WP Hide & Security Enhancer

Version Description

Remove profile link meta tag within head.
Remove canonical link meta tag within head
New XML-RPC Path
Block default xmlrpc.php
Remove pingback tag
Recovery link for default wp-login.php and admin urls
Css changes and warning messages update
PO translations update
TinyMCE emojicons callback fix

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.1.7
Comparing to
See all releases

Code changes from version 1.1.2 to 1.1.7

Files changed (14) hide show

css/wph.css +10 -3
include/admin-interface.class.php +17 -1
include/functions.class.php +100 -1
include/wph.class.php +5 -4
languages/wp-hide-security-enhancer.mo +0 -0
languages/wp-hide-security-enhancer.po +94 -35
modules/components/admin-admin_url.php +6 -2
modules/components/admin-new_wp_login_php.php +7 -4
modules/components/general-meta.php +75 -0
modules/components/general-wpemoji.php +1 -1
modules/components/rewrite-new_xml-rpc-path.php +124 -0
modules/module-rewrite.php +3 -0
readme.txt +18 -2
wp-hide.php +3 -1

css/wph.css CHANGED Viewed

	@@ -14,6 +14,7 @@ table.wph_input tbody tr:first-child td,
14	table.wph_input tbody tr:first-child td.label { border-top: 0 none;}
15	table.wph_input tbody tr td.data { padding-bottom: 20px;}
16	table.wph_input tbody tr td.data p.description {font-size: 14px}

17
18	table.inner_table tbody tr td {padding-bottom: 12px}
19	.inner_table .description {margin-bottom: 3px; font-style: normal;}
	@@ -32,9 +33,15 @@ table.wph_input tbody tr td.param {width: 50%}
32	table .select.multiple {height: 82px}
33	table.wph_input tbody tr td h4 {margin: 0px; padding-bottom: 6px}
34	table.wph_input tbody tr td h5 {font-size: 12px; font-weight: normal; margin: 0; padding-bottom: 6px; padding-top: 10px;}
35	- table.wph_input tbody tr td.label label{ display: block; font-size: 13px; font-weight: bold; padding: 0; margin: 0; color: #333; }
36	- table.wph_input tbody tr td.label p{ display: block; font-size: 12px; padding: 6px 0 !important; margin: 0 !important; font-style: normal; line-height: 16px; color: #AAA;}
37	- table.wph_input tbody tr td.label p .important {color: ~~red~~}






38	table.wph_input tbody tr.submit td {background-color: #F9F9F9; text-align: right}
39	table.wph_input tbody tr.submit td.label {border-right: 1px solid #F9F9F9}
40	table.wph_input input[type=text],table.wph_input textarea,table.wph_input select{ width: 99.95%; outline: none;}


14	table.wph_input tbody tr:first-child td.label { border-top: 0 none;}
15	table.wph_input tbody tr td.data { padding-bottom: 20px;}
16	table.wph_input tbody tr td.data p.description {font-size: 14px}
17	+ table.wph_input .dashicons {overflow: hidden}
18
19	table.inner_table tbody tr td {padding-bottom: 12px}
20	.inner_table .description {margin-bottom: 3px; font-style: normal;}

33	table .select.multiple {height: 82px}
34	table.wph_input tbody tr td h4 {margin: 0px; padding-bottom: 6px}
35	table.wph_input tbody tr td h5 {font-size: 12px; font-weight: normal; margin: 0; padding-bottom: 6px; padding-top: 10px;}
36	+ table.wph_input tbody tr td.label label{ display: block; font-size: 13px; font-weight: bold; padding: 0; margin: 0; color: #333; cursor: default }
37	+ table.wph_input tbody tr td.label p, table.wph_input tbody tr td.label .description{ display: block; font-size: 12px; padding: 6px 0 !important; margin: 0 !important; font-style: normal; line-height: 16px; color: #AAA;}
38	+ table.wph_input tbody tr td.label .description .important {color: #d54e21}
39	+ table.wph_input tbody tr td.label .description .dashicons, table.wph_input tbody tr td.label .description span {display: inline-block}
40	+ table.wph_input tbody tr td.label .description span {padding-left: 5px; line-height: 18px;}
41	+ table.wph_input tbody tr td.label .description span a {display: block}
42	+ table.wph_input tbody tr td.label .description span.important {color: #444}
43	+ table.wph_input tbody tr td.label .description .pointer {cursor:pointer}
44	+ table.wph_input tbody tr td.label .description .notice-success, table.wph_input tbody tr td.label .description .notice-error {padding: 10px 12px; background-color: #fff;}
45	table.wph_input tbody tr.submit td {background-color: #F9F9F9; text-align: right}
46	table.wph_input tbody tr.submit td.label {border-right: 1px solid #F9F9F9}
47	table.wph_input input[type=text],table.wph_input textarea,table.wph_input select{ width: 99.95%; outline: none;}

include/admin-interface.class.php CHANGED Viewed

@@ -87,7 +87,23 @@
                                                                                 <tr>
                                                                                     <td class="label">
                                                                                         <label for=""><?php echo $module_setting['label'] ?></label>
-            -
                                                                                        <p class="description"><?php echo nl2br($module_setting['description']) ?></p>
                                                                                     </td>
                                                                                 </tr>
                                                                                 <tr>


87	<tr>
88	<td class="label">
89	<label for=""><?php echo $module_setting['label'] ?></label>
90	+ <?php
91	+
92	+ if(is_array($module_setting['description']))
93	+ {
94	+ foreach($module_setting['description'] as $description)
95	+ {
96	+ ?>
97	+ <div class="description"><?php echo nl2br($description) ?></div>
98	+ <?php
99	+ }
100	+ }
101	+ else
102	+ {
103	+ ?>
104	+ <p class="description"><?php echo nl2br($module_setting['description']) ?></p>
105	+ <?php
106	+ } ?>
107	</td>
108	</tr>
109	<tr>

include/functions.class.php CHANGED Viewed

@@ -196,7 +196,8 @@
                                 $settings   =   get_option('wph_settings');
                                 $defaults   = array (
-            -
                                                        'module_settings'   =>  array()
                                                     );
                                 $settings   =   wp_parse_args( $settings, $defaults );
@@ -295,6 +296,17 @@
                                 return $value;
+                            }
                         function get_current_url()
@@ -407,6 +419,93 @@
+                            }
                         function anonymous_object_filter_exists($tag, $class, $method)
+                            {
                                 if ( !  isset( $GLOBALS['wp_filter'][$tag] ) )


196	$settings = get_option('wph_settings');
197
198	$defaults = array (
199	+ 'module_settings' => array(),
200	+ 'recovery_code' => ''
201	);
202
203	$settings = wp_parse_args( $settings, $defaults );

296
297	return $value;
298	}
299	+
300	+ function php_extension_required($value)
301	+ {
302	+ $value = trim($value);
303	+
304	+ $extension = substr($value, -4);
305	+ if(strtolower($extension) != '.php')
306	+ $value .= '.php';
307	+
308	+ return $value;
309	+ }
310
311
312	function get_current_url()

419	}
420
421
422	+
423	+ /**
424	+ * Return the recovey code
425	+ *
426	+ */
427	+ function get_recovery_code()
428	+ {
429	+
430	+ $settings = $this->get_settings();
431	+ if(!isset($settings['recovery_code']) \|\| empty($settings['recovery_code']))
432	+ {
433	+ $recovery_code = $this->generate_recovery_code();
434	+ }
435	+ else
436	+ $recovery_code = $settings['recovery_code'];
437	+
438	+
439	+ return $recovery_code;
440	+ }
441	+
442	+
443	+ /**
444	+ * Generate a recovery code
445	+ *
446	+ */
447	+ function generate_recovery_code()
448	+ {
449	+
450	+ $settings = $this->get_settings();
451	+
452	+ $recovery_code = md5(rand(1,9999) . microtime());
453	+
454	+ $settings['recovery_code'] = $recovery_code;
455	+
456	+ $this->update_settings($settings);
457	+
458	+ return $recovery_code;
459	+ }
460	+
461	+
462	+ /**
463	+ * Trigger the recovery actions
464	+ *
465	+ */
466	+ function do_recovery()
467	+ {
468	+ //feetch a new set of settings
469	+ $settings = $this->get_settings();
470	+
471	+ $wph_recovery = $_GET['wph-recovery'];
472	+ if(empty($wph_recovery) \|\| $wph_recovery != $settings['recovery_code'])
473	+ return;
474	+
475	+ //change certain settings to default
476	+ $settings['module_settings']['new_wp_login_php'] = '';
477	+ $settings['module_settings']['admin_url'] = '';
478	+
479	+ //update the settings
480	+ $this->update_settings($settings);
481	+
482	+ //available for mu-plugins
483	+ do_action('wph/do_recovery');
484	+
485	+
486	+ //add filter for rewriting the rules
487	+ add_action('wp_loaded', array($this, 'wp_loaded_trigger_do_recovery'));
488	+
489	+ }
490	+
491	+ function wp_loaded_trigger_do_recovery()
492	+ {
493	+ /** WordPress Misc Administration API */
494	+ require_once(ABSPATH . 'wp-admin/includes/misc.php');
495	+
496	+ /** WordPress Administration File API */
497	+ require_once(ABSPATH . 'wp-admin/includes/file.php');
498	+
499	+ flush_rewrite_rules();
500	+
501	+ //redirect to homepage
502	+ wp_redirect(get_site_url());
503	+
504	+ die();
505	+ }
506	+
507	+
508	+
509	function anonymous_object_filter_exists($tag, $class, $method)
510	{
511	if ( ! isset( $GLOBALS['wp_filter'][$tag] ) )

include/wph.class.php CHANGED Viewed

	@@ -38,6 +38,10 @@
38
39	$this->settings = $this->functions->get_settings();
40




41	//check for interface submit
42	if(is_admin() && isset($_POST['wph-interface-nonce']))
43	{
	@@ -62,10 +66,7 @@
62	add_action('admin_head', array($this, 'permalink_change_redirect') , 999, 2);
63
64	add_action('logout_redirect', array($this, 'logout_redirect') , 999, 3);
65	-
66	- //wp_default_styles
67	- //add_filter('style_loader_src', array( $this, 'style_loader_src' ), 999, 2);
68	-
69	add_action('wp', array($this, '_action_wp'));
70
71	add_action('admin_menu', array($this, 'admin_menus'));


38
39	$this->settings = $this->functions->get_settings();
40
41	+ //check for recovery link run
42	+ if(isset($_GET['wph-recovery']))
43	+ $this->functions->do_recovery();
44	+
45	//check for interface submit
46	if(is_admin() && isset($_POST['wph-interface-nonce']))
47	{

66	add_action('admin_head', array($this, 'permalink_change_redirect') , 999, 2);
67
68	add_action('logout_redirect', array($this, 'logout_redirect') , 999, 3);
69	+



70	add_action('wp', array($this, '_action_wp'));
71
72	add_action('admin_menu', array($this, 'admin_menus'));

languages/wp-hide-security-enhancer.mo CHANGED Viewed

Binary file

languages/wp-hide-security-enhancer.po CHANGED Viewed

	@@ -1,8 +1,8 @@
1	msgid ""
2	msgstr ""
3	"Project-Id-Version: Post Types Order\n"
4	- "POT-Creation-Date: 2016-02-26 19:13+0200\n"
5	- "PO-Revision-Date: 2016-02-26 19:13+0200\n"
6	"Last-Translator: nsp-code <electronice_delphi@yahoo.com>\n"
7	"Language-Team: \n"
8	"MIME-Version: 1.0\n"
	@@ -20,40 +20,40 @@ msgid ""
20	"Login Url change. "
21	msgstr ""
22
23	- #: include/wph.class.php:~~196~~
24	msgid "Help us to improve this plugin by reporting any issues at "
25	msgstr ""
26
27	- #: include/wph.class.php:~~201~~
28	msgid ""
29	"Permalink is required to be turned ON for WP Hide & Security Enhancer to work"
30	msgstr ""
31
32	- #: include/wph.class.php:~~206~~
33	msgid "Settings saved"
34	msgstr ""
35
36	- #: include/wph.class.php:~~213~~
37	msgid ""
38	"W3 Total Cache Plugin is active, make sure you clear the cache for new "
39	"changes to apply"
40	msgstr ""
41
42	- #: include/wph.class.php:~~217~~
43	msgid ""
44	"WP Super Cache Plugin is active, make sure you clear the cache for new "
45	"changes to apply"
46	msgstr ""
47
48	- #: modules/module-rewrite.php:49 modules/module-rewrite.php:60
49	msgid "Rewrite"
50	msgstr ""
51
52	- #: modules/module-rewrite.php:60
53	msgid "WP Hide & Security Enhancer"
54	msgstr ""
55
56	- #: modules/module-rewrite.php:62
57	msgid "Rewrite Settings"
58	msgstr ""
59
	@@ -61,94 +61,113 @@ msgstr ""
61	msgid "Create a new admin url instead default /wp-admin and /login."
62	msgstr ""
63
64	- #: modules/components/admin-admin_url.php:23
65	msgid "Block default admin url and files from being accesible."
66	msgstr ""
67
68	- #: modules/components/admin-admin_url.php:23
69	- msgid ""
70	- "Warning: Write down your new admin url, or if lost, will not be able to log-"
71	- "in ."
72	msgstr ""
73
74	- #: modules/components/admin-admin_url.php:23
75	msgid "An e-mail will be sent to"
76	msgstr ""
77
78	- #: modules/components/admin-admin_url.php:23
79	msgid "with the new Login URL"
80	msgstr ""
81
82	- #: modules/components/admin-admin_url.php:27
83	- #: modules/components/admin-new_wp_login_php.php:28
84	- #: ~~modules/components/admin-new_wp_login_php.php:45~~







85	#: modules/components/general-meta.php:15
86	#: modules/components/general-meta.php:31
87	#: modules/components/general-meta.php:48
88	#: modules/components/general-meta.php:64
89	#: modules/components/general-meta.php:82


90	#: modules/components/general-remove_version.php:15
91	#: modules/components/general-wpemoji.php:15
92	#: modules/components/general-wpemoji.php:31
93	#: modules/components/rewrite-new_include_path.php:27
94	#: modules/components/rewrite-new_plugin_path.php:28
95	#: modules/components/rewrite-new_upload_path.php:28


96	#: modules/components/rewrite-wp_content_path.php:16
97	msgid "Yes"
98	msgstr ""
99
100	- #: modules/components/admin-admin_url.php:28
101	- #: modules/components/admin-new_wp_login_php.php:29
102	- #: modules/components/admin-new_wp_login_php.php:46
103	#: modules/components/general-meta.php:16
104	#: modules/components/general-meta.php:32
105	#: modules/components/general-meta.php:49
106	#: modules/components/general-meta.php:65
107	#: modules/components/general-meta.php:83


108	#: modules/components/general-remove_version.php:16
109	#: modules/components/general-wpemoji.php:16
110	#: modules/components/general-wpemoji.php:32
111	#: modules/components/rewrite-new_include_path.php:28
112	#: modules/components/rewrite-new_plugin_path.php:29
113	#: modules/components/rewrite-new_upload_path.php:29


114	#: modules/components/rewrite-wp_content_path.php:17
115	msgid "No"
116	msgstr ""
117
118	- #: modules/components/admin-admin_url.php:~~179~~
119	msgid "Hello"
120	msgstr ""
121
122	- #: modules/components/admin-admin_url.php:~~180~~
123	msgid ""
124	"This is an automated message to inform that your login url has been changed "
125	"at"
126	msgstr ""
127
128	- #: modules/components/admin-admin_url.php:~~181~~
129	msgid "The new login url is"
130	msgstr ""
131
132	- #: modules/components/admin-admin_url.php:~~182~~
133	- msgid "~~Please~~ ~~keep~~ ~~this~~ ~~url~~ ~~safe~~ ~~for~~ recover, if ~~forgot~~"
134	msgstr ""
135
136	- #: modules/components/admin-~~new_wp_login_php~~.php:11
137	- msgid "~~Map~~ a ~~new~~ ~~wp-login.php~~ ~~instead~~ ~~default.~~"
138	msgstr ""
139
140	#: modules/components/admin-new_wp_login_php.php:12
141	msgid ""
142	- "~~Warning:~~ ~~Make~~ ~~sure~~ ~~your log~~-in ~~url~~ is ~~not~~ ~~already~~ ~~modified~~ by ~~another~~ "
143	- "~~plugin~~ ~~/ theme~~. ~~In such case, you should disable other code to take~~ "
144	- "advantage of these features. More details at "
145	msgstr ""
146
147	- #: modules/components/admin-new_wp_login_php.php:24







148	msgid "Block default wp-login.php file from being accesible."
149	msgstr ""
150
151	- #: modules/components/admin-new_wp_login_php.php:41
152	msgid ""
153	"Block default wp-signup.php file from being accesible. This redirect to new "
154	"admin login if changed. The registration page remain available."
	@@ -175,6 +194,14 @@ msgstr ""
175	msgid "Remove the adjacent_posts_rel tag within head."
176	msgstr ""
177








178	#: modules/components/general-remove_version.php:11
179	msgid "Remove version number from enqueued style and script files."
180	msgstr ""
	@@ -292,6 +319,38 @@ msgstr ""
292	msgid "Apply only if"
293	msgstr ""
294
































295	#: modules/components/rewrite-wp_content_path.php:10
296	msgid "Block wp-content URL"
297	msgstr ""


1	msgid ""
2	msgstr ""
3	"Project-Id-Version: Post Types Order\n"
4	+ "POT-Creation-Date: 2016-03-03 22:13+0200\n"
5	+ "PO-Revision-Date: 2016-03-03 22:13+0200\n"
6	"Last-Translator: nsp-code <electronice_delphi@yahoo.com>\n"
7	"Language-Team: \n"
8	"MIME-Version: 1.0\n"

20	"Login Url change. "
21	msgstr ""
22
23	+ #: include/wph.class.php:197
24	msgid "Help us to improve this plugin by reporting any issues at "
25	msgstr ""
26
27	+ #: include/wph.class.php:202
28	msgid ""
29	"Permalink is required to be turned ON for WP Hide & Security Enhancer to work"
30	msgstr ""
31
32	+ #: include/wph.class.php:207
33	msgid "Settings saved"
34	msgstr ""
35
36	+ #: include/wph.class.php:214
37	msgid ""
38	"W3 Total Cache Plugin is active, make sure you clear the cache for new "
39	"changes to apply"
40	msgstr ""
41
42	+ #: include/wph.class.php:218
43	msgid ""
44	"WP Super Cache Plugin is active, make sure you clear the cache for new "
45	"changes to apply"
46	msgstr ""
47
48	+ #: modules/module-rewrite.php:52 modules/module-rewrite.php:63
49	msgid "Rewrite"
50	msgstr ""
51
52	+ #: modules/module-rewrite.php:63
53	msgid "WP Hide & Security Enhancer"
54	msgstr ""
55
56	+ #: modules/module-rewrite.php:65
57	msgid "Rewrite Settings"
58	msgstr ""
59

61	msgid "Create a new admin url instead default /wp-admin and /login."
62	msgstr ""
63
64	+ #: modules/components/admin-admin_url.php:24
65	msgid "Block default admin url and files from being accesible."
66	msgstr ""
67
68	+ #: modules/components/admin-admin_url.php:25
69	+ msgid "Write down your new admin url, or if lost, will not be able to log-in."


70	msgstr ""
71
72	+ #: modules/components/admin-admin_url.php:25
73	msgid "An e-mail will be sent to"
74	msgstr ""
75
76	+ #: modules/components/admin-admin_url.php:25
77	msgid "with the new Login URL"
78	msgstr ""
79
80	+ #: modules/components/admin-admin_url.php:26
81	+ #: modules/components/admin-new_wp_login_php.php:14
82	+ msgid ""
83	+ "If unable to access the login / admin section anymore, use the Recovery Link "
84	+ "which reset links to default: "
85	+ msgstr ""
86	+
87	+ #: modules/components/admin-admin_url.php:30
88	+ #: modules/components/admin-new_wp_login_php.php:30
89	+ #: modules/components/admin-new_wp_login_php.php:47
90	#: modules/components/general-meta.php:15
91	#: modules/components/general-meta.php:31
92	#: modules/components/general-meta.php:48
93	#: modules/components/general-meta.php:64
94	#: modules/components/general-meta.php:82
95	+ #: modules/components/general-meta.php:98
96	+ #: modules/components/general-meta.php:114
97	#: modules/components/general-remove_version.php:15
98	#: modules/components/general-wpemoji.php:15
99	#: modules/components/general-wpemoji.php:31
100	#: modules/components/rewrite-new_include_path.php:27
101	#: modules/components/rewrite-new_plugin_path.php:28
102	#: modules/components/rewrite-new_upload_path.php:28
103	+ #: modules/components/rewrite-new_xml-rpc-path.php:27
104	+ #: modules/components/rewrite-new_xml-rpc-path.php:44
105	#: modules/components/rewrite-wp_content_path.php:16
106	msgid "Yes"
107	msgstr ""
108
109	+ #: modules/components/admin-admin_url.php:31
110	+ #: modules/components/admin-new_wp_login_php.php:31
111	+ #: modules/components/admin-new_wp_login_php.php:48
112	#: modules/components/general-meta.php:16
113	#: modules/components/general-meta.php:32
114	#: modules/components/general-meta.php:49
115	#: modules/components/general-meta.php:65
116	#: modules/components/general-meta.php:83
117	+ #: modules/components/general-meta.php:99
118	+ #: modules/components/general-meta.php:115
119	#: modules/components/general-remove_version.php:16
120	#: modules/components/general-wpemoji.php:16
121	#: modules/components/general-wpemoji.php:32
122	#: modules/components/rewrite-new_include_path.php:28
123	#: modules/components/rewrite-new_plugin_path.php:29
124	#: modules/components/rewrite-new_upload_path.php:29
125	+ #: modules/components/rewrite-new_xml-rpc-path.php:28
126	+ #: modules/components/rewrite-new_xml-rpc-path.php:45
127	#: modules/components/rewrite-wp_content_path.php:17
128	msgid "No"
129	msgstr ""
130
131	+ #: modules/components/admin-admin_url.php:182
132	msgid "Hello"
133	msgstr ""
134
135	+ #: modules/components/admin-admin_url.php:183
136	msgid ""
137	"This is an automated message to inform that your login url has been changed "
138	"at"
139	msgstr ""
140
141	+ #: modules/components/admin-admin_url.php:184
142	msgid "The new login url is"
143	msgstr ""
144
145	+ #: modules/components/admin-admin_url.php:185
146	+ msgid "Additionality you can use this to recover the old login / admin links "
147	msgstr ""
148
149	+ #: modules/components/admin-admin_url.php:186
150	+ msgid "Please keep this url safe for recover, if forgot"
151	msgstr ""
152
153	#: modules/components/admin-new_wp_login_php.php:12
154	msgid ""
155	+ "Map a new wp-login.php instead default. This also need to include <i>.php</"
156	+ "i> extension."

157	msgstr ""
158
159	+ #: modules/components/admin-new_wp_login_php.php:13
160	+ msgid ""
161	+ "Make sure your log-in url is not already modified by another plugin or "
162	+ "theme. In such case, you should disable other code and take advantage of "
163	+ "these features. More details at "
164	+ msgstr ""
165	+
166	+ #: modules/components/admin-new_wp_login_php.php:26
167	msgid "Block default wp-login.php file from being accesible."
168	msgstr ""
169
170	+ #: modules/components/admin-new_wp_login_php.php:43
171	msgid ""
172	"Block default wp-signup.php file from being accesible. This redirect to new "
173	"admin login if changed. The registration page remain available."

194	msgid "Remove the adjacent_posts_rel tag within head."
195	msgstr ""
196
197	+ #: modules/components/general-meta.php:94
198	+ msgid "Remove profile link meta tag within head."
199	+ msgstr ""
200	+
201	+ #: modules/components/general-meta.php:110
202	+ msgid "Remove canonical link meta tag within head."
203	+ msgstr ""
204	+
205	#: modules/components/general-remove_version.php:11
206	msgid "Remove version number from enqueued style and script files."
207	msgstr ""

319	msgid "Apply only if"
320	msgstr ""
321
322	+ #: modules/components/rewrite-new_xml-rpc-path.php:10
323	+ msgid "New XML-RPC Path"
324	+ msgstr ""
325	+
326	+ #: modules/components/rewrite-new_xml-rpc-path.php:11
327	+ msgid ""
328	+ "The default XML-RPC path is set to xmlrpc.php. If not used you can leave "
329	+ "empty and block the service using the following area."
330	+ msgstr ""
331	+
332	+ #: modules/components/rewrite-new_xml-rpc-path.php:13
333	+ msgid "e.g. my-xml-rpc.php"
334	+ msgstr ""
335	+
336	+ #: modules/components/rewrite-new_xml-rpc-path.php:22
337	+ msgid "Block default xmlrpc.php"
338	+ msgstr ""
339	+
340	+ #: modules/components/rewrite-new_xml-rpc-path.php:23
341	+ msgid ""
342	+ "XML-RPC gives others the ability to talk to your WordPress site. If not used "
343	+ "you should disable. Keep in mind that some plugins like Jetpack use this API."
344	+ msgstr ""
345	+
346	+ #: modules/components/rewrite-new_xml-rpc-path.php:39
347	+ msgid "Remove pingback."
348	+ msgstr ""
349	+
350	+ #: modules/components/rewrite-new_xml-rpc-path.php:40
351	+ msgid "Remove pingback link tag from theme."
352	+ msgstr ""
353	+
354	#: modules/components/rewrite-wp_content_path.php:10
355	msgid "Block wp-content URL"
356	msgstr ""

modules/components/admin-admin_url.php CHANGED Viewed

	@@ -20,8 +20,11 @@
20	$this->module_settings[] = array(
21	'id' => 'block_default_admin_url',
22	'label' => 'Block default Admin Url',
23	- 'description' => __('Block default admin url and files from being accesible.', 'wp-hide-security-enhancer') . '<br /><span class="important">' . __('Warning: Write down your new admin url, or if lost, will not be able to log-in .', 'wp-hide-security-enhancer') . '</span> ' . __('An e-mail will be sent to', 'wp-hide-security-enhancer') . " " . get_option('admin_email') . " " . __('with the new Login URL', 'wp-hide-security-enhancer'),
24	-



25	'input_type' => 'radio',
26	'options' => array(
27	'yes' => __('Yes', 'wp-hide-security-enhancer'),
	@@ -179,6 +182,7 @@
179	$message = __('Hello', 'wp-hide-security-enhancer') . ", \n\n"
180	. __('This is an automated message to inform that your login url has been changed at', 'wp-hide-security-enhancer') . " " . trailingslashit(site_url()) . "\n"
181	. __('The new login url is', 'wp-hide-security-enhancer') . ": " . trailingslashit( trailingslashit(site_url()) . $new_url) . "\n\n"

182	. __('Please keep this url safe for recover, if forgot', 'wp-hide-security-enhancer') . ".";
183	$headers = 'From: '. get_option('blogname') .' <'. get_option('admin_email') .'>' . "\r\n";
184	$this->wph->functions->wp_mail( $to, $subject, $message, $headers );


20	$this->module_settings[] = array(
21	'id' => 'block_default_admin_url',
22	'label' => 'Block default Admin Url',
23	+ 'description' => array(
24	+ __('Block default admin url and files from being accesible.', 'wp-hide-security-enhancer'),
25	+ '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('Write down your new admin url, or if lost, will not be able to log-in.', 'wp-hide-security-enhancer') . " " . __('An e-mail will be sent to', 'wp-hide-security-enhancer') . " " . get_option('admin_email') . " " . __('with the new Login URL', 'wp-hide-security-enhancer') . '</span></div>',
26	+ '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('If unable to access the login / admin section anymore, use the Recovery Link which reset links to default: ', 'wp-hide-security-enhancer') . '<br /><b class="pointer">' . site_url() . '?wph-recovery='. $this->wph->functions->get_recovery_code() .'</b></div>'
27	+ ),
28	'input_type' => 'radio',
29	'options' => array(
30	'yes' => __('Yes', 'wp-hide-security-enhancer'),

182	$message = __('Hello', 'wp-hide-security-enhancer') . ", \n\n"
183	. __('This is an automated message to inform that your login url has been changed at', 'wp-hide-security-enhancer') . " " . trailingslashit(site_url()) . "\n"
184	. __('The new login url is', 'wp-hide-security-enhancer') . ": " . trailingslashit( trailingslashit(site_url()) . $new_url) . "\n\n"
185	+ . __('Additionality you can use this to recover the old login / admin links ', 'wp-hide-security-enhancer') . ": " . site_url() . '?wph-recovery='. $this->wph->functions->get_recovery_code() . "\n\n"
186	. __('Please keep this url safe for recover, if forgot', 'wp-hide-security-enhancer') . ".";
187	$headers = 'From: '. get_option('blogname') .' <'. get_option('admin_email') .'>' . "\r\n";
188	$this->wph->functions->wp_mail( $to, $subject, $message, $headers );

modules/components/admin-new_wp_login_php.php CHANGED Viewed

	@@ -8,12 +8,14 @@
8	$this->module_settings[] = array(
9	'id' => 'new_wp_login_php',
10	'label' => 'New wp-login.php',
11	- 'description' => __(~~'Map a new wp-login.php instead default.', 'wp-hide-security-enhancer')~~
12	- ~~. '<br /><span class="important">' .~~ __('~~Warning:~~ ~~Make~~ ~~sure~~ ~~your log~~-in ~~url~~ ~~is not already modified by another plugin / theme~~. In ~~such~~ ~~case,~~ ~~you should disable other code~~ to ~~take~~ ~~advantage~~ ~~of these features~~. ~~More details at~~ ', 'wp-hide-security-enhancer') ~~. '</span> ' . '<a target="_blank" href="http://www.wp-hide.com/login-conflicts/">Login Conflicts</a>'~~,
13	-


14	'input_type' => 'text',
15
16	- 'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
17	'processing_order' => 50
18
19	);
	@@ -61,6 +63,7 @@
61	{
62	if(empty($saved_field_data) \|\| $saved_field_data == 'no')
63	return FALSE;

64
65	//conflict handle with other plugins
66	include_once(WPH_PATH . 'conflicts/wp-simple-firewall.php');


8	$this->module_settings[] = array(
9	'id' => 'new_wp_login_php',
10	'label' => 'New wp-login.php',
11	+ 'description' => array(
12	+ __('Map a new wp-login.php instead default. This also need to include <i>.php</i> extension.', 'wp-hide-security-enhancer'),
13	+ '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('Make sure your log-in url is not already modified by another plugin or theme. In such case, you should disable other code and take advantage of these features. More details at ', 'wp-hide-security-enhancer') . '<a target="_blank" href="http://www.wp-hide.com/login-conflicts/">Login Conflicts</a></span></div>',
14	+ '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('If unable to access the login / admin section anymore, use the Recovery Link which reset links to default: ', 'wp-hide-security-enhancer') . '<br /><b class="pointer">' . site_url() . '?wph-recovery='. $this->wph->functions->get_recovery_code() .'</b></div>'
15	+ ),
16	'input_type' => 'text',
17
18	+ 'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name'), array($this->wph->functions, 'php_extension_required')),
19	'processing_order' => 50
20
21	);

63	{
64	if(empty($saved_field_data) \|\| $saved_field_data == 'no')
65	return FALSE;
66	+
67
68	//conflict handle with other plugins
69	include_once(WPH_PATH . 'conflicts/wp-simple-firewall.php');

modules/components/general-meta.php CHANGED Viewed

@@ -88,6 +88,38 @@
                                                                                 );
                                 return $this->module_settings;
+                            }
@@ -141,6 +173,49 @@
                                 remove_action('wp_head',    'adjacent_posts_rel_link_wp_head',  10,     0);
+                            }
+                    }


88
89	);
90
91	+ $this->module_settings[] = array(
92	+ 'id' => 'remove_profile',
93	+ 'label' => 'Remove profile link',
94	+ 'description' => __('Remove profile link meta tag within head.', 'wp-hide-security-enhancer'),
95	+
96	+ 'input_type' => 'radio',
97	+ 'options' => array(
98	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
99	+ 'no' => __('No', 'wp-hide-security-enhancer'),
100	+ ),
101	+ 'default_value' => 'no',
102	+
103	+ 'sanitize_type' => array('sanitize_title', 'strtolower')
104	+
105	+ );
106	+
107	+ $this->module_settings[] = array(
108	+ 'id' => 'remove_canonical',
109	+ 'label' => 'Remove canonical link',
110	+ 'description' => __('Remove canonical link meta tag within head.', 'wp-hide-security-enhancer'),
111	+
112	+ 'input_type' => 'radio',
113	+ 'options' => array(
114	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
115	+ 'no' => __('No', 'wp-hide-security-enhancer'),
116	+ ),
117	+ 'default_value' => 'no',
118	+
119	+ 'sanitize_type' => array('sanitize_title', 'strtolower')
120	+
121	+ );
122	+
123	return $this->module_settings;
124	}
125

173	remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
174
175	}
176	+
177	+
178	+ function _init_remove_profile($saved_field_data)
179	+ {
180	+
181	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
182	+ return FALSE;
183	+
184	+
185	+ add_filter('wph/ob_start_callback', array($this, 'remove_profile_tag'));
186	+
187	+ }
188	+
189	+ function remove_profile_tag($html)
190	+ {
191	+
192	+ $html = preg_replace('/(<link.?rel=("\|\')profile("\|\').?href=("\|\')(.?)("\|\')(.?)?\/?>\|<link.?href=("\|\')(.?)("\|\').?rel=("\|\')profile("\|\')(.?)?\/?>)/i', '', $html);
193	+
194	+ return $html;
195	+
196	+ }
197	+
198	+
199	+ function _init_remove_canonical($saved_field_data)
200	+ {
201	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
202	+ return FALSE;
203	+
204	+ remove_action('wp_head', 'rel_canonical');
205	+
206	+ //make sure is removed if placed by other plugins
207	+ add_filter('wph/ob_start_callback', array($this, 'remove_canonical_tag'));
208	+ }
209	+
210	+
211	+ function remove_canonical_tag($html)
212	+ {
213	+
214	+ $html = preg_replace('/(<link.?rel=("\|\')canonical("\|\').?href=("\|\')(.?)("\|\')(.?)?\/?>\|<link.?href=("\|\')(.?)("\|\').?rel=("\|\')canonical("\|\')(.?)?\/?>)/i', '', $html);
215	+
216	+ return $html;
217	+
218	+ }
219
220
221	}

modules/components/general-wpemoji.php CHANGED Viewed

	@@ -76,7 +76,7 @@
76
77	function disable_tinymce_emojicons()
78	{
79	- add_filter( 'tiny_mce_plugins', 'disable_emojicons_tiny_mce_plugins' );
80	}
81
82


76
77	function disable_tinymce_emojicons()
78	{
79	+ add_filter( 'tiny_mce_plugins', array($this, 'disable_emojicons_tiny_mce_plugins') );
80	}
81
82

modules/components/rewrite-new_xml-rpc-path.php ADDED Viewed

	@@ -0,0 +1,124 @@


1	+ <?php
2	+
3	+ class WPH_module_rewrite_new_xml_rpc_path extends WPH_module_component
4	+ {
5	+
6	+ function get_module_settings()
7	+ {
8	+ $this->module_settings[] = array(
9	+ 'id' => 'new_xml_rpc_path',
10	+ 'label' => __('New XML-RPC Path', 'wp-hide-security-enhancer'),
11	+ 'description' => __('The default XML-RPC path is set to xmlrpc.php. If not used you can leave empty and block the service using the following area.', 'wp-hide-security-enhancer'),
12	+
13	+ 'value_description' => __('e.g. my-xml-rpc.php', 'wp-hide-security-enhancer'),
14	+ 'input_type' => 'text',
15	+
16	+ 'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
17	+ 'processing_order' => 50
18	+ );
19	+
20	+ $this->module_settings[] = array(
21	+ 'id' => 'block_xml_rpc',
22	+ 'label' => __('Block default xmlrpc.php', 'wp-hide-security-enhancer'),
23	+ 'description' => __('XML-RPC gives others the ability to talk to your WordPress site. If not used you should disable. Keep in mind that some plugins like Jetpack use this API.', 'wp-hide-security-enhancer'),
24	+
25	+ 'input_type' => 'radio',
26	+ 'options' => array(
27	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
28	+ 'no' => __('No', 'wp-hide-security-enhancer'),
29	+ ),
30	+ 'default_value' => 'no',
31	+
32	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
33	+ 'processing_order' => 55
34	+
35	+ );
36	+
37	+ $this->module_settings[] = array(
38	+ 'id' => 'remove_xml_rpc_tag',
39	+ 'label' => __('Remove pingback.', 'wp-hide-security-enhancer'),
40	+ 'description' => __('Remove pingback link tag from theme.', 'wp-hide-security-enhancer'),
41	+
42	+ 'input_type' => 'radio',
43	+ 'options' => array(
44	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
45	+ 'no' => __('No', 'wp-hide-security-enhancer'),
46	+ ),
47	+ 'default_value' => 'no',
48	+
49	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
50	+ 'processing_order' => 58
51	+
52	+ );
53	+
54	+ return $this->module_settings;
55	+ }
56	+
57	+
58	+
59	+ function _init_new_xml_rpc_path($saved_field_data)
60	+ {
61	+ if(empty($saved_field_data))
62	+ return FALSE;
63	+
64	+ //add default plugin path replacement
65	+ $old_url = trailingslashit( site_url() ) . 'xmlrpc.php';
66	+ $new_url = trailingslashit( site_url() ) . $saved_field_data;
67	+ $this->wph->urls_replacement[$old_url] = $new_url;
68	+ }
69	+
70	+ function _callback_saved_new_xml_rpc_path($saved_field_data)
71	+ {
72	+ $processing_response = array();
73	+
74	+ //check if the field is noe empty
75	+ if(empty($saved_field_data))
76	+ return $processing_response;
77	+
78	+ $processing_response['htaccess'] = "\nRewriteRule ^" . $saved_field_data . ' '. $this->wph->default_variables['site_relative_path'] .'xmlrpc.php [L,QSA]';
79	+
80	+ return $processing_response;
81	+ }
82	+
83	+
84	+ function _callback_saved_block_xml_rpc($saved_field_data)
85	+ {
86	+ $processing_response = array();
87	+
88	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
89	+ return FALSE;
90	+
91	+ $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
92	+ $text .= "RewriteRule ^xmlrpc.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
93	+
94	+ $processing_response['htaccess'] = $text;
95	+
96	+ return $processing_response;
97	+
98	+
99	+ }
100	+
101	+
102	+ function _init_remove_xml_rpc_tag($saved_field_data)
103	+ {
104	+
105	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
106	+ return FALSE;
107	+
108	+
109	+ add_filter('wph/ob_start_callback', array($this, 'remove_xml_rpc_tag'));
110	+
111	+ }
112	+
113	+
114	+ function remove_xml_rpc_tag($html)
115	+ {
116	+
117	+ $html = preg_replace('/(<link.?rel=("\|\')pingback("\|\').?href=("\|\')(.?)("\|\')(.?)?\/?>\|<link.?href=("\|\')(.?)("\|\').?rel=("\|\')pingback("\|\')(.?)?\/?>)/i', '', $html);
118	+
119	+ return $html;
120	+ }
121	+
122	+
123	+ }
124	+ ?>

modules/module-rewrite.php CHANGED Viewed

	@@ -26,6 +26,9 @@
26	include(WPH_PATH . "/modules/components/rewrite-new_upload_path.php");
27	$this->components[] = new WPH_module_rewrite_new_upload_path();
28



29
30	//action available for mu-plugins
31	do_action('wp-hide/module_load_components', $this);


26	include(WPH_PATH . "/modules/components/rewrite-new_upload_path.php");
27	$this->components[] = new WPH_module_rewrite_new_upload_path();
28
29	+ include(WPH_PATH . "/modules/components/rewrite-new_xml-rpc-path.php");
30	+ $this->components[] = new WPH_module_rewrite_new_xml_rpc_path();
31	+
32
33	//action available for mu-plugins
34	do_action('wp-hide/module_load_components', $this);

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://www.nsp-code.com/donate.php
4	Tags: hide, security, improve security, hacking, wp hide, wordpress hide
5	Requires at least: 2.8
6	Tested up to: 4.4.2
7	- Stable tag: 1.1.2
8
9	Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
10
	@@ -24,6 +24,8 @@ Over 99,9% of hacked WordPress websites are target of automated malware scripts,
24	* Custom wp-login.php filename
25	* Block default wp-login.php
26	* Block default wp-signup.php


27	* Adjustable theme url
28	* New child theme url
29	* Change theme style file name
	@@ -37,10 +39,10 @@ Over 99,9% of hacked WordPress websites are target of automated malware scripts,
37	* Remove wordpress version
38	* Meta Generator block
39	* Disble the emoji and required javascript code

40	* Remove wlwmanifest Meta
41	* Remove rsd_link Meta
42	* Remove wpemoji
43	-
44	and many more.
45
46
	@@ -65,6 +67,7 @@ Feel free to contact us at electronice_delphi@yahoo.com
65
66	* First, stay calm. There will be no harm, guaranteed :)
67	* Go to admin and change some of plugin options to see which one cause the problem. Then report it to forum or get in touch with us to fix it.

68	* If for some reason the site appear broken, you should back-up then replace the .htaccess file located on your WordPress root. Then remove the wp-hide-security-enhancer from your plugin directory.
69	* If still no luck, please get in touch with us at electronice_delphi@yahoo.com and we'll fix it for you in no time!
70
	@@ -83,6 +86,19 @@ Please get in touch with us and we'll do our best to include it for a next versi
83
84	== Changelog ==
85













86	= 1.1.2 =
87	* Add a custom url for login_url filter
88	* Better description and warning for wp-login.php change


4	Tags: hide, security, improve security, hacking, wp hide, wordpress hide
5	Requires at least: 2.8
6	Tested up to: 4.4.2
7	+ Stable tag: 1.1.7
8
9	Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
10

24	* Custom wp-login.php filename
25	* Block default wp-login.php
26	* Block default wp-signup.php
27	+ * Block XML-RPC API
28	+ * New XML-RPC path
29	* Adjustable theme url
30	* New child theme url
31	* Change theme style file name

39	* Remove wordpress version
40	* Meta Generator block
41	* Disble the emoji and required javascript code
42	+ * Remove pingback tag
43	* Remove wlwmanifest Meta
44	* Remove rsd_link Meta
45	* Remove wpemoji

46	and many more.
47
48

67
68	* First, stay calm. There will be no harm, guaranteed :)
69	* Go to admin and change some of plugin options to see which one cause the problem. Then report it to forum or get in touch with us to fix it.
70	+ * If you can't login to admin, use the Recovery Link which has been sent to your e-mail. This will reset to default urls.
71	* If for some reason the site appear broken, you should back-up then replace the .htaccess file located on your WordPress root. Then remove the wp-hide-security-enhancer from your plugin directory.
72	* If still no luck, please get in touch with us at electronice_delphi@yahoo.com and we'll fix it for you in no time!
73

86
87	== Changelog ==
88
89	+ = 1.1.7 =
90	+ * Remove profile link meta tag within head.
91	+ * Remove canonical link meta tag within head
92	+ * New XML-RPC Path
93	+ * Block default xmlrpc.php
94	+ * Remove pingback tag
95	+ * Recovery link for default wp-login.php and admin urls
96	+ * Css changes and warning messages update
97	+ * PO translations update
98	+ * TinyMCE emojicons callback fix
99	+
100	+
101	+
102	= 1.1.2 =
103	* Add a custom url for login_url filter
104	* Better description and warning for wp-login.php change

wp-hide.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: http://www.nsp-code.com
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.1.2
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/
	@@ -56,5 +56,7 @@ Domain Path: /languages/
56	define('WPH_URL', plugins_url('', __FILE__));
57
58	add_action( 'activated_plugin', array($wph, 'activated_plugin'), 999, 2 );


59
60	?>


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.1.7
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/

56	define('WPH_URL', plugins_url('', __FILE__));
57
58	add_action( 'activated_plugin', array($wph, 'activated_plugin'), 999, 2 );
59	+
60	+ add_filter( 'xmlrpc_enabled', '__return_false' );
61
62	?>

WP Hide & Security Enhancer - Version 1.1.7

Version Description

Release Info

Code changes from version 1.1.2 to 1.1.7