WP Hide & Security Enhancer

Version Description

New Component - HTML Comments replace
New Component - Headers
Conflict Handle with W3 Cache plugin when pagecache is active
W3 Cache plugin buffer use when active
Show notice when rules could not be delivered to htaccess file
Disable include filters and leave the buffering urls replacements to allow other plug ins to use default urls for compatibility purpose(e.g. W3-Cache Minify)
Fix: plugin folder / textdomain change
Early Buffering start, before any other code
Recovery link code functionality improvements
New wp-comments-post.php Path
Fix: Decrease the processing order index for wp-content module to allow others to run earlier than wp-content
Add mod_rewrite rules monitor system
Check if the mod_rewrite rules where successfully written to .htaccess file or disable any component run

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.2.6
Comparing to
See all releases

Code changes from version 1.2.2 to 1.2.6

Files changed (16) hide show

conflicts/w3-cache.php +57 -0
include/admin-interface.class.php +1 -1
include/functions.class.php +99 -5
include/wph.class.php +71 -20
modules/components/general-headers.php +60 -0
modules/components/general-html-comments.php +57 -0
modules/components/general-meta.php +5 -0
modules/components/general-remove_version.php +4 -0
modules/components/general-wpemoji.php +5 -1
modules/components/rewrite-new_include_path.php +5 -6
modules/components/rewrite-new_plugin_path.php +16 -9
modules/components/rewrite-root-files.php +93 -0
modules/components/rewrite-wp_content_path.php +5 -3
modules/module-general.php +14 -2
readme.txt +38 -8
wp-hide.php +7 -1

conflicts/w3-cache.php ADDED Viewed

	@@ -0,0 +1,57 @@


1	+ <?php
2	+
3	+
4	+ class WPH_conflict_handle_w3_cache
5	+ {
6	+
7	+ function _construct_()
8	+ {
9	+
10	+ }
11	+
12	+ static function is_plugin_active()
13	+ {
14	+ if(defined('W3TC_VERSION'))
15	+ return TRUE;
16	+ else
17	+ return FALSE;
18	+ }
19	+
20	+ static public function pagecache()
21	+ {
22	+ if( ! self::is_plugin_active())
23	+ return FALSE;
24	+
25	+ //check if there's a pagecache callback
26	+ if(isset($GLOBALS['_w3tc_ob_callbacks']) && isset($GLOBALS['_w3tc_ob_callbacks']['pagecache']))
27	+ {
28	+ $GLOBALS['WPH_w3tc_ob_callbacks']['pagecache'] = $GLOBALS['_w3tc_ob_callbacks']['pagecache'];
29	+
30	+ //hijackthe callback
31	+ $GLOBALS['_w3tc_ob_callbacks']['pagecache'] = array('WPH_conflict_handle_w3_cache', 'pagecache_callback');
32	+ }
33	+
34	+ }
35	+
36	+ static function pagecache_callback(&$value)
37	+ {
38	+ global $wph;
39	+
40	+ //applay the replacements
41	+ $value = $wph->ob_start_callback($value);
42	+
43	+ //allow the W3-Cache to continur the initial callback
44	+ $callback = $GLOBALS['WPH_w3tc_ob_callbacks']['pagecache'];
45	+ if (is_callable($callback))
46	+ {
47	+ $value = call_user_func($callback, $value);
48	+ }
49	+
50	+ return $value;
51	+ }
52	+
53	+
54	+ }
55	+
56	+
57	+ ?>

include/admin-interface.class.php CHANGED Viewed

	@@ -229,7 +229,7 @@
229	?>
230	<h2 class="nav-tab-wrapper">
231	<?php
232	-
233	//output all module components as tabs
234	foreach($this->module->components as $module_component)
235	{


229	?>
230	<h2 class="nav-tab-wrapper">
231	<?php
232	+
233	//output all module components as tabs
234	foreach($this->module->components as $module_component)
235	{

include/functions.class.php CHANGED Viewed

@@ -194,6 +194,97 @@
                                 return TRUE;
+                            }
                         /**
+                        *
@@ -328,6 +419,9 @@
+                            {
                                 $value  =   trim($value);
                                 $extension  =   substr($value, -4);
                                 if(strtolower($extension)   !=  '.php')
                                     $value  .=  '.php';
@@ -495,16 +589,16 @@
                                 //feetch a new set of settings
                                 $settings = $this->get_settings();
-            -
                                $wph_recovery   =   $_GET['wph-recovery'];
-            -
                                if(empty($wph_recovery) ||  $wph_recovery   !=  $settings['recovery_code'])
                                     return;
                                 //change certain settings to default
-            -
                                $settings['module_settings']['new_wp_login_php']  =   '';
-            -
                                $settings['module_settings']['admin_url']         =   '';
                                 //update the settings
-            -
                                $this->update_settings($settings);
                                 //available for mu-plugins
                                 do_action('wph/do_recovery');


194	return TRUE;
195
196	}
197	+
198	+ /**
199	+ * Check if the .htaccess file is
200	+ *
201	+ */
202	+ function is_htaccess_file_writable()
203	+ {
204	+ return false;
205	+
206	+ $writable = FALSE;
207	+
208	+ $iis7_permalinks = iis7_supports_permalinks();
209	+
210	+ $home_path = get_home_path();
211	+
212	+ if ( $iis7_permalinks )
213	+ {
214	+ if ( win_is_writable($home_path . 'web.config') )
215	+ $writable = TRUE;
216	+ }
217	+ elseif ( $is_nginx )
218	+ {
219	+ $writable = FALSE;
220	+ }
221	+ else
222	+ {
223	+ if ( is_writable( $home_path . '.htaccess' ) )
224	+ $writable = TRUE;
225	+ }
226	+
227	+ return $writable;
228	+
229	+ }
230	+
231	+
232	+ function get_write_check_string()
233	+ {
234	+ $home = set_url_scheme( get_option( 'home' ), 'http' );
235	+ $siteurl = set_url_scheme( get_option( 'siteurl' ), 'http' );
236	+ if ( ! empty( $home ) && 0 !== strcasecmp( $home, $siteurl ) )
237	+ {
238	+ $wp_path_rel_to_home = str_ireplace( $home, '', $siteurl ); /* $siteurl - $home */
239	+ $pos = strripos( str_replace( '\\', '/', $_SERVER['SCRIPT_FILENAME'] ), trailingslashit( $wp_path_rel_to_home ) );
240	+ $home_path = substr( $_SERVER['SCRIPT_FILENAME'], 0, $pos );
241	+ $home_path = trailingslashit( $home_path );
242	+ }
243	+ else
244	+ {
245	+ $home_path = ABSPATH;
246	+ }
247	+
248	+ $home_path = str_replace( '\\', '/', $home_path );
249	+
250	+ $result = '';
251	+
252	+ if ( $markerdata = explode( "\n", implode( '', file( $home_path . '.htaccess' ) ) ));
253	+ {
254	+ foreach ( $markerdata as $markerline )
255	+ {
256	+ if (strpos($markerline, '#WriteCheckString:') !== false)
257	+ {
258	+ $result = trim(str_replace( '#WriteCheckString:', '', $markerline));
259	+ break;
260	+ }
261	+ }
262	+ }
263	+
264	+ return $result;
265	+
266	+ }
267	+
268	+
269	+ function htaccess_rules_applied()
270	+ {
271	+ $status = TRUE;
272	+
273	+ if(isset($this->wph->settings['write_check_string']) && !empty($this->wph->settings['write_check_string']))
274	+ {
275	+ $htaccess_write_check_string = $this->get_write_check_string();
276	+ if(empty($htaccess_write_check_string) \|\| $htaccess_write_check_string != $this->wph->settings['write_check_string'])
277	+ $status = FALSE;
278	+ }
279	+ else
280	+ {
281	+ //disable, as settings never being saved
282	+ $status = FALSE;
283	+ }
284	+
285	+ return $status;
286	+ }
287	+
288
289	/**
290	*

419	{
420	$value = trim($value);
421
422	+ if($value == '')
423	+ return '';
424	+
425	$extension = substr($value, -4);
426	if(strtolower($extension) != '.php')
427	$value .= '.php';

589	//feetch a new set of settings
590	$settings = $this->get_settings();
591
592	+ $wph_recovery = isset($_GET['wph-recovery']) ? $_GET['wph-recovery'] : '';
593	+ if(empty($wph_recovery) \|\| $wph_recovery != $this->wph->settings['recovery_code'])
594	return;
595
596	//change certain settings to default
597	+ $this->wph->settings['module_settings']['new_wp_login_php'] = '';
598	+ $this->wph->settings['module_settings']['admin_url'] = '';
599
600	//update the settings
601	+ $this->update_settings($this->wph->settings);
602
603	//available for mu-plugins
604	do_action('wph/do_recovery');

include/wph.class.php CHANGED Viewed

	@@ -14,6 +14,7 @@
14	var $functions;
15
16	var $disable_filters = FALSE;

17	var $doing_interface_save = FALSE;
18	var $uninstall = FALSE;
19
	@@ -48,6 +49,9 @@
48	$this->doing_interface_save = TRUE;
49	$this->disable_filters = TRUE;
50	}



51
52	$this->get_default_variables();
53
	@@ -58,7 +62,8 @@
58	//----------------------
59	remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
60
61	- ~~add_action('plugins_loaded', array($this, 'session_ob_start') , -1);~~

62
63	//process redirects
64	add_action('wp_redirect', array($this, 'wp_redirect') , 999, 2);
	@@ -76,7 +81,7 @@
76
77	//rebuild and change uppon settings modified
78	add_action('wph/settings_changed', array($this, 'settings_changed'));
79	- add_filter('mod_rewrite_rules', array($this, 'mod_rewrite_rules'));
80
81	//on switch theme
82	add_action('switch_theme', array($this, 'switch_theme'));
	@@ -113,6 +118,8 @@
113	//process the module fields
114	$module_settings = $this->functions->filter_settings( $module->get_module_settings(), TRUE );
115


116	if(!$this->disable_filters && is_array($module_settings) && count($module_settings) > 0)
117	foreach($module_settings as $module_setting)
118	{
	@@ -123,7 +130,7 @@
123	$_class_instance = isset($module_setting['class_instance']) ? $module_setting['class_instance'] : $module;
124
125	//ignore callbacks if permalink is turned OFF
126	- if($this->functions->is_permalink_enabled())
127	{
128	$_callback = isset($module_setting['callback']) ? $module_setting['callback'] : '';
129	if(empty($_callback))
	@@ -194,8 +201,14 @@
194	global $wp_rewrite;
195
196	//help nottice
197	- if(~~isset(~~$~~_GET['page'])~~ && $~~_GET['page'] == 'wp-hide'~~)
198	- echo "<div class='updated'><p>". __('Help us to improve this plugin by reporting any issues at ', 'wp-hide-security-enhancer') .'<a target="_blank" href="http://www.nsp-code.com/">www.nsp-code.com</a></p></div>';






199
200	//check for permalinks enabled
201	if (!$this->functions->is_permalink_enabled())
	@@ -203,6 +216,15 @@
203	echo "<div class='error'><p>". __('Permalink is required to be turned ON for WP Hide & Security Enhancer to work', 'wp-hide-security-enhancer') ."</p></div>";
204	}
205









206	if(isset($_GET['settings_updated']))
207	{
208	echo "<div class='updated'><p>". __('Settings saved', 'wp-hide-security-enhancer') ."</p></div>";
	@@ -212,7 +234,9 @@
212	//cache plugin nottice
213	if(array_search('w3-total-cache/w3-total-cache.php', $active_plugins) !== FALSE)
214	{
215	- ~~echo~~ ~~"<div~~ ~~class='error'><p>".~~ ~~__('W3 Total Cache Plugin is active, make sure you clear the cache for new changes to apply', 'wp-hide-security-enhancer') ."</p></div>";~~


216	}
217	if(array_search('wp-super-cache/wp-cache.php', $active_plugins) !== FALSE)
218	{
	@@ -224,24 +248,24 @@
224
225
226	}
227	-
228	/**
229	- * ~~Turn~~ ON ~~buffering~~ to ~~allow~~ a ~~callback~~
230	- *

231	*/
232	- function session_ob_start()
233	- {
234	-
235	- ob_start(array($this, 'ob_start_callback'));
236	-
237	- }
238	-
239	- //callback processing
240	function ob_start_callback( $buffer )
241	{






242	//replace the urls
243	$buffer = $this->functions->text_urls_replacement($buffer, $this->urls_replacement);
244

245	$buffer = apply_filters( 'wph/ob_start_callback', $buffer );
246
247	return $buffer;
	@@ -289,7 +313,7 @@
289	if(count($active_plugins) < 2)
290	return;
291
292	- $plugin_path = 'wp-hide/wp-hide.php';
293
294	$key = array_search( $plugin_path, $active_plugins );
295	if($key === FALSE \|\| $key < 1)
	@@ -400,10 +424,14 @@
400	if(isset($response['page_refresh']) && $response['page_refresh'] === TRUE)
401	$_page_refresh = TRUE;
402	}




403
404	if(count($_htaccess_data) > 0)
405	{
406	- $new_rules = "RewriteRule ^index\.php$ - [L] \n\n#START - WP Hide & Security Enhancer";
407	foreach($_htaccess_data as $_htaccess_data_line)
408	{
409	$new_rules .= "\n" . $_htaccess_data_line;
	@@ -516,7 +544,14 @@
516	if(empty($screen))
517	return;
518
519	- if($screen->base != "options-permalink" ~~\|\| !isset($_GET['settings-updated']~~))







520	return;
521
522	$new_location = trailingslashit( site_url() ) . "wp-admin/options-permalink.php";
	@@ -540,6 +575,22 @@
540	wp_redirect( $new_location );
541	die();
542	}
















543
544
545	}


14	var $functions;
15
16	var $disable_filters = FALSE;
17	+ var $permalinks_not_applied = FALSE;
18	var $doing_interface_save = FALSE;
19	var $uninstall = FALSE;
20

49	$this->doing_interface_save = TRUE;
50	$this->disable_filters = TRUE;
51	}
52	+
53	+ //check for permalink issues
54	+ $this->permalinks_not_applied = ! $this->functions->htaccess_rules_applied();
55
56	$this->get_default_variables();
57

62	//----------------------
63	remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
64
65	+
66	+ add_action('plugins_loaded', array($this, 'plugin_conflicts') , -1);
67
68	//process redirects
69	add_action('wp_redirect', array($this, 'wp_redirect') , 999, 2);

81
82	//rebuild and change uppon settings modified
83	add_action('wph/settings_changed', array($this, 'settings_changed'));
84	+ add_filter('mod_rewrite_rules', array($this, 'mod_rewrite_rules'), 999);
85
86	//on switch theme
87	add_action('switch_theme', array($this, 'switch_theme'));

118	//process the module fields
119	$module_settings = $this->functions->filter_settings( $module->get_module_settings(), TRUE );
120
121	+ usort($module_settings, array($this->functions, 'array_sort_by_processing_order'));
122	+
123	if(!$this->disable_filters && is_array($module_settings) && count($module_settings) > 0)
124	foreach($module_settings as $module_setting)
125	{

130	$_class_instance = isset($module_setting['class_instance']) ? $module_setting['class_instance'] : $module;
131
132	//ignore callbacks if permalink is turned OFF
133	+ if($this->functions->is_permalink_enabled() && $this->permalinks_not_applied !== TRUE)
134	{
135	$_callback = isset($module_setting['callback']) ? $module_setting['callback'] : '';
136	if(empty($_callback))

201	global $wp_rewrite;
202
203	//help nottice
204	+ foreach($this->modules as $module)
205	+ {
206	+ $interface_menu_data = $module->get_interface_menu_data();
207	+
208	+ if(isset($_GET['page']) && $_GET['page'] == $interface_menu_data['menu_slug'])
209	+ echo "<div class='updated'><p>". __('Help us to improve this plugin by reporting any issues at ', 'wp-hide-security-enhancer') .'<a target="_blank" href="http://www.nsp-code.com/">www.nsp-code.com</a></p></div>';
210	+ }
211	+
212
213	//check for permalinks enabled
214	if (!$this->functions->is_permalink_enabled())

216	echo "<div class='error'><p>". __('Permalink is required to be turned ON for WP Hide & Security Enhancer to work', 'wp-hide-security-enhancer') ."</p></div>";
217	}
218
219	+ //check if the htaccess file is not writable
220	+ if(isset($this->settings['write_check_string']) && !empty($this->settings['write_check_string']))
221	+ {
222	+ $htaccess_write_check_string = $this->functions->get_write_check_string();
223	+ if(empty($htaccess_write_check_string) \|\| $htaccess_write_check_string != $this->settings['write_check_string'])
224	+ echo "<div class='error'><p>". __('Unable to write custom rules to your .htaccess. Is this file writable? <br />No mod is being applied.', 'wp-hide-security-enhancer') ."</p></div>";
225	+ }
226	+
227	+
228	if(isset($_GET['settings_updated']))
229	{
230	echo "<div class='updated'><p>". __('Settings saved', 'wp-hide-security-enhancer') ."</p></div>";

234	//cache plugin nottice
235	if(array_search('w3-total-cache/w3-total-cache.php', $active_plugins) !== FALSE)
236	{
237	+ //check if just flushed
238	+ if(!isset($_GET['w3tc_note']))
239	+ echo "<div class='error'><p>". __('W3 Total Cache Plugin is active, make sure you clear the cache for new changes to apply', 'wp-hide-security-enhancer') ."</p></div>";
240	}
241	if(array_search('wp-super-cache/wp-cache.php', $active_plugins) !== FALSE)
242	{

248
249
250	}
251	+
252	/**
253	+ * Buffer Callback. This is the place to replace all data
254	+ *
255	+ * @param mixed $buffer
256	*/








257	function ob_start_callback( $buffer )
258	{
259	+
260	+ //check headers fir content-encoding
261	+ $response_headers = apache_response_headers();
262	+ if(isset($response_headers['Content-Encoding']) && $response_headers['Content-Encoding'] == "gzip")
263	+ return $buffer;
264	+
265	//replace the urls
266	$buffer = $this->functions->text_urls_replacement($buffer, $this->urls_replacement);
267
268	+
269	$buffer = apply_filters( 'wph/ob_start_callback', $buffer );
270
271	return $buffer;

313	if(count($active_plugins) < 2)
314	return;
315
316	+ $plugin_path = 'wp-hide-security-enhancer/wp-hide.php';
317
318	$key = array_search( $plugin_path, $active_plugins );
319	if($key === FALSE \|\| $key < 1)

424	if(isset($response['page_refresh']) && $response['page_refresh'] === TRUE)
425	$_page_refresh = TRUE;
426	}
427	+
428	+ $write_check_string = time() . '_' . mt_rand(10000, 99999);
429	+ $this->settings['write_check_string'] = $write_check_string;
430	+ $this->functions->update_settings($this->settings);
431
432	if(count($_htaccess_data) > 0)
433	{
434	+ $new_rules = "RewriteRule ^index\.php$ - [L] \n\n#START - WP Hide & Security Enhancer\n#WriteCheckString:" . $write_check_string;
435	foreach($_htaccess_data as $_htaccess_data_line)
436	{
437	$new_rules .= "\n" . $_htaccess_data_line;

544	if(empty($screen))
545	return;
546
547	+ if($screen->base != "options-permalink")
548	+ return;
549	+
550	+ //recheck if the permalinks where sucesfully saved
551	+ $this->permalinks_not_applied = ! $this->functions->htaccess_rules_applied();
552	+
553	+ //ignore if permalinks are available
554	+ if($this->permalinks_not_applied === TRUE)
555	return;
556
557	$new_location = trailingslashit( site_url() ) . "wp-admin/options-permalink.php";

575	wp_redirect( $new_location );
576	die();
577	}
578	+
579	+
580	+ /**
581	+ * General Plugins Conflicts Handle
582	+ *
583	+ */
584	+ function plugin_conflicts()
585	+ {
586	+
587	+ //w3-cache conflicts handle
588	+ include_once(WPH_PATH . 'conflicts/w3-cache.php');
589	+ WPH_conflict_handle_w3_cache::pagecache();
590	+
591	+
592	+
593	+ }
594
595
596	}

modules/components/general-headers.php ADDED Viewed

	@@ -0,0 +1,60 @@


1	+ <?php
2	+
3	+ class WPH_module_general_headers extends WPH_module_component
4	+ {
5	+ function get_component_title()
6	+ {
7	+ return "Headers";
8	+ }
9	+
10	+ function get_module_settings()
11	+ {
12	+ $this->module_settings[] = array(
13	+ 'id' => 'remove_x_powered_by',
14	+ 'label' => 'Remove X-Powered-By Header',
15	+ 'description' => __('Remove X-Powered-By Header if being set.', 'wp-hide-security-enhancer') . ' ' .
16	+ __('More details at ', 'wp-hide-security-enhancer') . '<a target="_blank" href="http://www.wp-hide.com/request-headers/">Request Headers</a>',
17	+
18	+ 'input_type' => 'radio',
19	+ 'options' => array(
20	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
21	+ 'no' => __('No', 'wp-hide-security-enhancer'),
22	+ ),
23	+ 'default_value' => 'no',
24	+
25	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
26	+ 'processing_order' => 70
27	+ );
28	+
29	+ return $this->module_settings;
30	+ }
31	+
32	+
33	+
34	+ function _init_remove_x_powered_by($saved_field_data)
35	+ {
36	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
37	+ return FALSE;
38	+
39	+
40	+ }
41	+
42	+ function _callback_saved_remove_x_powered_by($saved_field_data)
43	+ {
44	+ $processing_response = array();
45	+
46	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
47	+ return FALSE;
48	+
49	+ $processing_response['htaccess'] = "\n" . '<FilesMatch "">
50	+ <IfModule mod_headers.c>
51	+ Header unset X-Powered-By
52	+ </IfModule>
53	+ </FilesMatch>';
54	+
55	+ return $processing_response;
56	+ }
57	+
58	+
59	+ }
60	+ ?>

modules/components/general-html-comments.php ADDED Viewed

	@@ -0,0 +1,57 @@


1	+ <?php
2	+
3	+ class WPH_module_general_html_comments extends WPH_module_component
4	+ {
5	+ function get_component_title()
6	+ {
7	+ return "HTML Comments";
8	+ }
9	+
10	+ function get_module_settings()
11	+ {
12	+ $this->module_settings[] = array(
13	+ 'id' => 'remove_html_comments',
14	+ 'label' => 'Remove HTML Comments',
15	+ 'description' => __('Remove all HTML Comments which usualy specify Plugins Name and Versio. Any Internet Exploreer conditional tags are preserved.', 'wp-hide-security-enhancer'),
16	+
17	+ 'input_type' => 'radio',
18	+ 'options' => array(
19	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
20	+ 'no' => __('No', 'wp-hide-security-enhancer'),
21	+ ),
22	+ 'default_value' => 'no',
23	+
24	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
25	+ 'processing_order' => 80
26	+ );
27	+
28	+ return $this->module_settings;
29	+ }
30	+
31	+
32	+
33	+ function _init_remove_html_comments($saved_field_data)
34	+ {
35	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
36	+ return FALSE;
37	+
38	+
39	+ add_filter('wph/ob_start_callback', array($this, 'remove_html_comments'));
40	+
41	+ }
42	+
43	+
44	+ function remove_html_comments($buffer)
45	+ {
46	+
47	+ //replace any comments
48	+ $buffer = preg_replace('/<!--(?!\s(?:\[if [^\]]+]\|<!\|>))(?:(?!-->)(.\|\n))-->/sm', "" , $buffer);
49	+
50	+ return $buffer;
51	+
52	+ }
53	+
54	+
55	+
56	+ }
57	+ ?>

modules/components/general-meta.php CHANGED Viewed

	@@ -2,6 +2,11 @@
2
3	class WPH_module_general_meta extends WPH_module_component
4	{





5
6	function get_module_settings()
7	{


2
3	class WPH_module_general_meta extends WPH_module_component
4	{
5	+ function get_component_title()
6	+ {
7	+ return "Meta";
8	+ }
9	+
10
11	function get_module_settings()
12	{

modules/components/general-remove_version.php CHANGED Viewed

	@@ -2,6 +2,10 @@
2
3	class WPH_module_general_remove_version extends WPH_module_component
4	{




5
6	function get_module_settings()
7	{


2
3	class WPH_module_general_remove_version extends WPH_module_component
4	{
5	+ function get_component_title()
6	+ {
7	+ return "Script/Style Version";
8	+ }
9
10	function get_module_settings()
11	{

modules/components/general-wpemoji.php CHANGED Viewed

	@@ -2,7 +2,11 @@
2
3	class WPH_module_general_wpemoji extends WPH_module_component
4	{
5	-




6	function get_module_settings()
7	{
8	$this->module_settings[] = array(


2
3	class WPH_module_general_wpemoji extends WPH_module_component
4	{
5	+ function get_component_title()
6	+ {
7	+ return "Emoji";
8	+ }
9	+
10	function get_module_settings()
11	{
12	$this->module_settings[] = array(

modules/components/rewrite-new_include_path.php CHANGED Viewed

	@@ -48,12 +48,11 @@
48	if(empty($saved_field_data))
49	return FALSE;
50
51	-
52	- add_filter('includes_url', array( $this, 'includes_url' ), 999, 2);
53	- add_filter('script_loader_src', array( $this, 'script_loader_src' ), 999, 2);
54	- add_filter('style_loader_src', array( $this, 'style_loader_src' ), 999, 2);
55	-
56	- add_filter('wp_default_scripts', array($this, 'wp_default_scripts' ), 999);
57
58	//add default plugin path replacement
59	$new_include_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_include_path') );


48	if(empty($saved_field_data))
49	return FALSE;
50
51	+ //disable the filters to allow other plugins to use default urls (e.g. W3 cache).
52	+ //add_filter('includes_url', array( $this, 'includes_url' ), 999, 2);
53	+ //add_filter('script_loader_src', array( $this, 'script_loader_src' ), 999, 2);
54	+ //add_filter('style_loader_src', array( $this, 'style_loader_src' ), 999, 2);
55	+ //add_filter('wp_default_scripts', array($this, 'wp_default_scripts' ), 999);

56
57	//add default plugin path replacement
58	$new_include_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_include_path') );

modules/components/rewrite-new_plugin_path.php CHANGED Viewed

	@@ -20,7 +20,7 @@
20	'input_type' => 'text',
21
22	'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
23	- 'processing_order' => 25
24	);
25
26	$this->module_settings[] = array(
	@@ -36,7 +36,7 @@
36	'default_value' => 'no',
37
38	'sanitize_type' => array('sanitize_title', 'strtolower'),
39	- 'processing_order' => 30
40
41	);
42
	@@ -68,6 +68,8 @@
68	'input_type' => 'text',
69
70	'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),


71	);
72
73	}
	@@ -79,15 +81,17 @@
79
80	function _init_new_plugin_path($saved_field_data)
81	{


82	if(empty($saved_field_data))
83	return FALSE;
84
85	- add_filter('plugins_url', array( $this, 'plugins_url' ), 10, 3);
86	-
87	//add default plugin path replacement
88	$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
89	$new_plugin_path = trailingslashit( site_url() ) . untrailingslashit( $new_plugin_path );
90	$this->wph->urls_replacement[WP_PLUGIN_URL] = $new_plugin_path;


91	}
92
93	function plugins_url($url, $path, $plugin)
	@@ -144,17 +148,21 @@
144	$processing_response = array();
145
146	//check if the field is noe empty


147	if(empty($saved_field_data))
148	return $processing_response;
149	-

150	$plugin_path = $this->wph->functions->get_url_path( WP_PLUGIN_URL );
151
152	$path = '';
153	if(!empty($this->wph->default_variables['wordpress_directory']))
154	$path = trailingslashit($this->wph->default_variables['wordpress_directory']);
155	$path .= trailingslashit( $saved_field_data );
156	-
157	- ~~$htaccess = "\nRewriteRule ^" . trailingslashit~~( $path ) . '(.*) ~~'. $plugin_path .'$1 [L,QSA]';~~

158
159	//add custom rewrite for plugins
160	//get active plugins
	@@ -186,8 +194,7 @@
186
187	return $processing_response;
188	}
189	-
190	-
191
192	function _callback_saved_block_plugins_url($saved_field_data)
193	{


20	'input_type' => 'text',
21
22	'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
23	+ 'processing_order' => 17
24	);
25
26	$this->module_settings[] = array(

36	'default_value' => 'no',
37
38	'sanitize_type' => array('sanitize_title', 'strtolower'),
39	+ 'processing_order' => 18
40
41	);
42

68	'input_type' => 'text',
69
70	'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
71	+
72	+ 'processing_order' => 16
73	);
74
75	}

81
82	function _init_new_plugin_path($saved_field_data)
83	{
84	+ add_filter('plugins_url', array( $this, 'plugins_url' ), 10, 3);
85	+
86	if(empty($saved_field_data))
87	return FALSE;
88


89	//add default plugin path replacement
90	$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
91	$new_plugin_path = trailingslashit( site_url() ) . untrailingslashit( $new_plugin_path );
92	$this->wph->urls_replacement[WP_PLUGIN_URL] = $new_plugin_path;
93	+
94	+ return TRUE;
95	}
96
97	function plugins_url($url, $path, $plugin)

148	$processing_response = array();
149
150	//check if the field is noe empty
151	+ //commented out, to allow individual plugins name to be processed
152	+ /*
153	if(empty($saved_field_data))
154	return $processing_response;
155	+ */
156	+
157	$plugin_path = $this->wph->functions->get_url_path( WP_PLUGIN_URL );
158
159	$path = '';
160	if(!empty($this->wph->default_variables['wordpress_directory']))
161	$path = trailingslashit($this->wph->default_variables['wordpress_directory']);
162	$path .= trailingslashit( $saved_field_data );
163	+
164	+ if(!empty($path))
165	+ $htaccess = "\nRewriteRule ^" . trailingslashit( $path ) . '(.*) '. $plugin_path .'$1 [L,QSA]';
166
167	//add custom rewrite for plugins
168	//get active plugins

194
195	return $processing_response;
196	}
197	+

198
199	function _callback_saved_block_plugins_url($saved_field_data)
200	{

modules/components/rewrite-root-files.php CHANGED Viewed

@@ -10,6 +10,43 @@
                         function get_module_settings()
+                            {
                                 $this->module_settings[]                  =   array(
                                                                                 'id'            =>  'block_license_txt',
                                                                                 'label'         =>  __('Block license.txt',    'wp-hide-security-enhancer'),
@@ -95,6 +132,60 @@
                                 return $this->module_settings;
+                            }
                         function _callback_saved_block_license_txt($saved_field_data)
@@ -175,6 +266,8 @@
                                 $text   .=       "RewriteCond %{REQUEST_FILENAME} !wp-activate.php [NC]\n";
                                 $text   .=       "RewriteCond %{REQUEST_FILENAME} !wp-signup.php [NC]\n";
                                 $text   .=      "RewriteRule ^wp-([a-z-])+.php ".  $this->wph->default_variables['site_relative_path'] ."index.php [L]";


10
11	function get_module_settings()
12	{
13	+ $this->module_settings[] = array(
14	+ 'id' => 'new_wp_comments_post',
15	+ 'label' => __('New wp-comments-post.php Path', 'wp-hide-security-enhancer'),
16	+ 'description' => __('The default path is set to wp-comments-post.php', 'wp-hide-security-enhancer'),
17	+
18	+ 'value_description' => 'e.g. user-input.php',
19	+ 'input_type' => 'text',
20	+
21	+ 'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name'), array($this->wph->functions, 'php_extension_required')),
22	+ 'processing_order' => 60
23	+ );
24	+
25	+ $this->module_settings[] = array(
26	+ 'id' => 'block_wp_comments_post_url',
27	+ 'label' => __('Block wp-comments-post.php', 'wp-hide-security-enhancer'),
28	+ 'description' => __('Block default wp-comments-post.php.', 'wp-hide-security-enhancer') . '<br />'.__('Apply only if ', 'wp-hide-security-enhancer') . '<b>New wp-comments-post.php Path</b> ' . __('is not empty.', 'wp-hide-security-enhancer'),
29	+
30	+ 'input_type' => 'radio',
31	+ 'options' => array(
32	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
33	+ 'no' => __('No', 'wp-hide-security-enhancer'),
34	+ ),
35	+ 'default_value' => 'no',
36	+
37	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
38	+ 'processing_order' => 60
39	+
40	+ );
41	+
42	+
43	+ $this->module_settings[] = array(
44	+ 'type' => 'split'
45	+
46	+ );
47	+
48	+
49	+
50	$this->module_settings[] = array(
51	'id' => 'block_license_txt',
52	'label' => __('Block license.txt', 'wp-hide-security-enhancer'),

132	return $this->module_settings;
133	}
134
135	+
136	+
137	+ function _init_new_wp_comments_post($saved_field_data)
138	+ {
139	+
140	+ if(empty($saved_field_data))
141	+ return FALSE;
142	+
143	+ //add default plugin path replacement
144	+ $url = trailingslashit( site_url() ) . 'wp-comments-post.php';
145	+ $replacement = trailingslashit( site_url() ) . $saved_field_data;
146	+ $this->wph->urls_replacement[ $url] = $replacement;
147	+
148	+ return TRUE;
149	+ }
150	+
151	+ function _callback_saved_new_wp_comments_post($saved_field_data)
152	+ {
153	+ $processing_response = array();
154	+
155	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
156	+ return FALSE;
157	+
158	+ $default_path = $this->wph->functions->get_url_path( trailingslashit(site_url()) . 'wp-comments-post.php', TRUE );
159	+
160	+ $processing_response['htaccess'] = "\nRewriteRule ^" . $saved_field_data . ' '. $default_path .' [L,QSA]';
161	+
162	+ return $processing_response;
163	+
164	+
165	+ }
166	+
167	+
168	+ function _callback_saved_block_wp_comments_post_url($saved_field_data)
169	+ {
170	+ $processing_response = array();
171	+
172	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
173	+ return FALSE;
174	+
175	+ //prevent from blocking if the wp_comments_post is not modified
176	+ $new_wp_comments_post = ltrim(rtrim($this->wph->functions->get_module_item_setting('new_wp_comments_post'), "/"), "/");
177	+ if (empty( $new_wp_comments_post ))
178	+ return FALSE;
179	+
180	+ $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
181	+ $text .= "RewriteRule ^wp-comments-post.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
182	+
183	+ $processing_response['htaccess'] = $text;
184	+
185	+ return $processing_response;
186	+
187	+
188	+ }
189
190
191	function _callback_saved_block_license_txt($saved_field_data)

266
267	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-activate.php [NC]\n";
268	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-signup.php [NC]\n";
269	+ $text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
270	+ $text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
271
272	$text .= "RewriteRule ^wp-([a-z-])+.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
273

modules/components/rewrite-wp_content_path.php CHANGED Viewed

	@@ -19,7 +19,7 @@
19	'input_type' => 'text',
20
21	'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
22	- 'processing_order' => 21
23	);
24
25
	@@ -37,7 +37,7 @@
37	'default_value' => 'no',
38
39	'sanitize_type' => array('sanitize_title', 'strtolower'),
40	- 'processing_order' => 22
41	);
42
43	return $this->module_settings;
	@@ -54,6 +54,8 @@
54	//add default plugin path replacement
55	$new_content_path = trailingslashit( site_url() ) . untrailingslashit( $saved_field_data );
56	$this->wph->urls_replacement[trailingslashit( site_url() ) . $content_directory ] = $new_content_path;


57	}
58
59	function _callback_saved_new_content_path($saved_field_data)
	@@ -80,7 +82,7 @@
80
81	function _init_block_wp_content_path($saved_field_data)
82	{
83	-
84	}
85
86	function _callback_saved_block_wp_content_path($saved_field_data)


19	'input_type' => 'text',
20
21	'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
22	+ 'processing_order' => 90
23	);
24
25

37	'default_value' => 'no',
38
39	'sanitize_type' => array('sanitize_title', 'strtolower'),
40	+ 'processing_order' => 91
41	);
42
43	return $this->module_settings;

54	//add default plugin path replacement
55	$new_content_path = trailingslashit( site_url() ) . untrailingslashit( $saved_field_data );
56	$this->wph->urls_replacement[trailingslashit( site_url() ) . $content_directory ] = $new_content_path;
57	+
58	+ return TRUE;
59	}
60
61	function _callback_saved_new_content_path($saved_field_data)

82
83	function _init_block_wp_content_path($saved_field_data)
84	{
85	+
86	}
87
88	function _callback_saved_block_wp_content_path($saved_field_data)

modules/module-general.php CHANGED Viewed

	@@ -8,20 +8,32 @@
8	{
9
10	//add components



11	include(WPH_PATH . "/modules/components/general-wpemoji.php");
12	$this->components[] = new WPH_module_general_wpemoji();
13
14	include(WPH_PATH . "/modules/components/general-remove_version.php");
15	$this->components[] = new WPH_module_general_remove_version();
16
17	- include(WPH_PATH . "/modules/components/general-~~meta~~.php");
18	- $this->components[] = new ~~WPH_module_general_meta~~();



19
20	//action available for mu-plugins
21	do_action('wp-hide/module_load_components', $this);
22
23	}
24






25	function get_module_id()
26	{
27


8	{
9
10	//add components
11	+ include(WPH_PATH . "/modules/components/general-meta.php");
12	+ $this->components[] = new WPH_module_general_meta();
13	+
14	include(WPH_PATH . "/modules/components/general-wpemoji.php");
15	$this->components[] = new WPH_module_general_wpemoji();
16
17	include(WPH_PATH . "/modules/components/general-remove_version.php");
18	$this->components[] = new WPH_module_general_remove_version();
19
20	+ include(WPH_PATH . "/modules/components/general-headers.php");
21	+ $this->components[] = new WPH_module_general_headers();
22	+
23	+ include(WPH_PATH . "/modules/components/general-html-comments.php");
24	+ $this->components[] = new WPH_module_general_html_comments();
25
26	//action available for mu-plugins
27	do_action('wp-hide/module_load_components', $this);
28
29	}
30
31	+ function use_tabs()
32	+ {
33	+
34	+ return TRUE;
35	+ }
36	+
37	function get_module_id()
38	{
39

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: nsp-code
3	Donate link: http://www.nsp-code.com/donate.php
4	Tags: hide, security, improve security, hacking, wp hide, wordpress hide
5	Requires at least: 2.8
6	- Tested up to: 4.~~4.2~~
7	- Stable tag: 1.2.2
8
9	Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
10
	@@ -18,6 +18,8 @@ Over 99,9% of hacked WordPress websites are target of automated malware scripts,
18
19	Works fine with custom WordPress directory structure.
20


21	Main plugin functionality:
22
23	* Custom Admin Url
	@@ -55,8 +57,6 @@ This plugin allow to change default Admin Url's from wp-login.php and **wp-a
55
56	Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.
57
58	- <br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.nsp-code.com">Contact</a> and we'll check it out.
59	-
60	= Plugin Sections =
61
62	Rewrite > Theme
	@@ -100,11 +100,8 @@ Since version 1.2 Change individual plugin urls which make them unrecognizable,
100	* Block wp-signup.php - Block default wp-signup.php file
101	* Block other wp-.php files - Block other wp-.php files within WordPress Root
102
103	- General / Html
104
105	- * Disable Emoji
106	- * Disable TinyMC Emoji
107	- * Remove Version
108	* Remove Generator Meta
109	* Remove wlwmanifest Meta
110	* Remove feed_links Meta
	@@ -113,6 +110,23 @@ Since version 1.2 Change individual plugin urls which make them unrecognizable,
113	* Remove profile link
114	* Remove canonical link
115

















116	Admin > wp-login.php
117
118	* New wp-login.php - Map a new wp-login.php instead default
	@@ -123,6 +137,7 @@ Since version 1.2 Change individual plugin urls which make them unrecognizable,
123	* New Admin Url - Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
124	* Block default Admin Url - Block default admin url and files from being accesible
125

126
127	<br />A website example can be found at <a target="_blank" href="http://nsp-code.com/demo/wp-hide/">http://nsp-code.com/demo/wp-hide/</a>
128
	@@ -164,6 +179,21 @@ Please get in touch with us and we'll do our best to include it for a next versi
164
165	== Changelog ==
166















167	= 1.2.2 =
168	* New Content Path
169	* New Component : Root Files


3	Donate link: http://www.nsp-code.com/donate.php
4	Tags: hide, security, improve security, hacking, wp hide, wordpress hide
5	Requires at least: 2.8
6	+ Tested up to: 4.5
7	+ Stable tag: 1.2.6
8
9	Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
10

18
19	Works fine with custom WordPress directory structure.
20
21	+ Once configured, you need to clear server cache data and / or any cache plugins (e.g. W3 Cache), for a new html data to generate. If use CDN this should be cache clear as well.
22	+
23	Main plugin functionality:
24
25	* Custom Admin Url

57
58	Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.
59


60	= Plugin Sections =
61
62	Rewrite > Theme

100	* Block wp-signup.php - Block default wp-signup.php file
101	* Block other wp-.php files - Block other wp-.php files within WordPress Root
102
103	+ General / Html > Meta
104



105	* Remove Generator Meta
106	* Remove wlwmanifest Meta
107	* Remove feed_links Meta

110	* Remove profile link
111	* Remove canonical link
112
113	+ General / Html > Emoji
114	+
115	+ * Disable Emoji
116	+ * Disable TinyMC Emoji
117	+
118	+ General / Html > Script/Style Version
119	+
120	+ * Remove Version
121	+
122	+ General / Html > Headers
123	+
124	+ * Remove X-Powered-By Header
125	+
126	+ General / Html > HTML Comments
127	+
128	+ * Remove HTML Comments
129	+
130	Admin > wp-login.php
131
132	* New wp-login.php - Map a new wp-login.php instead default

137	* New Admin Url - Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
138	* Block default Admin Url - Block default admin url and files from being accesible
139
140	+ <br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.nsp-code.com">Contact</a> and we'll check it out.
141
142	<br />A website example can be found at <a target="_blank" href="http://nsp-code.com/demo/wp-hide/">http://nsp-code.com/demo/wp-hide/</a>
143

179
180	== Changelog ==
181
182	+ = 1.2.6 =
183	+ * New Component - HTML Comments replace
184	+ * New Component - Headers
185	+ * Conflict Handle with W3 Cache plugin when pagecache is active
186	+ * W3 Cache plugin buffer use when active
187	+ * Show notice when rules could not be delivered to htaccess file
188	+ * Disable include filters and leave the buffering urls replacements to allow other plug ins to use default urls for compatibility purpose(e.g. W3-Cache Minify)
189	+ * Fix: plugin folder / textdomain change
190	+ * Early Buffering start, before any other code
191	+ * Recovery link code functionality improvements
192	+ * New wp-comments-post.php Path
193	+ * Fix: Decrease the processing order index for wp-content module to allow others to run earlier than wp-content
194	+ * Add mod_rewrite rules monitor system
195	+ * Check if the mod_rewrite rules where successfully written to .htaccess file or disable any component run
196	+
197	= 1.2.2 =
198	* New Content Path
199	* New Component : Root Files

wp-hide.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: http://www.nsp-code.com
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.2.2
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/
	@@ -49,6 +49,12 @@ Domain Path: /languages/
49	$wph = new WPH();
50	$wph->init();
51






52	//check for update from older version
53	include_once(WPH_PATH . '/include/update.class.php');
54	new WPH_update();


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.2.6
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/

49	$wph = new WPH();
50	$wph->init();
51
52	+ /**
53	+ * Early Turn ON buffering to allow a callback
54	+ *
55	+ */
56	+ ob_start(array($wph, 'ob_start_callback'));
57	+
58	//check for update from older version
59	include_once(WPH_PATH . '/include/update.class.php');
60	new WPH_update();

WP Hide & Security Enhancer - Version 1.2.6

Version Description

Release Info

Code changes from version 1.2.2 to 1.2.6