cookies');
339
 
340
  if (HMWP_Classes_Tools::isNginx() || $cookies->setCookiesCurrentPath() ) {
341
- //whait for the server
342
- sleep(3);
343
 
344
  //set logout to false
345
  HMWP_Classes_Tools::saveOptions('logout', false);
346
  //activate frontend test
347
  HMWP_Classes_Tools::saveOptions('test_frontend', true);
348
 
 
 
 
349
  remove_all_filters('wp_redirect');
350
  remove_all_filters('admin_url');
351
  wp_redirect(HMWP_Classes_Tools::getSettingsUrl(HMWP_Classes_Tools::getValue('page')));
@@ -386,6 +406,9 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
386
  HMWP_Classes_Error::setError(esc_html__('Saved'), 'success');
387
  }
388
 
 
 
 
389
  break;
390
  case 'hmwp_mappsettings':
391
  //Save Mapping for classes and ids
@@ -511,6 +534,10 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
511
  }
512
 
513
  }
 
 
 
 
514
  break;
515
  case 'hmwp_advsettings':
516
 
@@ -542,6 +569,10 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
542
  }
543
 
544
  }
 
 
 
 
545
  break;
546
  case 'hmwp_savecachepath':
547
 
@@ -569,7 +600,6 @@ class HMWP_Controllers_Settings extends HMWP_Classes_FrontController
569
  HMWP_Classes_Tools::saveOptions('hmwp_change_in_cache_directory', '');
570
  }
571
 
572
-
573
  //If Ajax call, return saved
574
  if (HMWP_Classes_Tools::isAjax()) {
575
  HMWP_Classes_Tools::setHeader('json');
288
  $this->model->savePermalinks($_POST);
289
  }
290
 
291
+ //whitelist_ip
292
+ /////////////////////////////////////////////
293
+ $whitelist = HMWP_Classes_Tools::getValue('whitelist_ip', '', true);
294
+ $ips = explode(PHP_EOL, $whitelist);
295
+
296
+ if (!empty($ips)) {
297
+ foreach ($ips as &$ip) {
298
+ $ip = trim($ip);
299
+
300
+ // Check for IPv4 IP cast as IPv6
301
+ if (preg_match('/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches)) {
302
+ $ip = $matches[1];
303
+ }
304
+ }
305
+
306
+ $ips = array_unique($ips);
307
+ HMWP_Classes_Tools::saveOptions('whitelist_ip', json_encode($ips));
308
+ }
309
+
310
  //If no change is made on settings, just return
311
  if(!$this->model->checkOptionsChange()) {
312
  return;
357
  $cookies = HMWP_Classes_ObjController::newInstance('HMWP_Models_Cookies');
358
 
359
  if (HMWP_Classes_Tools::isNginx() || $cookies->setCookiesCurrentPath() ) {
 
 
360
 
361
  //set logout to false
362
  HMWP_Classes_Tools::saveOptions('logout', false);
363
  //activate frontend test
364
  HMWP_Classes_Tools::saveOptions('test_frontend', true);
365
 
366
+ //add action for later use
367
+ do_action('hmwp_settings_saved');
368
+
369
  remove_all_filters('wp_redirect');
370
  remove_all_filters('admin_url');
371
  wp_redirect(HMWP_Classes_Tools::getSettingsUrl(HMWP_Classes_Tools::getValue('page')));
406
  HMWP_Classes_Error::setError(esc_html__('Saved'), 'success');
407
  }
408
 
409
+ //add action for later use
410
+ do_action('hmwp_tweakssettings_saved');
411
+
412
  break;
413
  case 'hmwp_mappsettings':
414
  //Save Mapping for classes and ids
534
  }
535
 
536
  }
537
+
538
+ //add action for later use
539
+ do_action('hmwp_mappsettings_saved');
540
+
541
  break;
542
  case 'hmwp_advsettings':
543
 
569
  }
570
 
571
  }
572
+
573
+ //add action for later use
574
+ do_action('hmwp_advsettings_saved');
575
+
576
  break;
577
  case 'hmwp_savecachepath':
578
 
600
  HMWP_Classes_Tools::saveOptions('hmwp_change_in_cache_directory', '');
601
  }
602
 
 
603
  //If Ajax call, return saved
604
  if (HMWP_Classes_Tools::isAjax()) {
605
  HMWP_Classes_Tools::setHeader('json');
index.php CHANGED
@@ -6,7 +6,7 @@
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9
- Version: 5.0.15
10
  Author: WPPlugins - WordPress Security Plugins
11
  Author URI: https://hidemywp.com
12
  License: GPLv2 or later
@@ -22,10 +22,10 @@
22
  if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
 
24
  //Set current plugin version
25
- define( 'HMWP_VERSION', '5.0.15' );
26
 
27
  //Set the last stable version of the plugin
28
- define( 'HMWP_STABLE_VERSION', '5.0.13' );
29
 
30
  //Set the plugin basename
31
  define( 'HMWP_BASENAME', plugin_basename(__FILE__) );
6
  Plugin Name: Hide My WP Ghost Lite
7
  Plugin URI: https://wordpress.org/plugins/hide-my-wp/
8
  Description: Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC, API, etc. Add 7G Firewall Security, Brute Force protection & more.
9
+ Version: 5.0.16
10
  Author: WPPlugins - WordPress Security Plugins
11
  Author URI: https://hidemywp.com
12
  License: GPLv2 or later
22
  if ( defined( 'ABSPATH' ) && !defined( 'HMW_VERSION' ) ) {
23
 
24
  //Set current plugin version
25
+ define( 'HMWP_VERSION', '5.0.16' );
26
 
27
  //Set the last stable version of the plugin
28
+ define( 'HMWP_STABLE_VERSION', '5.0.15' );
29
 
30
  //Set the plugin basename
31
  define( 'HMWP_BASENAME', plugin_basename(__FILE__) );
models/Brute.php CHANGED
@@ -137,6 +137,7 @@ class HMWP_Models_Brute
137
 
138
  $transient_name = 'hmwp_brute_' . $header_hash;
139
  $transient_value = $this->get_transient($transient_name);
 
140
  //Never block login from whitelisted IPs
141
  if ($this->check_whitelisted_ip($ip)) {
142
  $transient_value['status'] = 'whitelist';
@@ -173,35 +174,11 @@ class HMWP_Models_Brute
173
  */
174
  public function check_whitelisted_ip($ip)
175
  {
176
- //Never block login from whitelisted IPs
177
- $whitelist = HMWP_Classes_Tools::getOption('whitelist_ip');
178
-
179
- if($whitelist <> '' && is_string($whitelist)) {
180
- $wl_items = @json_decode($whitelist, true);
181
-
182
- if (!empty($wl_items)) {
183
- foreach ($wl_items as $item) {
184
- $item = trim($item);
185
- if ($ip == $item) {
186
- return true;
187
- }
188
-
189
- if (strpos($item, '*') === false) { //no match, no wildcard
190
- continue;
191
- }
192
-
193
- $iplong = ip2long($ip);
194
- $ip_low = ip2long(str_replace('*', '0', $item));
195
- $ip_high = ip2long(str_replace('*', '255', $item));
196
-
197
- if ($iplong >= $ip_low && $iplong <= $ip_high) {//IP is within wildcard range
198
- return true;
199
- }
200
 
201
- }
202
- }
203
- }
204
- return false;
205
  }
206
 
207
  /**
@@ -736,6 +713,7 @@ class HMWP_Models_Brute
736
  ?>
737
  <script>
738
  function reCaptchaSubmit(e) {
 
739
  e.preventDefault();
740
  grecaptcha.ready(function() {
741
  grecaptcha.execute('<?php echo HMWP_Classes_Tools::getOption('brute_captcha_site_key_v3') ?>', {action: 'submit'}).then(function(token) {
@@ -743,14 +721,18 @@ class HMWP_Models_Brute
743
  input.type = "hidden";
744
  input.name = "g-recaptcha-response" ;
745
  input.value = token ;
746
- document.getElementById("loginform").appendChild(input);
747
-
748
- document.getElementById("loginform").submit();
749
-
750
  });
751
  });
752
  }
753
- document.getElementById("loginform").addEventListener("submit", reCaptchaSubmit);
 
 
 
 
 
 
754
  </script>
755
  <?php
756
  }
137
 
138
  $transient_name = 'hmwp_brute_' . $header_hash;
139
  $transient_value = $this->get_transient($transient_name);
140
+
141
  //Never block login from whitelisted IPs
142
  if ($this->check_whitelisted_ip($ip)) {
143
  $transient_value['status'] = 'whitelist';
174
  */
175
  public function check_whitelisted_ip($ip)
176
  {
177
+ if(HMWP_Classes_Tools::isWhitelistedIP($ip)){
178
+ return true;
179
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
180
 
181
+ return false;
 
 
 
182
  }
183
 
184
  /**
713
  ?>
714
  <script>
715
  function reCaptchaSubmit(e) {
716
+ var form = this;
717
  e.preventDefault();
718
  grecaptcha.ready(function() {
719
  grecaptcha.execute('<?php echo HMWP_Classes_Tools::getOption('brute_captcha_site_key_v3') ?>', {action: 'submit'}).then(function(token) {
721
  input.type = "hidden";
722
  input.name = "g-recaptcha-response" ;
723
  input.value = token ;
724
+ form.appendChild(input);
725
+ form.submit();
 
 
726
  });
727
  });
728
  }
729
+
730
+ if(document.getElementsByTagName("form").length > 0) {
731
+ var x = document.getElementsByTagName("form");
732
+ for (var i = 0; i < x.length; i++) {
733
+ x[i].addEventListener("submit", reCaptchaSubmit);
734
+ }
735
+ }
736
  </script>
737
  <?php
738
  }
models/Clicks.php CHANGED
@@ -40,28 +40,22 @@ class HMWP_Models_Clicks
40
  $hmwp_disable_source_message = ((HMWP_Classes_Tools::getOption('hmwp_disable_source_message') <> '') ? str_replace("'", "`", HMWP_Classes_Tools::getOption('hmwp_disable_source_message')) : '');
41
  ?>
42
  <script type="text/javascript">
43
- //<![CDATA[
44
- if (window.jQuery) { (function ($) { "use strict";
45
- $.disable_show_error = function (message) { var $div = $('#disable_msg'); if (!$div.is(':visible')) { $div.html(message); $div.fadeIn('10'); setTimeout(function () { $div.fadeOut('10'); }, 1000); } };
46
- $.disable_event_listener = function (element, eventNames, message) { var events = eventNames.split(' '); for (var i = 0, iLen = events.length; i < iLen; i++) { element.addEventListener(events[i], function (e) { e.preventDefault(); if (message !== '') $.disable_show_error(message); }); } };
47
- $.disable_return_false = function () { return false; };
48
- <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_inspect')) { ?>$(document).on("contextmenu", function (event) { event = (event || window.event); if (event.keyCode === 123) { <?php if($hmwp_disable_inspect_message <> '') { ?> $.disable_show_error('<?php echo esc_attr($hmwp_disable_inspect_message) ?>'); <?php
49
- } ?> return false; } });<?php
50
- } ?>
51
- <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_inspect') || HMWP_Classes_Tools::getOption('hmwp_disable_source')) { ?>$(document).on("keydown", function (event) { event = (event || window.event); <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_inspect')) { ?> if (event.keyCode === 123 || event.ctrlKey && event.shiftKey && event.keyCode === 67 || event.ctrlKey && event.shiftKey && event.keyCode === 73 || event.ctrlKey && event.shiftKey && event.keyCode === 75) { <?php if($hmwp_disable_inspect_message <> '') { ?> $.disable_show_error('<?php echo esc_attr($hmwp_disable_inspect_message) ?>'); <?php
52
- } ?> return false; } <?php
53
- } ?> <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_source')) { ?> if (event.ctrlKey && event.keyCode === 85) { <?php if($hmwp_disable_source_message <> '') { ?> $.disable_show_error('<?php echo esc_attr($hmwp_disable_source_message) ?>'); <?php
54
- } ?> return false; } <?php
55
- } ?> });<?php
56
- } ?>
57
- <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_click')) { ?>$(document).on("contextmenu", function (event) { return false; }); $.disable_event_listener(document, 'contextmenu', '<?php echo esc_attr($hmwp_disable_click_message) ?>');<?php
58
- } ?>
59
- <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_copy_paste')) { ?>$.disable_event_listener(document, 'cut copy paste print', '<?php echo esc_attr($hmwp_disable_copy_paste_message) ?>');<?php
60
- } ?>
61
- <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_drag_drop')) { ?>document.ondragstart = $.disable_return_false(); $.disable_event_listener(document, 'drag drop', '<?php echo esc_attr($hmwp_disable_drag_drop_message) ?>'); <?php
62
- } ?>
63
- })(window.jQuery); }
64
- //]]>
65
  </script>
66
  <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_copy_paste')) { ?><style>body * :not(input):not(textarea){user-select:none !important; -webkit-touch-callout: none !important; -webkit-user-select: none !important; -moz-user-select:none !important; -khtml-user-select:none !important; -ms-user-select: none !important;}</style><?php
67
  } ?>
40
  $hmwp_disable_source_message = ((HMWP_Classes_Tools::getOption('hmwp_disable_source_message') <> '') ? str_replace("'", "`", HMWP_Classes_Tools::getOption('hmwp_disable_source_message')) : '');
41
  ?>
42
  <script type="text/javascript">
43
+ //<![CDATA[
44
+ if (window.jQuery) { (function ($) { "use strict";
45
+ $.hmwp_is_devtool = function () { const widthth= window.outerWidth - window.innerWidth > 160; const heightth = window.outerHeight - window.innerHeight > 160; if(navigator.userAgent.match(/iPhone/i)) return false; if ( !(heightth && widthth) && ((window.Firebug && window.Firebug.chrome && window.Firebug.chrome.isInitialized) || widthth || heightth) ) { $(document).trigger('hmwp_is_devtool'); return true; } return false; };
46
+ var $hmtpcheck = setInterval(function(){$.hmwp_is_devtool();},500);
47
+ $.disable_open_404 = function () { $(document).find('html').remove(); };
48
+ $.disable_show_error = function (message) { var $div = $('#disable_msg'); if (!$div.is(':visible')) { $div.html(message); $div.fadeIn('10'); setTimeout(function () { $div.fadeOut('10'); }, 1000); } };
49
+ $.disable_event_listener = function (element, eventNames, message) { var events = eventNames.split(' '); for (var i = 0, iLen = events.length; i < iLen; i++) { element.addEventListener(events[i], function (e) { e.preventDefault(); if (message !== '') $.disable_show_error(message); }); } };
50
+ $.disable_return_false = function () { return false; };
51
+ <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_inspect')) { ?>if($.hmwpisdevtool){ clearInterval($hmtpcheck); $.disable_open_404(); } $(document).on("hmwp_is_devtool", function (event) { clearInterval($hmtpcheck); $.disable_open_404(); }); $(document).on("contextmenu", function (event) { event = (event || window.event); if (event.keyCode === 123) { <?php if($hmwp_disable_inspect_message <> '') { ?> $.disable_show_error('<?php echo esc_attr($hmwp_disable_inspect_message) ?>'); <?php } ?> return false; }});<?php } ?>
52
+ <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_inspect') || HMWP_Classes_Tools::getOption('hmwp_disable_source')) { ?>$(document).on("keydown", function (event) { event = (event || window.event); <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_inspect')) { ?> if (event.keyCode === 123 || event.ctrlKey && event.shiftKey && event.keyCode === 67 || event.ctrlKey && event.shiftKey && event.keyCode === 73 || event.ctrlKey && event.shiftKey && event.keyCode === 75 || event.ctrlKey && event.shiftKey && event.keyCode === 74 || (event.keyCode === 83 && (navigator.platform.toUpperCase().indexOf('MAC') ? event.metaKey : event.ctrlKey))) { <?php if($hmwp_disable_inspect_message <> '') { ?> $.disable_show_error('<?php echo esc_attr($hmwp_disable_inspect_message) ?>'); <?php } ?> return false; } <?php } ?>
53
+ <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_source')) { ?> if (event.ctrlKey && event.keyCode === 85) { <?php if($hmwp_disable_source_message <> '') { ?> $.disable_show_error('<?php echo esc_attr($hmwp_disable_source_message) ?>'); <?php } ?> return false; } <?php } ?> });<?php } ?>
54
+ <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_click')) { ?>$(document).on("contextmenu", function (event) { return false; }); $.disable_event_listener(document, 'contextmenu', '<?php echo esc_attr($hmwp_disable_click_message) ?>');<?php } ?>
55
+ <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_copy_paste')) { ?>$.disable_event_listener(document, 'cut copy paste print', '<?php echo esc_attr($hmwp_disable_copy_paste_message) ?>');<?php } ?>
56
+ <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_drag_drop')) { ?>$('img').attr('draggable', false); document.ondragstart = $.disable_return_false(); $.disable_event_listener(document, 'drag drop', '<?php echo esc_attr($hmwp_disable_drag_drop_message) ?>'); <?php } ?>
57
+ })(window.jQuery); }
58
+ //]]>
 
 
 
 
 
 
59
  </script>
60
  <?php if(HMWP_Classes_Tools::getOption('hmwp_disable_copy_paste')) { ?><style>body * :not(input):not(textarea){user-select:none !important; -webkit-touch-callout: none !important; -webkit-user-select: none !important; -moz-user-select:none !important; -khtml-user-select:none !important; -ms-user-select: none !important;}</style><?php
61
  } ?>
models/Compatibility.php CHANGED
@@ -63,14 +63,25 @@ class HMWP_Models_Compatibility
63
 
64
  add_action('wp_initialize_site', function($site_id){
65
  HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
66
- }, 11, 1);
67
 
68
- add_action('create_term', function($tem_id){
69
- HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
70
- }, 11, 1);
 
 
71
 
72
  }
73
 
 
 
 
 
 
 
 
 
 
74
  //Compatibility with Breakdance plugin
75
  if (HMWP_Classes_Tools::isAjax() ) {
76
  if (HMWP_Classes_Tools::getValue('action') == 'query-attachments' ||
@@ -665,15 +676,15 @@ class HMWP_Models_Compatibility
665
  * @return void
666
  */
667
  public function checkWhitelistIPs(){
668
- if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] <> '' ) {
669
- $ips = array();
670
- if (HMWP_Classes_Tools::getOption('whitelist_ip')) {
671
- $ips = json_decode(HMWP_Classes_Tools::getOption('whitelist_ip'), true);
672
- }
673
 
674
- if(!empty($ips) && in_array($_SERVER['REMOTE_ADDR'], $ips)){
 
 
 
 
675
  add_filter('hmwp_process_hide_urls', '__return_false');
676
  }
 
677
  }
678
  }
679
 
63
 
64
  add_action('wp_initialize_site', function($site_id){
65
  HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
66
+ }, PHP_INT_MAX, 1);
67
 
68
+ add_action('create_term', function($term_id){
69
+ add_action('admin_footer', function(){
70
+ HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
71
+ });
72
+ }, PHP_INT_MAX, 1);
73
 
74
  }
75
 
76
+ //wait for the cache on litespeed servers and flush the changes
77
+ add_action('hmwp_settings_saved', function(){
78
+ sleep(5); //wait 5 sec to clear the cache
79
+
80
+ add_action('admin_footer', function(){
81
+ HMWP_Classes_ObjController::getClass('HMWP_Models_Rewrite')->flushChanges();
82
+ });
83
+ });
84
+
85
  //Compatibility with Breakdance plugin
86
  if (HMWP_Classes_Tools::isAjax() ) {
87
  if (HMWP_Classes_Tools::getValue('action') == 'query-attachments' ||
676
  * @return void
677
  */
678
  public function checkWhitelistIPs(){
 
 
 
 
 
679
 
680
+ if (isset($_SERVER['REMOTE_ADDR']) && strpos($_SERVER['REMOTE_ADDR'], '.') !== false ) {
681
+
682
+ $ip = $_SERVER['REMOTE_ADDR'];
683
+
684
+ if(HMWP_Classes_Tools::isWhitelistedIP($ip)){
685
  add_filter('hmwp_process_hide_urls', '__return_false');
686
  }
687
+
688
  }
689
  }
690
 
models/Rewrite.php CHANGED
@@ -183,7 +183,7 @@ class HMWP_Models_Rewrite
183
  global $wpdb;
184
  $this->paths = array();
185
 
186
- $blogs = $wpdb->get_results( "SELECT path FROM " . $wpdb->blogs . " where blog_id > 1" );
187
  foreach ( $blogs as $blog ) {
188
  $this->paths[] = HMWP_Classes_Tools::getRelativePath($blog->path);
189
  }
@@ -727,21 +727,11 @@ class HMWP_Models_Rewrite
727
  public function flushRewrites()
728
  {
729
  $rewritecode = '';
730
- $home_root = '/';
731
  $config_file = HMWP_Classes_ObjController::getClass('HMWP_Models_Rules')->getConfFile();
732
 
733
  $form = '<a href="'.add_query_arg(array('hmwp_nonce' => wp_create_nonce('hmwp_manualrewrite'), 'action' => 'hmwp_manualrewrite')) .'" class="btn rounded-0 btn-success save" />' . esc_html__("Okay, I set it up", 'hide-my-wp') . '</a>';
734
 
735
- if(HMWP_Classes_Tools::isMultisites() && defined('PATH_CURRENT_SITE')){
736
- $path = PATH_CURRENT_SITE;
737
- }else {
738
- $path = parse_url(site_url(), PHP_URL_PATH);
739
- }
740
-
741
- if ($path ) {
742
- $home_root = trailingslashit($path);
743
- }
744
-
745
  //If Windows Server
746
  if (HMWP_Classes_Tools::isIIS() ) {
747
  $this->deleteIISRules($config_file);
@@ -1968,19 +1958,29 @@ class HMWP_Models_Rewrite
1968
  }
1969
  }
1970
 
1971
- /////////////////////////////////////////////////////
1972
- //hide the /xmlrpc.php path when switched on
1973
- if (HMWP_Classes_Tools::getOption('hmwp_disable_xmlrpc')) {
1974
- $paths = array(
1975
- home_url('xmlrpc.php', 'relative'),
1976
- home_url('wp-trackback.php', 'relative'),
1977
- site_url('xmlrpc.php', 'relative'),
1978
- site_url('wp-trackback.php', 'relative'),
1979
- );
1980
- if ($this->searchInString($url, $paths)) {
1981
- $this->getNotFound($url);
1982
- }
1983
- }
 
 
 
 
 
 
 
 
 
 
1984
 
1985
  /////////////////////////////////////////////////////
1986
  //Hide the common php file in case of other servers
183
  global $wpdb;
184
  $this->paths = array();
185
 
186
+ $blogs = get_sites( array( 'number' => 10000, 'public' => 1, 'deleted' => 0, ) );
187
  foreach ( $blogs as $blog ) {
188
  $this->paths[] = HMWP_Classes_Tools::getRelativePath($blog->path);
189
  }
727
  public function flushRewrites()
728
  {
729
  $rewritecode = '';
730
+ $home_root = HMWP_Classes_Tools::getHomeRootPath();
731
  $config_file = HMWP_Classes_ObjController::getClass('HMWP_Models_Rules')->getConfFile();
732
 
733
  $form = '<a href="'.add_query_arg(array('hmwp_nonce' => wp_create_nonce('hmwp_manualrewrite'), 'action' => 'hmwp_manualrewrite')) .'" class="btn rounded-0 btn-success save" />' . esc_html__("Okay, I set it up", 'hide-my-wp') . '</a>';
734
 
 
 
 
 
 
 
 
 
 
 
735
  //If Windows Server
736
  if (HMWP_Classes_Tools::isIIS() ) {
737
  $this->deleteIISRules($config_file);
1958
  }
1959
  }
1960
 
1961
+ /////////////////////////////////////////////////////
1962
+ //hide the /xmlrpc.php path when switched on
1963
+ if (!HMWP_Classes_Tools::getOption('hmwp_disable_xmlrpc')) {
1964
+ $paths = array(
1965
+ home_url('xmlrpc.php', 'relative'),
1966
+ home_url('wp-trackback.php', 'relative'),
1967
+ site_url('xmlrpc.php', 'relative'),
1968
+ site_url('wp-trackback.php', 'relative'),
1969
+ );
1970
+ if ($this->searchInString($url, $paths)) {
1971
+ $this->getNotFound($url);
1972
+ }
1973
+ }
1974
+
1975
+ if (HMWP_Classes_Tools::getOption('hmwp_disable_rest_api')) {
1976
+ $paths = array(
1977
+ home_url('wp-json', 'relative'),
1978
+ home_url(HMWP_Classes_Tools::getOption('hmwp_wp-json'), 'relative'),
1979
+ );
1980
+ if ($this->searchInString($url, $paths)) {
1981
+ $this->getNotFound($url);
1982
+ }
1983
+ }
1984
 
1985
  /////////////////////////////////////////////////////
1986
  //Hide the common php file in case of other servers
models/Rules.php CHANGED
@@ -367,15 +367,20 @@ class HMWP_Models_Rules
367
  public function getInjectionRewrite()
368
  {
369
  $rules = '';
 
 
 
 
 
 
 
 
 
 
 
370
  if (HMWP_Classes_Tools::isApache() || HMWP_Classes_Tools::isLitespeed() ) {
371
- $home_root = parse_url(home_url());
372
- if (isset($home_root['path']) ) {
373
- $home_root = trailingslashit($home_root['path']);
374
- } else {
375
- $home_root = '/';
376
- }
377
 
378
- if (HMWP_Classes_Tools::getOption('hmwp_sqlinjection') && (int)HMWP_Classes_Tools::getOption('hmwp_sqlinjection_level') > 0) {
379
  $rules .= "<IfModule mod_rewrite.c>" . PHP_EOL;
380
  $rules .= "RewriteEngine On" . PHP_EOL;
381
  $rules .= "RewriteBase $home_root" . PHP_EOL;
367
  public function getInjectionRewrite()
368
  {
369
  $rules = '';
370
+ $home_root = '/';
371
+ if(HMWP_Classes_Tools::isMultisites() && defined('PATH_CURRENT_SITE')){
372
+ $path = PATH_CURRENT_SITE;
373
+ }else {
374
+ $path = parse_url(site_url(), PHP_URL_PATH);
375
+ }
376
+
377
+ if ($path) {
378
+ $home_root = trailingslashit($path);
379
+ }
380
+
381
  if (HMWP_Classes_Tools::isApache() || HMWP_Classes_Tools::isLitespeed() ) {
 
 
 
 
 
 
382
 
383
+ if (HMWP_Classes_Tools::getOption('hmwp_sqlinjection') && (int)HMWP_Classes_Tools::getOption('hmwp_sqlinjection_level') > 0) {
384
  $rules .= "<IfModule mod_rewrite.c>" . PHP_EOL;
385
  $rules .= "RewriteEngine On" . PHP_EOL;
386
  $rules .= "RewriteBase $home_root" . PHP_EOL;
readme.txt CHANGED
@@ -2,9 +2,9 @@
2
  Contributors: johndarrel
3
  Tags: security,firewall,hide,antivirus,wp-login,wp-admin,hide wordpress,hide wp,security plugin
4
  Requires at least: 4.3
5
- Tested up to: 6.0
6
  Requires PHP: 5.6
7
- Stable tag: 5.0.15
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -14,7 +14,7 @@ Hide WP paths, wp-admin, wp-login, wp-content, plugins, themes, authors, XML-RPC
14
 
15
  **Hide My WP Ghost** is a **WordPress Security plugin**. It gives you the best security solutions with its powerful and easy-to-use features. Without physically changing any directory or file, Hide My WP Ghost can take your website’s security to the next level.
16
 
17
- Over **100.000 secured websites**, over **2,200,000 brute force attempts protection** and over **140.000 monthly hacks stopped** and counting.
18
 
19
  The plugin **adds filters and security layers** to prevent Scripts and SQL Injections, Brute Force attacks, XML-RPC attacks, XSS, and more.
20
 
@@ -274,6 +274,19 @@ Enjoy!
274
  9. Customize the wp-admin path while logged in as an administrator
275
 
276
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
 
 
277
  = 5.0.15 (06 Sept 2022)=
278
  * Fixed - URL Mapping for Nginx servers to prevent 404 pages
279
  * Fixed - PHP error in Security Check when the X-Powered-By header is not string
2
  Contributors: johndarrel
3
  Tags: security,firewall,hide,antivirus,wp-login,wp-admin,hide wordpress,hide wp,security plugin
4
  Requires at least: 4.3
5
+ Tested up to: 6.1
6
  Requires PHP: 5.6
7
+ Stable tag: 5.0.16
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
14
 
15
  **Hide My WP Ghost** is a **WordPress Security plugin**. It gives you the best security solutions with its powerful and easy-to-use features. Without physically changing any directory or file, Hide My WP Ghost can take your website’s security to the next level.
16
 
17
+ Over **200.000 secured websites**, over **4,000,000 brute force attempts blocked** and over **140.000 monthly hacks stopped** and counting.
18
 
19
  The plugin **adds filters and security layers** to prevent Scripts and SQL Injections, Brute Force attacks, XML-RPC attacks, XSS, and more.
20
 
274
  9. Customize the wp-admin path while logged in as an administrator
275
 
276
  == Changelog ==
277
+ = 5.0.16 (21 Oct 2022)=
278
+ * Update - Add the Brute Force protection on Register Form to prevent account spam
279
+ * Update - Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs
280
+ * Update - Added the option to prioritize the loading of HMWP Ghost plugin for more compatibility with other plugins
281
+ * Update - Compatibility with LiteSpeed servers and last version of WordPress
282
+ * Update - Compatibility with Breakdance plugin
283
+ * Update - Compatibility with Nicepage Builder plugin
284
+ * Update - Compatibility with WP 6.0.2
285
+ * Fixed - Allow self access to hidden paths to avoid cron errors on backup/migration plugins
286
+ * Fixed - Remove the get_site_icon_url hook to avoid any issue on the login page with other themes
287
+ * Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled
288
+ * Fixed - Fixed the ltrim of null error on PHP 8.1 for site_url() path
289
+
290
  = 5.0.15 (06 Sept 2022)=
291
  * Fixed - URL Mapping for Nginx servers to prevent 404 pages
292
  * Fixed - PHP error in Security Check when the X-Powered-By header is not string
view/Advanced.php CHANGED
@@ -58,6 +58,19 @@
58
  </div>
59
  </div>
60
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
  <div class="col-sm-12 row mb-1 ml-1 p-2">
62
  <div class="checker col-sm-12 row my-2 py-1">
63
  <div class="col-sm-12 p-0 switch switch-sm">
@@ -66,7 +79,7 @@
66
  <label for="hmwp_laterload"><?php echo esc_html__('Late Loading', 'hide-my-wp'); ?></label>
67
  <a href="<?php echo esc_url(HMWP_Classes_Tools::getOption('hmwp_plugin_website') . '/kb/advanced-wp-security/#late_loading') ?>" target="_blank" class="d-inline-block ml-2"><i class="dashicons dashicons-editor-help"></i></a>
68
  <div class="offset-1 text-black-50"><?php echo esc_html__('Load HMWP after all plugins are loaded.', 'hide-my-wp'); ?></div>
69
- <div class="offset-1 text-black-50"><?php echo esc_html__('(compatibility with CDN Enabler and other cache plugins)', 'hide-my-wp'); ?></div>
70
  </div>
71
  </div>
72
  </div>
@@ -123,7 +136,7 @@
123
  </div>
124
 
125
  <div class="col-sm-12 m-0 p-2 bg-light text-center" style="position: fixed; bottom: 0; right: 0; z-index: 100; box-shadow: 0 0 8px -3px #444;">
126
- <button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save"><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
127
  </div>
128
  </form>
129
 
58
  </div>
59
  </div>
60
 
61
+ <div class="col-sm-12 row mb-1 ml-1 p-2">
62
+ <div class="checker col-sm-12 row my-2 py-1">
63
+ <div class="col-sm-12 p-0 switch switch-sm">
64
+ <input type="hidden" name="hmwp_priorityload" value="0"/>
65
+ <input type="checkbox" id="hmwp_priorityload" name="hmwp_priorityload" class="switch" <?php echo(HMWP_Classes_Tools::getOption('hmwp_priorityload') ? 'checked="checked"' : '') ?> value="1"/>
66
+ <label for="hmwp_priorityload"><?php echo esc_html__('Priority Loading', 'hide-my-wp'); ?></label>
67
+ <a href="<?php echo esc_url(HMWP_Classes_Tools::getOption('hmwp_plugin_website') . '/kb/advanced-wp-security/#proirity_loading') ?>" target="_blank" class="d-inline-block ml-2"><i class="dashicons dashicons-editor-help"></i></a>
68
+ <div class="offset-1 text-black-50"><?php echo esc_html__('Load HMWP before all plugins are loaded.', 'hide-my-wp'); ?></div>
69
+ <div class="offset-1 text-black-50"><?php echo esc_html__('(compatibility with cache plugins & themes)', 'hide-my-wp'); ?></div>
70
+ </div>
71
+ </div>
72
+ </div>
73
+
74
  <div class="col-sm-12 row mb-1 ml-1 p-2">
75
  <div class="checker col-sm-12 row my-2 py-1">
76
  <div class="col-sm-12 p-0 switch switch-sm">
79
  <label for="hmwp_laterload"><?php echo esc_html__('Late Loading', 'hide-my-wp'); ?></label>
80
  <a href="<?php echo esc_url(HMWP_Classes_Tools::getOption('hmwp_plugin_website') . '/kb/advanced-wp-security/#late_loading') ?>" target="_blank" class="d-inline-block ml-2"><i class="dashicons dashicons-editor-help"></i></a>
81
  <div class="offset-1 text-black-50"><?php echo esc_html__('Load HMWP after all plugins are loaded.', 'hide-my-wp'); ?></div>
82
+ <div class="offset-1 text-black-50"><?php echo esc_html__('(compatibility with cache plugins & themes)', 'hide-my-wp'); ?></div>
83
  </div>
84
  </div>
85
  </div>
136
  </div>
137
 
138
  <div class="col-sm-12 m-0 p-2 bg-light text-center" style="position: fixed; bottom: 0; right: 0; z-index: 100; box-shadow: 0 0 8px -3px #444;">
139
+ <button type="submit" class="btn rounded-0 btn-success px-5 mr-5 save" ><?php echo esc_html__('Save', 'hide-my-wp'); ?></button>
140
  </div>
141
  </form>
142
 
view/Brute.php CHANGED
@@ -56,6 +56,18 @@
56
  </div>
57
  </div>
58
 
 
 
 
 
 
 
 
 
 
 
 
 
59
  <?php if (HMWP_Classes_Tools::isPluginActive('woocommerce/woocommerce.php') ) { ?>
60
  <div class="col-sm-12 row mb-1 py-1 mx-2 hmwp_bruteforce hmwp_pro">
61
  <div class="box" >
56
  </div>
57
  </div>
58
 
59
+ <?php if ( get_option( 'users_can_register' ) ) {?>
60
+ <div class="col-sm-12 row mb-1 py-1 mx-2 hmwp_bruteforce">
61
+ <div class="checker col-sm-12 row my-2 py-1">
62
+ <div class="col-sm-12 p-0 switch switch-sm">
63
+ <input type="checkbox" id="hmwp_bruteforce_register" name="hmwp_bruteforce_register" class="switch" <?php echo(HMWP_Classes_Tools::getOption('hmwp_bruteforce_register') ? 'checked="checked"' : '') ?> value="1"/>
64
+ <label for="hmwp_bruteforce_register"><?php echo esc_html__('Add Brute Force Protection on Sign Up Form', 'hide-my-wp'); ?></label>
65
+ <div class="offset-1 text-black-50"><?php echo esc_html__('Activate the Brute Force protection for sign up forms.', 'hide-my-wp'); ?></div>
66
+ </div>
67
+ </div>
68
+ </div>
69
+ <?php }?>
70
+
71
  <?php if (HMWP_Classes_Tools::isPluginActive('woocommerce/woocommerce.php') ) { ?>
72
  <div class="col-sm-12 row mb-1 py-1 mx-2 hmwp_bruteforce hmwp_pro">
73
  <div class="box" >
view/Permalinks.php CHANGED
@@ -124,7 +124,27 @@
124
 
125
  </div>
126
 
127
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
128
 
129
  <div class="card col-sm-12 p-0 m-0 mt-3" >
130
  <h3 class="card-title hmwp_header p-2 m-0"><?php echo esc_html__('Help & FAQs', 'hide-my-wp'); ?></h3>
@@ -791,6 +811,7 @@
791
  </div>
792
  </div>
793
  </div>
 
794
  </div>
795
  </div>
796
  <div id="firewall" class="card col-sm-12 p-0 m-0 tab-panel">
124
 
125
  </div>
126
 
127
+ <div class="card col-sm-12 p-0 m-0 mt-3" <?php echo((HMWP_Classes_Tools::getOption('hmwp_mode') == 'default') ? 'style="display:none"' : '') ?>>
128
+ <h3 class="card-title hmwp_header p-2 m-0"><?php echo esc_html__('Whitelist IPs', 'hide-my-wp'); ?></h3>
129
+ <div class="card-body">
130
+ <div class="col-sm-12 row border-bottom border-light py-3 mx-0 my-3">
131
+ <div class="col-md-4 p-0 font-weight-bold">
132
+ <?php echo esc_html__('Whitelist IPs', 'hide-my-wp'); ?>:
133
+ <div class="small text-black-50"><?php echo esc_html__('Add IPs that can pass plugin security', 'hide-my-wp') ?></div>
134
+ <div class="small text-black-50"><?php echo sprintf(esc_html__('You can white-list a single IP like 192.168.0.1 or a range of 245 IPs like 192.168.0.*. Find your IP with %s', 'hide-my-wp'), '<a href="https://whatismyipaddress.com/" target="_blank">https://whatismyipaddress.com/</a>') ?></div>
135
+ </div>
136
+ <div class="col-md-8 p-0 input-group input-group">
137
+ <?php
138
+ $ips = array();
139
+ if (HMWP_Classes_Tools::getOption('whitelist_ip')) {
140
+ $ips = json_decode(HMWP_Classes_Tools::getOption('whitelist_ip'), true);
141
+ }
142
+ ?>
143
+ <textarea type="text" class="form-control bg-input" name="whitelist_ip" style="height: 100px"><?php echo(!empty($ips) ? implode(PHP_EOL, $ips) : '') ?></textarea>
144
+ </div>
145
+ </div>
146
+ </div>
147
+ </div>
148
 
149
  <div class="card col-sm-12 p-0 m-0 mt-3" >
150
  <h3 class="card-title hmwp_header p-2 m-0"><?php echo esc_html__('Help & FAQs', 'hide-my-wp'); ?></h3>
811
  </div>
812
  </div>
813
  </div>
814
+
815
  </div>
816
  </div>
817
  <div id="firewall" class="card col-sm-12 p-0 m-0 tab-panel">
view/assets/js/settings.js CHANGED
@@ -381,6 +381,14 @@
381
  }
382
  );
383
 
 
 
 
 
 
 
 
 
384
  $this.find("input.switch").each(
385
  function () {
386
  if (!$(this).prop('checked')) {
381
  }
382
  );
383
 
384
+ $this.find("button[type=submit]").click(function(){
385
+ $(this).hmwp_loading(true);
386
+ });
387
+
388
+ $this.find("input[type=submit]").click(function(){
389
+ $(this).hmwp_loading(true);
390
+ });
391
+
392
  $this.find("input.switch").each(
393
  function () {
394
  if (!$(this).prop('checked')) {
view/assets/js/settings.min.js CHANGED
@@ -1 +1 @@
1
- (function($){"use strict";if(typeof ajaxerror==="undefined"){var ajaxerror="Ajax is not loading correctly. Clear all cache and try again."}$.hmwp_getHashParam=function(key){var urlparts=location.href.split("#");if(urlparts.length>=2){urlparts.shift();var queryString=urlparts.join("#");var results=new RegExp("[\\?&#]*"+key+"=([^&#]*)").exec(queryString);if(results){return results[1]||0}}return false};$.hmwp_setHashParam=function(key,val){var urlparts=location.href.split("#");if(urlparts.length>=2){var add=true;var urlBase=urlparts.shift();var queryString=urlparts.join("#");var prefix=encodeURIComponent(key)+"=";var pars=queryString.split(/[&;]/g);for(var i=pars.length;i-- >0;){if(pars[i].lastIndexOf(prefix,0)!==-1||pars[i]===""){pars[i]=pars[i].replace(pars[i],prefix+val);add=false;break}}add&&pars.push(prefix+val);location.href=urlBase+"#"+pars.join("&")}else{location.href+="#"+key+"="+val}};$.fn.hmwp_loading=function(state){var $this=this;var loading='<i class="fa fa-circle-o-notch fa-spin mr-1 hmwp_loading"></i>';$this.find("i").remove();if(state){$this.prepend(loading)}else{$(".hmwp_loading").remove()}return $this};$.fn.hmwp_fixSettings=function(name,value){var $form=$("#hmwp_fixsettings_form");var $this=this;$this.hmwp_loading(true);$.post(ajaxurl,{action:$form.find("input[name=action]").val(),name:name,value:value,hmwp_nonce:$form.find("input[name=hmwp_nonce]").val(),_wp_http_referer:$form.find("input[name=_wp_http_referer]").val()}).done(function(response){$this.hmwp_loading(false);if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>");$this.hide()}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$this.hmwp_loading(false);$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)},"json")};$.fn.hmwp_fixConfig=function(name,value){var $form=$("#hmwp_fixconfig_form");var $this=this;$this.hmwp_loading(true);$.post(ajaxurl,{action:$form.find("input[name=action]").val(),name:name,value:value,hmwp_nonce:$form.find("input[name=hmwp_nonce]").val(),_wp_http_referer:$form.find("input[name=_wp_http_referer]").val()}).done(function(response){$this.hmwp_loading(false);if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>");$this.hide()}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$this.hmwp_loading(false);$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)},"json")};$.fn.hmwp_securityCheckListen=function(){var $this=this;$this.find("form.hmwp_securityexclude_form").on("submit",function(){var $form=$(this);$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").parents("tr:last").fadeOut();$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>")}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)},"json");return false});$this.find("form#hmwp_securitycheck").on("submit",function(){var $form=$(this);var $div=$this.find(".start_securitycheck");$div.after('<div class="wp_loading"></div>');$div.hide();$.post(ajaxurl,$form.serialize()).done(function(response){location.reload()}).error(function(){location.reload()});return false});$this.find("form#hmwp_resetexclude").on("submit",function(){var $form=$(this);$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>")}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)});return false});$this.find("button.frontend_test").on("click",function(){var $button=$(this);var $form=$(this).parent("form");$this.find("#hmwp_frontendcheck_content").html("");$this.find("#hmwp_solutions").hide();$this.find("#hmwp_frontendcheck_content").addClass("wp_loading_min");$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$this.find("#hmwp_frontendcheck_content").html('<div class="text-center alert alert-success my-2" role="alert">'+response.message+"</div>")}else{$this.find("#hmwp_frontendcheck_content").html('<div class="text-center alert alert-danger my-2" role="alert">'+response.message+"</div>");$this.find("#hmwp_solutions").show()}}$this.find("#hmwp_frontendcheck_content").removeClass("wp_loading_min")}).error(function(){$this.find("#hmwp_frontendcheck_content").html('<div class="text-center alert alert-danger my-2" role="alert">'+ajaxerror+"</div>");$this.find("#hmwp_solutions").show();$this.find("#hmwp_frontendcheck_content").removeClass("wp_loading_min")});return false})};$.fn.hmwp_settingsListen=function(){var $this=this;var unsaved=false;$this.find(".hmwp_nav_item").on("click",function(ev){ev.preventDefault();$this.find(".tab-panel").hide();if($this.find("#"+$(this).data("tab")).length>0){$this.find("#"+$(this).data("tab")).show();$.hmwp_setHashParam("tab",$(this).data("tab"))}$this.find(".hmwp_nav_item").removeClass("active");$this.find(".hmwp_nav_item[data-tab="+$(this).data("tab")+"]").addClass("active")});$("button.hmwp_modal").on("click",function(){var $button=$(this);if($button.data("remote")){$($button.data("target")+" .modal-body").attr("src",$button.data("remote"));$($button.data("target")).on("hidden.bs.modal",function(){$button.hmwp_loading(true);location.reload()})}$($button.data("target")).modal("show")});if($("input[name=hmwp_mode]").val()!=="default"){if($.hmwp_getHashParam("tab")){var $current=$.hmwp_getHashParam("tab");if($current!==""&&$this.find("#"+$current).length>0){$this.find(".tab-panel").hide();$this.find(".hmwp_nav_item").removeClass("active");$this.find("#"+$current).show();$this.find(".hmwp_nav_item[data-tab="+$current+"]").addClass("active")}}else{$this.find("a.hmwp_nav_item:first").addClass("active");$this.find("a.hmwp_nav_item:first").trigger("click")}}$this.find("input.switch").not(".nopopup").change(function(){unsaved=true;if($("div."+$(this).attr("name")).length){if($(this).prop("checked")){$("div."+$(this).attr("name")).show()}else{$("div."+$(this).attr("name")).hide()}}});$this.find("input").not(".nopopup").change(function(){unsaved=true});$this.find("input.switch").each(function(){if(!$(this).prop("checked")){if($("div."+$(this).attr("name")).length){$("div."+$(this).attr("name")).hide()}}});$this.find("input[name=hmwp_admin_url]").on("keyup",function(){if($(this).val()!=="wp-admin"&&$(this).val()!=""){$this.find(".admin_warning").show();$this.find(".hmwp_hide_newadmin_div").show()}else{$this.find(".admin_warning").hide();$this.find(".hmwp_hide_newadmin_div").hide()}});$this.find("input[name=hmwp_login_url]").on("keyup",function(){if($(this).val()!=="wp-login.php"&&$(this).val()!=""){$this.find(".hmwp_hide_wplogin_div").show()}else{$this.find(".hmwp_hide_wplogin_div").hide()}if($(this).val()!=="login"&&$(this).val()!=""){$this.find(".hmwp_hide_login_div").show()}else{$this.find(".hmwp_hide_login_div").hide()}});$this.find("input[name=hmwp_login_url]").trigger("keyup");$this.find("input[name=hmwp_hide_admin].switch").change(function(){if($(this).prop("checked")){$this.find(".wp-admin_warning").show();$this.find(".hmwp_hide_newadmin_div").show()}else{$this.find(".wp-admin_warning").hide();$this.find(".hmwp_hide_newadmin_div").hide()}});$this.find("input[name=hmwp_hide_oldpaths_plugins].switch").change(function(){if($(this).prop("checked")){$this.find("input[name=hmwp_hide_oldpaths]").prop("checked",true)}});$this.find("input[name=hmwp_hide_oldpaths_themes].switch").change(function(){if($(this).prop("checked")){$this.find("input[name=hmwp_hide_oldpaths]").prop("checked",true)}});$("#hmw_plugins_mapping_new").on("change",function(ev){var $name=$(this).find(":selected").text();var $value=$(this).find(":selected").val();var $div=$("div.hmw_plugins_mapping_new").clone();$div.appendTo("div.hmw_plugins_mappings");$div.find(".hmw_plugins_mapping_title").html($name);$div.find("input").attr("name","hmw_plugins_mapping["+$value+"]");$div.find("input").attr("value",$name);$(this).find(":selected").remove();$div.removeClass("hmw_plugins_mapping_new");if($(this).find("option").length==1){$(".hmw_plugins_mapping_select").hide()}$div.show()});$("#hmw_themes_mapping_new").on("change",function(ev){var $name=$(this).find(":selected").text();var $value=$(this).find(":selected").val();var $div=$("div.hmw_themes_mapping_new").clone();$div.appendTo("div.hmw_themes_mappings");$div.find(".hmw_themes_mapping_title").html($name);$div.find("input").attr("name","hmw_themes_mapping["+$value+"]");$div.find("input").attr("value",$name);$(this).find(":selected").remove();$div.removeClass("hmw_themes_mapping_new");if($(this).find("option").length==1){$(".hmw_themes_mapping_select").hide()}$div.show()});$("#hmwp_security_headers_new").on("change",function(ev){var $name=$(this).find(":selected").text();var $value=$(this).find(":selected").val();var $div=$("div."+$name);$div.appendTo("div.hmwp_security_headers");$div.find("input").attr("name","hmwp_security_headers["+$name+"]");$div.find("input").attr("value",$value);$(this).find(":selected").remove();if($(this).find("option").length==1){$(".hmwp_security_headers_new").hide()}$div.show()});$this.find("button.brute_use_math").on("click",function(){$this.find("input[name=brute_use_math]").val(1);$this.find("input[name=brute_use_captcha]").val(0);$this.find("input[name=brute_use_captcha_v3]").val(0);$this.find(".group_autoload button").removeClass("active");$this.find("div.brute_use_math").show();$this.find("div.brute_use_captcha").hide();$this.find("div.brute_use_captcha_v3").hide()});$this.find("button.brute_use_captcha").on("click",function(){$this.find("input[name=brute_use_captcha]").val(1);$this.find("input[name=brute_use_math]").val(0);$this.find("input[name=brute_use_captcha_v3]").val(0);$this.find(".group_autoload button").removeClass("active");$this.find("div.brute_use_captcha").show();$this.find("div.brute_use_math").hide();$this.find("div.brute_use_captcha_v3").hide()});$this.find("button.brute_use_captcha_v3").on("click",function(){$this.find("input[name=brute_use_captcha]").val(0);$this.find("input[name=brute_use_math]").val(0);$this.find("input[name=brute_use_captcha_v3]").val(1);$this.find(".group_autoload button").removeClass("active");$this.find("div.brute_use_captcha").hide();$this.find("div.brute_use_math").hide();$this.find("div.brute_use_captcha_v3").show()});$this.find("#hmwp_blockedips_form").on("submit",function(){$this.find("#hmwp_blockedips").html("");$this.find("#hmwp_blockedips").hmwp_loading(true);$.post(ajaxurl,$("form#hmwp_blockedips_form").serialize()).done(function(response){if(typeof response.data!=="undefined"){$("#hmwp_blockedips").html(response.data)}$this.find("#hmwp_blockedips").hmwp_loading()}).error(function(){$("#hmwp_blockedips").html("no blocked ips");$this.find("#hmwp_blockedips").hmwp_loading()},"json");return false});if($this.find("#hmwp_blockedips").length>0){$this.find("#hmwp_blockedips_form").trigger("submit")}$this.find(".ajax_submit input").on("change",function(){var $form=$(this).parents("form:last");var $input=$(this);$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>");if($input.prop("checked")){$form.parents(".hmwp_feature:last").removeClass("bg-light").addClass("active")}else{$form.parents(".hmwp_feature:last").removeClass("active").addClass("bg-light")}unsaved=false}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)})});$this.find("form").on("submit",function(){unsaved=false});window.onbeforeunload=function(e){e=e||window.event;if(unsaved){if(e){e.returnValue="You have unsaved changes."}return"You have unsaved changes."}}};$("#hmwp_wrap").ready(function(){$(this).hmwp_settingsListen();$(this).hmwp_securityCheckListen()})})(jQuery);
1
+ (function($){"use strict";if(typeof ajaxerror==="undefined"){var ajaxerror="Ajax is not loading correctly. Clear all cache and try again."}$.hmwp_getHashParam=function(key){var urlparts=location.href.split("#");if(urlparts.length>=2){urlparts.shift();var queryString=urlparts.join("#");var results=new RegExp("[\\?&#]*"+key+"=([^&#]*)").exec(queryString);if(results){return results[1]||0}}return false};$.hmwp_setHashParam=function(key,val){var urlparts=location.href.split("#");if(urlparts.length>=2){var add=true;var urlBase=urlparts.shift();var queryString=urlparts.join("#");var prefix=encodeURIComponent(key)+"=";var pars=queryString.split(/[&;]/g);for(var i=pars.length;i-- >0;){if(pars[i].lastIndexOf(prefix,0)!==-1||pars[i]===""){pars[i]=pars[i].replace(pars[i],prefix+val);add=false;break}}add&&pars.push(prefix+val);location.href=urlBase+"#"+pars.join("&")}else{location.href+="#"+key+"="+val}};$.fn.hmwp_loading=function(state){var $this=this;var loading='<i class="fa fa-circle-o-notch fa-spin mr-1 hmwp_loading"></i>';$this.find("i").remove();if(state){$this.prepend(loading)}else{$(".hmwp_loading").remove()}return $this};$.fn.hmwp_fixSettings=function(name,value){var $form=$("#hmwp_fixsettings_form");var $this=this;$this.hmwp_loading(true);$.post(ajaxurl,{action:$form.find("input[name=action]").val(),name:name,value:value,hmwp_nonce:$form.find("input[name=hmwp_nonce]").val(),_wp_http_referer:$form.find("input[name=_wp_http_referer]").val()}).done(function(response){$this.hmwp_loading(false);if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>");$this.hide()}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$this.hmwp_loading(false);$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)},"json")};$.fn.hmwp_fixConfig=function(name,value){var $form=$("#hmwp_fixconfig_form");var $this=this;$this.hmwp_loading(true);$.post(ajaxurl,{action:$form.find("input[name=action]").val(),name:name,value:value,hmwp_nonce:$form.find("input[name=hmwp_nonce]").val(),_wp_http_referer:$form.find("input[name=_wp_http_referer]").val()}).done(function(response){$this.hmwp_loading(false);if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>");$this.hide()}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$this.hmwp_loading(false);$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)},"json")};$.fn.hmwp_securityCheckListen=function(){var $this=this;$this.find("form.hmwp_securityexclude_form").on("submit",function(){var $form=$(this);$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").parents("tr:last").fadeOut();$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>")}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)},"json");return false});$this.find("form#hmwp_securitycheck").on("submit",function(){var $form=$(this);var $div=$this.find(".start_securitycheck");$div.after('<div class="wp_loading"></div>');$div.hide();$.post(ajaxurl,$form.serialize()).done(function(response){location.reload()}).error(function(){location.reload()});return false});$this.find("form#hmwp_resetexclude").on("submit",function(){var $form=$(this);$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>")}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)});return false});$this.find("button.frontend_test").on("click",function(){var $button=$(this);var $form=$(this).parent("form");$this.find("#hmwp_frontendcheck_content").html("");$this.find("#hmwp_solutions").hide();$this.find("#hmwp_frontendcheck_content").addClass("wp_loading_min");$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$this.find("#hmwp_frontendcheck_content").html('<div class="text-center alert alert-success my-2" role="alert">'+response.message+"</div>")}else{$this.find("#hmwp_frontendcheck_content").html('<div class="text-center alert alert-danger my-2" role="alert">'+response.message+"</div>");$this.find("#hmwp_solutions").show()}}$this.find("#hmwp_frontendcheck_content").removeClass("wp_loading_min")}).error(function(){$this.find("#hmwp_frontendcheck_content").html('<div class="text-center alert alert-danger my-2" role="alert">'+ajaxerror+"</div>");$this.find("#hmwp_solutions").show();$this.find("#hmwp_frontendcheck_content").removeClass("wp_loading_min")});return false})};$.fn.hmwp_settingsListen=function(){var $this=this;var unsaved=false;$this.find(".hmwp_nav_item").on("click",function(ev){ev.preventDefault();$this.find(".tab-panel").hide();if($this.find("#"+$(this).data("tab")).length>0){$this.find("#"+$(this).data("tab")).show();$.hmwp_setHashParam("tab",$(this).data("tab"))}$this.find(".hmwp_nav_item").removeClass("active");$this.find(".hmwp_nav_item[data-tab="+$(this).data("tab")+"]").addClass("active")});$("button.hmwp_modal").on("click",function(){var $button=$(this);if($button.data("remote")){$($button.data("target")+" .modal-body").attr("src",$button.data("remote"));$($button.data("target")).on("hidden.bs.modal",function(){$button.hmwp_loading(true);location.reload()})}$($button.data("target")).modal("show")});if($("input[name=hmwp_mode]").val()!=="default"){if($.hmwp_getHashParam("tab")){var $current=$.hmwp_getHashParam("tab");if($current!==""&&$this.find("#"+$current).length>0){$this.find(".tab-panel").hide();$this.find(".hmwp_nav_item").removeClass("active");$this.find("#"+$current).show();$this.find(".hmwp_nav_item[data-tab="+$current+"]").addClass("active")}}else{$this.find("a.hmwp_nav_item:first").addClass("active");$this.find("a.hmwp_nav_item:first").trigger("click")}}$this.find("input.switch").not(".nopopup").change(function(){unsaved=true;if($("div."+$(this).attr("name")).length){if($(this).prop("checked")){$("div."+$(this).attr("name")).show()}else{$("div."+$(this).attr("name")).hide()}}});$this.find("input").not(".nopopup").change(function(){unsaved=true});$this.find("button[type=submit]").click(function(){$(this).hmwp_loading(true)});$this.find("input[type=submit]").click(function(){$(this).hmwp_loading(true)});$this.find("input.switch").each(function(){if(!$(this).prop("checked")){if($("div."+$(this).attr("name")).length){$("div."+$(this).attr("name")).hide()}}});$this.find("input[name=hmwp_admin_url]").on("keyup",function(){if($(this).val()!=="wp-admin"&&$(this).val()!=""){$this.find(".admin_warning").show();$this.find(".hmwp_hide_newadmin_div").show()}else{$this.find(".admin_warning").hide();$this.find(".hmwp_hide_newadmin_div").hide()}});$this.find("input[name=hmwp_login_url]").on("keyup",function(){if($(this).val()!=="wp-login.php"&&$(this).val()!=""){$this.find(".hmwp_hide_wplogin_div").show()}else{$this.find(".hmwp_hide_wplogin_div").hide()}if($(this).val()!=="login"&&$(this).val()!=""){$this.find(".hmwp_hide_login_div").show()}else{$this.find(".hmwp_hide_login_div").hide()}});$this.find("input[name=hmwp_login_url]").trigger("keyup");$this.find("input[name=hmwp_hide_admin].switch").change(function(){if($(this).prop("checked")){$this.find(".wp-admin_warning").show();$this.find(".hmwp_hide_newadmin_div").show()}else{$this.find(".wp-admin_warning").hide();$this.find(".hmwp_hide_newadmin_div").hide()}});$this.find("input[name=hmwp_hide_oldpaths_plugins].switch").change(function(){if($(this).prop("checked")){$this.find("input[name=hmwp_hide_oldpaths]").prop("checked",true)}});$this.find("input[name=hmwp_hide_oldpaths_themes].switch").change(function(){if($(this).prop("checked")){$this.find("input[name=hmwp_hide_oldpaths]").prop("checked",true)}});$("#hmw_plugins_mapping_new").on("change",function(ev){var $name=$(this).find(":selected").text();var $value=$(this).find(":selected").val();var $div=$("div.hmw_plugins_mapping_new").clone();$div.appendTo("div.hmw_plugins_mappings");$div.find(".hmw_plugins_mapping_title").html($name);$div.find("input").attr("name","hmw_plugins_mapping["+$value+"]");$div.find("input").attr("value",$name);$(this).find(":selected").remove();$div.removeClass("hmw_plugins_mapping_new");if($(this).find("option").length==1){$(".hmw_plugins_mapping_select").hide()}$div.show()});$("#hmw_themes_mapping_new").on("change",function(ev){var $name=$(this).find(":selected").text();var $value=$(this).find(":selected").val();var $div=$("div.hmw_themes_mapping_new").clone();$div.appendTo("div.hmw_themes_mappings");$div.find(".hmw_themes_mapping_title").html($name);$div.find("input").attr("name","hmw_themes_mapping["+$value+"]");$div.find("input").attr("value",$name);$(this).find(":selected").remove();$div.removeClass("hmw_themes_mapping_new");if($(this).find("option").length==1){$(".hmw_themes_mapping_select").hide()}$div.show()});$("#hmwp_security_headers_new").on("change",function(ev){var $name=$(this).find(":selected").text();var $value=$(this).find(":selected").val();var $div=$("div."+$name);$div.appendTo("div.hmwp_security_headers");$div.find("input").attr("name","hmwp_security_headers["+$name+"]");$div.find("input").attr("value",$value);$(this).find(":selected").remove();if($(this).find("option").length==1){$(".hmwp_security_headers_new").hide()}$div.show()});$this.find("button.brute_use_math").on("click",function(){$this.find("input[name=brute_use_math]").val(1);$this.find("input[name=brute_use_captcha]").val(0);$this.find("input[name=brute_use_captcha_v3]").val(0);$this.find(".group_autoload button").removeClass("active");$this.find("div.brute_use_math").show();$this.find("div.brute_use_captcha").hide();$this.find("div.brute_use_captcha_v3").hide()});$this.find("button.brute_use_captcha").on("click",function(){$this.find("input[name=brute_use_captcha]").val(1);$this.find("input[name=brute_use_math]").val(0);$this.find("input[name=brute_use_captcha_v3]").val(0);$this.find(".group_autoload button").removeClass("active");$this.find("div.brute_use_captcha").show();$this.find("div.brute_use_math").hide();$this.find("div.brute_use_captcha_v3").hide()});$this.find("button.brute_use_captcha_v3").on("click",function(){$this.find("input[name=brute_use_captcha]").val(0);$this.find("input[name=brute_use_math]").val(0);$this.find("input[name=brute_use_captcha_v3]").val(1);$this.find(".group_autoload button").removeClass("active");$this.find("div.brute_use_captcha").hide();$this.find("div.brute_use_math").hide();$this.find("div.brute_use_captcha_v3").show()});$this.find("#hmwp_blockedips_form").on("submit",function(){$this.find("#hmwp_blockedips").html("");$this.find("#hmwp_blockedips").hmwp_loading(true);$.post(ajaxurl,$("form#hmwp_blockedips_form").serialize()).done(function(response){if(typeof response.data!=="undefined"){$("#hmwp_blockedips").html(response.data)}$this.find("#hmwp_blockedips").hmwp_loading()}).error(function(){$("#hmwp_blockedips").html("no blocked ips");$this.find("#hmwp_blockedips").hmwp_loading()},"json");return false});if($this.find("#hmwp_blockedips").length>0){$this.find("#hmwp_blockedips_form").trigger("submit")}$this.find(".ajax_submit input").on("change",function(){var $form=$(this).parents("form:last");var $input=$(this);$.post(ajaxurl,$form.serialize()).done(function(response){if(typeof response.success!=="undefined"&&typeof response.message!=="undefined"){if(response.success){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed success" role="alert">'+response.message+"</div>");if($input.prop("checked")){$form.parents(".hmwp_feature:last").removeClass("bg-light").addClass("active")}else{$form.parents(".hmwp_feature:last").removeClass("active").addClass("bg-light")}unsaved=false}else{$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+response.message+"</div>")}}setTimeout(function(){$(".hmwp_notice").remove()},5e3)}).error(function(){$("body").prepend('<div class="text-center hmwp_notice hmwp_notice_fixed danger" role="alert">'+ajaxerror+"</div>");setTimeout(function(){$(".hmwp_notice").remove()},5e3)})});$this.find("form").on("submit",function(){unsaved=false});window.onbeforeunload=function(e){e=e||window.event;if(unsaved){if(e){e.returnValue="You have unsaved changes."}return"You have unsaved changes."}}};$("#hmwp_wrap").ready(function(){$(this).hmwp_settingsListen();$(this).hmwp_securityCheckListen()})})(jQuery);