WP Hide & Security Enhancer

Wordpress Plugin
Download latest - 1.9.3



Download Stats

Today 546
Yesterday 678
Last Week 3,410
All Time 195,589
Banner 772x250

WP-Hide has launched the easiest way to completely hide your WordPress core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.

No file and directory change! No file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.

Real hide of WordPress core files and plugins The plugin not only allows you to change default URLs of you WordPress, but it also hides/blocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.

You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.

[vimeo http://vimeo.com/185046480]

Full plugin documentation available at WordPress Hide and Security Enhancer Documentation

When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.

Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin. Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites. Over 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking boots attacks useless.

It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.

Once configured, you need to clear server cache data and/or any cache plugins (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.

Sample usage [vimeo https://vimeo.com/192011678]

Main plugin functionality:

  • Customizes Admin URL
  • Blocks default admin URL
  • Blocks any direct folder access to completely hide the structure
  • Customize wp-login.php filename
  • Blocks default wp-login.php
  • Blocks default wp-signup.php
  • Blocks XML-RPC API
  • Creates New XML-RPC paths
  • Adjusts theme URL
  • Creates New child Theme URL
  • Changes theme style file name
  • Cleans any headers for theme style file
  • Customizes wp-include
  • Blocks default wp-include paths
  • Blocks default wp-content
  • Customizes plugins URL
  • Changes Individual plugin URL
  • Blocks default plugins paths
  • Creates New upload URL
  • Blocks default upload URL
  • Removes WordPress version
  • Blocks Meta Generator
  • Disables the emoji and required javascript code
  • Removes pingback tag
  • Removes wlwmanifest Meta
  • Removes rsd_link Meta
  • Removes wpemoji
  • Minifies Html, Css, JavaScript

  • Security Headers

and many more.

No other plugin functionality will be blocked or interfered in any way by WP-Hide

This plugin allows to change the default Admin URL from wp-login.php and wp-admin to something else. All original links turn the default theme to 404 Not Found page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.

Important: Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to404 error page for all blocked URL functionalities, without revealing the link existence at all.

Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com/wp-content/plugins/woocommerce/ into domain.com/ecommerce/cdn/ or anything customized.

Plugin Sections

**Hide -> Scan

  • Exhaustive system security examination with analysis and improvements guidance and fixes

Hide -> Rewrite > Theme

  • New Theme Path Changes default theme path
  • New Style File Path Changes default style file name and path
  • Remove description header from Style file Replaces any WordPress metadata information (like theme name, version etc.,) from style file
  • Child New Theme Path Changes default child theme path
  • Child New Style File Path Changes child theme style-sheet file path and name
  • Child Remove description header from Style file Replaces any WordPress metadata information (like theme name, version etc.,) from style file

Hide -> Rewrite > WP includes

  • New Include Path Changes default wp-include path/URL
  • Block wp-include URL Blocks default wp-include URL

Hide -> Rewrite > WP content

  • New Content Path Change default wp-content path/URL
  • Block wp-content URL Blocks the default content URL

Hide -> Rewrite > Plugins

  • New Plugin Path Changes default wp-content/plugins path/URL
  • Block plugin URL Blocks default wp-content/plugins URL
  • New path / URL for Every Active Plugin
  • Customize path and name for any active plugins

Hide -> Rewrite > Uploads

  • New Upload Path Changes default media files path/URL
  • Block upload URL Blocks default media files URL

Hide -> Rewrite > Comments

  • New wp-comments-post.php Path
  • Block wp-comments-post.php

Hide -> Rewrite > Author

  • New Author Path
  • Block default path

Hide -> Rewrite > Search

  • New Search Path
  • Block default path

Hide -> Rewrite > XML-RPC

  • New XML-RPC Path Changes default XML-RPC path / URL
  • Block default xmlrpc.php Blocks default XML-RPC URL
  • Disable XML-RPC authentication Filters whether XML-RPC methods require authentication
  • Remove pingback Removes pingback link tag from theme

Hide -> Rewrite > JSON REST

  • Clean the REST API response
  • Disable JSON REST V1 service Disables an API service for WordPress which is active by default
  • Disable JSON REST V2 service Disables an API service for WordPress which is active by default
  • Block any JSON REST calls Any call for JSON REST API service will be blocked
  • Disable output the REST API link tag into page header
  • Disable JSON REST WP RSD endpoint from XML-RPC responses
  • Disable Sends a Link header for the REST API

Hide -> Rewrite > Root Files

  • Block license.txt Blocks access to license.txt root file
  • Block readme.html Blocks access to readme.html root file
  • Block wp-activate.php Blocks access to wp-activate.php file
  • Block wp-cron.php Blocks outside access to wp-cron.php file
  • Block wp-signup.php Blocks default wp-signup.php file
  • Block other wp-*.php files Blocks other wp-.php files within WordPress Root

Hide -> Rewrite > URL Slash

  • URLs add Slash Add a slash to any links without it. This disguisesthe existence of a file, folder or a wrong URL, which will all be slashed.

Hide -> General / Html > Meta

  • Remove WordPress Generator Meta
  • Remove Other Generator Meta
  • Remove Shortlink Meta
  • Remove DNS Prefetch
  • Remove Resource Hints
  • Remove wlwmanifest Meta
  • Remove feed_links Meta
  • Disable output the REST API link tag into page header
  • Remove rsd_link Meta
  • Remove adjacent_posts_rel Meta
  • Remove profile link
  • Remove canonical link

Hide -> General / Emulate CMS

  • Emulate CMS

Hide -> General / Html > Admin Bar

  • Remove WordPress Admin Bar for specified urser roles

Hide -> General / Feed

  • Remove feed|rdf|rss|rss2|atom links

Hide -> General / Robots.txt

  • Disable admin URL within Robots.txt

Hide -> General / Html > Emoji

  • Disable Emoji
  • Disable TinyMC Emoji

Hide -> General / Html > Styles

  • Remove Version
  • Remove ID from link tags

Hide -> General / Html > Scripts

  • Remove Version

Hide -> General / Html > Oembed

  • Remove Oembed

Hide -> General / Html > Headers

  • Remove Link Header
  • Remove X-Powered-By Header
  • Remove Server Header
  • Remove X-Pingback Header

Hide -> General / Html > HTML

  • Remove HTML Comments
  • Minify Html, CSS, JavaScript
  • Remove general classes from body tag
  • Remove ID from Menu items
  • Remove class from Menu items
  • Remove general classes from post
  • Remove general classes from images

Hide -> General / Html > User Interactions * Disable Mouse right click * Disable Text Selection * Disable Copy / Paste * Disable Print * Disable Print Screen * Disable Developer Tools * Disable View Source * Disable Drag / Drop

Hide -> Admin > wp-login.php

  • New wp-login.php Maps a new wp-login.php instead of the default one
  • Block default wp-login.php Blocks default wp-login.php file from being accessible

Hide -> Admin > Admin URL

  • New Admin URL Creates a new admin URL instead of the default /wp-admin. This also applies for admin-ajax.php calls
  • Block default Admin Url Blocks default admin URL and files from being accessible

Settings -> CDN

  • CDN Url Sets-up CDN if applied. Some providers replace site assets with custom URLs.

Security -> Headers HTTP Response Headers are a powerful tool to Harden Your Website Security. * Cross-Origin-Embedder-Policy (COEP) * Cross-Origin-Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * X-Content-Type-Options * X-Download-Options * X-Frame-Options (XFO) * X-Permitted-Cross-Domain-Policies * X-XSS-Protection

This free version works with Apache and IIS server types. For all server types, check with WP Hide PRO

This is a basic version that can hide everything for basic sites, example https://demo.wp-hide.com/. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.

Anything wrong with this plugin on your site? Just use the forum or get in touch with us at Contact and we'll check it out.

A website example can be found at https://demo.wp-hide.com/ or our website WP Hide and Security Enhancer

Plugin homepage at WordPress Hide and Security Enhancer

This plugin is developed by Nsp-Code

Releases (117 )

Version Release Date Change Log
1.9.3 2022-12-02
  • Add additional description for potentially dangerous files found within WordPress root.
  • Typo fix for "Dangerous Files"
  • Fix: Tipsy JavaScript error
  • Fix: Undefined variable $site_score within render_overview()
  • Fix: Divided by zero when calculating the overall scan progress
  • Fix: Wrong remote_html variable
1.9.1 2022-11-29
  • New feature - Security Scan.
  • Security Scan dashboard widget
  • Inform on possible LiteSpeed service restart if use such system.
  • Check if HTTP_USER_AGENT environment variable exists before making comparison.
  • Fix Oxigen compatibility when using the HTML Minify.
  • Fix: Cache Enable static call.
1.8.8 2022-11-09
  • New component Headers -> Remove Server Header.
  • Prevent output of "document.addEventListener" unless an user-interaction option is active.
  • Add X-XSS-Protection into the headers list, to avoid reporting as not used as security header.
  • Code Improvements and clean-up.
  • PO language file update.
1.8.6 2022-10-27
  • Ignore the "Disable Developer Tools" on iPhone
  • WordPress 6.1 compatibility tag
  • Fix: Security headers progress comparison step.
  • Slight css changes
1.8.5 2022-10-18
  • Improved Disable Developer Tools feature, by returning an empty page.
  • W3 Total Cache - implements support for Push CDN and custom folders
  • Compatibility fix with JCH Optimize.
  • Ignore invalid SSL certificate when testing rewrites, to allow local instances.
  • Fix: static to public functions for a2-optimized compatibility class.
  • Fix: use preg_match to ensure the HTML data is valid and avoid faulty code with multiple head tags.
  • Slight text changes within some options, for better explanations.
1.8.3 2022-09-28
  • New options interface - User Interactions: Disable Mouse right click, Disable Text Selection, Disable Copy / Paste, Disable Print, Disable Print Screen, Disable Developer Tools, Disable View Source, Disable Drag / Drop
  • Better accessibility for additional details regarding each of the options.
  • Improved progress score calculation for Headers.
  • A2 Optimized WP - compatibility fix.
  • WordPress 6.0.2 tag compatibility update
  • Fix CDN option external help page URL.
1.8.1 2022-08-17
  • Improved server environment rewrite test checking routines.
  • Separate rewrite tests for static files and PHP files. This avoids reporting issues for servers not supporting rewrites for php-files.
1.8 2022-07-26
  • Add a new button to reset the current page options.
  • Use regex to sanitize the URL arguments
  • Relocated the Reset All Settings button to the bottom of the interface.
  • Compatibility for Super Page Cache for Cloudflare
  • Slight layout improvements and changes.
  • WordPress 6.0.1 compatibilit tag 2022-06-11
  • Change the advanced_notice class within the interfaces to avoid issues caused by 3rd theme.
  • Do not remove comments when json request
  • WordPress 6.0 compatibilit tag
1.7.9 2022-05-23

Always keep plugin up to date. 2022-05-23
  • When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
  • Check if set headers are actually passed-through on the front side, as some servers may block that.
  • Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active
1.7.8 2022-04-13
  • New Security Functionality - Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
  • Security Headers - Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.
  • Security Headers - Protection Level graph
  • Security Headers - Sample Setup
  • Security Headers - Recovery functionality
  • Styles and layout improvements
  • Code clean-up
  • Fix: Append URL arguments to login URL, if exists
1.7.6 2022-01-25
  • Run on revision posts, to match URLs and revert to default WordPress ( e.g. when using Gutenberg editor )
  • Require a .php for the customization of the default wp-login.php to avoid cookie issues on password change area.
  • WooCommerce 5.9 compatibility check and tag.
1.7.4 2021-12-31

Always keep plugin up to date.

1.7.3 2021-12-23
  • New functionality, block wp-json for everyone or non-logged-in users.
  • Fix Emulate CMS documentation url.
  • Removed Twitter share.
1.7.1 2021-12-16
  • New plugin feature: Emulate CMS
  • Update PO language file
  • Skip comment removal when admin dashboard.
  • Fix: Ignore comment removal when Gutenberg JSON call for blocks, to avoid formatting issues.
1.6.4 2021-11-18
  • Ensure compatibility with PHP 8.0
  • Update PO language file
  • Update documentation URLs within the plugin interfaces, with the non-www domain wp-hide.com 2021-08-20
  • Include the "Clean the REST API response" within Sample Setup. 2021-08-17
  • New option for JSON REST module - "Clean the REST API response"
  • Relocated Feed tab to Rewrite module 2021-07-26
  • Output the help title only if there's an help section available through the module settings
  • Fix undefined $found_issues
  • WordPress 5.8 compatibility tag 2021-04-26
  • Add dashboard and cpanel to system reserved to avoid permalinks conflicts
  • LiteSpeed Cache compatibility update
  • WP-Optimize compatibility update 2021-03-23
  • Update compatibility file for TranslatePress - Multilingual 2021-03-23
  • Fix attachment_url_to_postid
  • Fix undefined get_metadata_raw 2021-03-20
  • Confirmation page for Recovery link
  • Use home_url() instead site_url() for recovery links to ensure the format is correct for WordPress instances using own directory
  • Trigger the login URL change e-mail at shutdown instead init
  • Compatibility with TranslatePress - Multilingual
  • Fix undefined notice
  • Fix meta Uncaught TypeError: count(): Argument
  • Slight code improvements 2021-03-17
  • Improved description for Test Rewrite procedure, when the server fails to provide a valid response, rewrite engine is not active or the custom urls are not allowd.
  • Fixed Undefined Property Notice
1.6.3 2021-03-17
  • Server Environment Check to ensure there are no rewrite issues and the plugin can be safely deployed.
  • Interactive feedback with hints and explanations for environment issues.
  • Improved UI
  • Clear fusion cache when plugin options changed if avada active
  • Fix New Search Path replacement to include an end slash, to avoid catch wrong urls
  • Check and tag for WordPress 5.7 2021-01-11
  • Reverse URLs when saving a options, to avoid custom urls to be writted within the database.
  • Check if string before making a replacement on metadata
  • Compatibility file for Oxigen editor, when using Signatures
  • Simple Firewall compatibility file update - check if FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller class exists before apply 2021-01-11
  • Reverse URLs when saving a options, to avoid custom urls to be writted within the database. 2020-11-25
  • Update Compatibility file with Oxygen editor, for image with link wrapper
  • WordPress 5.6 compatibility tag update 2020-11-19
  • Compatibility file with Oxygen editor 2020-11-18
  • Fix: Check the replacements for update_post_metadata method on text and array types. 2020-11-18
  • Fix: Check the replacements for update_post_metadata method on text and array types.
1.6.2 2020-11-12
  • Reverse URLs when saving a meta data field, to avoid custom urls to be writted within the database.
  • Trigger a system notice when deployed on MultiSite, as not being compatible.
  • Don't run _init_remove_html_new_lines when AJAX call to avoid front side processing errors.
  • WP Rocket compatibility file updates, to works with combined CSS assets
  • Shield Security compatibility update, to works with version 10 and up.
  • Prevent nottices and errors when attempt to rite on .htaccess file.
  • New filter wph/components/wp_oembed_add_discovery_links to allow disabling the Remove Oembed - wp_oembed_add_discovery_links
  • New filter wph/components/wp_oembed_add_host_js to allow disabling the Remove Oembed - wp_oembed_add_host_js
  • New compatibility file for wePOS plugin
  • New compatibility file for Asset CleanUp Pro Page Speed Booster plugin 2020-09-16
  • Compatibility with Hyper Cache
  • Update JSON REST service disable, remove the json_enabled as being deprecated, rely on rest_authentication_errors filter
  • Fix WooCommerce Update Database link when changing the default /wp-admin/ slug
  • Fix password forget return URL
  • Remove callback for Compatibility file for Shield Security within new-admin module 2020-09-09
  • Fix: Remove callback for Compatibility file for Shield Security within custom login module
1.6.1 2020-09-09
  • Compatibility file fix for Shield Security
  • WordPress 5.5.1 compatibility tag 2020-09-07
  • Ignore CDN value check for domain name similitude 2020-08-14
  • LiteSpeed guide on Setup interface
  • New functionality - Disable mouse right click
  • Compatibility file - JobBoardWP
  • Compatibility WP-Optimize - Clean, Compress, Cache
  • WordPress 505 compatibility tag 2020-07-27
  • Avoid using domain name as replacement for any option, or might conclude to wrong replacements within the outputted HTML or wrong reversed urls.
  • Add system reserved words as 'wp', 'admin', 'admin-ajax.php'
  • Slight General code improvements
  • Clean cookie for the new custom slug, if set.
  • Integration with WP-Optimize - Clean, Compress, Cache 2020-07-14
  • WP Job Manager - compatibility update 2020-07-08
  • New Setup interface with helps and hints on how to use the plugin.
  • New Sample Setup, which deploy a basic set-up of plugin options
  • Remove internal wp_mail and rely on WordPress core
  • Improved FAQ area
  • Updated base language file 2020-06-23
  • Purge cache for Fast Velocity Minify plugin, when clearing internal cache
  • Return new admin slug when calling admin_url() and if default admin is customized
  • Use no-protocol when loading the files, to ensure they are being loaded over current domain protocol
  • BuddyPress compatibility file update
  • Elementor compatibility file update
  • ShortPixel Adaptive Images compatibility file update
  • WooCommerce compatibility file update
  • WP Rocket compatibility file update
  • New compatibility file for Fast Velocity Minify
  • New compatibility file for LiteSpeed Cache
  • New compatibility file for Swift Performance
  • New compatibility file for WP Speed of Light
1.6 2020-05-14
  • New filter wp-hide/content_urls_replacement
  • Compatibility with Ultimate Member, user picture upload fix
  • Updated compatibility with W3 Cache, using postprocessorRequire option
  • Fluentform compatibility updates
  • Outputs the whole stack of errors for $wp_filesystem if exists
  • Typo fix in Uploads module 2020-03-10
  • Updated procedure for server type identification
  • Add new type text/plain for filterable content
  • Add server_nginx_config to main class, to be used within other modules
  • Updated rewrite quantifier for IIS from .+ to .*
  • Ignore wp-content block if agent is LiteSpeed-Image 2020-02-11
  • Updated is_filterable_content_type method, return TRUE if no Content-Type header found 2020-01-25
  • Fix "undefined method WPH_functions::get_site_module_saved_value()" when content type is text/xml 2020-01-24
  • Check for filterable buffer content type, before doing replacements, to prevent erroneously changes
  • Update only URLs on XML content type
  • Updated plugin demo site URL on readme file
  • Compatibility update for ShortPixel Image Optimizer plugin
  • Notice possible issue for Cron block on certain servers
1.5.9 2019-12-10
  • New admin interfaces skin.
  • Relocated plugin assets within a different folder for better organisator.
  • Updated mu-loader module
  • Add help and hints for each options for easier understanding.
  • Allow same base slug to be used for individual plugins
  • Updated language file
  • Check if environment file is not available and outputs admin messages
  • Environment class with relocated environment json, to avoid security scanners false reports.
  • Cache Enabler plugin compatibility module
  • WoodMart theme compatibility
  • Compatibility module for WP Smush and WP Smush PRO plugins
  • Add the new filter available for WP Rocket to change css content
  • WebARX compatibility module update
  • W3 Cache module update 2019-09-04

Ensure base slug (e.g. base_slug/slug ) is not being used for another option to prevent rewrite conflicts Return correct home path when using own directory for WordPress and hosting account use the same slug in the path. Relocated get_default_variables() function on a higher priority execution level, to get default system details. Switched Yes / No options selection, to outputs first No then Yes ( more logical )

1.5.8 2019-06-28
  • Add reserved option names to avoid conflicts e.g. wp
  • Always clear any code plugin cache when plugin update
  • Easy Digital Downloads compatibility
  • Elementor plugin compatibility
  • Fusion Builder plugin compatibility
  • Divi theme compatibility updates
  • WP Fastest Cache plugin compatibility updates
  • Check if ob_gzhandler and zlib.output_compression before using 'ob_gzhandler' output buffering handler
1.5.7 2019-05-08
  • Autoptimize css/js cache and minify compatibility
  • Wp Hummingbird and WP Hummingbird PRO assets cache compatibility 2019-04-24
  • New functionality: Remove Link Header 2019-04-18
  • Fix: Call for invalid method WP_Error::has_errors()
  • Fix: Attempt to clear Opcache if API not being restricted 2019-04-16
  • Allow internal cron jobs to run even if wp-cron.php is blocked.
  • Check with wp_filesystem for any errors and output the messages, before attempt to write any content
  • Trigger site cache clear on settings changed or code update
  • Slight css updates
  • Mark block option in red text for better visibility and user awareness 2019-04-09
  • Fix: remove javascript comments produce worng replacements on specific format. 2019-04-08
  • Use curent site prefix when retreiving 'user_roles'
1.5.6 2019-04-08
  • Fix BBPress menus by calling directly the wp_user_roles option ratter get_roles()
  • Replace comments within inline JavaScript code when Remove Comments active
  • Possible login conflict notices when using WebArx, WPS Hide Login
  • New action wp-hide/admin_notices when plugin admin notices
  • Return updated url when calling admin_url instead replaced when buffer outputs to ensure compatibility with specific plugins 2019-03-15
  • Compatibility module for ShortPixel Adaptive Image plugin
  • Add support for texarea fields within plugin options interface
  • Fixed urls for minified files when using WP Rocket cache plugin 2019-02-23
  • Filter remove fix 2019-02-18
  • Fix log-in page when using Wp Rocket cache 2019-02-12
  • Fix admin dashboard replacements when using Wp Rocket cache 2019-02-11
  • Fix Wp Rocket cache when using Minify and Concatenation
  • New functionality - Remove Admin Bar for specified roles
  • Module block structure extend to support 'callback_arguments' to passThrough additional data to processing function
  • Redirect the default non-pretty-url search url to customized one
1.5.5 2019-01-29
  • New component: Rewrite Author
  • New component: Rewrite Search
  • Show recovery link on top of page to ensure everyone can save the link to use if something goe wrong.
  • Send recovery code to site admin e-mail
  • Minor Code adjustments
  • Send new login url to site admin e-mail, to ensure user can recover access to dashboard if forget new slug
  • Removed unused methods within WPH_module_rewrite_new_include_path component 2019-01-18
  • Fix: Undefined method for WooCommerce compatibility module 2018-12-29
  • Allow rewrite for images within admin, as being reversed to default when saving the post
1.5.4 2018-12-28
  • Compatibility re-structure, use a general module
  • Compatibility fix for Shield Security wp-simple-firewall
  • Removed the upload_dir filtering as produce some issues on specific environment, possible incompatibilities will be post-processed within General compatibility module
  • Filter the post content on save_post action, to reverse any custom slugs like media urls, to preserve backward compatibility, in case plugin disable
  • Ensure wp-simple-firewall run once when called from multiple components
  • Update for Rewrite Slash component, use a rewrite conditional to ensure the code is not trigger for POST method 2018-12-11
  • Fix JSON encoded urls when using SSL
1.5.3 2018-12-10
  • Remove relative_domain_url_replacements_ssl_sq and relative_domain_urlreplacementsssl_dq replacements for buffer as being integrated to other variables
  • Relocated upload_dir() to general functions.php to catch new content and uploads slugs.
  • Use full domain url for new wp-admin slug, instead relative to avoid wrong replacements for 3rd urls
  • Use full domain url for new wp-login.php, instead relative to avoid wrong replacements for 3rd urls
  • Typos fix for CDN texts
  • Additional description for "Block any JSON REST calls" option to prevent Gutenberg block
  • Updated rewrite for URL Slash to include a second conditional, to not trigger on POST calls 2018-11-15
  • Add trailingslashit to plugins slug to be used for replacements to avoid wrong (partial) slug changes 2018-11-15
  • Fixed upload rewrite by using default_variables['upload_url']
  • WordPrss 5.0 compatibility check
1.5.2 2018-11-14
  • Updated po language file
  • CDN support when using custom urls
  • Moved the action replacement for wp_redirect_admin_locations at init_adminurl()
  • Trigger the action replacement for wp_redirect_admin_locations only if new admin slug exists
  • Preserve absolute paths when doing relative replacements
  • Populate upload_dir() data with new url if apply
  • When doing reset, empty all options before fill in existing with default to ensure deprecated data is not being held anymore 2018-07-05
  • Do not redirect to new admin url unless rewrite_rules_applied()
  • Generate no rewrite rules if there's no options / reset
  • Removed any passed through variables when calling the do_action('wph/settings_changed') as the function can take no argument.
  • Re-generate a new write_check_string on settings change to ensure if no .htacccess / web.config file is writable, it trigger correct error and flag the disable_filters variable.
  • Use inline JS code confirmation for Reset Settings, in case the separate JavaScript file is not loaded caused by an rewrite issue.
  • Reset confirmation message update to better inform the admin upon the procedure to follow.
  • WPEngine environment check, as they do not support Apache rewrite out of the box
  • Strip off protocol and any www prefix for site_url and home_url to ensure accurate comparing
  • Fixed redirect url when saving the options and WordPress deployed in subfolder
  • Fixed redirect url when reset all options and WordPress deployed in subfolder
  • Improved compatibility for WordPress subfolder install
  • Fixed some rewrite lines when WordPress installed in a path and subfolder
  • Replaced the internal variable permalinks_not_applied to more intuitive custom_permalinks_applied
  • Restart the buffering if flushed out, mainly used for footer when updating plugins and themes
  • Add textdomain for multiple untranslated texts
  • Updated PO language file
  • Fixed textdomain for couple texts
  • Add text to textdomain 2018-04-26
  • Updated MU Loader, if there's no plugin active avoid to receive any notice.
  • Allow new wp-login.php
  • PRO version available
  • Check if there's a 'message' key for arguments set through wp_mail filter
  • Updated po language file
1.4.9 2018-04-26
  • Updated MU Loader, if there's no plugin active avoid to receive any notice.
  • Allow new wp-login.php
  • PRO version available
  • Check if there's a 'message' key for arguments set through wp_mail filter 2018-03-09
  • WPML compatibility when use different domains for each language
  • Replaced google social as it produced some JavaScript errors.
  • Do not apply the admin/login replacements if permalinks where not applied.
  • Language Po file update
  • Minify replaces 'Remove new line carriage'
  • Minify Html, Css, JavaScript
  • Options for Minify to compress different components
  • Fixed conflict with Shield Security 2018-01-08
  • PHP 7.2 compatibility
  • Replaced trilingslashit from the end of template url to improve compatibility with urls (e.g. JavaScript variables) which does not include an ending slash. 2017-12-04
  • WooCommerce downloadables fix when using custom slug for uploads
  • Include support for admin_url() along with admin-ajax.php
  • Fixed redirect link after user register.
  • Use get_rewrite_base and get_rewrite_to_base for all modules to apply correct site path and any WordPress subdirectory install
  • WordPress subdirectory install compatibility fix
  • Improved router file processor for WordPress subdirectory installs
1.4.7 2017-10-06
  • Rewrite changes for many components
  • Rewrite update for admin and login url
  • Typos fix
  • Compatibility for diferent environments, when WordPress deployed in a domain root, a subdirectory, or it's own folder https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory 2017-10-01
  • Fixed rewrite ens slashes for wp-login.php and wp-admin components 2017-09-29
  • Fixed hardcoded wp-register.php within rewrite - root files component
  • Updated components to rewrite_base / rewrite_to system
  • Improved components: Rewrite - WP Includes, Rewrite - WP Content, Rewrite - Plugins, Rewrite - Uploads, Rewrite - Comments, Rewrite - Root Files, Admin - wp-login.php, Admin - Admin Url
  • Typo fix environemnt to environment
  • New Component - Remove Shortlink Meta
  • New Component - Remove new line carriage
  • Apply relative paths change on styles only if main theme / child theme rewrite slug is not empty
  • Improved interface errors and warnings transient structure
  • Use ABSPATH and Environemnt data to create file path for file processing, instead just ABSPATH, for better compatibility 2017-08-26
  • Prevent the wp-register.php redirect to new login page when using block
  • Prepare plugin for Composer package
  • URL Slash description update
  • xml_rpc_path add php_extension_required validation
  • File processor use ABSPATH instead DOCUMENT_ROOT environment variable to avoid different paths on certain systems
  • Allow path structure to be used for New Theme Path and Child - New Theme Path 2017-06-13
  • Media Galery src images fix
  • Use separate variables for holding replacements to avoid key overwrite
1.4.5 2017-06-09
  • Add replacements for urls which does not contain explicit protocol e.g. http: or https:
  • Avada cache URLs replacements support
  • Fix processing_order for specific root files
  • Ignore wp-register.php when blocking other wp-* files
  • Fixed wp-register.php block
  • Check for replacements on url encoded links
  • Show message notices on General/HTML -> Html for options which may interfere with themes.
  • sanitize_file_path_name fix when slug include a file type extension
  • Prevent redirect to new url when accessing links through www
  • New component Feeds
  • Windows - Global file process rewrite rules update 2017-04-03
  • If no server type identification possible, try to check for .htaccess file
  • Improved .htaccess search mod, Use preg_grep for identify the begin and end of WordPress rules
  • Output notice when no supported server was found
  • Use separate block of rules for .htaccess file, outside of WordPress lines
  • Improved server htaccess support check
  • Moved WPH_CACHE_PATH constant declaration from mu loader to wph class
  • Use shutdown hock instead wp_loaded when plugin inline updated
  • Use FS_CHMOD_FILE for $wp_filesystem->put_contents 2017-03-29
  • Fixed default wp-content block
  • Updated compatibility with WP Fastest Cache
  • Fixed wp-content replacement 2017-03-28
  • Replace the file-process file remove update
1.4.4 2017-03-28
  • New component : Robots.txt to control the outputed data
  • Check if any environment variable has changed before Update static environment file
  • Improved Default constants map
  • File-processing check WordPress wp-load.php down the path, for custom install directory.
  • Templates style clean
  • Use cache for cleaned styles files
  • Set HTTP_MOD_REWRITE environment variable through mod_rewrite
  • Separate rewrite rules from Wordpress and use distinct block with specific marker
  • Add relative .htaccess file manipulation to avoid accessing permissions when WordPress installed within a subfolder.
  • Updated .po language file
1.4.3 2017-02-18
  • Tags update
1.4.2 2017-02-17
  • Replaced "Remove description header from Style file" and "Child - Remove description header from Style file" functionality
1.4.1 2017-02-17
  • Security improvments
1.4 2017-02-16
  • Fix: Allow only css files to be processed through the router to prevent other types from being displayed arbitrary.
  • Mu-loader updated version
  • Environment allowed path to limit css files processing
  • Include _get_plugin_data_markup_translate ratter WordPress method
  • Fix: replacement_exists returned wrong response since not using priority keys
  • Fix: Add media replacement, use correct replacement_exists function call
  • Router check for client HTTP_ACCEPT_ENCODING type to start ob_start using ob_gzhandler or not.
  • Update urls dynamically within stylesheets files e.g. include '../theme-name'
  • Use trailingslashit for theme / child new urls to make sure it match full url instead partial theme name (e.g. main-theme and main-theme-child)
  • Block wp-register.php
  • get_home_path rely on DIRECTORY_SEPARATOR for better compatibility
  • Check if plugin slug actually exists within all plugins list on re_plugin_path component 2017-01-18
  • Fix: Use of undefined constant WPH_VERSION 2017-01-17
  • fix: Child theme settings not showing up
  • Use register_theme_directory if empty $wp_theme_directories
  • Plugin Options validation improvements for unique slug
1.3.9 2017-01-16
  • General / Html > Meta -> new option Remove DNS Prefetch
  • New component - Comments
  • Fix: Updated admin urls on plugin / theme / core update page
  • fix: WP Rocket url replacements for non cached pages
  • Regex patterns updates for better performance and compatibility
  • Fix: WP Rocket - support HTML Optimization, including Inline CSS and Inline JS 2017-01-13
  • Fix - Create mu-plugins folder if not exists
1.3.8 2017-01-12
  • WP Rocket plugin compatibility module
  • Plugin loader component through mu-plugins for earlier processing and environment manage
  • Fix: Plugins Update iframe styles src
  • Fix: WordPress Core Update redirect url
  • WP Fastest Cache plug in compatibility improvements
1.3.7 2016-11-17
  • Sanitize Admin Url for not using extension (e.g. .php) as it confuse the server upon the headers to sent
  • Fix: replacements links when using custom directory for WordPress core files
  • Fix: child theme path fix when changing style filename
  • New Theme Path - help resource link fix
  • Changed from DOMDocument to preg_replace for better compatibility with themes and plugins
  • Improved execution speed 2016-10-12
  • Fixed PHP Notice: Undefined variable: dom 2016-10-12
  • W3 Total Cache - Page Cache compatibility fix
  • Canonical tag replacement improvements
  • Pingback tag replacement improvements
  • Fix custom Background Images for body on themes which support that feature
1.3.6 2016-10-08
  • Post-process on options interface save for unique slugs on any text inputs to prevent conflicts.
  • Processing Order change for new_theme_child_path to occur before new_theme_path
  • New COmponent General -> Oembed
  • Remove Oembed tags from header
  • Remove Remove Resource Hints tags from header
  • rewrite rules update to match only non base, from (.*) to (.+)
  • wph-throw-404 improvements
  • BuddyPress conflict handle for uploaded gravatars
  • Admin Style changes
  • BuddyPress Conflict Class handler
  • Separate WordPress meta Generator and Other Meta Generator
  • Process Location value within sent Headers list if exists
  • Replacements for https and http urls relative to domain
  • Add replacements for relative paths to cover WordPress installs within a folder.
  • Use untralingslashit when creating theme and child theme url replacements
  • Fix for Call to a member function is_404() on a non-object within wp_redirect 2016-08-23
  • Fix the Remove general classes from images component when within admin dashboard
1.3.5 2016-08-22
  • New component element : Remove general classes from body tag
  • New component element : Remove general classes from post
  • New component element : Remove general classes from images
  • New component: JSON REST
  • Disable JSON REST V1 service
  • Disable JSON REST V2 service
  • Block any JSON REST calls
  • Disable output the REST API link tag into page header
  • Disable JSON REST WP RSD endpoint from XML-RPC responses
  • Disable Sends a Link header for the REST API
  • Improved Styles and Scripts version remove
  • Speed improvements
  • Set Last-Modified header attribute for routed files
  • Moved the plugins custom paths from 'plugins_url' filter to class init to allow replacements to occur when HTML has been created.
  • Removed 'admin_url' and 'wp_default_scripts' filters to allow replacement at the end, within the buffer
  • Updated PO / MO translation files
1.3.4 2016-07-13
  • Improved replacement code for Uploads, when "Block uploads URL" is set for "No" it use default media urls within the admin editor, to ensure links are still functional if plugin is disabled.
  • Priority (high, normal, low) for replacement urls
  • Replacement Urls for gziped buffer
  • Fix rule name for child_style_file_clean on web.config IIS
  • bbPress Compatibility
  • BuddyPress Compatibility
  • Prevent replacements on wp_redirect filter if is_404()
  • Updated PO / MO translation files
  • Removed in line components filters which changed the urls, leave for end buffering to make all changes.
  • Fix for mod_rewrite line on child theme when router is turned Off, append the default style.css filename
  • Improvements for Templates default variables to match customized themes like Sage
  • Compatibility fix for Super Cache plugin ob callback
  • Add IfModule mod_env.c before set nSetEnv HTTP_MOD_REWRITE On to prevent server internal error in case mod_env module is not available
  • Check for Empty $saved_field_data within new plugin path component, to avoid creating rewrite rule if empty and existent path
  • Improved get_home_path()
  • Replacements for Relative URL's 2016-06-25
  • DOMDocument encoding fix for "Remove the autogenerated meta generator" 2016-06-24
  • DOMDocument encoding fix for remove styles links attribute
1.3.3 2016-06-24
  • Improve Remove Generator Meta - Use DOMDocument to remove any meta generator tag
  • New Component Item - Remove X-Pingback Header
  • New functionality, Remove ID from Menu items, Remove class from Menu items
  • Add short default replacement for wp-login.php
  • Filter all email content (message argument) through wp_mail for any require replacements
  • New action wp-hide/add_default_replacements
  • New functionality - Remove ID attribute from all link tags which include a stylesheet.
  • Separate tabs for Styles and Scripts
  • Update engine improvements
  • Fix for apache_mod_loaded function not being loaded on plugin update
  • Replace spaces within paths for theme rewrite component
1.3.1 2016-06-11
  • Moved the Disable XML-RPC authentication within Rewrite -> XML-RPC
  • HTML Comments strip out will trigger only on front side, no need for admin
  • wp-cron.php block / allow access new setting
  • New style file name now include default / new theme path to avoid 404 resource loading when using internally relative urls.
  • Modules Menu order fix
  • Writable check notification improvements for htaccess / web.config file
  • Alternative request headers when apache_response_headers for LEMP / PHP-FPM
  • IIS windows server type compatibility
  • Rewrite rules for IIS servers with web.config set-up
  • apache_response_headers and headers_list PHP functions check if available within the server
  • Code Version add and updater class structure update
  • WriteCheckString check fix when .htaccess not exists
  • Remove description header from Style file
  • Router Engine - files post-processing
  • Separate theme, style, style proxy setting for parent and child
1.2.9 2016-05-17
  • Load plugin styles and scripts only when one of plugin admin menus
  • Use default_value when input field is empty
  • Reset All Settings button for reverting all options to default
  • Fix - double slash in plugin path when usee plugins_url filter
  • Individual plugins path processing before general plugin path
  • New component - URL Slash
  • Update - New Style File Path - apply when theme path already changed
  • Fix: Plugins path module, check if $path variable is not "/" instead empty
  • Default add backslash rule rule, check if not redirect to prevent infinite loops
1.2.6 2016-04-23
  • New Component - HTML Comments replace
  • New Component - Headers
  • Conflict Handle with W3 Cache plugin when pagecache is active
  • W3 Cache plugin buffer use when active
  • Show notice when rules could not be delivered to htaccess file
  • Disable include filters and leave the buffering urls replacements to allow other plug ins to use default urls for compatibility purpose(e.g. W3-Cache Minify)
  • Fix: plugin folder / textdomain change
  • Early Buffering start, before any other code
  • Recovery link code functionality improvements
  • New wp-comments-post.php Path
  • Fix: Decrease the processing order index for wp-content module to allow others to run earlier than wp-content
  • Add mod_rewrite rules monitor system
  • Check if the mod_rewrite rules where successfully written to .htaccess file or disable any component run
1.2.2 2016-04-01
  • New Content Path
  • New Component : Root Files
  • Block license.txt
  • Block readme.html
  • Block wp-activate.php
  • Block wp-signup.php
  • Block other wp-*.php files
  • licence.txt and readme.html block
  • PO translations update
1.2 2016-03-22
  • New Feature Change individual plugin url path
  • Admin layout improvments
  • Fix for Admin canonical filter remove if remove canonical option set
  • PO translations update
  • Translation
1.1.7 2016-03-03
  • Remove profile link meta tag within head.
  • Remove canonical link meta tag within head
  • New XML-RPC Path
  • Block default xmlrpc.php
  • Remove pingback tag
  • Recovery link for default wp-login.php and admin urls
  • Css changes and warning messages update
  • PO translations update
  • TinyMCE emojicons callback fix
1.1.2 2016-02-26
  • Add a custom url for login_url filter
  • Better description and warning for wp-login.php change
  • Add default replacement for uploads
  • conflict handle - Security Firewall (WordPress Security Firewall) > Login Protection > Rename WP Login Page functionality
  • wp-includes block when not logged-in
  • wp-content block when not logged-in
  • readme update
1.1 2016-02-11
  • Po / Mo localisation files update
  • Update class to process the further structure changes and current components fields name change.
  • New Component : Wp-content folder access block
  • New Component : Block default wp-signup.php file from being accesible.
  • Fix: New admin url save when permalinks disable. keep on default admin url instead redirect.
  • Rewrite Default mod_rewrite code, append slashes to all urls to avoid actual directory reveal
  • Send e-mail notification when admin e-mail change, to prevent url forget / lose
  • New Component Disable Emoji
  • New Component Disable TinyMC Emoji
  • Structure change on the modules, split into chunks called components
  • Code Clean-up
  • Set processing order for component settings to allow mod_rewrite rules placement at certain position related to another line
  • Improved Template dir when child theme is active
  • Allow parent theme / child theme rewrite
  • mod_rewrite change for 404 error, set for WordPress internal 404 error page instead default server
1.0.4 2016-01-15
  • Text Domain fix from wp-hide to wp-hide-security-enhancer
1.0.3 2016-01-15
  • Certain sections improvments and code redo
  • Admin module cleanup
  • removed block for wp-include
  • Removed router functionality
  • Created Change relative urls within load-style block, load the tyles on a separate file to change the links
1.0 2015-12-09
  • Initial release.