WP Hide & Security Enhancer - Version 1.3.7

Version Description

  • Sanitize Admin Url for not using extension (e.g. .php) as it confuse the server upon the headers to sent
  • Fix: replacements links when using custom directory for WordPress core files
  • Fix: child theme path fix when changing style filename
  • New Theme Path - help resource link fix
  • Changed from DOMDocument to preg_replace for better compatibility with themes and plugins
  • Improved execution speed
Download this release

Release Info

Developer nsp-code
Plugin Icon 128x128 WP Hide & Security Enhancer
Version 1.3.7
Comparing to
See all releases

Code changes from version 1.3.6.3 to 1.3.7

Files changed (15) hide show
  1. conflicts/buddypress.php +3 -10
  2. include/functions.class.php +1 -1
  3. include/wph.class.php +1 -0
  4. modules/components/admin-admin_url.php +26 -7
  5. modules/components/admin-new_wp_login_php.php +1 -1
  6. modules/components/general-html.php +28 -40
  7. modules/components/general-meta.php +387 -423
  8. modules/components/general-styles.php +14 -26
  9. modules/components/rewrite-new_plugin_path.php +2 -2
  10. modules/components/rewrite-new_theme_path.php +7 -7
  11. modules/components/rewrite-new_xml-rpc-path.php +1 -29
  12. modules/components/rewrite-root-files.php +29 -15
  13. modules/components/rewrite-wp_content_path.php +1 -1
  14. readme.txt +319 -437
  15. wp-hide.php +2 -2
conflicts/buddypress.php CHANGED
@@ -51,20 +51,13 @@
51
  if(!isset($component['id']))
52
  continue;
53
 
54
- if($component['id'] == 'remove_other_generator_meta')
55
- {
56
- $modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
57
- }
58
-
59
  if($component['id'] == 'styles_remove_id_attribute')
60
  {
61
  $modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
62
  }
63
-
64
- if($component['id'] == 'clean_image_classes')
65
- {
66
- $modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
67
- }
68
  }
69
  }
70
  }
51
  if(!isset($component['id']))
52
  continue;
53
 
54
+ /**
 
 
 
 
55
  if($component['id'] == 'styles_remove_id_attribute')
56
  {
57
  $modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
58
  }
59
+ */
60
+
 
 
 
61
  }
62
  }
63
  }
include/functions.class.php CHANGED
@@ -654,7 +654,7 @@
654
  function get_url_path_relative_to_domain_root($url)
655
  {
656
 
657
- $url = str_replace(trailingslashit( site_url() ), "" , $url);
658
 
659
  return $url;
660
 
654
  function get_url_path_relative_to_domain_root($url)
655
  {
656
 
657
+ $url = str_replace(trailingslashit( home_url() ), "" , $url);
658
 
659
  return $url;
660
 
include/wph.class.php CHANGED
@@ -883,6 +883,7 @@
883
  $domain_ABSPATH = str_replace($wp_directory, "", untrailingslashit( realpath( ABSPATH )));
884
 
885
  $content_directory = str_replace($domain_ABSPATH, "" , untrailingslashit( realpath( WP_CONTENT_DIR )));
 
886
  $this->default_variables['content_directory'] = $content_directory;
887
  }
888
 
883
  $domain_ABSPATH = str_replace($wp_directory, "", untrailingslashit( realpath( ABSPATH )));
884
 
885
  $content_directory = str_replace($domain_ABSPATH, "" , untrailingslashit( realpath( WP_CONTENT_DIR )));
886
+ $content_directory = str_replace('\\', '/', $content_directory);
887
  $this->default_variables['content_directory'] = $content_directory;
888
  }
889
 
modules/components/admin-admin_url.php CHANGED
@@ -19,7 +19,7 @@
19
  ),
20
  'input_type' => 'text',
21
 
22
- 'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
23
  'processing_order' => 60
24
 
25
  );
@@ -95,10 +95,12 @@
95
  $path = trailingslashit($this->wph->default_variables['wordpress_directory']);
96
  $path .= trailingslashit( $saved_field_data );
97
 
 
 
98
  if($this->wph->server_htaccess_config === TRUE)
99
  {
100
- $text = "\nRewriteCond %{REQUEST_URI} ". $saved_field_data ."$";
101
- $text .= "\nRewriteRule ^(.*)$ ". $saved_field_data ."/ [R=301,L]";
102
  $text .= "\nRewriteRule ^" . $path . '(.*) '. $admin_url .'$1 [L,QSA]';
103
  }
104
 
@@ -107,9 +109,9 @@
107
  <rule name="wph-admin_url1" stopProcessing="true">
108
  <match url="^(.*)$" />
109
  <conditions>
110
- <add input="{REQUEST_URI}" matchType="Pattern" pattern="$saved_field_data$" />
111
  </conditions>
112
- <action type="Redirect" redirectType="Permanent" url="'. $saved_field_data .'{R:1}/" />
113
  </rule>
114
  <rule name="wph-admin_url2" stopProcessing="true">
115
  <match url="^'. $path .'(.*)" />
@@ -233,11 +235,13 @@
233
  $path = '';
234
  if(!empty($this->wph->default_variables['wordpress_directory']))
235
  $path = trailingslashit($this->wph->default_variables['wordpress_directory']);
 
 
236
 
237
  if($this->wph->server_htaccess_config === TRUE)
238
  {
239
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
240
- $text .= "RewriteRule ^wp-admin(.+) $site_index [L]\n";
241
  $text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
242
 
243
  //theme my login usage
@@ -263,7 +267,7 @@
263
  {
264
  $text = '
265
  <rule name="wph-block_default_admin_url1" stopProcessing="true">
266
- <match url="^wp-admin(.+)" />
267
  <action type="Rewrite" url="'. $site_index .'" />
268
  </rule>
269
  <rule name="wph-block_default_admin_url2" stopProcessing="true">
@@ -301,6 +305,21 @@
301
 
302
  return $processing_response;
303
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
304
 
305
 
306
  }
19
  ),
20
  'input_type' => 'text',
21
 
22
+ 'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name'), array($this, 'sanitize_path_name')),
23
  'processing_order' => 60
24
 
25
  );
95
  $path = trailingslashit($this->wph->default_variables['wordpress_directory']);
96
  $path .= trailingslashit( $saved_field_data );
97
 
98
+ $rewrite_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) : '';
99
+
100
  if($this->wph->server_htaccess_config === TRUE)
101
  {
102
+ $text = "\nRewriteCond %{REQUEST_URI} ". $rewrite_base . $saved_field_data ."$";
103
+ $text .= "\nRewriteRule ^(.*)$ ". $rewrite_base . $saved_field_data ."/ [R=301,L]";
104
  $text .= "\nRewriteRule ^" . $path . '(.*) '. $admin_url .'$1 [L,QSA]';
105
  }
106
 
109
  <rule name="wph-admin_url1" stopProcessing="true">
110
  <match url="^(.*)$" />
111
  <conditions>
112
+ <add input="{REQUEST_URI}" matchType="Pattern" pattern="'. $rewrite_base . $saved_field_data .'$" />
113
  </conditions>
114
+ <action type="Redirect" redirectType="Permanent" url="'. $rewrite_base . $saved_field_data .'{R:1}/" />
115
  </rule>
116
  <rule name="wph-admin_url2" stopProcessing="true">
117
  <match url="^'. $path .'(.*)" />
235
  $path = '';
236
  if(!empty($this->wph->default_variables['wordpress_directory']))
237
  $path = trailingslashit($this->wph->default_variables['wordpress_directory']);
238
+
239
+ $rewrite_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) : '';
240
 
241
  if($this->wph->server_htaccess_config === TRUE)
242
  {
243
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
244
+ $text .= "RewriteRule ^" . $rewrite_base ."wp-admin(.+) $site_index [L]\n";
245
  $text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
246
 
247
  //theme my login usage
267
  {
268
  $text = '
269
  <rule name="wph-block_default_admin_url1" stopProcessing="true">
270
+ <match url="^'. $rewrite_base .'wp-admin(.+)" />
271
  <action type="Rewrite" url="'. $site_index .'" />
272
  </rule>
273
  <rule name="wph-block_default_admin_url2" stopProcessing="true">
305
 
306
  return $processing_response;
307
  }
308
+
309
+
310
+ /**
311
+ * Replace any dots in the slug, as it will confuse the server uppon being an actual file
312
+ *
313
+ * @param mixed $value
314
+ */
315
+ function sanitize_path_name( $value )
316
+ {
317
+
318
+ $value = str_replace(".","-", $value);
319
+
320
+ return $value;
321
+
322
+ }
323
 
324
 
325
  }
modules/components/admin-new_wp_login_php.php CHANGED
@@ -65,7 +65,7 @@
65
  $this->wph->functions->add_replacement( $url, trailingslashit( site_url() ) . $saved_field_data );
66
 
67
  //add relative too
68
- $this->wph->functions->add_replacement( 'wp-login.php', $saved_field_data );
69
 
70
  }
71
 
65
  $this->wph->functions->add_replacement( $url, trailingslashit( site_url() ) . $saved_field_data );
66
 
67
  //add relative too
68
+ $this->wph->functions->add_replacement( '/wp-login.php', '/' . $saved_field_data );
69
 
70
  }
71
 
modules/components/general-html.php CHANGED
@@ -295,55 +295,43 @@
295
 
296
  if(is_admin())
297
  return $buffer;
298
-
299
- if ( ! class_exists( 'DOMDocument', false ) )
300
- return $buffer;
301
-
302
- $doc = new DOMDocument();
303
- $doc->preserveWhiteSpace = true;
304
-
305
- if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
306
- return $buffer;
307
-
308
- $doc->encoding = 'UTF-8';
309
- $doc->formatOutput = true;
310
 
311
- $xpath = new DOMXPath($doc);
312
 
313
- $nodes = $xpath->query('//img[@class]');
314
- if($nodes->length < 1)
315
- return $buffer;
 
 
 
 
 
 
 
 
 
 
 
 
316
 
317
- foreach ($nodes as $node)
 
 
 
318
  {
319
- $classes = $node->getAttribute('class');
320
-
321
- if(empty($classes))
322
- continue;
323
-
324
- $classes_array = explode(" ", $classes);
325
- $classes_array = array_filter( $classes_array );
326
-
327
- foreach($classes_array as $key => $class)
328
  {
329
- //only wp-image- at the momment
330
- if(strpos($class, 'wp-image-') === 0)
331
- {
332
- unset( $classes_array[$key] );
333
- }
334
  }
335
-
336
- $classes_array = array_values($classes_array);
337
-
338
- $node->setAttribute( "class", implode( " ", $classes_array ) );
339
  }
340
 
341
- $doc->normalizeDocument();
342
 
343
- $buffer = $doc->saveHTML( );
344
-
345
- return $buffer;
346
-
347
  }
348
 
349
 
295
 
296
  if(is_admin())
297
  return $buffer;
 
 
 
 
 
 
 
 
 
 
 
 
298
 
299
+ $buffer = preg_replace_callback('/<img.*?class=["|\'](.*?)["|\'].*?>/i', array($this, "clean_image_classes_preg_replace_callback"), $buffer);
300
 
301
+ return $buffer;
302
+
303
+ }
304
+
305
+
306
+ function clean_image_classes_preg_replace_callback( $matches )
307
+ {
308
+ $tag = isset($matches[0]) ? $matches[0] : '';
309
+ $classes = isset($matches[1]) ? $matches[1] : '';
310
+
311
+ if(empty($tag))
312
+ return '';
313
+
314
+ if(empty($classes))
315
+ return $tag;
316
 
317
+ $classes_array = explode(" ", $classes);
318
+ $classes_array = array_filter( $classes_array );
319
+
320
+ foreach($classes_array as $key => $class)
321
  {
322
+ //only wp-image- at the momment
323
+ if(strpos($class, 'wp-image-') === 0)
 
 
 
 
 
 
 
324
  {
325
+ unset( $classes_array[$key] );
 
 
 
 
326
  }
 
 
 
 
327
  }
328
 
329
+ $classes_array = array_values($classes_array);
330
 
331
+ $tag = str_replace($classes, implode( " ", $classes_array ), $tag);
332
+
333
+ return $tag;
334
+
335
  }
336
 
337
 
modules/components/general-meta.php CHANGED
@@ -1,424 +1,388 @@
1
- <?php
2
-
3
- class WPH_module_general_meta extends WPH_module_component
4
- {
5
- function get_component_title()
6
- {
7
- return "Meta";
8
- }
9
-
10
-
11
- function get_module_settings()
12
- {
13
- $this->module_settings[] = array(
14
- 'id' => 'remove_generator_meta',
15
- 'label' => 'Remove WordPress Generator Meta',
16
- 'description' => __('Remove the autogenerated meta generator tag within head (WordPress Version).', 'wp-hide-security-enhancer'),
17
-
18
- 'input_type' => 'radio',
19
- 'options' => array(
20
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
21
- 'no' => __('No', 'wp-hide-security-enhancer'),
22
- ),
23
- 'default_value' => 'no',
24
-
25
- 'sanitize_type' => array('sanitize_title', 'strtolower')
26
-
27
- );
28
-
29
- $this->module_settings[] = array(
30
- 'id' => 'remove_other_generator_meta',
31
- 'label' => 'Remove Other Generator Meta',
32
- 'description' => __('Remove other meta generated tags within head (eg Theme Name, Theme Version).', 'wp-hide-security-enhancer'),
33
-
34
- 'input_type' => 'radio',
35
- 'options' => array(
36
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
37
- 'no' => __('No', 'wp-hide-security-enhancer'),
38
- ),
39
- 'default_value' => 'no',
40
-
41
- 'sanitize_type' => array('sanitize_title', 'strtolower')
42
-
43
- );
44
-
45
- $this->module_settings[] = array(
46
- 'id' => 'remove_resource_hints',
47
- 'label' => 'Remove Resource Hints',
48
- 'description' => __('Remove Resource Hints meta generated tags within head (eg dns-prefetch, preconnect).', 'wp-hide-security-enhancer'),
49
-
50
- 'input_type' => 'radio',
51
- 'options' => array(
52
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
53
- 'no' => __('No', 'wp-hide-security-enhancer'),
54
- ),
55
- 'default_value' => 'no',
56
-
57
- 'sanitize_type' => array('sanitize_title', 'strtolower')
58
-
59
- );
60
-
61
- $this->module_settings[] = array(
62
- 'id' => 'remove_wlwmanifest',
63
- 'label' => 'Remove wlwmanifest Meta',
64
- 'description' => __('Remove the wlwmanifest tag within head.', 'wp-hide-security-enhancer'),
65
-
66
- 'input_type' => 'radio',
67
- 'options' => array(
68
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
69
- 'no' => __('No', 'wp-hide-security-enhancer'),
70
- ),
71
- 'default_value' => 'no',
72
-
73
- 'sanitize_type' => array('sanitize_title', 'strtolower')
74
-
75
- );
76
-
77
-
78
- $this->module_settings[] = array(
79
- 'id' => 'remove_feed_links',
80
- 'label' => 'Remove feed_links Meta',
81
- 'description' => __('Remove the feed_links tag within head.', 'wp-hide-security-enhancer'),
82
-
83
- 'input_type' => 'radio',
84
- 'options' => array(
85
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
86
- 'no' => __('No', 'wp-hide-security-enhancer'),
87
- ),
88
- 'default_value' => 'no',
89
-
90
- 'sanitize_type' => array('sanitize_title', 'strtolower')
91
-
92
- );
93
-
94
-
95
- $this->module_settings[] = array(
96
- 'id' => 'disable_json_rest_wphead_link',
97
- 'label' => __('Disable output the REST API link tag into page header', 'wp-hide-security-enhancer'),
98
- 'description' => __('By default a REST API link tag is being append to HTML.', 'wp-hide-security-enhancer'),
99
-
100
- 'input_type' => 'radio',
101
- 'options' => array(
102
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
103
- 'no' => __('No', 'wp-hide-security-enhancer'),
104
- ),
105
- 'default_value' => 'no',
106
-
107
- 'sanitize_type' => array('sanitize_title', 'strtolower'),
108
- 'processing_order' => 58
109
-
110
- );
111
-
112
-
113
-
114
- $this->module_settings[] = array(
115
- 'id' => 'remove_rsd_link',
116
- 'label' => 'Remove rsd_link Meta',
117
- 'description' => __('Remove the rsd_link tag within head.', 'wp-hide-security-enhancer'),
118
-
119
- 'input_type' => 'radio',
120
- 'options' => array(
121
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
122
- 'no' => __('No', 'wp-hide-security-enhancer'),
123
- ),
124
- 'default_value' => 'no',
125
-
126
- 'sanitize_type' => array('sanitize_title', 'strtolower')
127
-
128
- );
129
-
130
-
131
-
132
- $this->module_settings[] = array(
133
- 'id' => 'remove_adjacent_posts_rel',
134
- 'label' => 'Remove adjacent_posts_rel Meta',
135
- 'description' => __('Remove the adjacent_posts_rel tag within head.', 'wp-hide-security-enhancer'),
136
-
137
- 'input_type' => 'radio',
138
- 'options' => array(
139
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
140
- 'no' => __('No', 'wp-hide-security-enhancer'),
141
- ),
142
- 'default_value' => 'no',
143
-
144
- 'sanitize_type' => array('sanitize_title', 'strtolower')
145
-
146
- );
147
-
148
- $this->module_settings[] = array(
149
- 'id' => 'remove_profile',
150
- 'label' => 'Remove profile link',
151
- 'description' => __('Remove profile link meta tag within head.', 'wp-hide-security-enhancer'),
152
-
153
- 'input_type' => 'radio',
154
- 'options' => array(
155
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
156
- 'no' => __('No', 'wp-hide-security-enhancer'),
157
- ),
158
- 'default_value' => 'no',
159
-
160
- 'sanitize_type' => array('sanitize_title', 'strtolower')
161
-
162
- );
163
-
164
- $this->module_settings[] = array(
165
- 'id' => 'remove_canonical',
166
- 'label' => 'Remove canonical link',
167
- 'description' => __('Remove canonical link meta tag within head.', 'wp-hide-security-enhancer'),
168
-
169
- 'input_type' => 'radio',
170
- 'options' => array(
171
- 'yes' => __('Yes', 'wp-hide-security-enhancer'),
172
- 'no' => __('No', 'wp-hide-security-enhancer'),
173
- ),
174
- 'default_value' => 'no',
175
-
176
- 'sanitize_type' => array('sanitize_title', 'strtolower')
177
-
178
- );
179
-
180
- return $this->module_settings;
181
- }
182
-
183
-
184
-
185
- function _init_remove_generator_meta($saved_field_data)
186
- {
187
- if(empty($saved_field_data) || $saved_field_data == 'no')
188
- return FALSE;
189
-
190
- add_filter('the_generator', create_function('', 'return "";'));
191
- remove_action( 'wp_head', 'wp_generator' );
192
-
193
- //make sure it's being replaced
194
- add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_generator_meta'));
195
- }
196
-
197
-
198
- function ob_start_callback_remove_generator_meta( $buffer )
199
- {
200
-
201
- if ( ! class_exists( 'DOMDocument', false ) )
202
- return $buffer;
203
-
204
- $doc = new DOMDocument();
205
- $doc->preserveWhiteSpace = true;
206
-
207
- if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
208
- return $buffer;
209
-
210
- $doc->encoding = 'UTF-8';
211
- $doc->formatOutput = true;
212
-
213
- $xpath = new DOMXPath($doc);
214
-
215
- $nodes = $xpath->query('//meta[starts-with(@content, "WordPress") and @name="generator"]');
216
- if($nodes->length < 1)
217
- return $buffer;
218
-
219
- foreach ($nodes as $node)
220
- {
221
- $parent = $node->parentNode;
222
- $parent->removeChild($node);
223
- }
224
-
225
- $doc->normalizeDocument();
226
-
227
- $buffer = $doc->saveHTML( );
228
-
229
- return $buffer;
230
-
231
- }
232
-
233
-
234
-
235
- function _init_remove_other_generator_meta($saved_field_data)
236
- {
237
- if(empty($saved_field_data) || $saved_field_data == 'no')
238
- return FALSE;
239
-
240
- //remove other generator links
241
- add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_other_generator_meta'));
242
- }
243
-
244
-
245
- function ob_start_callback_remove_other_generator_meta( $buffer )
246
- {
247
-
248
- if ( ! class_exists( 'DOMDocument', false ) )
249
- return $buffer;
250
-
251
- $doc = new DOMDocument();
252
- $doc->preserveWhiteSpace = true;
253
-
254
- if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
255
- return $buffer;
256
-
257
- $doc->encoding = 'UTF-8';
258
- $doc->formatOutput = true;
259
-
260
- $xpath = new DOMXPath($doc);
261
-
262
- $nodes = $xpath->query('//meta[@name="generator" and not (starts-with(@content, "WordPress"))]');
263
- if($nodes->length < 1)
264
- return $buffer;
265
-
266
- foreach ($nodes as $node)
267
- {
268
- $parent = $node->parentNode;
269
- $parent->removeChild($node);
270
- }
271
-
272
- $doc->normalizeDocument();
273
-
274
- $buffer = $doc->saveHTML( );
275
-
276
- return $buffer;
277
-
278
- }
279
-
280
-
281
- function _init_remove_resource_hints($saved_field_data)
282
- {
283
- if(empty($saved_field_data) || $saved_field_data == 'no')
284
- return FALSE;
285
-
286
- remove_action( 'wp_head', 'wp_resource_hints', 2 );
287
-
288
- }
289
-
290
-
291
- function _init_remove_wlwmanifest($saved_field_data)
292
- {
293
- if(empty($saved_field_data) || $saved_field_data == 'no')
294
- return FALSE;
295
-
296
- remove_action( 'wp_head', 'wlwmanifest_link' );
297
-
298
- }
299
-
300
-
301
- function _init_remove_feed_links($saved_field_data)
302
- {
303
- if(empty($saved_field_data) || $saved_field_data == 'no')
304
- return FALSE;
305
-
306
- remove_action('wp_head', 'feed_links', 2);
307
- remove_action('wp_head', 'feed_links_extra', 3);
308
-
309
- }
310
-
311
-
312
- function _init_disable_json_rest_wphead_link($saved_field_data)
313
- {
314
- if(empty($saved_field_data) || $saved_field_data == 'no')
315
- return FALSE;
316
-
317
- remove_action( 'wp_head', 'rest_output_link_wp_head', 10 );
318
-
319
- }
320
-
321
- function _init_remove_rsd_link($saved_field_data)
322
- {
323
- if(empty($saved_field_data) || $saved_field_data == 'no')
324
- return FALSE;
325
-
326
- remove_action('wp_head', 'rsd_link');
327
-
328
- }
329
-
330
-
331
- function _init_adjacent_posts_rel($saved_field_data)
332
- {
333
- if(empty($saved_field_data) || $saved_field_data == 'no')
334
- return FALSE;
335
-
336
- remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
337
-
338
- }
339
-
340
-
341
- function _init_remove_profile($saved_field_data)
342
- {
343
-
344
- if(empty($saved_field_data) || $saved_field_data == 'no')
345
- return FALSE;
346
-
347
-
348
- add_filter('wph/ob_start_callback', array($this, 'remove_profile_tag'));
349
-
350
- }
351
-
352
- function remove_profile_tag($html)
353
- {
354
-
355
- $html = preg_replace('/(<link.*?rel=("|\')profile("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')profile("|\')(.*?)?\/?>)/i', '', $html);
356
-
357
- return $html;
358
-
359
- }
360
-
361
-
362
- function _init_remove_canonical($saved_field_data)
363
- {
364
- if(empty($saved_field_data) || $saved_field_data == 'no')
365
- return FALSE;
366
-
367
- remove_action( 'wp_head', 'rel_canonical');
368
-
369
- //use the earlier possible action to remove the admin canonical url
370
- add_action( 'auth_redirect', array(&$this, 'remove_wp_admin_canonical_url'));
371
-
372
- //make sure is removed if placed by other plugins
373
- add_filter('wph/ob_start_callback', array($this, 'remove_canonical_tag'));
374
- }
375
-
376
- function remove_wp_admin_canonical_url()
377
- {
378
-
379
- remove_action( 'admin_head', 'wp_admin_canonical_url' );
380
-
381
- }
382
-
383
-
384
- function remove_canonical_tag( $buffer )
385
- {
386
-
387
- if(is_admin())
388
- return $buffer;
389
-
390
- if ( ! class_exists( 'DOMDocument', false ) )
391
- return $buffer;
392
-
393
- $doc = new DOMDocument();
394
- $doc->preserveWhiteSpace = true;
395
-
396
- if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
397
- return $buffer;
398
-
399
- $doc->encoding = 'UTF-8';
400
- $doc->formatOutput = true;
401
-
402
- $xpath = new DOMXPath($doc);
403
-
404
- $nodes = $xpath->query('//link[@rel="canonical"]');
405
- if($nodes->length < 1)
406
- return $buffer;
407
-
408
- foreach ($nodes as $node)
409
- {
410
- $parent = $node->parentNode;
411
- $parent->removeChild($node);
412
- }
413
-
414
- $doc->normalizeDocument();
415
-
416
- $buffer = $doc->saveHTML( );
417
-
418
- return $buffer;
419
-
420
- }
421
-
422
-
423
- }
424
  ?>
1
+ <?php
2
+
3
+ class WPH_module_general_meta extends WPH_module_component
4
+ {
5
+ function get_component_title()
6
+ {
7
+ return "Meta";
8
+ }
9
+
10
+
11
+ function get_module_settings()
12
+ {
13
+ $this->module_settings[] = array(
14
+ 'id' => 'remove_generator_meta',
15
+ 'label' => 'Remove WordPress Generator Meta',
16
+ 'description' => __('Remove the autogenerated meta generator tag within head (WordPress Version).', 'wp-hide-security-enhancer'),
17
+
18
+ 'input_type' => 'radio',
19
+ 'options' => array(
20
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
21
+ 'no' => __('No', 'wp-hide-security-enhancer'),
22
+ ),
23
+ 'default_value' => 'no',
24
+
25
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
26
+
27
+ );
28
+
29
+ $this->module_settings[] = array(
30
+ 'id' => 'remove_other_generator_meta',
31
+ 'label' => 'Remove Other Generator Meta',
32
+ 'description' => __('Remove other meta generated tags within head (eg Theme Name, Theme Version).', 'wp-hide-security-enhancer'),
33
+
34
+ 'input_type' => 'radio',
35
+ 'options' => array(
36
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
37
+ 'no' => __('No', 'wp-hide-security-enhancer'),
38
+ ),
39
+ 'default_value' => 'no',
40
+
41
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
42
+
43
+ );
44
+
45
+ $this->module_settings[] = array(
46
+ 'id' => 'remove_resource_hints',
47
+ 'label' => 'Remove Resource Hints',
48
+ 'description' => __('Remove Resource Hints meta generated tags within head (eg dns-prefetch, preconnect).', 'wp-hide-security-enhancer'),
49
+
50
+ 'input_type' => 'radio',
51
+ 'options' => array(
52
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
53
+ 'no' => __('No', 'wp-hide-security-enhancer'),
54
+ ),
55
+ 'default_value' => 'no',
56
+
57
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
58
+
59
+ );
60
+
61
+ $this->module_settings[] = array(
62
+ 'id' => 'remove_wlwmanifest',
63
+ 'label' => 'Remove wlwmanifest Meta',
64
+ 'description' => __('Remove the wlwmanifest tag within head.', 'wp-hide-security-enhancer'),
65
+
66
+ 'input_type' => 'radio',
67
+ 'options' => array(
68
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
69
+ 'no' => __('No', 'wp-hide-security-enhancer'),
70
+ ),
71
+ 'default_value' => 'no',
72
+
73
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
74
+
75
+ );
76
+
77
+
78
+ $this->module_settings[] = array(
79
+ 'id' => 'remove_feed_links',
80
+ 'label' => 'Remove feed_links Meta',
81
+ 'description' => __('Remove the feed_links tag within head.', 'wp-hide-security-enhancer'),
82
+
83
+ 'input_type' => 'radio',
84
+ 'options' => array(
85
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
86
+ 'no' => __('No', 'wp-hide-security-enhancer'),
87
+ ),
88
+ 'default_value' => 'no',
89
+
90
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
91
+
92
+ );
93
+
94
+
95
+ $this->module_settings[] = array(
96
+ 'id' => 'disable_json_rest_wphead_link',
97
+ 'label' => __('Disable output the REST API link tag into page header', 'wp-hide-security-enhancer'),
98
+ 'description' => __('By default a REST API link tag is being append to HTML.', 'wp-hide-security-enhancer'),
99
+
100
+ 'input_type' => 'radio',
101
+ 'options' => array(
102
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
103
+ 'no' => __('No', 'wp-hide-security-enhancer'),
104
+ ),
105
+ 'default_value' => 'no',
106
+
107
+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
108
+ 'processing_order' => 58
109
+
110
+ );
111
+
112
+
113
+
114
+ $this->module_settings[] = array(
115
+ 'id' => 'remove_rsd_link',
116
+ 'label' => 'Remove rsd_link Meta',
117
+ 'description' => __('Remove the rsd_link tag within head.', 'wp-hide-security-enhancer'),
118
+
119
+ 'input_type' => 'radio',
120
+ 'options' => array(
121
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
122
+ 'no' => __('No', 'wp-hide-security-enhancer'),
123
+ ),
124
+ 'default_value' => 'no',
125
+
126
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
127
+
128
+ );
129
+
130
+
131
+
132
+ $this->module_settings[] = array(
133
+ 'id' => 'remove_adjacent_posts_rel',
134
+ 'label' => 'Remove adjacent_posts_rel Meta',
135
+ 'description' => __('Remove the adjacent_posts_rel tag within head.', 'wp-hide-security-enhancer'),
136
+
137
+ 'input_type' => 'radio',
138
+ 'options' => array(
139
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
140
+ 'no' => __('No', 'wp-hide-security-enhancer'),
141
+ ),
142
+ 'default_value' => 'no',
143
+
144
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
145
+
146
+ );
147
+
148
+ $this->module_settings[] = array(
149
+ 'id' => 'remove_profile',
150
+ 'label' => 'Remove profile link',
151
+ 'description' => __('Remove profile link meta tag within head.', 'wp-hide-security-enhancer'),
152
+
153
+ 'input_type' => 'radio',
154
+ 'options' => array(
155
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
156
+ 'no' => __('No', 'wp-hide-security-enhancer'),
157
+ ),
158
+ 'default_value' => 'no',
159
+
160
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
161
+
162
+ );
163
+
164
+ $this->module_settings[] = array(
165
+ 'id' => 'remove_canonical',
166
+ 'label' => 'Remove canonical link',
167
+ 'description' => __('Remove canonical link meta tag within head.', 'wp-hide-security-enhancer'),
168
+
169
+ 'input_type' => 'radio',
170
+ 'options' => array(
171
+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
172
+ 'no' => __('No', 'wp-hide-security-enhancer'),
173
+ ),
174
+ 'default_value' => 'no',
175
+
176
+ 'sanitize_type' => array('sanitize_title', 'strtolower')
177
+
178
+ );
179
+
180
+ return $this->module_settings;
181
+ }
182
+
183
+
184
+
185
+ function _init_remove_generator_meta($saved_field_data)
186
+ {
187
+ if(empty($saved_field_data) || $saved_field_data == 'no')
188
+ return FALSE;
189
+
190
+ add_filter('the_generator', create_function('', 'return "";'));
191
+ remove_action( 'wp_head', 'wp_generator' );
192
+
193
+ //make sure it's being replaced
194
+ add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_generator_meta'));
195
+ }
196
+
197
+
198
+ function ob_start_callback_remove_generator_meta( $buffer )
199
+ {
200
+
201
+ $buffer = preg_replace_callback('/(<meta.*?name=("|\')generator("|\').*?\/?>)/i', array($this, "remove_generator_meta_preg_replace_callback"), $buffer);
202
+
203
+ return $buffer;
204
+
205
+
206
+ }
207
+
208
+
209
+ function remove_generator_meta_preg_replace_callback( $matches )
210
+ {
211
+
212
+ $found = isset($matches[0]) ? $matches[0] : '';
213
+
214
+ if(empty($found))
215
+ return '';
216
+
217
+ //check if content starts with WordPress
218
+ if(stripos($found, 'content="WordPress ') !== FALSE)
219
+ return "";
220
+
221
+ return $found;
222
+
223
+ }
224
+
225
+
226
+ function _init_remove_other_generator_meta($saved_field_data)
227
+ {
228
+ if(empty($saved_field_data) || $saved_field_data == 'no')
229
+ return FALSE;
230
+
231
+ //remove other generator links
232
+ add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_other_generator_meta'));
233
+ }
234
+
235
+
236
+ function ob_start_callback_remove_other_generator_meta( $buffer )
237
+ {
238
+
239
+ $buffer = preg_replace_callback('/(<meta.*?name=("|\')generator("|\').*?\/?>)/i', array($this, "remove_other_generator_meta_preg_replace_callback"), $buffer);
240
+
241
+ return $buffer;
242
+
243
+ }
244
+
245
+ function remove_other_generator_meta_preg_replace_callback( $matches )
246
+ {
247
+ $found = isset($matches[0]) ? $matches[0] : '';
248
+
249
+ if(empty($found))
250
+ return '';
251
+
252
+ //check if content starts with WordPress
253
+ if(stripos($found, 'content="WordPress ') === FALSE)
254
+ return "";
255
+
256
+ return $found;
257
+ }
258
+
259
+
260
+ function _init_remove_resource_hints($saved_field_data)
261
+ {
262
+ if(empty($saved_field_data) || $saved_field_data == 'no')
263
+ return FALSE;
264
+
265
+ remove_action( 'wp_head', 'wp_resource_hints', 2 );
266
+
267
+ }
268
+
269
+
270
+ function _init_remove_wlwmanifest($saved_field_data)
271
+ {
272
+ if(empty($saved_field_data) || $saved_field_data == 'no')
273
+ return FALSE;
274
+
275
+ remove_action( 'wp_head', 'wlwmanifest_link' );
276
+
277
+ }
278
+
279
+
280
+ function _init_remove_feed_links($saved_field_data)
281
+ {
282
+ if(empty($saved_field_data) || $saved_field_data == 'no')
283
+ return FALSE;
284
+
285
+ remove_action('wp_head', 'feed_links', 2);
286
+ remove_action('wp_head', 'feed_links_extra', 3);
287
+
288
+ }
289
+
290
+
291
+ function _init_disable_json_rest_wphead_link($saved_field_data)
292
+ {
293
+ if(empty($saved_field_data) || $saved_field_data == 'no')
294
+ return FALSE;
295
+
296
+ remove_action( 'wp_head', 'rest_output_link_wp_head', 10 );
297
+
298
+ }
299
+
300
+ function _init_remove_rsd_link($saved_field_data)
301
+ {
302
+ if(empty($saved_field_data) || $saved_field_data == 'no')
303
+ return FALSE;
304
+
305
+ remove_action('wp_head', 'rsd_link');
306
+
307
+ }
308
+
309
+
310
+ function _init_remove_adjacent_posts_rel($saved_field_data)
311
+ {
312
+ if(empty($saved_field_data) || $saved_field_data == 'no')
313
+ return FALSE;
314
+
315
+ remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
316
+
317
+ }
318
+
319
+
320
+ function _init_remove_profile($saved_field_data)
321
+ {
322
+
323
+ if(empty($saved_field_data) || $saved_field_data == 'no')
324
+ return FALSE;
325
+
326
+
327
+ add_filter('wph/ob_start_callback', array($this, 'remove_profile_tag'));
328
+
329
+ }
330
+
331
+ function remove_profile_tag( $buffer )
332
+ {
333
+
334
+ if(is_admin())
335
+ return $buffer;
336
+
337
+ $buffer = preg_replace('/(<link.*?rel=("|\')profile("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')profile("|\')(.*?)?\/?>)/i', "", $buffer);
338
+
339
+ return $buffer;
340
+
341
+
342
+ }
343
+
344
+
345
+ function _init_remove_canonical($saved_field_data)
346
+ {
347
+ if(empty($saved_field_data) || $saved_field_data == 'no')
348
+ return FALSE;
349
+
350
+ remove_action( 'wp_head', 'rel_canonical');
351
+
352
+ //use the earlier possible action to remove the admin canonical url
353
+ add_action( 'auth_redirect', array(&$this, 'remove_wp_admin_canonical_url'));
354
+
355
+ //make sure is removed if placed by other plugins
356
+ add_filter('wph/ob_start_callback', array($this, 'remove_canonical_tag'));
357
+ }
358
+
359
+ function remove_wp_admin_canonical_url()
360
+ {
361
+
362
+ remove_action( 'admin_head', 'wp_admin_canonical_url' );
363
+
364
+ }
365
+
366
+
367
+ function cds_callback($matches)
368
+ {
369
+ return '123456';
370
+ }
371
+
372
+
373
+ function remove_canonical_tag( $buffer )
374
+ {
375
+
376
+ if(is_admin())
377
+ return $buffer;
378
+
379
+ $buffer = preg_replace('/(<link.*?rel=("|\')canonical("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')canonical("|\')(.*?)?\/?>)/i', "", $buffer);
380
+
381
+ return $buffer;
382
+
383
+ }
384
+
385
+
386
+ }
387
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
388
  ?>
modules/components/general-styles.php CHANGED
@@ -104,38 +104,26 @@
104
  */
105
  function ob_start_callback_remove_id($buffer)
106
  {
107
- if ( ! class_exists( 'DOMDocument', false ) )
108
- return $buffer;
109
-
110
- $doc = new DOMDocument();
111
- $doc->preserveWhiteSpace = true;
112
-
113
- if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
114
- return $buffer;
115
 
116
- $doc->encoding = 'UTF-8';
117
- $doc->formatOutput = true;
118
-
119
- $xpath = new DOMXPath($doc);
 
 
 
 
 
 
120
 
121
- $nodes = $xpath->query('//link[@id]');
122
- if($nodes->length < 1)
123
- return $buffer;
124
 
125
- foreach ($nodes as $node)
126
- {
127
- $node->removeAttribute('id');
128
- }
129
 
130
- $doc->normalizeDocument();
131
 
132
- $buffer = $doc->saveHTML( );
133
-
134
- return $buffer;
135
-
136
  }
137
-
138
-
139
 
140
 
141
  }
104
  */
105
  function ob_start_callback_remove_id($buffer)
106
  {
 
 
 
 
 
 
 
 
107
 
108
+ $buffer = preg_replace_callback('/(<link.*?rel=("|\')stylesheet("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')stylesheet("|\')(.*?)?\/?>)/i', array($this, "remove_id_preg_replace_callback"), $buffer);
109
+
110
+ return $buffer;
111
+
112
+ }
113
+
114
+
115
+ function remove_id_preg_replace_callback( $matches )
116
+ {
117
+ $found = isset($matches[0]) ? $matches[0] : '';
118
 
119
+ if(empty($found))
120
+ return '';
 
121
 
122
+ $found = preg_replace( '/(id=("|\')(.*?)("|\') )/i', "", $found );
 
 
 
123
 
124
+ return $found;
125
 
 
 
 
 
126
  }
 
 
127
 
128
 
129
  }
modules/components/rewrite-new_plugin_path.php CHANGED
@@ -106,7 +106,7 @@
106
  //add replacement
107
  $new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
108
  $replace_url = trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory;
109
- $replacement_url = trailingslashit( site_url() ) . $plugin_custom_path;
110
  $this->wph->functions->add_replacement( $replace_url, $replacement_url);
111
 
112
  }
@@ -117,7 +117,7 @@
117
 
118
  //add default plugin path replacement
119
  $new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
120
- $new_plugin_path = trailingslashit( site_url() ) . untrailingslashit( $new_plugin_path );
121
  $this->wph->functions->add_replacement( WP_PLUGIN_URL, $new_plugin_path );
122
 
123
  return TRUE;
106
  //add replacement
107
  $new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
108
  $replace_url = trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory;
109
+ $replacement_url = trailingslashit( home_url() ) . $plugin_custom_path;
110
  $this->wph->functions->add_replacement( $replace_url, $replacement_url);
111
 
112
  }
117
 
118
  //add default plugin path replacement
119
  $new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
120
+ $new_plugin_path = trailingslashit( home_url() ) . untrailingslashit( $new_plugin_path );
121
  $this->wph->functions->add_replacement( WP_PLUGIN_URL, $new_plugin_path );
122
 
123
  return TRUE;
modules/components/rewrite-new_theme_path.php CHANGED
@@ -15,7 +15,7 @@
15
  'id' => 'new_theme_path',
16
  'label' => __('New Theme Path', 'wp-hide-security-enhancer'),
17
  'description' => __('The default theme path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' ,$this->wph->default_variables['template_url']) .'</strong>
18
- '. __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/documentation/remove-classes-from-html/" target="_blank">Link</a>',
19
 
20
  'value_description' => __('e.g. my_template', 'wp-hide-security-enhancer'),
21
  'input_type' => 'text',
@@ -160,7 +160,7 @@
160
  //add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
161
 
162
  //add replacement url
163
- $this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['template_url']), trailingslashit( site_url() ) . $saved_field_data );
164
 
165
  }
166
 
@@ -301,7 +301,7 @@
301
  //add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
302
 
303
  //add replacement url
304
- $this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['stylesheet_uri'] ) , trailingslashit( site_url() ) . untrailingslashit( $saved_field_data ) );
305
 
306
  }
307
 
@@ -357,7 +357,7 @@
357
 
358
  if(!empty($new_theme_path))
359
  {
360
- $new_style_file_path = trailingslashit( site_url() ) . trailingslashit($new_theme_path) . $saved_field_data;
361
  $this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
362
  }
363
  else
@@ -532,7 +532,7 @@
532
 
533
  if(!empty($new_theme_path))
534
  {
535
- $new_style_file_path = trailingslashit( site_url() ) . trailingslashit($new_theme_path) . $saved_field_data;
536
  $this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
537
  }
538
  else
@@ -579,7 +579,7 @@
579
  }
580
  else
581
  {
582
- $template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['template_url']);
583
  $path .= trailingslashit($template_relative_url) . $saved_field_data;
584
  }
585
 
@@ -630,7 +630,7 @@
630
  }
631
  else
632
  {
633
- $template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['template_url']);
634
  $path .= trailingslashit($template_relative_url) . $new_style_file_path;
635
  }
636
  }
15
  'id' => 'new_theme_path',
16
  'label' => __('New Theme Path', 'wp-hide-security-enhancer'),
17
  'description' => __('The default theme path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' ,$this->wph->default_variables['template_url']) .'</strong>
18
+ '. __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/documentation/rewrite-theme/" target="_blank">Link</a>',
19
 
20
  'value_description' => __('e.g. my_template', 'wp-hide-security-enhancer'),
21
  'input_type' => 'text',
160
  //add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
161
 
162
  //add replacement url
163
+ $this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['template_url']), trailingslashit( home_url() ) . $saved_field_data );
164
 
165
  }
166
 
301
  //add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
302
 
303
  //add replacement url
304
+ $this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['stylesheet_uri'] ) , trailingslashit( home_url() ) . untrailingslashit( $saved_field_data ) );
305
 
306
  }
307
 
357
 
358
  if(!empty($new_theme_path))
359
  {
360
+ $new_style_file_path = trailingslashit( home_url() ) . trailingslashit($new_theme_path) . $saved_field_data;
361
  $this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
362
  }
363
  else
532
 
533
  if(!empty($new_theme_path))
534
  {
535
+ $new_style_file_path = trailingslashit( home_url() ) . trailingslashit($new_theme_path) . $saved_field_data;
536
  $this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
537
  }
538
  else
579
  }
580
  else
581
  {
582
+ $template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['stylesheet_uri']);
583
  $path .= trailingslashit($template_relative_url) . $saved_field_data;
584
  }
585
 
630
  }
631
  else
632
  {
633
+ $template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['stylesheet_uri']);
634
  $path .= trailingslashit($template_relative_url) . $new_style_file_path;
635
  }
636
  }
modules/components/rewrite-new_xml-rpc-path.php CHANGED
@@ -167,37 +167,9 @@
167
 
168
  function remove_xml_rpc_tag( $buffer )
169
  {
170
- if(is_admin())
171
- return $buffer;
172
 
173
- if ( ! class_exists( 'DOMDocument', false ) )
174
- return $buffer;
175
-
176
- $doc = new DOMDocument();
177
- $doc->preserveWhiteSpace = true;
178
-
179
- if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
180
- return $buffer;
181
-
182
- $doc->encoding = 'UTF-8';
183
- $doc->formatOutput = true;
184
-
185
- $xpath = new DOMXPath($doc);
186
-
187
- $nodes = $xpath->query('//link[@rel="pingback"]');
188
- if($nodes->length < 1)
189
- return $buffer;
190
-
191
- foreach ($nodes as $node)
192
- {
193
- $parent = $node->parentNode;
194
- $parent->removeChild($node);
195
- }
196
-
197
- $doc->normalizeDocument();
198
 
199
- $buffer = $doc->saveHTML( );
200
-
201
  return $buffer;
202
  }
203
 
167
 
168
  function remove_xml_rpc_tag( $buffer )
169
  {
 
 
170
 
171
+ $buffer = preg_replace('/(<link.*?rel=("|\')pingback("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')pingback("|\')(.*?)?\/?>)/i', "", $buffer);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
172
 
 
 
173
  return $buffer;
174
  }
175
 
modules/components/rewrite-root-files.php CHANGED
@@ -158,7 +158,7 @@
158
 
159
  //add default plugin path replacement
160
  $url = trailingslashit( site_url() ) . 'wp-comments-post.php';
161
- $replacement = trailingslashit( site_url() ) . $saved_field_data;
162
  $this->wph->functions->add_replacement( $url , $replacement );
163
 
164
  return TRUE;
@@ -202,16 +202,18 @@
202
  if (empty( $new_wp_comments_post ))
203
  return FALSE;
204
 
 
 
205
  if($this->wph->server_htaccess_config === TRUE)
206
  {
207
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
208
- $text .= "RewriteRule ^wp-comments-post.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
209
  }
210
 
211
  if($this->wph->server_web_config === TRUE)
212
  $text = '
213
  <rule name="wph-block_wp_comments_post_url" stopProcessing="true">
214
- <match url="^wp-comments-post.php" />
215
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
216
  </rule>
217
  ';
@@ -230,17 +232,19 @@
230
 
231
  if(empty($saved_field_data) || $saved_field_data == 'no')
232
  return FALSE;
 
 
233
 
234
  if($this->wph->server_htaccess_config === TRUE)
235
  {
236
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
237
- $text .= "RewriteRule ^license.txt ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
238
  }
239
 
240
  if($this->wph->server_web_config === TRUE)
241
  $text = '
242
  <rule name="wph-block_license_txt" stopProcessing="true">
243
- <match url="^license.txt" />
244
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
245
  </rule>
246
  ';
@@ -259,16 +263,18 @@
259
  if(empty($saved_field_data) || $saved_field_data == 'no')
260
  return FALSE;
261
 
 
 
262
  if($this->wph->server_htaccess_config === TRUE)
263
  {
264
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
265
- $text .= "RewriteRule ^readme.html ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
266
  }
267
 
268
  if($this->wph->server_web_config === TRUE)
269
  $text = '
270
  <rule name="wph-block_readme_html" stopProcessing="true">
271
- <match url="^readme.html" />
272
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
273
  </rule>
274
  ';
@@ -287,16 +293,18 @@
287
  if(empty($saved_field_data) || $saved_field_data == 'no')
288
  return FALSE;
289
 
 
 
290
  if($this->wph->server_htaccess_config === TRUE)
291
  {
292
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
293
- $text .= "RewriteRule ^wp-activate.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
294
  }
295
 
296
  if($this->wph->server_web_config === TRUE)
297
  $text = '
298
  <rule name="wph-block_wp_activate_php" stopProcessing="true">
299
- <match url="^wp-activate.php" />
300
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
301
  </rule>
302
  ';
@@ -316,16 +324,18 @@
316
  if(empty($saved_field_data) || $saved_field_data == 'no')
317
  return FALSE;
318
 
 
 
319
  if($this->wph->server_htaccess_config === TRUE)
320
  {
321
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
322
- $text .= "RewriteRule ^wp-cron.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
323
  }
324
 
325
  if($this->wph->server_web_config === TRUE)
326
  $text = '
327
  <rule name="wph-block_wp_cron_php" stopProcessing="true">
328
- <match url="^wp-cron.php" />
329
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
330
  </rule>
331
  ';
@@ -344,16 +354,18 @@
344
  if(empty($saved_field_data) || $saved_field_data == 'no')
345
  return $processing_response;
346
 
 
 
347
  if($this->wph->server_htaccess_config === TRUE)
348
  {
349
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
350
- $text .= "RewriteRule ^wp-signup.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
351
  }
352
 
353
  if($this->wph->server_web_config === TRUE)
354
  $text = '
355
  <rule name="wph-block_default_wp_signup_php" stopProcessing="true">
356
- <match url="^wp-signup.php" />
357
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
358
  </rule>
359
  ';
@@ -370,6 +382,8 @@
370
  if(empty($saved_field_data) || $saved_field_data == 'no')
371
  return $processing_response;
372
 
 
 
373
  if($this->wph->server_htaccess_config === TRUE)
374
  {
375
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
@@ -381,13 +395,13 @@
381
  $text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
382
  $text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
383
 
384
- $text .= "RewriteRule ^wp-([a-z-])+.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
385
  }
386
 
387
  if($this->wph->server_web_config === TRUE)
388
  $text = '
389
  <rule name="wph-block_other_wp_files" stopProcessing="true">
390
- <match url="^wp-([a-z-])+.php" />
391
  <conditions>
392
  <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="true" />
393
  <add input="{REQUEST_FILENAME}" pattern="wp-activate.php" ignoreCase="true" negate="true" />
158
 
159
  //add default plugin path replacement
160
  $url = trailingslashit( site_url() ) . 'wp-comments-post.php';
161
+ $replacement = trailingslashit( home_url() ) . $saved_field_data;
162
  $this->wph->functions->add_replacement( $url , $replacement );
163
 
164
  return TRUE;
202
  if (empty( $new_wp_comments_post ))
203
  return FALSE;
204
 
205
+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-comments-post.php' : 'wp-comments-post.php';
206
+
207
  if($this->wph->server_htaccess_config === TRUE)
208
  {
209
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
210
+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
211
  }
212
 
213
  if($this->wph->server_web_config === TRUE)
214
  $text = '
215
  <rule name="wph-block_wp_comments_post_url" stopProcessing="true">
216
+ <match url="^' . $rewrite_file_base . '" />
217
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
218
  </rule>
219
  ';
232
 
233
  if(empty($saved_field_data) || $saved_field_data == 'no')
234
  return FALSE;
235
+
236
+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'license.txt' : 'license.txt';
237
 
238
  if($this->wph->server_htaccess_config === TRUE)
239
  {
240
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
241
+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
242
  }
243
 
244
  if($this->wph->server_web_config === TRUE)
245
  $text = '
246
  <rule name="wph-block_license_txt" stopProcessing="true">
247
+ <match url="^' . $rewrite_file_base . '" />
248
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
249
  </rule>
250
  ';
263
  if(empty($saved_field_data) || $saved_field_data == 'no')
264
  return FALSE;
265
 
266
+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'readme.html' : 'readme.html';
267
+
268
  if($this->wph->server_htaccess_config === TRUE)
269
  {
270
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
271
+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
272
  }
273
 
274
  if($this->wph->server_web_config === TRUE)
275
  $text = '
276
  <rule name="wph-block_readme_html" stopProcessing="true">
277
+ <match url="^' . $rewrite_file_base . '" />
278
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
279
  </rule>
280
  ';
293
  if(empty($saved_field_data) || $saved_field_data == 'no')
294
  return FALSE;
295
 
296
+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-activate.php' : 'wp-activate.php';
297
+
298
  if($this->wph->server_htaccess_config === TRUE)
299
  {
300
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
301
+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
302
  }
303
 
304
  if($this->wph->server_web_config === TRUE)
305
  $text = '
306
  <rule name="wph-block_wp_activate_php" stopProcessing="true">
307
+ <match url="^' . $rewrite_file_base . '" />
308
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
309
  </rule>
310
  ';
324
  if(empty($saved_field_data) || $saved_field_data == 'no')
325
  return FALSE;
326
 
327
+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-cron.php' : 'wp-cron.php';
328
+
329
  if($this->wph->server_htaccess_config === TRUE)
330
  {
331
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
332
+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
333
  }
334
 
335
  if($this->wph->server_web_config === TRUE)
336
  $text = '
337
  <rule name="wph-block_wp_cron_php" stopProcessing="true">
338
+ <match url="^' . $rewrite_file_base . '" />
339
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
340
  </rule>
341
  ';
354
  if(empty($saved_field_data) || $saved_field_data == 'no')
355
  return $processing_response;
356
 
357
+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-signup.php' : 'wp-signup.php';
358
+
359
  if($this->wph->server_htaccess_config === TRUE)
360
  {
361
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
362
+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
363
  }
364
 
365
  if($this->wph->server_web_config === TRUE)
366
  $text = '
367
  <rule name="wph-block_default_wp_signup_php" stopProcessing="true">
368
+ <match url="^' . $rewrite_file_base . '" />
369
  <action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
370
  </rule>
371
  ';
382
  if(empty($saved_field_data) || $saved_field_data == 'no')
383
  return $processing_response;
384
 
385
+ $rewrite_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) : '';
386
+
387
  if($this->wph->server_htaccess_config === TRUE)
388
  {
389
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
395
  $text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
396
  $text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
397
 
398
+ $text .= "RewriteRule ^" . $rewrite_base . "wp-([a-z-])+.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
399
  }
400
 
401
  if($this->wph->server_web_config === TRUE)
402
  $text = '
403
  <rule name="wph-block_other_wp_files" stopProcessing="true">
404
+ <match url="^'. $rewrite_base .'wp-([a-z-])+.php" />
405
  <conditions>
406
  <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="true" />
407
  <add input="{REQUEST_FILENAME}" pattern="wp-activate.php" ignoreCase="true" negate="true" />
modules/components/rewrite-wp_content_path.php CHANGED
@@ -53,7 +53,7 @@
53
 
54
  //add default plugin path replacement
55
  $new_content_path = trailingslashit( site_url() ) . untrailingslashit( $saved_field_data );
56
- $this->wph->functions->add_replacement( trailingslashit( site_url() ) . $content_directory , $new_content_path );
57
 
58
  return TRUE;
59
  }
53
 
54
  //add default plugin path replacement
55
  $new_content_path = trailingslashit( site_url() ) . untrailingslashit( $saved_field_data );
56
+ $this->wph->functions->add_replacement( trailingslashit( home_url() ) . $content_directory , $new_content_path );
57
 
58
  return TRUE;
59
  }
readme.txt CHANGED
@@ -1,438 +1,320 @@
1
- === Plugin Name ===
2
- Contributors: nsp-code
3
- Donate link: http://www.nsp-code.com/donate.php
4
- Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
5
- Requires at least: 2.8
6
- Tested up to: 4.6.1
7
- Stable tag: 1.3.6.3
8
- License: GPLv2 or later
9
-
10
- Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
11
-
12
- == Description ==
13
-
14
- The **easy way to completely hide your WordPress** core files, theme and plugins path from being show on front side. This is a huge improvement over Site Security, no one will know you actually run a WordPress. Provide a simple way to clean up html by removing all WordPress fingerprints.
15
-
16
- Change the default WordPress login urls from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. Totally invisible !!
17
-
18
- [vimeo http://vimeo.com/185046480]
19
-
20
- When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So you may want to check again later, or try a different inner url, homepage url usage is not mandatory.
21
-
22
- Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes makes the vulnerable spot of every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
23
- Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
24
- Over 99,9% of hacked WordPress websites are target of automated malware scripts, who search for certain WordPress fingerprints. This plugin hide or replace those traces, making the hacking boots attacks useless.
25
-
26
- Works fine with custom WordPress directory structures e.g. custom plugins, themes, uplaods folder.
27
-
28
- Once configured, you need to **clear server cache data and/or any cache plugins** (e.g. W3 Cache), for a new html data to be created. If use CDN this should be cache clear as well.
29
-
30
- **Main plugin functionality:**
31
-
32
- * Custom Admin Url
33
- * Block default admin Url
34
- * Block any direct folder access to completely hide the structure
35
- * Custom wp-login.php filename
36
- * Block default wp-login.php
37
- * Block default wp-signup.php
38
- * Block XML-RPC API
39
- * New XML-RPC path
40
- * Adjustable theme url
41
- * New child Theme url
42
- * Change theme style file name
43
- * Clean any headers for theme style file
44
- * Custom wp-include
45
- * Block default wp-include paths
46
- * Block defalt wp-content
47
- * Custom plugins urls
48
- * Individual plugin url change
49
- * Block default plugins paths
50
- * New upload url
51
- * Block default upload urls
52
- * Remove wordpress version
53
- * Meta Generator block
54
- * Disble the emoji and required javascript code
55
- * Remove pingback tag
56
- * Remove wlwmanifest Meta
57
- * Remove rsd_link Meta
58
- * Remove wpemoji
59
-
60
- and many more.
61
-
62
- **No other plugins functionality is being blocked or interfered in any way, everything will function the same**
63
-
64
- This plugin allow to change default Admin Url's from **wp-login.php** and **wp-admin** to something else. All original links return default theme 404 Not Found page, like nothing exists there. Beside the huge security advantage, this save lots of server processing time by reducing php code and MySQL usage since brute-force attacks trigger wrong urls.
65
-
66
- **Important:** Compared to all other similar plugins which mainly use redirects, this plugin return a default theme 404 error page for all **block url** functionality, so is not revealing at all the link existence.
67
-
68
- Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.
69
-
70
- = Plugin Sections =
71
-
72
- **Rewrite > Theme**
73
-
74
- * New Theme Path - Change default theme path
75
- * New Style File Path - Change default style file name and path
76
- * Remove description header from Style file - Replace any WordPress metadata informations (like theme name, version etc) from style file
77
- * Child - New Theme Path - Change default child theme path
78
- * Child - New Style File Path - Change child theme stylesheed file path and name
79
- * Child - Remove description header from Style file - Replace any WordPress metadata informations (like theme name, version etc) from style file
80
-
81
- **Rewrite > WP includes**
82
-
83
- * New Includes Path - Change default wp-includes path / url
84
- * Block wp-includes URL - Block default wp-includes url
85
-
86
- **Rewrite > WP content**
87
-
88
- * New Content Path - Change default wp-content path / url
89
- * Block wp-content URL - Block default content url
90
-
91
- **Rewrite > Plugins**
92
-
93
- * New Plugins Path - Change default wp-content/plugins path / url
94
- * Block plugins URL - Block default wp-content/plugins url
95
- * New path / url for Every Active Plugin
96
- * Custom path and name for any active plugins
97
-
98
- **Rewrite > Uploads**
99
-
100
- * New Uploads Path - Change default media files path / url
101
- * Block uploads URL - Block default media files url
102
-
103
- **Rewrite > XML-RPC**
104
-
105
- * New XML-RPC Path - Change default XML-RPC path / url
106
- * Block default xmlrpc.php - Block default XML-RPC url
107
- * Disable XML-RPC authentication - Filter whether XML-RPC methods requiring authentication
108
- * Remove pingback - Remove pingback link tag from theme
109
-
110
- **Rewrite > JSON REST**
111
-
112
- * Disable JSON REST V1 service - Disable an API service for WordPress which is active by default.
113
- * Disable JSON REST V2 service - Disable an API service for WordPress which is active by default.
114
- * Block any JSON REST calls - Any call for JSON REST API service will be blocked.
115
- * Disable output the REST API link tag into page header
116
- * Disable JSON REST WP RSD endpoint from XML-RPC responses
117
- * Disable Sends a Link header for the REST API
118
-
119
- **Rewrite > Root Files**
120
-
121
- * New wp-comments-post.php Path
122
- * Block wp-comments-post.php
123
- * Block license.txt - Block access to license.txt root file
124
- * Block readme.html - Block access to readme.html root file
125
- * Block wp-activate.php - Block access to wp-activate.php file
126
- * Block wp-cron.php - Block access to wp-cron.php file
127
- * Block wp-signup.php - Block default wp-signup.php file
128
- * Block other wp-*.php files - Block other wp-*.php files within WordPress Root
129
-
130
- **Rewrite > URL Slash**
131
-
132
- * URL's add Slash - Add a slash to any links without. This disguise any existing uppon a file, folder or a wrong url, they all be all slashed.
133
-
134
-
135
- **General / Html > Meta**
136
-
137
- * Remove WordPress Generator Meta
138
- * Remove Other Generator Meta
139
- * Remove Resource Hints
140
- * Remove wlwmanifest Meta
141
- * Remove feed_links Meta
142
- * Disable output the REST API link tag into page header
143
- * Remove rsd_link Meta
144
- * Remove adjacent_posts_rel Meta
145
- * Remove profile link
146
- * Remove canonical link
147
-
148
- **General / Html > Emoji**
149
-
150
- * Disable Emoji
151
- * Disable TinyMC Emoji
152
-
153
- **General / Html > Styles**
154
-
155
- * Remove Version
156
- * Remove ID from link tags
157
-
158
- **General / Html > Scripts**
159
-
160
- * Remove Version
161
-
162
- **General / Html > Oembed**
163
-
164
- * Remove Oembed
165
-
166
- **General / Html > Headers**
167
-
168
- * Remove X-Powered-By Header
169
- * Remove X-Pingback Header
170
-
171
- **General / Html > HTML**
172
-
173
- * Remove HTML Comments
174
- * Remove general classes from body tag
175
- * Remove ID from Menu items
176
- * Remove class from Menu items
177
- * Remove general classes from post
178
- * Remove general classes from images
179
-
180
- **Admin > wp-login.php**
181
-
182
- * New wp-login.php - Map a new wp-login.php instead default
183
- * Block default wp-login.php - Block default wp-login.php file from being accesible
184
-
185
- **Admin > Admin URL**
186
-
187
- * New Admin Url - Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
188
- * Block default Admin Url - Block default admin url and files from being accesible
189
-
190
- <br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.wp-hide.com">Contact</a> and we'll check it out.
191
-
192
- <br />A website example can be found at <a target="_blank" href="http://nsp-code.com/demo/wp-hide/">http://nsp-code.com/demo/wp-hide/</a>
193
-
194
- <br />Plugin homepage at <a target="_blank" href="http://www.wp-hide.com/">WordPress Hide and Security Enhancer</a>
195
-
196
- <br />
197
- <br />This plugin is developed by <a target="_blank" href="http://www.nsp-code.com">Nsp-Code</a>
198
-
199
- == Installation ==
200
-
201
- 1. Upload the plugin files to the `/wp-content/plugins/wp-hide-security-enhancer` directory, or install the plugin through the WordPress plugins screen directly.
202
- 2. Activate the plugin through the 'Plugins' screen in WordPress.
203
- 3. Use the WP Hide menu screen to configure the plugin.
204
-
205
- == Frequently Asked Questions ==
206
-
207
- Feel free to contact us at electronice_delphi@yahoo.com
208
-
209
- = Something is wrong, what can i do? =
210
-
211
- * First, stay calm. There will be no harm, guaranteed :)
212
- * Go to admin and change some of plugin options to see which one cause the problem. Then report it to forum or get in touch with us to fix it.
213
- * If you can't login to admin, use the Recovery Link which has been sent to your e-mail. This will reset the login to default.
214
- * If for some reason the site appear broken, you should back-up then **replace the .htaccess file** located on your WordPress root. Then **remove the wp-hide-security-enhancer** from your plugin directory.
215
-
216
- * At this point the site should run as before. If for some reason still not working, you missed something, please get in touch with us at electronice_delphi@yahoo.com and we'll fix it for you in no time!
217
-
218
- = I have no PHP knowledge at all, is this plugin for me? =
219
-
220
- There's no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.
221
-
222
- = I can't find a functionality that i'am looking for =
223
-
224
- Please get in touch with us and we'll do our best to include it for a next version.
225
-
226
- == Screenshots ==
227
-
228
- 1. Admin Interface.
229
- 2. Sample front html code.
230
-
231
- == Changelog ==
232
-
233
- = 1.3.6.3 =
234
-
235
- * Fixed PHP Notice: Undefined variable: dom
236
-
237
- = 1.3.6.2 =
238
- * W3 Total Cache - Page Cache compatibility fix
239
- * Canonical tag replacement improvements
240
- * Pingback tag replacement improvements
241
- * Fix custom Background Images for body on themes which support that feature
242
-
243
- = 1.3.6 =
244
- * Post-process on options interface save for unique slugs on any text inputs to prevent conflicts.
245
- * Processing Order change for new_theme_child_path to occur before new_theme_path
246
- * New COmponent General -> Oembed
247
- * Remove Oembed tags from header
248
- * Remove Remove Resource Hints tags from header
249
- * rewrite rules update to match only non base, from (.*) to (.+)
250
- * wph-throw-404 improvements
251
- * BuddyPress conflict handle for uploaded gravatars
252
- * Admin Style changes
253
- * BuddyPress Conflict Class handler
254
- * Separate WordPress meta Generator and Other Meta Generator
255
- * Process Location value within sent Headers list if exists
256
- * Replacements for https and http urls relative to domain
257
- * Add replacements for relative paths to cover WordPress installs within a folder.
258
- * Use untralingslashit when creating theme and child theme url replacements
259
- * Fix for Call to a member function is_404() on a non-object within wp_redirect
260
-
261
- = 1.3.5.1 =
262
- * Fix the Remove general classes from images component when within admin dashboard
263
-
264
- = 1.3.5 =
265
- * New component element : Remove general classes from body tag
266
- * New component element : Remove general classes from post
267
- * New component element : Remove general classes from images
268
- * New component: JSON REST
269
- * Disable JSON REST V1 service
270
- * Disable JSON REST V2 service
271
- * Block any JSON REST calls
272
- * Disable output the REST API link tag into page header
273
- * Disable JSON REST WP RSD endpoint from XML-RPC responses
274
- * Disable Sends a Link header for the REST API
275
- * Improved Styles and Scripts version remove
276
- * Speed improvements
277
- * Set Last-Modified header attribute for routed files
278
- * Moved the plugins custom paths from 'plugins_url' filter to class init to allow replacements to occur when HTML has been created.
279
- * Removed 'admin_url' and 'wp_default_scripts' filters to allow replacement at the end, within the buffer
280
- * Updated PO / MO translation files
281
-
282
- = 1.3.4 =
283
- * Improved replacement code for Uploads, when "Block uploads URL" is set for "No" it use default media urls within the admin editor, to ensure links are still functional if plugin is disabled.
284
- * Priority (high, normal, low) for replacement urls
285
- * Replacement Urls for gziped buffer
286
- * Fix rule name for child_style_file_clean on web.config IIS
287
- * bbPress Compatibility
288
- * BuddyPress Compatibility
289
- * Prevent replacements on wp_redirect filter if is_404()
290
- * Updated PO / MO translation files
291
- * Removed in line components filters which changed the urls, leave for end buffering to make all changes.
292
- * Fix for mod_rewrite line on child theme when router is turned Off, append the default style.css filename
293
- * Improvements for Templates default variables to match customized themes like Sage
294
- * Compatibility fix for Super Cache plugin ob callback
295
- * Add IfModule mod_env.c before set nSetEnv HTTP_MOD_REWRITE On to prevent server internal error in case mod_env module is not available
296
- * Check for Empty $saved_field_data within new plugin path component, to avoid creating rewrite rule if empty and existent path
297
- * Improved get_home_path()
298
- * Replacements for Relative URL's
299
-
300
- = 1.3.3.2 =
301
- * DOMDocument encoding fix for "Remove the autogenerated meta generator"
302
-
303
- = 1.3.3.1 =
304
- * DOMDocument encoding fix for "remove styles links attribute"
305
-
306
- = 1.3.3 =
307
- * Improve Remove Generator Meta - Use DOMDocument to remove any meta generator tag
308
- * New Component Item - Remove X-Pingback Header
309
- * New functionality, Remove ID from Menu items, Remove class from Menu items
310
- * Add short default replacement for wp-login.php
311
- * Filter all email content (message argument) through wp_mail for any require replacements
312
- * New action wp-hide/add_default_replacements
313
- * New functionality - Remove ID attribute from all link tags which include a stylesheet.
314
- * Separate tabs for Styles and Scripts
315
- * Update engine improvements
316
- * Fix for apache_mod_loaded function not being loaded on plugin update
317
- * Replace spaces within paths for theme rewrite component
318
-
319
- = 1.3.1 =
320
- * Moved the Disable XML-RPC authentication within Rewrite -> XML-RPC
321
- * HTML Comments strip out will trigger only on front side, no need for admin
322
- * wp-cron.php block / allow access new setting
323
- * New style file name now include default / new theme path to avoid 404 resource loading when using internally relative urls.
324
- * Modules Menu order fix
325
- * Writable check notification improvements for htaccess / web.config file
326
- * Alternative request headers when apache_response_headers for LEMP / PHP-FPM
327
- * IIS windows server type compatibility
328
- * Rewrite rules for IIS servers with web.config set-up
329
- * apache_response_headers and headers_list PHP functions check if available within the server
330
- * Code Version add and updater class structure update
331
- * WriteCheckString check fix when .htaccess not exists
332
- * Remove description header from Style file
333
- * Router Engine - files post-processing
334
- * Separate theme, style, style proxy setting for parent and child
335
-
336
- = 1.2.9 =
337
- * Load plugin styles and scripts only when one of plugin admin menus
338
- * Use default_value when input field is empty
339
- * Reset All Settings button for reverting all options to default
340
- * Fix - double slash in plugin path when usee plugins_url filter
341
- * Individual plugins path processing before general plugin path
342
- * New component - URL Slash
343
- * Update - New Style File Path - apply when theme path already changed
344
- * Fix: Plugins path module, check if $path variable is not "/" instead empty
345
- * Default add backslash rule rule, check if not redirect to prevent infinite loops
346
-
347
- = 1.2.6 =
348
- * New Component - HTML Comments replace
349
- * New Component - Headers
350
- * Conflict Handle with W3 Cache plugin when pagecache is active
351
- * W3 Cache plugin buffer use when active
352
- * Show notice when rules could not be delivered to htaccess file
353
- * Disable include filters and leave the buffering urls replacements to allow other plug ins to use default urls for compatibility purpose(e.g. W3-Cache Minify)
354
- * Fix: plugin folder / textdomain change
355
- * Early Buffering start, before any other code
356
- * Recovery link code functionality improvements
357
- * New wp-comments-post.php Path
358
- * Fix: Decrease the processing order index for wp-content module to allow others to run earlier than wp-content
359
- * Add mod_rewrite rules monitor system
360
- * Check if the mod_rewrite rules where successfully written to .htaccess file or disable any component run
361
-
362
- = 1.2.2 =
363
- * New Content Path
364
- * New Component : Root Files
365
- * Block license.txt
366
- * Block readme.html
367
- * Block wp-activate.php
368
- * Block wp-signup.php
369
- * Block other wp-*.php files
370
- * licence.txt and readme.html block
371
- * PO translations update
372
-
373
- = 1.2 =
374
- * New Feature Change individual plugin url path
375
- * Admin layout improvments
376
- * Fix for Admin canonical filter remove if remove canonical option set
377
- * PO translations update
378
- * Translation
379
-
380
- = 1.1.7 =
381
- * Remove profile link meta tag within head.
382
- * Remove canonical link meta tag within head
383
- * New XML-RPC Path
384
- * Block default xmlrpc.php
385
- * Remove pingback tag
386
- * Recovery link for default wp-login.php and admin urls
387
- * Css changes and warning messages update
388
- * PO translations update
389
- * TinyMCE emojicons callback fix
390
-
391
- = 1.1.2 =
392
- * Add a custom url for login_url filter
393
- * Better description and warning for wp-login.php change
394
- * Add default replacement for uploads
395
- * conflict handle - Security Firewall (WordPress Security Firewall) > Login Protection > Rename WP Login Page functionality
396
- * wp-includes block when not logged-in
397
- * wp-content block when not logged-in
398
- * readme update
399
-
400
- = 1.1 =
401
- * Po / Mo localisation files update
402
- * Update class to process the further structure changes and current components fields name change.
403
- * New Component : Wp-content folder access block
404
- * New Component : Block default wp-signup.php file from being accesible.
405
- * Fix: New admin url save when permalinks disable. keep on default admin url instead redirect.
406
- * Rewrite Default mod_rewrite code, append slashes to all urls to avoid actual directory reveal
407
- * Send e-mail notification when admin e-mail change, to prevent url forget / lose
408
- * New Component Disable Emoji
409
- * New Component Disable TinyMC Emoji
410
- * Structure change on the modules, split into chunks called components
411
- * Code Clean-up
412
- * Set processing order for component settings to allow mod_rewrite rules placement at certain position related to another line
413
- * Improved Template dir when child theme is active
414
- * Allow parent theme / child theme rewrite
415
- * mod_rewrite change for 404 error, set for WordPress internal 404 error page instead default server
416
-
417
- = 1.0.4 =
418
- * Text Domain fix from wp-hide to wp-hide-security-enhancer
419
-
420
- = 1.0.3 =
421
- * Certain sections improvments and code redo
422
- * Admin module cleanup
423
- * removed block for wp-include
424
- * Removed router functionality
425
- * Created Change relative urls within load-style block, load the tyles on a separate file to change the links
426
-
427
- = 1.0 =
428
- * Initial release.
429
-
430
- == Upgrade Notice ==
431
-
432
- Always keep plugin up to date.
433
-
434
-
435
- == Localization ==
436
- Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
437
-
438
  Please help by promoting this plugin with an article on your site or any other place. If you liked this code or helped on your your project, consider to leave a 5 star review on this board.
1
+ === Plugin Name ===
2
+ Contributors: nsp-code, tdgu
3
+ Donate link: http://www.nsp-code.com/donate.php
4
+ Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
5
+ Requires at least: 2.8
6
+ Tested up to: 4.6.1
7
+ Stable tag: 1.3.7
8
+ License: GPLv2 or later
9
+
10
+ Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
11
+
12
+ == Description ==
13
+
14
+ The **easy way to completely hide your WordPress** core files, theme and plugins path from being show on front side. This is a huge improvement over Site Security, no one will know you actually run a WordPress. Provide a simple way to clean up html by removing all WordPress fingerprints.
15
+
16
+ Change the default WordPress login urls from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. Totally invisible !!
17
+
18
+ [vimeo http://vimeo.com/185046480]
19
+
20
+ When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So you may want to check again later, or try a different inner url, homepage url usage is not mandatory.
21
+
22
+ Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes makes the vulnerable spot of every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
23
+ Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
24
+ Over 99,9% of hacked WordPress websites are target of automated malware scripts, who search for certain WordPress fingerprints. This plugin hide or replace those traces, making the hacking boots attacks useless.
25
+
26
+ Works fine with custom WordPress directory structures e.g. custom plugins, themes, uplaods folder.
27
+
28
+ Once configured, you need to **clear server cache data and/or any cache plugins** (e.g. W3 Cache), for a new html data to be created. If use CDN this should be cache clear as well.
29
+
30
+ **Sample usage**
31
+ [vimeo https://vimeo.com/192011678]
32
+
33
+ **Main plugin functionality:**
34
+
35
+ * Custom Admin Url
36
+ * Block default admin Url
37
+ * Block any direct folder access to completely hide the structure
38
+ * Custom wp-login.php filename
39
+ * Block default wp-login.php
40
+ * Block default wp-signup.php
41
+ * Block XML-RPC API
42
+ * New XML-RPC path
43
+ * Adjustable theme url
44
+ * New child Theme url
45
+ * Change theme style file name
46
+ * Clean any headers for theme style file
47
+ * Custom wp-include
48
+ * Block default wp-include paths
49
+ * Block defalt wp-content
50
+ * Custom plugins urls
51
+ * Individual plugin url change
52
+ * Block default plugins paths
53
+ * New upload url
54
+ * Block default upload urls
55
+ * Remove wordpress version
56
+ * Meta Generator block
57
+ * Disble the emoji and required javascript code
58
+ * Remove pingback tag
59
+ * Remove wlwmanifest Meta
60
+ * Remove rsd_link Meta
61
+ * Remove wpemoji
62
+
63
+ and many more.
64
+
65
+ **No other plugins functionality is being blocked or interfered in any way, everything will function the same**
66
+
67
+ This plugin allow to change default Admin Url's from **wp-login.php** and **wp-admin** to something else. All original links return default theme 404 Not Found page, like nothing exists there. Beside the huge security advantage, this save lots of server processing time by reducing php code and MySQL usage since brute-force attacks trigger wrong urls.
68
+
69
+ **Important:** Compared to all other similar plugins which mainly use redirects, this plugin return a default theme 404 error page for all **block url** functionality, so is not revealing at all the link existence.
70
+
71
+ Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.
72
+
73
+ = Plugin Sections =
74
+
75
+ **Rewrite > Theme**
76
+
77
+ * New Theme Path - Change default theme path
78
+ * New Style File Path - Change default style file name and path
79
+ * Remove description header from Style file - Replace any WordPress metadata informations (like theme name, version etc) from style file
80
+ * Child - New Theme Path - Change default child theme path
81
+ * Child - New Style File Path - Change child theme stylesheed file path and name
82
+ * Child - Remove description header from Style file - Replace any WordPress metadata informations (like theme name, version etc) from style file
83
+
84
+ **Rewrite > WP includes**
85
+
86
+ * New Includes Path - Change default wp-includes path / url
87
+ * Block wp-includes URL - Block default wp-includes url
88
+
89
+ **Rewrite > WP content**
90
+
91
+ * New Content Path - Change default wp-content path / url
92
+ * Block wp-content URL - Block default content url
93
+
94
+ **Rewrite > Plugins**
95
+
96
+ * New Plugins Path - Change default wp-content/plugins path / url
97
+ * Block plugins URL - Block default wp-content/plugins url
98
+ * New path / url for Every Active Plugin
99
+ * Custom path and name for any active plugins
100
+
101
+ **Rewrite > Uploads**
102
+
103
+ * New Uploads Path - Change default media files path / url
104
+ * Block uploads URL - Block default media files url
105
+
106
+ **Rewrite > XML-RPC**
107
+
108
+ * New XML-RPC Path - Change default XML-RPC path / url
109
+ * Block default xmlrpc.php - Block default XML-RPC url
110
+ * Disable XML-RPC authentication - Filter whether XML-RPC methods requiring authentication
111
+ * Remove pingback - Remove pingback link tag from theme
112
+
113
+ **Rewrite > JSON REST**
114
+
115
+ * Disable JSON REST V1 service - Disable an API service for WordPress which is active by default.
116
+ * Disable JSON REST V2 service - Disable an API service for WordPress which is active by default.
117
+ * Block any JSON REST calls - Any call for JSON REST API service will be blocked.
118
+ * Disable output the REST API link tag into page header
119
+ * Disable JSON REST WP RSD endpoint from XML-RPC responses
120
+ * Disable Sends a Link header for the REST API
121
+
122
+ **Rewrite > Root Files**
123
+
124
+ * New wp-comments-post.php Path
125
+ * Block wp-comments-post.php
126
+ * Block license.txt - Block access to license.txt root file
127
+ * Block readme.html - Block access to readme.html root file
128
+ * Block wp-activate.php - Block access to wp-activate.php file
129
+ * Block wp-cron.php - Block access to wp-cron.php file
130
+ * Block wp-signup.php - Block default wp-signup.php file
131
+ * Block other wp-*.php files - Block other wp-*.php files within WordPress Root
132
+
133
+ **Rewrite > URL Slash**
134
+
135
+ * URL's add Slash - Add a slash to any links without. This disguise any existing uppon a file, folder or a wrong url, they all be all slashed.
136
+
137
+
138
+ **General / Html > Meta**
139
+
140
+ * Remove WordPress Generator Meta
141
+ * Remove Other Generator Meta
142
+ * Remove Resource Hints
143
+ * Remove wlwmanifest Meta
144
+ * Remove feed_links Meta
145
+ * Disable output the REST API link tag into page header
146
+ * Remove rsd_link Meta
147
+ * Remove adjacent_posts_rel Meta
148
+ * Remove profile link
149
+ * Remove canonical link
150
+
151
+ **General / Html > Emoji**
152
+
153
+ * Disable Emoji
154
+ * Disable TinyMC Emoji
155
+
156
+ **General / Html > Styles**
157
+
158
+ * Remove Version
159
+ * Remove ID from link tags
160
+
161
+ **General / Html > Scripts**
162
+
163
+ * Remove Version
164
+
165
+ **General / Html > Oembed**
166
+
167
+ * Remove Oembed
168
+
169
+ **General / Html > Headers**
170
+
171
+ * Remove X-Powered-By Header
172
+ * Remove X-Pingback Header
173
+
174
+ **General / Html > HTML**
175
+
176
+ * Remove HTML Comments
177
+ * Remove general classes from body tag
178
+ * Remove ID from Menu items
179
+ * Remove class from Menu items
180
+ * Remove general classes from post
181
+ * Remove general classes from images
182
+
183
+ **Admin > wp-login.php**
184
+
185
+ * New wp-login.php - Map a new wp-login.php instead default
186
+ * Block default wp-login.php - Block default wp-login.php file from being accesible
187
+
188
+ **Admin > Admin URL**
189
+
190
+ * New Admin Url - Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
191
+ * Block default Admin Url - Block default admin url and files from being accesible
192
+
193
+ <br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.wp-hide.com">Contact</a> and we'll check it out.
194
+
195
+ <br />A website example can be found at <a target="_blank" href="http://nsp-code.com/demo/wp-hide/">http://nsp-code.com/demo/wp-hide/</a>
196
+
197
+ <br />Plugin homepage at <a target="_blank" href="http://www.wp-hide.com/">WordPress Hide and Security Enhancer</a>
198
+
199
+ <br />
200
+ <br />This plugin is developed by <a target="_blank" href="http://www.nsp-code.com">Nsp-Code</a>
201
+
202
+ == Installation ==
203
+
204
+ 1. Upload the plugin files to the `/wp-content/plugins/wp-hide-security-enhancer` directory, or install the plugin through the WordPress plugins screen directly.
205
+ 2. Activate the plugin through the 'Plugins' screen in WordPress.
206
+ 3. Use the WP Hide menu screen to configure the plugin.
207
+
208
+ == Frequently Asked Questions ==
209
+
210
+ Feel free to contact us at electronice_delphi@yahoo.com
211
+
212
+ = Something is wrong, what can i do? =
213
+
214
+ * First, stay calm. There will be no harm, guaranteed :)
215
+ * Go to admin and change some of plugin options to see which one cause the problem. Then report it to forum or get in touch with us to fix it.
216
+ * If you can't login to admin, use the Recovery Link which has been sent to your e-mail. This will reset the login to default.
217
+ * If for some reason the site appear broken, you should back-up then **replace the .htaccess file** located on your WordPress root. Then **remove the wp-hide-security-enhancer** from your plugin directory.
218
+
219
+ * At this point the site should run as before. If for some reason still not working, you missed something, please get in touch with us at electronice_delphi@yahoo.com and we'll fix it for you in no time!
220
+
221
+ = I have no PHP knowledge at all, is this plugin for me? =
222
+
223
+ There's no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.
224
+
225
+ = I can't find a functionality that i'am looking for =
226
+
227
+ Please get in touch with us and we'll do our best to include it for a next version.
228
+
229
+ == Screenshots ==
230
+
231
+ 1. Admin Interface.
232
+ 2. Sample front html code.
233
+
234
+ == Changelog ==
235
+
236
+ = 1.3.7 =
237
+ * Sanitize Admin Url for not using extension (e.g. .php) as it confuse the server upon the headers to sent
238
+ * Fix: replacements links when using custom directory for WordPress core files
239
+ * Fix: child theme path fix when changing style filename
240
+ * New Theme Path - help resource link fix
241
+ * Changed from DOMDocument to preg_replace for better compatibility with themes and plugins
242
+ * Improved execution speed
243
+
244
+ = 1.3.6.3 =
245
+ * Fixed PHP Notice: Undefined variable: dom
246
+
247
+ = 1.3.6.2 =
248
+ * W3 Total Cache - Page Cache compatibility fix
249
+ * Canonical tag replacement improvements
250
+ * Pingback tag replacement improvements
251
+ * Fix custom Background Images for body on themes which support that feature
252
+
253
+ = 1.3.6 =
254
+ * Post-process on options interface save for unique slugs on any text inputs to prevent conflicts.
255
+ * Processing Order change for new_theme_child_path to occur before new_theme_path
256
+ * New COmponent General -> Oembed
257
+ * Remove Oembed tags from header
258
+ * Remove Remove Resource Hints tags from header
259
+ * rewrite rules update to match only non base, from (.*) to (.+)
260
+ * wph-throw-404 improvements
261
+ * BuddyPress conflict handle for uploaded gravatars
262
+ * Admin Style changes
263
+ * BuddyPress Conflict Class handler
264
+ * Separate WordPress meta Generator and Other Meta Generator
265
+ * Process Location value within sent Headers list if exists
266
+ * Replacements for https and http urls relative to domain
267
+ * Add replacements for relative paths to cover WordPress installs within a folder.
268
+ * Use untralingslashit when creating theme and child theme url replacements
269
+ * Fix for Call to a member function is_404() on a non-object within wp_redirect
270
+
271
+ = 1.3.5.1 =
272
+ * Fix the Remove general classes from images component when within admin dashboard
273
+
274
+ = 1.3.5 =
275
+ * New component element : Remove general classes from body tag
276
+ * New component element : Remove general classes from post
277
+ * New component element : Remove general classes from images
278
+ * New component: JSON REST
279
+ * Disable JSON REST V1 service
280
+ * Disable JSON REST V2 service
281
+ * Block any JSON REST calls
282
+ * Disable output the REST API link tag into page header
283
+ * Disable JSON REST WP RSD endpoint from XML-RPC responses
284
+ * Disable Sends a Link header for the REST API
285
+ * Improved Styles and Scripts version remove
286
+ * Speed improvements
287
+ * Set Last-Modified header attribute for routed files
288
+ * Moved the plugins custom paths from 'plugins_url' filter to class init to allow replacements to occur when HTML has been created.
289
+ * Removed 'admin_url' and 'wp_default_scripts' filters to allow replacement at the end, within the buffer
290
+ * Updated PO / MO translation files
291
+
292
+ = 1.3.4 =
293
+ * Improved replacement code for Uploads, when "Block uploads URL" is set for "No" it use default media urls within the admin editor, to ensure links are still functional if plugin is disabled.
294
+ * Priority (high, normal, low) for replacement urls
295
+ * Replacement Urls for gziped buffer
296
+ * Fix rule name for child_style_file_clean on web.config IIS
297
+ * bbPress Compatibility
298
+ * BuddyPress Compatibility
299
+ * Prevent replacements on wp_redirect filter if is_404()
300
+ * Updated PO / MO translation files
301
+ * Removed in line components filters which changed the urls, leave for end buffering to make all changes.
302
+ * Fix for mod_rewrite line on child theme when router is turned Off, append the default style.css filename
303
+ * Improvements for Templates default variables to match customized themes like Sage
304
+ * Compatibility fix for Super Cache plugin ob callback
305
+ * Add IfModule mod_env.c before set nSetEnv HTTP_MOD_REWRITE On to prevent server internal error in case mod_env module is not available
306
+ * Check for Empty $saved_field_data within new plugin path component, to avoid creating rewrite rule if empty and existent path
307
+ * Improved get_home_path()
308
+ * Replacements for Relative URL's
309
+
310
+ See full list of changelogs at http://www.wp-hide.com/plugin-changelogs/
311
+
312
+ == Upgrade Notice ==
313
+
314
+ Always keep plugin up to date.
315
+
316
+
317
+ == Localization ==
318
+ Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
319
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
320
  Please help by promoting this plugin with an article on your site or any other place. If you liked this code or helped on your your project, consider to leave a 5 star review on this board.
wp-hide.php CHANGED
@@ -5,14 +5,14 @@ Plugin URI: http://www.nsp-code.com
5
  Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6
  Author: Nsp Code
7
  Author URI: http://www.nsp-code.com
8
- Version: 1.3.6.3
9
  Text Domain: wp-hide-security-enhancer
10
  Domain Path: /languages/
11
  */
12
 
13
 
14
  define('WPH_PATH', plugin_dir_path(__FILE__));
15
- define('WPH_VERSION', '1.3.6.3');
16
 
17
  //load language files
18
  add_action( 'plugins_loaded', 'WPH_load_textdomain');
5
  Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6
  Author: Nsp Code
7
  Author URI: http://www.nsp-code.com
8
+ Version: 1.3.7
9
  Text Domain: wp-hide-security-enhancer
10
  Domain Path: /languages/
11
  */
12
 
13
 
14
  define('WPH_PATH', plugin_dir_path(__FILE__));
15
+ define('WPH_VERSION', '1.3.7');
16
 
17
  //load language files
18
  add_action( 'plugins_loaded', 'WPH_load_textdomain');