Version Description
- Sanitize Admin Url for not using extension (e.g. .php) as it confuse the server upon the headers to sent
- Fix: replacements links when using custom directory for WordPress core files
- Fix: child theme path fix when changing style filename
- New Theme Path - help resource link fix
- Changed from DOMDocument to preg_replace for better compatibility with themes and plugins
- Improved execution speed
Download this release
Release Info
Developer | nsp-code |
Plugin | WP Hide & Security Enhancer |
Version | 1.3.7 |
Comparing to | |
See all releases |
Code changes from version 1.3.6.3 to 1.3.7
- conflicts/buddypress.php +3 -10
- include/functions.class.php +1 -1
- include/wph.class.php +1 -0
- modules/components/admin-admin_url.php +26 -7
- modules/components/admin-new_wp_login_php.php +1 -1
- modules/components/general-html.php +28 -40
- modules/components/general-meta.php +387 -423
- modules/components/general-styles.php +14 -26
- modules/components/rewrite-new_plugin_path.php +2 -2
- modules/components/rewrite-new_theme_path.php +7 -7
- modules/components/rewrite-new_xml-rpc-path.php +1 -29
- modules/components/rewrite-root-files.php +29 -15
- modules/components/rewrite-wp_content_path.php +1 -1
- readme.txt +319 -437
- wp-hide.php +2 -2
conflicts/buddypress.php
CHANGED
@@ -51,20 +51,13 @@
|
|
51 |
if(!isset($component['id']))
|
52 |
continue;
|
53 |
|
54 |
-
|
55 |
-
{
|
56 |
-
$modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
|
57 |
-
}
|
58 |
-
|
59 |
if($component['id'] == 'styles_remove_id_attribute')
|
60 |
{
|
61 |
$modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
|
62 |
}
|
63 |
-
|
64 |
-
|
65 |
-
{
|
66 |
-
$modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
|
67 |
-
}
|
68 |
}
|
69 |
}
|
70 |
}
|
51 |
if(!isset($component['id']))
|
52 |
continue;
|
53 |
|
54 |
+
/**
|
|
|
|
|
|
|
|
|
55 |
if($component['id'] == 'styles_remove_id_attribute')
|
56 |
{
|
57 |
$modules[$block_key]->components[$module_key]->module_settings[$component_key]['description'] .= '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">warning</div> <span class="important">' . __('This setting produce a conflict with BuddyPress and should be kept disabled.', 'wp-hide-security-enhancer') . '</span></div>';
|
58 |
}
|
59 |
+
*/
|
60 |
+
|
|
|
|
|
|
|
61 |
}
|
62 |
}
|
63 |
}
|
include/functions.class.php
CHANGED
@@ -654,7 +654,7 @@
|
|
654 |
function get_url_path_relative_to_domain_root($url)
|
655 |
{
|
656 |
|
657 |
-
$url = str_replace(trailingslashit(
|
658 |
|
659 |
return $url;
|
660 |
|
654 |
function get_url_path_relative_to_domain_root($url)
|
655 |
{
|
656 |
|
657 |
+
$url = str_replace(trailingslashit( home_url() ), "" , $url);
|
658 |
|
659 |
return $url;
|
660 |
|
include/wph.class.php
CHANGED
@@ -883,6 +883,7 @@
|
|
883 |
$domain_ABSPATH = str_replace($wp_directory, "", untrailingslashit( realpath( ABSPATH )));
|
884 |
|
885 |
$content_directory = str_replace($domain_ABSPATH, "" , untrailingslashit( realpath( WP_CONTENT_DIR )));
|
|
|
886 |
$this->default_variables['content_directory'] = $content_directory;
|
887 |
}
|
888 |
|
883 |
$domain_ABSPATH = str_replace($wp_directory, "", untrailingslashit( realpath( ABSPATH )));
|
884 |
|
885 |
$content_directory = str_replace($domain_ABSPATH, "" , untrailingslashit( realpath( WP_CONTENT_DIR )));
|
886 |
+
$content_directory = str_replace('\\', '/', $content_directory);
|
887 |
$this->default_variables['content_directory'] = $content_directory;
|
888 |
}
|
889 |
|
modules/components/admin-admin_url.php
CHANGED
@@ -19,7 +19,7 @@
|
|
19 |
),
|
20 |
'input_type' => 'text',
|
21 |
|
22 |
-
'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name')),
|
23 |
'processing_order' => 60
|
24 |
|
25 |
);
|
@@ -95,10 +95,12 @@
|
|
95 |
$path = trailingslashit($this->wph->default_variables['wordpress_directory']);
|
96 |
$path .= trailingslashit( $saved_field_data );
|
97 |
|
|
|
|
|
98 |
if($this->wph->server_htaccess_config === TRUE)
|
99 |
{
|
100 |
-
$text = "\nRewriteCond %{REQUEST_URI} ".
|
101 |
-
$text .= "\nRewriteRule ^(.*)$ ".
|
102 |
$text .= "\nRewriteRule ^" . $path . '(.*) '. $admin_url .'$1 [L,QSA]';
|
103 |
}
|
104 |
|
@@ -107,9 +109,9 @@
|
|
107 |
<rule name="wph-admin_url1" stopProcessing="true">
|
108 |
<match url="^(.*)$" />
|
109 |
<conditions>
|
110 |
-
<add input="{REQUEST_URI}" matchType="Pattern" pattern="$saved_field_data$" />
|
111 |
</conditions>
|
112 |
-
<action type="Redirect" redirectType="Permanent" url="'. $saved_field_data .'{R:1}/" />
|
113 |
</rule>
|
114 |
<rule name="wph-admin_url2" stopProcessing="true">
|
115 |
<match url="^'. $path .'(.*)" />
|
@@ -233,11 +235,13 @@
|
|
233 |
$path = '';
|
234 |
if(!empty($this->wph->default_variables['wordpress_directory']))
|
235 |
$path = trailingslashit($this->wph->default_variables['wordpress_directory']);
|
|
|
|
|
236 |
|
237 |
if($this->wph->server_htaccess_config === TRUE)
|
238 |
{
|
239 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
240 |
-
$text .= "RewriteRule ^wp-admin(.+) $site_index [L]\n";
|
241 |
$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
242 |
|
243 |
//theme my login usage
|
@@ -263,7 +267,7 @@
|
|
263 |
{
|
264 |
$text = '
|
265 |
<rule name="wph-block_default_admin_url1" stopProcessing="true">
|
266 |
-
<match url="^wp-admin(.+)" />
|
267 |
<action type="Rewrite" url="'. $site_index .'" />
|
268 |
</rule>
|
269 |
<rule name="wph-block_default_admin_url2" stopProcessing="true">
|
@@ -301,6 +305,21 @@
|
|
301 |
|
302 |
return $processing_response;
|
303 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
304 |
|
305 |
|
306 |
}
|
19 |
),
|
20 |
'input_type' => 'text',
|
21 |
|
22 |
+
'sanitize_type' => array(array($this->wph->functions, 'sanitize_file_path_name'), array($this, 'sanitize_path_name')),
|
23 |
'processing_order' => 60
|
24 |
|
25 |
);
|
95 |
$path = trailingslashit($this->wph->default_variables['wordpress_directory']);
|
96 |
$path .= trailingslashit( $saved_field_data );
|
97 |
|
98 |
+
$rewrite_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) : '';
|
99 |
+
|
100 |
if($this->wph->server_htaccess_config === TRUE)
|
101 |
{
|
102 |
+
$text = "\nRewriteCond %{REQUEST_URI} ". $rewrite_base . $saved_field_data ."$";
|
103 |
+
$text .= "\nRewriteRule ^(.*)$ ". $rewrite_base . $saved_field_data ."/ [R=301,L]";
|
104 |
$text .= "\nRewriteRule ^" . $path . '(.*) '. $admin_url .'$1 [L,QSA]';
|
105 |
}
|
106 |
|
109 |
<rule name="wph-admin_url1" stopProcessing="true">
|
110 |
<match url="^(.*)$" />
|
111 |
<conditions>
|
112 |
+
<add input="{REQUEST_URI}" matchType="Pattern" pattern="'. $rewrite_base . $saved_field_data .'$" />
|
113 |
</conditions>
|
114 |
+
<action type="Redirect" redirectType="Permanent" url="'. $rewrite_base . $saved_field_data .'{R:1}/" />
|
115 |
</rule>
|
116 |
<rule name="wph-admin_url2" stopProcessing="true">
|
117 |
<match url="^'. $path .'(.*)" />
|
235 |
$path = '';
|
236 |
if(!empty($this->wph->default_variables['wordpress_directory']))
|
237 |
$path = trailingslashit($this->wph->default_variables['wordpress_directory']);
|
238 |
+
|
239 |
+
$rewrite_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) : '';
|
240 |
|
241 |
if($this->wph->server_htaccess_config === TRUE)
|
242 |
{
|
243 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
244 |
+
$text .= "RewriteRule ^" . $rewrite_base ."wp-admin(.+) $site_index [L]\n";
|
245 |
$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
246 |
|
247 |
//theme my login usage
|
267 |
{
|
268 |
$text = '
|
269 |
<rule name="wph-block_default_admin_url1" stopProcessing="true">
|
270 |
+
<match url="^'. $rewrite_base .'wp-admin(.+)" />
|
271 |
<action type="Rewrite" url="'. $site_index .'" />
|
272 |
</rule>
|
273 |
<rule name="wph-block_default_admin_url2" stopProcessing="true">
|
305 |
|
306 |
return $processing_response;
|
307 |
}
|
308 |
+
|
309 |
+
|
310 |
+
/**
|
311 |
+
* Replace any dots in the slug, as it will confuse the server uppon being an actual file
|
312 |
+
*
|
313 |
+
* @param mixed $value
|
314 |
+
*/
|
315 |
+
function sanitize_path_name( $value )
|
316 |
+
{
|
317 |
+
|
318 |
+
$value = str_replace(".","-", $value);
|
319 |
+
|
320 |
+
return $value;
|
321 |
+
|
322 |
+
}
|
323 |
|
324 |
|
325 |
}
|
modules/components/admin-new_wp_login_php.php
CHANGED
@@ -65,7 +65,7 @@
|
|
65 |
$this->wph->functions->add_replacement( $url, trailingslashit( site_url() ) . $saved_field_data );
|
66 |
|
67 |
//add relative too
|
68 |
-
$this->wph->functions->add_replacement( 'wp-login.php', $saved_field_data );
|
69 |
|
70 |
}
|
71 |
|
65 |
$this->wph->functions->add_replacement( $url, trailingslashit( site_url() ) . $saved_field_data );
|
66 |
|
67 |
//add relative too
|
68 |
+
$this->wph->functions->add_replacement( '/wp-login.php', '/' . $saved_field_data );
|
69 |
|
70 |
}
|
71 |
|
modules/components/general-html.php
CHANGED
@@ -295,55 +295,43 @@
|
|
295 |
|
296 |
if(is_admin())
|
297 |
return $buffer;
|
298 |
-
|
299 |
-
if ( ! class_exists( 'DOMDocument', false ) )
|
300 |
-
return $buffer;
|
301 |
-
|
302 |
-
$doc = new DOMDocument();
|
303 |
-
$doc->preserveWhiteSpace = true;
|
304 |
-
|
305 |
-
if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
|
306 |
-
return $buffer;
|
307 |
-
|
308 |
-
$doc->encoding = 'UTF-8';
|
309 |
-
$doc->formatOutput = true;
|
310 |
|
311 |
-
$
|
312 |
|
313 |
-
|
314 |
-
|
315 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
316 |
|
317 |
-
|
|
|
|
|
|
|
318 |
{
|
319 |
-
|
320 |
-
|
321 |
-
if(empty($classes))
|
322 |
-
continue;
|
323 |
-
|
324 |
-
$classes_array = explode(" ", $classes);
|
325 |
-
$classes_array = array_filter( $classes_array );
|
326 |
-
|
327 |
-
foreach($classes_array as $key => $class)
|
328 |
{
|
329 |
-
|
330 |
-
if(strpos($class, 'wp-image-') === 0)
|
331 |
-
{
|
332 |
-
unset( $classes_array[$key] );
|
333 |
-
}
|
334 |
}
|
335 |
-
|
336 |
-
$classes_array = array_values($classes_array);
|
337 |
-
|
338 |
-
$node->setAttribute( "class", implode( " ", $classes_array ) );
|
339 |
}
|
340 |
|
341 |
-
$
|
342 |
|
343 |
-
$
|
344 |
-
|
345 |
-
return $
|
346 |
-
|
347 |
}
|
348 |
|
349 |
|
295 |
|
296 |
if(is_admin())
|
297 |
return $buffer;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
298 |
|
299 |
+
$buffer = preg_replace_callback('/<img.*?class=["|\'](.*?)["|\'].*?>/i', array($this, "clean_image_classes_preg_replace_callback"), $buffer);
|
300 |
|
301 |
+
return $buffer;
|
302 |
+
|
303 |
+
}
|
304 |
+
|
305 |
+
|
306 |
+
function clean_image_classes_preg_replace_callback( $matches )
|
307 |
+
{
|
308 |
+
$tag = isset($matches[0]) ? $matches[0] : '';
|
309 |
+
$classes = isset($matches[1]) ? $matches[1] : '';
|
310 |
+
|
311 |
+
if(empty($tag))
|
312 |
+
return '';
|
313 |
+
|
314 |
+
if(empty($classes))
|
315 |
+
return $tag;
|
316 |
|
317 |
+
$classes_array = explode(" ", $classes);
|
318 |
+
$classes_array = array_filter( $classes_array );
|
319 |
+
|
320 |
+
foreach($classes_array as $key => $class)
|
321 |
{
|
322 |
+
//only wp-image- at the momment
|
323 |
+
if(strpos($class, 'wp-image-') === 0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
324 |
{
|
325 |
+
unset( $classes_array[$key] );
|
|
|
|
|
|
|
|
|
326 |
}
|
|
|
|
|
|
|
|
|
327 |
}
|
328 |
|
329 |
+
$classes_array = array_values($classes_array);
|
330 |
|
331 |
+
$tag = str_replace($classes, implode( " ", $classes_array ), $tag);
|
332 |
+
|
333 |
+
return $tag;
|
334 |
+
|
335 |
}
|
336 |
|
337 |
|
modules/components/general-meta.php
CHANGED
@@ -1,424 +1,388 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
class WPH_module_general_meta extends WPH_module_component
|
4 |
-
{
|
5 |
-
function get_component_title()
|
6 |
-
{
|
7 |
-
return "Meta";
|
8 |
-
}
|
9 |
-
|
10 |
-
|
11 |
-
function get_module_settings()
|
12 |
-
{
|
13 |
-
$this->module_settings[] = array(
|
14 |
-
'id' => 'remove_generator_meta',
|
15 |
-
'label' => 'Remove WordPress Generator Meta',
|
16 |
-
'description' => __('Remove the autogenerated meta generator tag within head (WordPress Version).', 'wp-hide-security-enhancer'),
|
17 |
-
|
18 |
-
'input_type' => 'radio',
|
19 |
-
'options' => array(
|
20 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
21 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
22 |
-
),
|
23 |
-
'default_value' => 'no',
|
24 |
-
|
25 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
26 |
-
|
27 |
-
);
|
28 |
-
|
29 |
-
$this->module_settings[] = array(
|
30 |
-
'id' => 'remove_other_generator_meta',
|
31 |
-
'label' => 'Remove Other Generator Meta',
|
32 |
-
'description' => __('Remove other meta generated tags within head (eg Theme Name, Theme Version).', 'wp-hide-security-enhancer'),
|
33 |
-
|
34 |
-
'input_type' => 'radio',
|
35 |
-
'options' => array(
|
36 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
37 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
38 |
-
),
|
39 |
-
'default_value' => 'no',
|
40 |
-
|
41 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
42 |
-
|
43 |
-
);
|
44 |
-
|
45 |
-
$this->module_settings[] = array(
|
46 |
-
'id' => 'remove_resource_hints',
|
47 |
-
'label' => 'Remove Resource Hints',
|
48 |
-
'description' => __('Remove Resource Hints meta generated tags within head (eg dns-prefetch, preconnect).', 'wp-hide-security-enhancer'),
|
49 |
-
|
50 |
-
'input_type' => 'radio',
|
51 |
-
'options' => array(
|
52 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
53 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
54 |
-
),
|
55 |
-
'default_value' => 'no',
|
56 |
-
|
57 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
58 |
-
|
59 |
-
);
|
60 |
-
|
61 |
-
$this->module_settings[] = array(
|
62 |
-
'id' => 'remove_wlwmanifest',
|
63 |
-
'label' => 'Remove wlwmanifest Meta',
|
64 |
-
'description' => __('Remove the wlwmanifest tag within head.', 'wp-hide-security-enhancer'),
|
65 |
-
|
66 |
-
'input_type' => 'radio',
|
67 |
-
'options' => array(
|
68 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
69 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
70 |
-
),
|
71 |
-
'default_value' => 'no',
|
72 |
-
|
73 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
74 |
-
|
75 |
-
);
|
76 |
-
|
77 |
-
|
78 |
-
$this->module_settings[] = array(
|
79 |
-
'id' => 'remove_feed_links',
|
80 |
-
'label' => 'Remove feed_links Meta',
|
81 |
-
'description' => __('Remove the feed_links tag within head.', 'wp-hide-security-enhancer'),
|
82 |
-
|
83 |
-
'input_type' => 'radio',
|
84 |
-
'options' => array(
|
85 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
86 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
87 |
-
),
|
88 |
-
'default_value' => 'no',
|
89 |
-
|
90 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
91 |
-
|
92 |
-
);
|
93 |
-
|
94 |
-
|
95 |
-
$this->module_settings[] = array(
|
96 |
-
'id' => 'disable_json_rest_wphead_link',
|
97 |
-
'label' => __('Disable output the REST API link tag into page header', 'wp-hide-security-enhancer'),
|
98 |
-
'description' => __('By default a REST API link tag is being append to HTML.', 'wp-hide-security-enhancer'),
|
99 |
-
|
100 |
-
'input_type' => 'radio',
|
101 |
-
'options' => array(
|
102 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
103 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
104 |
-
),
|
105 |
-
'default_value' => 'no',
|
106 |
-
|
107 |
-
'sanitize_type' => array('sanitize_title', 'strtolower'),
|
108 |
-
'processing_order' => 58
|
109 |
-
|
110 |
-
);
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
$this->module_settings[] = array(
|
115 |
-
'id' => 'remove_rsd_link',
|
116 |
-
'label' => 'Remove rsd_link Meta',
|
117 |
-
'description' => __('Remove the rsd_link tag within head.', 'wp-hide-security-enhancer'),
|
118 |
-
|
119 |
-
'input_type' => 'radio',
|
120 |
-
'options' => array(
|
121 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
122 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
123 |
-
),
|
124 |
-
'default_value' => 'no',
|
125 |
-
|
126 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
127 |
-
|
128 |
-
);
|
129 |
-
|
130 |
-
|
131 |
-
|
132 |
-
$this->module_settings[] = array(
|
133 |
-
'id' => 'remove_adjacent_posts_rel',
|
134 |
-
'label' => 'Remove adjacent_posts_rel Meta',
|
135 |
-
'description' => __('Remove the adjacent_posts_rel tag within head.', 'wp-hide-security-enhancer'),
|
136 |
-
|
137 |
-
'input_type' => 'radio',
|
138 |
-
'options' => array(
|
139 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
140 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
141 |
-
),
|
142 |
-
'default_value' => 'no',
|
143 |
-
|
144 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
145 |
-
|
146 |
-
);
|
147 |
-
|
148 |
-
$this->module_settings[] = array(
|
149 |
-
'id' => 'remove_profile',
|
150 |
-
'label' => 'Remove profile link',
|
151 |
-
'description' => __('Remove profile link meta tag within head.', 'wp-hide-security-enhancer'),
|
152 |
-
|
153 |
-
'input_type' => 'radio',
|
154 |
-
'options' => array(
|
155 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
156 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
157 |
-
),
|
158 |
-
'default_value' => 'no',
|
159 |
-
|
160 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
161 |
-
|
162 |
-
);
|
163 |
-
|
164 |
-
$this->module_settings[] = array(
|
165 |
-
'id' => 'remove_canonical',
|
166 |
-
'label' => 'Remove canonical link',
|
167 |
-
'description' => __('Remove canonical link meta tag within head.', 'wp-hide-security-enhancer'),
|
168 |
-
|
169 |
-
'input_type' => 'radio',
|
170 |
-
'options' => array(
|
171 |
-
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
172 |
-
'no' => __('No', 'wp-hide-security-enhancer'),
|
173 |
-
),
|
174 |
-
'default_value' => 'no',
|
175 |
-
|
176 |
-
'sanitize_type' => array('sanitize_title', 'strtolower')
|
177 |
-
|
178 |
-
);
|
179 |
-
|
180 |
-
return $this->module_settings;
|
181 |
-
}
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
function _init_remove_generator_meta($saved_field_data)
|
186 |
-
{
|
187 |
-
if(empty($saved_field_data) || $saved_field_data == 'no')
|
188 |
-
return FALSE;
|
189 |
-
|
190 |
-
add_filter('the_generator', create_function('', 'return "";'));
|
191 |
-
remove_action( 'wp_head', 'wp_generator' );
|
192 |
-
|
193 |
-
//make sure it's being replaced
|
194 |
-
add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_generator_meta'));
|
195 |
-
}
|
196 |
-
|
197 |
-
|
198 |
-
function ob_start_callback_remove_generator_meta( $buffer )
|
199 |
-
{
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
function
|
246 |
-
{
|
247 |
-
|
248 |
-
|
249 |
-
|
250 |
-
|
251 |
-
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
-
|
262 |
-
$
|
263 |
-
|
264 |
-
|
265 |
-
|
266 |
-
|
267 |
-
|
268 |
-
|
269 |
-
|
270 |
-
|
271 |
-
|
272 |
-
$
|
273 |
-
|
274 |
-
|
275 |
-
|
276 |
-
|
277 |
-
|
278 |
-
|
279 |
-
|
280 |
-
|
281 |
-
|
282 |
-
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
remove_action(
|
287 |
-
|
288 |
-
}
|
289 |
-
|
290 |
-
|
291 |
-
function
|
292 |
-
{
|
293 |
-
if(empty($saved_field_data) || $saved_field_data == 'no')
|
294 |
-
return FALSE;
|
295 |
-
|
296 |
-
remove_action( 'wp_head',
|
297 |
-
|
298 |
-
}
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
304 |
-
|
305 |
-
|
306 |
-
|
307 |
-
|
308 |
-
|
309 |
-
|
310 |
-
|
311 |
-
|
312 |
-
|
313 |
-
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
320 |
-
|
321 |
-
|
322 |
-
|
323 |
-
if(empty($saved_field_data) || $saved_field_data == 'no')
|
324 |
-
return FALSE;
|
325 |
-
|
326 |
-
|
327 |
-
|
328 |
-
|
329 |
-
|
330 |
-
|
331 |
-
function
|
332 |
-
{
|
333 |
-
|
334 |
-
|
335 |
-
|
336 |
-
|
337 |
-
|
338 |
-
|
339 |
-
|
340 |
-
|
341 |
-
|
342 |
-
|
343 |
-
|
344 |
-
|
345 |
-
|
346 |
-
|
347 |
-
|
348 |
-
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
353 |
-
|
354 |
-
|
355 |
-
|
356 |
-
|
357 |
-
|
358 |
-
|
359 |
-
|
360 |
-
|
361 |
-
|
362 |
-
|
363 |
-
|
364 |
-
|
365 |
-
|
366 |
-
|
367 |
-
|
368 |
-
|
369 |
-
|
370 |
-
|
371 |
-
|
372 |
-
|
373 |
-
|
374 |
-
|
375 |
-
|
376 |
-
|
377 |
-
|
378 |
-
|
379 |
-
|
380 |
-
|
381 |
-
|
382 |
-
|
383 |
-
|
384 |
-
|
385 |
-
|
386 |
-
|
387 |
-
|
388 |
-
return $buffer;
|
389 |
-
|
390 |
-
if ( ! class_exists( 'DOMDocument', false ) )
|
391 |
-
return $buffer;
|
392 |
-
|
393 |
-
$doc = new DOMDocument();
|
394 |
-
$doc->preserveWhiteSpace = true;
|
395 |
-
|
396 |
-
if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
|
397 |
-
return $buffer;
|
398 |
-
|
399 |
-
$doc->encoding = 'UTF-8';
|
400 |
-
$doc->formatOutput = true;
|
401 |
-
|
402 |
-
$xpath = new DOMXPath($doc);
|
403 |
-
|
404 |
-
$nodes = $xpath->query('//link[@rel="canonical"]');
|
405 |
-
if($nodes->length < 1)
|
406 |
-
return $buffer;
|
407 |
-
|
408 |
-
foreach ($nodes as $node)
|
409 |
-
{
|
410 |
-
$parent = $node->parentNode;
|
411 |
-
$parent->removeChild($node);
|
412 |
-
}
|
413 |
-
|
414 |
-
$doc->normalizeDocument();
|
415 |
-
|
416 |
-
$buffer = $doc->saveHTML( );
|
417 |
-
|
418 |
-
return $buffer;
|
419 |
-
|
420 |
-
}
|
421 |
-
|
422 |
-
|
423 |
-
}
|
424 |
?>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class WPH_module_general_meta extends WPH_module_component
|
4 |
+
{
|
5 |
+
function get_component_title()
|
6 |
+
{
|
7 |
+
return "Meta";
|
8 |
+
}
|
9 |
+
|
10 |
+
|
11 |
+
function get_module_settings()
|
12 |
+
{
|
13 |
+
$this->module_settings[] = array(
|
14 |
+
'id' => 'remove_generator_meta',
|
15 |
+
'label' => 'Remove WordPress Generator Meta',
|
16 |
+
'description' => __('Remove the autogenerated meta generator tag within head (WordPress Version).', 'wp-hide-security-enhancer'),
|
17 |
+
|
18 |
+
'input_type' => 'radio',
|
19 |
+
'options' => array(
|
20 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
21 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
22 |
+
),
|
23 |
+
'default_value' => 'no',
|
24 |
+
|
25 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
26 |
+
|
27 |
+
);
|
28 |
+
|
29 |
+
$this->module_settings[] = array(
|
30 |
+
'id' => 'remove_other_generator_meta',
|
31 |
+
'label' => 'Remove Other Generator Meta',
|
32 |
+
'description' => __('Remove other meta generated tags within head (eg Theme Name, Theme Version).', 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'input_type' => 'radio',
|
35 |
+
'options' => array(
|
36 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
37 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
38 |
+
),
|
39 |
+
'default_value' => 'no',
|
40 |
+
|
41 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
42 |
+
|
43 |
+
);
|
44 |
+
|
45 |
+
$this->module_settings[] = array(
|
46 |
+
'id' => 'remove_resource_hints',
|
47 |
+
'label' => 'Remove Resource Hints',
|
48 |
+
'description' => __('Remove Resource Hints meta generated tags within head (eg dns-prefetch, preconnect).', 'wp-hide-security-enhancer'),
|
49 |
+
|
50 |
+
'input_type' => 'radio',
|
51 |
+
'options' => array(
|
52 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
53 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
54 |
+
),
|
55 |
+
'default_value' => 'no',
|
56 |
+
|
57 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
58 |
+
|
59 |
+
);
|
60 |
+
|
61 |
+
$this->module_settings[] = array(
|
62 |
+
'id' => 'remove_wlwmanifest',
|
63 |
+
'label' => 'Remove wlwmanifest Meta',
|
64 |
+
'description' => __('Remove the wlwmanifest tag within head.', 'wp-hide-security-enhancer'),
|
65 |
+
|
66 |
+
'input_type' => 'radio',
|
67 |
+
'options' => array(
|
68 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
69 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
70 |
+
),
|
71 |
+
'default_value' => 'no',
|
72 |
+
|
73 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
74 |
+
|
75 |
+
);
|
76 |
+
|
77 |
+
|
78 |
+
$this->module_settings[] = array(
|
79 |
+
'id' => 'remove_feed_links',
|
80 |
+
'label' => 'Remove feed_links Meta',
|
81 |
+
'description' => __('Remove the feed_links tag within head.', 'wp-hide-security-enhancer'),
|
82 |
+
|
83 |
+
'input_type' => 'radio',
|
84 |
+
'options' => array(
|
85 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
86 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
87 |
+
),
|
88 |
+
'default_value' => 'no',
|
89 |
+
|
90 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
91 |
+
|
92 |
+
);
|
93 |
+
|
94 |
+
|
95 |
+
$this->module_settings[] = array(
|
96 |
+
'id' => 'disable_json_rest_wphead_link',
|
97 |
+
'label' => __('Disable output the REST API link tag into page header', 'wp-hide-security-enhancer'),
|
98 |
+
'description' => __('By default a REST API link tag is being append to HTML.', 'wp-hide-security-enhancer'),
|
99 |
+
|
100 |
+
'input_type' => 'radio',
|
101 |
+
'options' => array(
|
102 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
103 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
104 |
+
),
|
105 |
+
'default_value' => 'no',
|
106 |
+
|
107 |
+
'sanitize_type' => array('sanitize_title', 'strtolower'),
|
108 |
+
'processing_order' => 58
|
109 |
+
|
110 |
+
);
|
111 |
+
|
112 |
+
|
113 |
+
|
114 |
+
$this->module_settings[] = array(
|
115 |
+
'id' => 'remove_rsd_link',
|
116 |
+
'label' => 'Remove rsd_link Meta',
|
117 |
+
'description' => __('Remove the rsd_link tag within head.', 'wp-hide-security-enhancer'),
|
118 |
+
|
119 |
+
'input_type' => 'radio',
|
120 |
+
'options' => array(
|
121 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
122 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
123 |
+
),
|
124 |
+
'default_value' => 'no',
|
125 |
+
|
126 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
127 |
+
|
128 |
+
);
|
129 |
+
|
130 |
+
|
131 |
+
|
132 |
+
$this->module_settings[] = array(
|
133 |
+
'id' => 'remove_adjacent_posts_rel',
|
134 |
+
'label' => 'Remove adjacent_posts_rel Meta',
|
135 |
+
'description' => __('Remove the adjacent_posts_rel tag within head.', 'wp-hide-security-enhancer'),
|
136 |
+
|
137 |
+
'input_type' => 'radio',
|
138 |
+
'options' => array(
|
139 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
140 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
141 |
+
),
|
142 |
+
'default_value' => 'no',
|
143 |
+
|
144 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
145 |
+
|
146 |
+
);
|
147 |
+
|
148 |
+
$this->module_settings[] = array(
|
149 |
+
'id' => 'remove_profile',
|
150 |
+
'label' => 'Remove profile link',
|
151 |
+
'description' => __('Remove profile link meta tag within head.', 'wp-hide-security-enhancer'),
|
152 |
+
|
153 |
+
'input_type' => 'radio',
|
154 |
+
'options' => array(
|
155 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
156 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
157 |
+
),
|
158 |
+
'default_value' => 'no',
|
159 |
+
|
160 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
161 |
+
|
162 |
+
);
|
163 |
+
|
164 |
+
$this->module_settings[] = array(
|
165 |
+
'id' => 'remove_canonical',
|
166 |
+
'label' => 'Remove canonical link',
|
167 |
+
'description' => __('Remove canonical link meta tag within head.', 'wp-hide-security-enhancer'),
|
168 |
+
|
169 |
+
'input_type' => 'radio',
|
170 |
+
'options' => array(
|
171 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
172 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
173 |
+
),
|
174 |
+
'default_value' => 'no',
|
175 |
+
|
176 |
+
'sanitize_type' => array('sanitize_title', 'strtolower')
|
177 |
+
|
178 |
+
);
|
179 |
+
|
180 |
+
return $this->module_settings;
|
181 |
+
}
|
182 |
+
|
183 |
+
|
184 |
+
|
185 |
+
function _init_remove_generator_meta($saved_field_data)
|
186 |
+
{
|
187 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
188 |
+
return FALSE;
|
189 |
+
|
190 |
+
add_filter('the_generator', create_function('', 'return "";'));
|
191 |
+
remove_action( 'wp_head', 'wp_generator' );
|
192 |
+
|
193 |
+
//make sure it's being replaced
|
194 |
+
add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_generator_meta'));
|
195 |
+
}
|
196 |
+
|
197 |
+
|
198 |
+
function ob_start_callback_remove_generator_meta( $buffer )
|
199 |
+
{
|
200 |
+
|
201 |
+
$buffer = preg_replace_callback('/(<meta.*?name=("|\')generator("|\').*?\/?>)/i', array($this, "remove_generator_meta_preg_replace_callback"), $buffer);
|
202 |
+
|
203 |
+
return $buffer;
|
204 |
+
|
205 |
+
|
206 |
+
}
|
207 |
+
|
208 |
+
|
209 |
+
function remove_generator_meta_preg_replace_callback( $matches )
|
210 |
+
{
|
211 |
+
|
212 |
+
$found = isset($matches[0]) ? $matches[0] : '';
|
213 |
+
|
214 |
+
if(empty($found))
|
215 |
+
return '';
|
216 |
+
|
217 |
+
//check if content starts with WordPress
|
218 |
+
if(stripos($found, 'content="WordPress ') !== FALSE)
|
219 |
+
return "";
|
220 |
+
|
221 |
+
return $found;
|
222 |
+
|
223 |
+
}
|
224 |
+
|
225 |
+
|
226 |
+
function _init_remove_other_generator_meta($saved_field_data)
|
227 |
+
{
|
228 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
229 |
+
return FALSE;
|
230 |
+
|
231 |
+
//remove other generator links
|
232 |
+
add_filter( 'wph/ob_start_callback', array(&$this, 'ob_start_callback_remove_other_generator_meta'));
|
233 |
+
}
|
234 |
+
|
235 |
+
|
236 |
+
function ob_start_callback_remove_other_generator_meta( $buffer )
|
237 |
+
{
|
238 |
+
|
239 |
+
$buffer = preg_replace_callback('/(<meta.*?name=("|\')generator("|\').*?\/?>)/i', array($this, "remove_other_generator_meta_preg_replace_callback"), $buffer);
|
240 |
+
|
241 |
+
return $buffer;
|
242 |
+
|
243 |
+
}
|
244 |
+
|
245 |
+
function remove_other_generator_meta_preg_replace_callback( $matches )
|
246 |
+
{
|
247 |
+
$found = isset($matches[0]) ? $matches[0] : '';
|
248 |
+
|
249 |
+
if(empty($found))
|
250 |
+
return '';
|
251 |
+
|
252 |
+
//check if content starts with WordPress
|
253 |
+
if(stripos($found, 'content="WordPress ') === FALSE)
|
254 |
+
return "";
|
255 |
+
|
256 |
+
return $found;
|
257 |
+
}
|
258 |
+
|
259 |
+
|
260 |
+
function _init_remove_resource_hints($saved_field_data)
|
261 |
+
{
|
262 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
263 |
+
return FALSE;
|
264 |
+
|
265 |
+
remove_action( 'wp_head', 'wp_resource_hints', 2 );
|
266 |
+
|
267 |
+
}
|
268 |
+
|
269 |
+
|
270 |
+
function _init_remove_wlwmanifest($saved_field_data)
|
271 |
+
{
|
272 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
273 |
+
return FALSE;
|
274 |
+
|
275 |
+
remove_action( 'wp_head', 'wlwmanifest_link' );
|
276 |
+
|
277 |
+
}
|
278 |
+
|
279 |
+
|
280 |
+
function _init_remove_feed_links($saved_field_data)
|
281 |
+
{
|
282 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
283 |
+
return FALSE;
|
284 |
+
|
285 |
+
remove_action('wp_head', 'feed_links', 2);
|
286 |
+
remove_action('wp_head', 'feed_links_extra', 3);
|
287 |
+
|
288 |
+
}
|
289 |
+
|
290 |
+
|
291 |
+
function _init_disable_json_rest_wphead_link($saved_field_data)
|
292 |
+
{
|
293 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
294 |
+
return FALSE;
|
295 |
+
|
296 |
+
remove_action( 'wp_head', 'rest_output_link_wp_head', 10 );
|
297 |
+
|
298 |
+
}
|
299 |
+
|
300 |
+
function _init_remove_rsd_link($saved_field_data)
|
301 |
+
{
|
302 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
303 |
+
return FALSE;
|
304 |
+
|
305 |
+
remove_action('wp_head', 'rsd_link');
|
306 |
+
|
307 |
+
}
|
308 |
+
|
309 |
+
|
310 |
+
function _init_remove_adjacent_posts_rel($saved_field_data)
|
311 |
+
{
|
312 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
313 |
+
return FALSE;
|
314 |
+
|
315 |
+
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
|
316 |
+
|
317 |
+
}
|
318 |
+
|
319 |
+
|
320 |
+
function _init_remove_profile($saved_field_data)
|
321 |
+
{
|
322 |
+
|
323 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
324 |
+
return FALSE;
|
325 |
+
|
326 |
+
|
327 |
+
add_filter('wph/ob_start_callback', array($this, 'remove_profile_tag'));
|
328 |
+
|
329 |
+
}
|
330 |
+
|
331 |
+
function remove_profile_tag( $buffer )
|
332 |
+
{
|
333 |
+
|
334 |
+
if(is_admin())
|
335 |
+
return $buffer;
|
336 |
+
|
337 |
+
$buffer = preg_replace('/(<link.*?rel=("|\')profile("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')profile("|\')(.*?)?\/?>)/i', "", $buffer);
|
338 |
+
|
339 |
+
return $buffer;
|
340 |
+
|
341 |
+
|
342 |
+
}
|
343 |
+
|
344 |
+
|
345 |
+
function _init_remove_canonical($saved_field_data)
|
346 |
+
{
|
347 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
348 |
+
return FALSE;
|
349 |
+
|
350 |
+
remove_action( 'wp_head', 'rel_canonical');
|
351 |
+
|
352 |
+
//use the earlier possible action to remove the admin canonical url
|
353 |
+
add_action( 'auth_redirect', array(&$this, 'remove_wp_admin_canonical_url'));
|
354 |
+
|
355 |
+
//make sure is removed if placed by other plugins
|
356 |
+
add_filter('wph/ob_start_callback', array($this, 'remove_canonical_tag'));
|
357 |
+
}
|
358 |
+
|
359 |
+
function remove_wp_admin_canonical_url()
|
360 |
+
{
|
361 |
+
|
362 |
+
remove_action( 'admin_head', 'wp_admin_canonical_url' );
|
363 |
+
|
364 |
+
}
|
365 |
+
|
366 |
+
|
367 |
+
function cds_callback($matches)
|
368 |
+
{
|
369 |
+
return '123456';
|
370 |
+
}
|
371 |
+
|
372 |
+
|
373 |
+
function remove_canonical_tag( $buffer )
|
374 |
+
{
|
375 |
+
|
376 |
+
if(is_admin())
|
377 |
+
return $buffer;
|
378 |
+
|
379 |
+
$buffer = preg_replace('/(<link.*?rel=("|\')canonical("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')canonical("|\')(.*?)?\/?>)/i', "", $buffer);
|
380 |
+
|
381 |
+
return $buffer;
|
382 |
+
|
383 |
+
}
|
384 |
+
|
385 |
+
|
386 |
+
}
|
387 |
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
388 |
?>
|
modules/components/general-styles.php
CHANGED
@@ -104,38 +104,26 @@
|
|
104 |
*/
|
105 |
function ob_start_callback_remove_id($buffer)
|
106 |
{
|
107 |
-
if ( ! class_exists( 'DOMDocument', false ) )
|
108 |
-
return $buffer;
|
109 |
-
|
110 |
-
$doc = new DOMDocument();
|
111 |
-
$doc->preserveWhiteSpace = true;
|
112 |
-
|
113 |
-
if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
|
114 |
-
return $buffer;
|
115 |
|
116 |
-
$
|
117 |
-
|
118 |
-
|
119 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
120 |
|
121 |
-
$
|
122 |
-
|
123 |
-
return $buffer;
|
124 |
|
125 |
-
|
126 |
-
{
|
127 |
-
$node->removeAttribute('id');
|
128 |
-
}
|
129 |
|
130 |
-
$
|
131 |
|
132 |
-
$buffer = $doc->saveHTML( );
|
133 |
-
|
134 |
-
return $buffer;
|
135 |
-
|
136 |
}
|
137 |
-
|
138 |
-
|
139 |
|
140 |
|
141 |
}
|
104 |
*/
|
105 |
function ob_start_callback_remove_id($buffer)
|
106 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
107 |
|
108 |
+
$buffer = preg_replace_callback('/(<link.*?rel=("|\')stylesheet("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')stylesheet("|\')(.*?)?\/?>)/i', array($this, "remove_id_preg_replace_callback"), $buffer);
|
109 |
+
|
110 |
+
return $buffer;
|
111 |
+
|
112 |
+
}
|
113 |
+
|
114 |
+
|
115 |
+
function remove_id_preg_replace_callback( $matches )
|
116 |
+
{
|
117 |
+
$found = isset($matches[0]) ? $matches[0] : '';
|
118 |
|
119 |
+
if(empty($found))
|
120 |
+
return '';
|
|
|
121 |
|
122 |
+
$found = preg_replace( '/(id=("|\')(.*?)("|\') )/i', "", $found );
|
|
|
|
|
|
|
123 |
|
124 |
+
return $found;
|
125 |
|
|
|
|
|
|
|
|
|
126 |
}
|
|
|
|
|
127 |
|
128 |
|
129 |
}
|
modules/components/rewrite-new_plugin_path.php
CHANGED
@@ -106,7 +106,7 @@
|
|
106 |
//add replacement
|
107 |
$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
|
108 |
$replace_url = trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory;
|
109 |
-
$replacement_url = trailingslashit(
|
110 |
$this->wph->functions->add_replacement( $replace_url, $replacement_url);
|
111 |
|
112 |
}
|
@@ -117,7 +117,7 @@
|
|
117 |
|
118 |
//add default plugin path replacement
|
119 |
$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
|
120 |
-
$new_plugin_path = trailingslashit(
|
121 |
$this->wph->functions->add_replacement( WP_PLUGIN_URL, $new_plugin_path );
|
122 |
|
123 |
return TRUE;
|
106 |
//add replacement
|
107 |
$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
|
108 |
$replace_url = trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory;
|
109 |
+
$replacement_url = trailingslashit( home_url() ) . $plugin_custom_path;
|
110 |
$this->wph->functions->add_replacement( $replace_url, $replacement_url);
|
111 |
|
112 |
}
|
117 |
|
118 |
//add default plugin path replacement
|
119 |
$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
|
120 |
+
$new_plugin_path = trailingslashit( home_url() ) . untrailingslashit( $new_plugin_path );
|
121 |
$this->wph->functions->add_replacement( WP_PLUGIN_URL, $new_plugin_path );
|
122 |
|
123 |
return TRUE;
|
modules/components/rewrite-new_theme_path.php
CHANGED
@@ -15,7 +15,7 @@
|
|
15 |
'id' => 'new_theme_path',
|
16 |
'label' => __('New Theme Path', 'wp-hide-security-enhancer'),
|
17 |
'description' => __('The default theme path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' ,$this->wph->default_variables['template_url']) .'</strong>
|
18 |
-
'. __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/documentation/
|
19 |
|
20 |
'value_description' => __('e.g. my_template', 'wp-hide-security-enhancer'),
|
21 |
'input_type' => 'text',
|
@@ -160,7 +160,7 @@
|
|
160 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
161 |
|
162 |
//add replacement url
|
163 |
-
$this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['template_url']), trailingslashit(
|
164 |
|
165 |
}
|
166 |
|
@@ -301,7 +301,7 @@
|
|
301 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
302 |
|
303 |
//add replacement url
|
304 |
-
$this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['stylesheet_uri'] ) , trailingslashit(
|
305 |
|
306 |
}
|
307 |
|
@@ -357,7 +357,7 @@
|
|
357 |
|
358 |
if(!empty($new_theme_path))
|
359 |
{
|
360 |
-
$new_style_file_path = trailingslashit(
|
361 |
$this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
|
362 |
}
|
363 |
else
|
@@ -532,7 +532,7 @@
|
|
532 |
|
533 |
if(!empty($new_theme_path))
|
534 |
{
|
535 |
-
$new_style_file_path = trailingslashit(
|
536 |
$this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
|
537 |
}
|
538 |
else
|
@@ -579,7 +579,7 @@
|
|
579 |
}
|
580 |
else
|
581 |
{
|
582 |
-
$template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['
|
583 |
$path .= trailingslashit($template_relative_url) . $saved_field_data;
|
584 |
}
|
585 |
|
@@ -630,7 +630,7 @@
|
|
630 |
}
|
631 |
else
|
632 |
{
|
633 |
-
$template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['
|
634 |
$path .= trailingslashit($template_relative_url) . $new_style_file_path;
|
635 |
}
|
636 |
}
|
15 |
'id' => 'new_theme_path',
|
16 |
'label' => __('New Theme Path', 'wp-hide-security-enhancer'),
|
17 |
'description' => __('The default theme path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' ,$this->wph->default_variables['template_url']) .'</strong>
|
18 |
+
'. __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/documentation/rewrite-theme/" target="_blank">Link</a>',
|
19 |
|
20 |
'value_description' => __('e.g. my_template', 'wp-hide-security-enhancer'),
|
21 |
'input_type' => 'text',
|
160 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
161 |
|
162 |
//add replacement url
|
163 |
+
$this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['template_url']), trailingslashit( home_url() ) . $saved_field_data );
|
164 |
|
165 |
}
|
166 |
|
301 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
302 |
|
303 |
//add replacement url
|
304 |
+
$this->wph->functions->add_replacement( untrailingslashit( $this->wph->default_variables['stylesheet_uri'] ) , trailingslashit( home_url() ) . untrailingslashit( $saved_field_data ) );
|
305 |
|
306 |
}
|
307 |
|
357 |
|
358 |
if(!empty($new_theme_path))
|
359 |
{
|
360 |
+
$new_style_file_path = trailingslashit( home_url() ) . trailingslashit($new_theme_path) . $saved_field_data;
|
361 |
$this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
|
362 |
}
|
363 |
else
|
532 |
|
533 |
if(!empty($new_theme_path))
|
534 |
{
|
535 |
+
$new_style_file_path = trailingslashit( home_url() ) . trailingslashit($new_theme_path) . $saved_field_data;
|
536 |
$this->wph->functions->add_replacement( $old_style_file_path , $new_style_file_path );
|
537 |
}
|
538 |
else
|
579 |
}
|
580 |
else
|
581 |
{
|
582 |
+
$template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['stylesheet_uri']);
|
583 |
$path .= trailingslashit($template_relative_url) . $saved_field_data;
|
584 |
}
|
585 |
|
630 |
}
|
631 |
else
|
632 |
{
|
633 |
+
$template_relative_url = $this->wph->functions->get_url_path_relative_to_domain_root($this->wph->default_variables['stylesheet_uri']);
|
634 |
$path .= trailingslashit($template_relative_url) . $new_style_file_path;
|
635 |
}
|
636 |
}
|
modules/components/rewrite-new_xml-rpc-path.php
CHANGED
@@ -167,37 +167,9 @@
|
|
167 |
|
168 |
function remove_xml_rpc_tag( $buffer )
|
169 |
{
|
170 |
-
if(is_admin())
|
171 |
-
return $buffer;
|
172 |
|
173 |
-
|
174 |
-
return $buffer;
|
175 |
-
|
176 |
-
$doc = new DOMDocument();
|
177 |
-
$doc->preserveWhiteSpace = true;
|
178 |
-
|
179 |
-
if ( @$doc->loadHTML(mb_convert_encoding($buffer, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD) === false )
|
180 |
-
return $buffer;
|
181 |
-
|
182 |
-
$doc->encoding = 'UTF-8';
|
183 |
-
$doc->formatOutput = true;
|
184 |
-
|
185 |
-
$xpath = new DOMXPath($doc);
|
186 |
-
|
187 |
-
$nodes = $xpath->query('//link[@rel="pingback"]');
|
188 |
-
if($nodes->length < 1)
|
189 |
-
return $buffer;
|
190 |
-
|
191 |
-
foreach ($nodes as $node)
|
192 |
-
{
|
193 |
-
$parent = $node->parentNode;
|
194 |
-
$parent->removeChild($node);
|
195 |
-
}
|
196 |
-
|
197 |
-
$doc->normalizeDocument();
|
198 |
|
199 |
-
$buffer = $doc->saveHTML( );
|
200 |
-
|
201 |
return $buffer;
|
202 |
}
|
203 |
|
167 |
|
168 |
function remove_xml_rpc_tag( $buffer )
|
169 |
{
|
|
|
|
|
170 |
|
171 |
+
$buffer = preg_replace('/(<link.*?rel=("|\')pingback("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')pingback("|\')(.*?)?\/?>)/i', "", $buffer);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
172 |
|
|
|
|
|
173 |
return $buffer;
|
174 |
}
|
175 |
|
modules/components/rewrite-root-files.php
CHANGED
@@ -158,7 +158,7 @@
|
|
158 |
|
159 |
//add default plugin path replacement
|
160 |
$url = trailingslashit( site_url() ) . 'wp-comments-post.php';
|
161 |
-
$replacement = trailingslashit(
|
162 |
$this->wph->functions->add_replacement( $url , $replacement );
|
163 |
|
164 |
return TRUE;
|
@@ -202,16 +202,18 @@
|
|
202 |
if (empty( $new_wp_comments_post ))
|
203 |
return FALSE;
|
204 |
|
|
|
|
|
205 |
if($this->wph->server_htaccess_config === TRUE)
|
206 |
{
|
207 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
208 |
-
$text .= "RewriteRule ^
|
209 |
}
|
210 |
|
211 |
if($this->wph->server_web_config === TRUE)
|
212 |
$text = '
|
213 |
<rule name="wph-block_wp_comments_post_url" stopProcessing="true">
|
214 |
-
<match url="^
|
215 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
216 |
</rule>
|
217 |
';
|
@@ -230,17 +232,19 @@
|
|
230 |
|
231 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
232 |
return FALSE;
|
|
|
|
|
233 |
|
234 |
if($this->wph->server_htaccess_config === TRUE)
|
235 |
{
|
236 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
237 |
-
$text .= "RewriteRule ^
|
238 |
}
|
239 |
|
240 |
if($this->wph->server_web_config === TRUE)
|
241 |
$text = '
|
242 |
<rule name="wph-block_license_txt" stopProcessing="true">
|
243 |
-
<match url="^
|
244 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
245 |
</rule>
|
246 |
';
|
@@ -259,16 +263,18 @@
|
|
259 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
260 |
return FALSE;
|
261 |
|
|
|
|
|
262 |
if($this->wph->server_htaccess_config === TRUE)
|
263 |
{
|
264 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
265 |
-
$text .= "RewriteRule ^
|
266 |
}
|
267 |
|
268 |
if($this->wph->server_web_config === TRUE)
|
269 |
$text = '
|
270 |
<rule name="wph-block_readme_html" stopProcessing="true">
|
271 |
-
<match url="^
|
272 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
273 |
</rule>
|
274 |
';
|
@@ -287,16 +293,18 @@
|
|
287 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
288 |
return FALSE;
|
289 |
|
|
|
|
|
290 |
if($this->wph->server_htaccess_config === TRUE)
|
291 |
{
|
292 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
293 |
-
$text .= "RewriteRule ^
|
294 |
}
|
295 |
|
296 |
if($this->wph->server_web_config === TRUE)
|
297 |
$text = '
|
298 |
<rule name="wph-block_wp_activate_php" stopProcessing="true">
|
299 |
-
<match url="^
|
300 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
301 |
</rule>
|
302 |
';
|
@@ -316,16 +324,18 @@
|
|
316 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
317 |
return FALSE;
|
318 |
|
|
|
|
|
319 |
if($this->wph->server_htaccess_config === TRUE)
|
320 |
{
|
321 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
322 |
-
$text .= "RewriteRule ^
|
323 |
}
|
324 |
|
325 |
if($this->wph->server_web_config === TRUE)
|
326 |
$text = '
|
327 |
<rule name="wph-block_wp_cron_php" stopProcessing="true">
|
328 |
-
<match url="^
|
329 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
330 |
</rule>
|
331 |
';
|
@@ -344,16 +354,18 @@
|
|
344 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
345 |
return $processing_response;
|
346 |
|
|
|
|
|
347 |
if($this->wph->server_htaccess_config === TRUE)
|
348 |
{
|
349 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
350 |
-
$text .= "RewriteRule ^
|
351 |
}
|
352 |
|
353 |
if($this->wph->server_web_config === TRUE)
|
354 |
$text = '
|
355 |
<rule name="wph-block_default_wp_signup_php" stopProcessing="true">
|
356 |
-
<match url="^
|
357 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
358 |
</rule>
|
359 |
';
|
@@ -370,6 +382,8 @@
|
|
370 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
371 |
return $processing_response;
|
372 |
|
|
|
|
|
373 |
if($this->wph->server_htaccess_config === TRUE)
|
374 |
{
|
375 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
@@ -381,13 +395,13 @@
|
|
381 |
$text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
|
382 |
$text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
|
383 |
|
384 |
-
$text .= "RewriteRule ^wp-([a-z-])+.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
385 |
}
|
386 |
|
387 |
if($this->wph->server_web_config === TRUE)
|
388 |
$text = '
|
389 |
<rule name="wph-block_other_wp_files" stopProcessing="true">
|
390 |
-
<match url="^wp-([a-z-])+.php" />
|
391 |
<conditions>
|
392 |
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="true" />
|
393 |
<add input="{REQUEST_FILENAME}" pattern="wp-activate.php" ignoreCase="true" negate="true" />
|
158 |
|
159 |
//add default plugin path replacement
|
160 |
$url = trailingslashit( site_url() ) . 'wp-comments-post.php';
|
161 |
+
$replacement = trailingslashit( home_url() ) . $saved_field_data;
|
162 |
$this->wph->functions->add_replacement( $url , $replacement );
|
163 |
|
164 |
return TRUE;
|
202 |
if (empty( $new_wp_comments_post ))
|
203 |
return FALSE;
|
204 |
|
205 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-comments-post.php' : 'wp-comments-post.php';
|
206 |
+
|
207 |
if($this->wph->server_htaccess_config === TRUE)
|
208 |
{
|
209 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
210 |
+
$text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
211 |
}
|
212 |
|
213 |
if($this->wph->server_web_config === TRUE)
|
214 |
$text = '
|
215 |
<rule name="wph-block_wp_comments_post_url" stopProcessing="true">
|
216 |
+
<match url="^' . $rewrite_file_base . '" />
|
217 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
218 |
</rule>
|
219 |
';
|
232 |
|
233 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
234 |
return FALSE;
|
235 |
+
|
236 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'license.txt' : 'license.txt';
|
237 |
|
238 |
if($this->wph->server_htaccess_config === TRUE)
|
239 |
{
|
240 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
241 |
+
$text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
242 |
}
|
243 |
|
244 |
if($this->wph->server_web_config === TRUE)
|
245 |
$text = '
|
246 |
<rule name="wph-block_license_txt" stopProcessing="true">
|
247 |
+
<match url="^' . $rewrite_file_base . '" />
|
248 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
249 |
</rule>
|
250 |
';
|
263 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
264 |
return FALSE;
|
265 |
|
266 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'readme.html' : 'readme.html';
|
267 |
+
|
268 |
if($this->wph->server_htaccess_config === TRUE)
|
269 |
{
|
270 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
271 |
+
$text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
272 |
}
|
273 |
|
274 |
if($this->wph->server_web_config === TRUE)
|
275 |
$text = '
|
276 |
<rule name="wph-block_readme_html" stopProcessing="true">
|
277 |
+
<match url="^' . $rewrite_file_base . '" />
|
278 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
279 |
</rule>
|
280 |
';
|
293 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
294 |
return FALSE;
|
295 |
|
296 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-activate.php' : 'wp-activate.php';
|
297 |
+
|
298 |
if($this->wph->server_htaccess_config === TRUE)
|
299 |
{
|
300 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
301 |
+
$text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
302 |
}
|
303 |
|
304 |
if($this->wph->server_web_config === TRUE)
|
305 |
$text = '
|
306 |
<rule name="wph-block_wp_activate_php" stopProcessing="true">
|
307 |
+
<match url="^' . $rewrite_file_base . '" />
|
308 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
309 |
</rule>
|
310 |
';
|
324 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
325 |
return FALSE;
|
326 |
|
327 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-cron.php' : 'wp-cron.php';
|
328 |
+
|
329 |
if($this->wph->server_htaccess_config === TRUE)
|
330 |
{
|
331 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
332 |
+
$text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
333 |
}
|
334 |
|
335 |
if($this->wph->server_web_config === TRUE)
|
336 |
$text = '
|
337 |
<rule name="wph-block_wp_cron_php" stopProcessing="true">
|
338 |
+
<match url="^' . $rewrite_file_base . '" />
|
339 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
340 |
</rule>
|
341 |
';
|
354 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
355 |
return $processing_response;
|
356 |
|
357 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-signup.php' : 'wp-signup.php';
|
358 |
+
|
359 |
if($this->wph->server_htaccess_config === TRUE)
|
360 |
{
|
361 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
362 |
+
$text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
363 |
}
|
364 |
|
365 |
if($this->wph->server_web_config === TRUE)
|
366 |
$text = '
|
367 |
<rule name="wph-block_default_wp_signup_php" stopProcessing="true">
|
368 |
+
<match url="^' . $rewrite_file_base . '" />
|
369 |
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php" />
|
370 |
</rule>
|
371 |
';
|
382 |
if(empty($saved_field_data) || $saved_field_data == 'no')
|
383 |
return $processing_response;
|
384 |
|
385 |
+
$rewrite_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) : '';
|
386 |
+
|
387 |
if($this->wph->server_htaccess_config === TRUE)
|
388 |
{
|
389 |
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
395 |
$text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
|
396 |
$text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
|
397 |
|
398 |
+
$text .= "RewriteRule ^" . $rewrite_base . "wp-([a-z-])+.php ". $this->wph->default_variables['site_relative_path'] ."index.php [L]";
|
399 |
}
|
400 |
|
401 |
if($this->wph->server_web_config === TRUE)
|
402 |
$text = '
|
403 |
<rule name="wph-block_other_wp_files" stopProcessing="true">
|
404 |
+
<match url="^'. $rewrite_base .'wp-([a-z-])+.php" />
|
405 |
<conditions>
|
406 |
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="true" />
|
407 |
<add input="{REQUEST_FILENAME}" pattern="wp-activate.php" ignoreCase="true" negate="true" />
|
modules/components/rewrite-wp_content_path.php
CHANGED
@@ -53,7 +53,7 @@
|
|
53 |
|
54 |
//add default plugin path replacement
|
55 |
$new_content_path = trailingslashit( site_url() ) . untrailingslashit( $saved_field_data );
|
56 |
-
$this->wph->functions->add_replacement( trailingslashit(
|
57 |
|
58 |
return TRUE;
|
59 |
}
|
53 |
|
54 |
//add default plugin path replacement
|
55 |
$new_content_path = trailingslashit( site_url() ) . untrailingslashit( $saved_field_data );
|
56 |
+
$this->wph->functions->add_replacement( trailingslashit( home_url() ) . $content_directory , $new_content_path );
|
57 |
|
58 |
return TRUE;
|
59 |
}
|
readme.txt
CHANGED
@@ -1,438 +1,320 @@
|
|
1 |
-
=== Plugin Name ===
|
2 |
-
Contributors: nsp-code
|
3 |
-
Donate link: http://www.nsp-code.com/donate.php
|
4 |
-
Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
|
5 |
-
Requires at least: 2.8
|
6 |
-
Tested up to: 4.6.1
|
7 |
-
Stable tag: 1.3.
|
8 |
-
License: GPLv2 or later
|
9 |
-
|
10 |
-
Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
11 |
-
|
12 |
-
== Description ==
|
13 |
-
|
14 |
-
The **easy way to completely hide your WordPress** core files, theme and plugins path from being show on front side. This is a huge improvement over Site Security, no one will know you actually run a WordPress. Provide a simple way to clean up html by removing all WordPress fingerprints.
|
15 |
-
|
16 |
-
Change the default WordPress login urls from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. Totally invisible !!
|
17 |
-
|
18 |
-
[vimeo http://vimeo.com/185046480]
|
19 |
-
|
20 |
-
When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So you may want to check again later, or try a different inner url, homepage url usage is not mandatory.
|
21 |
-
|
22 |
-
Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes makes the vulnerable spot of every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
|
23 |
-
Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
|
24 |
-
Over 99,9% of hacked WordPress websites are target of automated malware scripts, who search for certain WordPress fingerprints. This plugin hide or replace those traces, making the hacking boots attacks useless.
|
25 |
-
|
26 |
-
Works fine with custom WordPress directory structures e.g. custom plugins, themes, uplaods folder.
|
27 |
-
|
28 |
-
Once configured, you need to **clear server cache data and/or any cache plugins** (e.g. W3 Cache), for a new html data to be created. If use CDN this should be cache clear as well.
|
29 |
-
|
30 |
-
**
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
* Custom
|
36 |
-
* Block default
|
37 |
-
* Block
|
38 |
-
*
|
39 |
-
*
|
40 |
-
*
|
41 |
-
*
|
42 |
-
*
|
43 |
-
*
|
44 |
-
*
|
45 |
-
*
|
46 |
-
*
|
47 |
-
* Custom
|
48 |
-
*
|
49 |
-
* Block
|
50 |
-
*
|
51 |
-
*
|
52 |
-
*
|
53 |
-
*
|
54 |
-
*
|
55 |
-
* Remove
|
56 |
-
*
|
57 |
-
*
|
58 |
-
* Remove
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
*
|
78 |
-
*
|
79 |
-
*
|
80 |
-
|
81 |
-
|
82 |
-
|
83 |
-
|
84 |
-
|
85 |
-
|
86 |
-
|
87 |
-
|
88 |
-
|
89 |
-
|
90 |
-
|
91 |
-
|
92 |
-
|
93 |
-
|
94 |
-
|
95 |
-
|
96 |
-
*
|
97 |
-
|
98 |
-
|
99 |
-
|
100 |
-
|
101 |
-
|
102 |
-
|
103 |
-
|
104 |
-
|
105 |
-
|
106 |
-
|
107 |
-
|
108 |
-
*
|
109 |
-
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
|
115 |
-
* Disable
|
116 |
-
* Disable JSON REST
|
117 |
-
*
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
-
|
124 |
-
*
|
125 |
-
* Block wp-
|
126 |
-
* Block
|
127 |
-
* Block
|
128 |
-
* Block
|
129 |
-
|
130 |
-
|
131 |
-
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
* Remove
|
141 |
-
* Remove
|
142 |
-
*
|
143 |
-
* Remove
|
144 |
-
* Remove
|
145 |
-
*
|
146 |
-
* Remove
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
|
153 |
-
|
154 |
-
|
155 |
-
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
|
160 |
-
|
161 |
-
|
162 |
-
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
|
167 |
-
|
168 |
-
|
169 |
-
|
170 |
-
|
171 |
-
|
172 |
-
|
173 |
-
|
174 |
-
|
175 |
-
|
176 |
-
* Remove
|
177 |
-
* Remove general classes from
|
178 |
-
* Remove
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
|
186 |
-
|
187 |
-
|
188 |
-
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
|
196 |
-
|
197 |
-
<br />
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
*
|
215 |
-
|
216 |
-
*
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
*
|
239 |
-
*
|
240 |
-
*
|
241 |
-
*
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
*
|
246 |
-
|
247 |
-
|
248 |
-
*
|
249 |
-
*
|
250 |
-
*
|
251 |
-
*
|
252 |
-
|
253 |
-
|
254 |
-
*
|
255 |
-
*
|
256 |
-
*
|
257 |
-
*
|
258 |
-
*
|
259 |
-
*
|
260 |
-
|
261 |
-
|
262 |
-
*
|
263 |
-
|
264 |
-
|
265 |
-
*
|
266 |
-
*
|
267 |
-
*
|
268 |
-
*
|
269 |
-
*
|
270 |
-
|
271 |
-
|
272 |
-
*
|
273 |
-
|
274 |
-
|
275 |
-
*
|
276 |
-
*
|
277 |
-
*
|
278 |
-
*
|
279 |
-
*
|
280 |
-
*
|
281 |
-
|
282 |
-
|
283 |
-
*
|
284 |
-
*
|
285 |
-
*
|
286 |
-
*
|
287 |
-
*
|
288 |
-
*
|
289 |
-
*
|
290 |
-
* Updated PO / MO translation files
|
291 |
-
|
292 |
-
|
293 |
-
*
|
294 |
-
*
|
295 |
-
*
|
296 |
-
*
|
297 |
-
*
|
298 |
-
*
|
299 |
-
|
300 |
-
|
301 |
-
*
|
302 |
-
|
303 |
-
|
304 |
-
*
|
305 |
-
|
306 |
-
|
307 |
-
*
|
308 |
-
*
|
309 |
-
|
310 |
-
|
311 |
-
|
312 |
-
|
313 |
-
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
320 |
-
* Moved the Disable XML-RPC authentication within Rewrite -> XML-RPC
|
321 |
-
* HTML Comments strip out will trigger only on front side, no need for admin
|
322 |
-
* wp-cron.php block / allow access new setting
|
323 |
-
* New style file name now include default / new theme path to avoid 404 resource loading when using internally relative urls.
|
324 |
-
* Modules Menu order fix
|
325 |
-
* Writable check notification improvements for htaccess / web.config file
|
326 |
-
* Alternative request headers when apache_response_headers for LEMP / PHP-FPM
|
327 |
-
* IIS windows server type compatibility
|
328 |
-
* Rewrite rules for IIS servers with web.config set-up
|
329 |
-
* apache_response_headers and headers_list PHP functions check if available within the server
|
330 |
-
* Code Version add and updater class structure update
|
331 |
-
* WriteCheckString check fix when .htaccess not exists
|
332 |
-
* Remove description header from Style file
|
333 |
-
* Router Engine - files post-processing
|
334 |
-
* Separate theme, style, style proxy setting for parent and child
|
335 |
-
|
336 |
-
= 1.2.9 =
|
337 |
-
* Load plugin styles and scripts only when one of plugin admin menus
|
338 |
-
* Use default_value when input field is empty
|
339 |
-
* Reset All Settings button for reverting all options to default
|
340 |
-
* Fix - double slash in plugin path when usee plugins_url filter
|
341 |
-
* Individual plugins path processing before general plugin path
|
342 |
-
* New component - URL Slash
|
343 |
-
* Update - New Style File Path - apply when theme path already changed
|
344 |
-
* Fix: Plugins path module, check if $path variable is not "/" instead empty
|
345 |
-
* Default add backslash rule rule, check if not redirect to prevent infinite loops
|
346 |
-
|
347 |
-
= 1.2.6 =
|
348 |
-
* New Component - HTML Comments replace
|
349 |
-
* New Component - Headers
|
350 |
-
* Conflict Handle with W3 Cache plugin when pagecache is active
|
351 |
-
* W3 Cache plugin buffer use when active
|
352 |
-
* Show notice when rules could not be delivered to htaccess file
|
353 |
-
* Disable include filters and leave the buffering urls replacements to allow other plug ins to use default urls for compatibility purpose(e.g. W3-Cache Minify)
|
354 |
-
* Fix: plugin folder / textdomain change
|
355 |
-
* Early Buffering start, before any other code
|
356 |
-
* Recovery link code functionality improvements
|
357 |
-
* New wp-comments-post.php Path
|
358 |
-
* Fix: Decrease the processing order index for wp-content module to allow others to run earlier than wp-content
|
359 |
-
* Add mod_rewrite rules monitor system
|
360 |
-
* Check if the mod_rewrite rules where successfully written to .htaccess file or disable any component run
|
361 |
-
|
362 |
-
= 1.2.2 =
|
363 |
-
* New Content Path
|
364 |
-
* New Component : Root Files
|
365 |
-
* Block license.txt
|
366 |
-
* Block readme.html
|
367 |
-
* Block wp-activate.php
|
368 |
-
* Block wp-signup.php
|
369 |
-
* Block other wp-*.php files
|
370 |
-
* licence.txt and readme.html block
|
371 |
-
* PO translations update
|
372 |
-
|
373 |
-
= 1.2 =
|
374 |
-
* New Feature Change individual plugin url path
|
375 |
-
* Admin layout improvments
|
376 |
-
* Fix for Admin canonical filter remove if remove canonical option set
|
377 |
-
* PO translations update
|
378 |
-
* Translation
|
379 |
-
|
380 |
-
= 1.1.7 =
|
381 |
-
* Remove profile link meta tag within head.
|
382 |
-
* Remove canonical link meta tag within head
|
383 |
-
* New XML-RPC Path
|
384 |
-
* Block default xmlrpc.php
|
385 |
-
* Remove pingback tag
|
386 |
-
* Recovery link for default wp-login.php and admin urls
|
387 |
-
* Css changes and warning messages update
|
388 |
-
* PO translations update
|
389 |
-
* TinyMCE emojicons callback fix
|
390 |
-
|
391 |
-
= 1.1.2 =
|
392 |
-
* Add a custom url for login_url filter
|
393 |
-
* Better description and warning for wp-login.php change
|
394 |
-
* Add default replacement for uploads
|
395 |
-
* conflict handle - Security Firewall (WordPress Security Firewall) > Login Protection > Rename WP Login Page functionality
|
396 |
-
* wp-includes block when not logged-in
|
397 |
-
* wp-content block when not logged-in
|
398 |
-
* readme update
|
399 |
-
|
400 |
-
= 1.1 =
|
401 |
-
* Po / Mo localisation files update
|
402 |
-
* Update class to process the further structure changes and current components fields name change.
|
403 |
-
* New Component : Wp-content folder access block
|
404 |
-
* New Component : Block default wp-signup.php file from being accesible.
|
405 |
-
* Fix: New admin url save when permalinks disable. keep on default admin url instead redirect.
|
406 |
-
* Rewrite Default mod_rewrite code, append slashes to all urls to avoid actual directory reveal
|
407 |
-
* Send e-mail notification when admin e-mail change, to prevent url forget / lose
|
408 |
-
* New Component Disable Emoji
|
409 |
-
* New Component Disable TinyMC Emoji
|
410 |
-
* Structure change on the modules, split into chunks called components
|
411 |
-
* Code Clean-up
|
412 |
-
* Set processing order for component settings to allow mod_rewrite rules placement at certain position related to another line
|
413 |
-
* Improved Template dir when child theme is active
|
414 |
-
* Allow parent theme / child theme rewrite
|
415 |
-
* mod_rewrite change for 404 error, set for WordPress internal 404 error page instead default server
|
416 |
-
|
417 |
-
= 1.0.4 =
|
418 |
-
* Text Domain fix from wp-hide to wp-hide-security-enhancer
|
419 |
-
|
420 |
-
= 1.0.3 =
|
421 |
-
* Certain sections improvments and code redo
|
422 |
-
* Admin module cleanup
|
423 |
-
* removed block for wp-include
|
424 |
-
* Removed router functionality
|
425 |
-
* Created Change relative urls within load-style block, load the tyles on a separate file to change the links
|
426 |
-
|
427 |
-
= 1.0 =
|
428 |
-
* Initial release.
|
429 |
-
|
430 |
-
== Upgrade Notice ==
|
431 |
-
|
432 |
-
Always keep plugin up to date.
|
433 |
-
|
434 |
-
|
435 |
-
== Localization ==
|
436 |
-
Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
|
437 |
-
|
438 |
Please help by promoting this plugin with an article on your site or any other place. If you liked this code or helped on your your project, consider to leave a 5 star review on this board.
|
1 |
+
=== Plugin Name ===
|
2 |
+
Contributors: nsp-code, tdgu
|
3 |
+
Donate link: http://www.nsp-code.com/donate.php
|
4 |
+
Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
|
5 |
+
Requires at least: 2.8
|
6 |
+
Tested up to: 4.6.1
|
7 |
+
Stable tag: 1.3.7
|
8 |
+
License: GPLv2 or later
|
9 |
+
|
10 |
+
Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
11 |
+
|
12 |
+
== Description ==
|
13 |
+
|
14 |
+
The **easy way to completely hide your WordPress** core files, theme and plugins path from being show on front side. This is a huge improvement over Site Security, no one will know you actually run a WordPress. Provide a simple way to clean up html by removing all WordPress fingerprints.
|
15 |
+
|
16 |
+
Change the default WordPress login urls from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. Totally invisible !!
|
17 |
+
|
18 |
+
[vimeo http://vimeo.com/185046480]
|
19 |
+
|
20 |
+
When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So you may want to check again later, or try a different inner url, homepage url usage is not mandatory.
|
21 |
+
|
22 |
+
Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes makes the vulnerable spot of every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
|
23 |
+
Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
|
24 |
+
Over 99,9% of hacked WordPress websites are target of automated malware scripts, who search for certain WordPress fingerprints. This plugin hide or replace those traces, making the hacking boots attacks useless.
|
25 |
+
|
26 |
+
Works fine with custom WordPress directory structures e.g. custom plugins, themes, uplaods folder.
|
27 |
+
|
28 |
+
Once configured, you need to **clear server cache data and/or any cache plugins** (e.g. W3 Cache), for a new html data to be created. If use CDN this should be cache clear as well.
|
29 |
+
|
30 |
+
**Sample usage**
|
31 |
+
[vimeo https://vimeo.com/192011678]
|
32 |
+
|
33 |
+
**Main plugin functionality:**
|
34 |
+
|
35 |
+
* Custom Admin Url
|
36 |
+
* Block default admin Url
|
37 |
+
* Block any direct folder access to completely hide the structure
|
38 |
+
* Custom wp-login.php filename
|
39 |
+
* Block default wp-login.php
|
40 |
+
* Block default wp-signup.php
|
41 |
+
* Block XML-RPC API
|
42 |
+
* New XML-RPC path
|
43 |
+
* Adjustable theme url
|
44 |
+
* New child Theme url
|
45 |
+
* Change theme style file name
|
46 |
+
* Clean any headers for theme style file
|
47 |
+
* Custom wp-include
|
48 |
+
* Block default wp-include paths
|
49 |
+
* Block defalt wp-content
|
50 |
+
* Custom plugins urls
|
51 |
+
* Individual plugin url change
|
52 |
+
* Block default plugins paths
|
53 |
+
* New upload url
|
54 |
+
* Block default upload urls
|
55 |
+
* Remove wordpress version
|
56 |
+
* Meta Generator block
|
57 |
+
* Disble the emoji and required javascript code
|
58 |
+
* Remove pingback tag
|
59 |
+
* Remove wlwmanifest Meta
|
60 |
+
* Remove rsd_link Meta
|
61 |
+
* Remove wpemoji
|
62 |
+
|
63 |
+
and many more.
|
64 |
+
|
65 |
+
**No other plugins functionality is being blocked or interfered in any way, everything will function the same**
|
66 |
+
|
67 |
+
This plugin allow to change default Admin Url's from **wp-login.php** and **wp-admin** to something else. All original links return default theme 404 Not Found page, like nothing exists there. Beside the huge security advantage, this save lots of server processing time by reducing php code and MySQL usage since brute-force attacks trigger wrong urls.
|
68 |
+
|
69 |
+
**Important:** Compared to all other similar plugins which mainly use redirects, this plugin return a default theme 404 error page for all **block url** functionality, so is not revealing at all the link existence.
|
70 |
+
|
71 |
+
Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.
|
72 |
+
|
73 |
+
= Plugin Sections =
|
74 |
+
|
75 |
+
**Rewrite > Theme**
|
76 |
+
|
77 |
+
* New Theme Path - Change default theme path
|
78 |
+
* New Style File Path - Change default style file name and path
|
79 |
+
* Remove description header from Style file - Replace any WordPress metadata informations (like theme name, version etc) from style file
|
80 |
+
* Child - New Theme Path - Change default child theme path
|
81 |
+
* Child - New Style File Path - Change child theme stylesheed file path and name
|
82 |
+
* Child - Remove description header from Style file - Replace any WordPress metadata informations (like theme name, version etc) from style file
|
83 |
+
|
84 |
+
**Rewrite > WP includes**
|
85 |
+
|
86 |
+
* New Includes Path - Change default wp-includes path / url
|
87 |
+
* Block wp-includes URL - Block default wp-includes url
|
88 |
+
|
89 |
+
**Rewrite > WP content**
|
90 |
+
|
91 |
+
* New Content Path - Change default wp-content path / url
|
92 |
+
* Block wp-content URL - Block default content url
|
93 |
+
|
94 |
+
**Rewrite > Plugins**
|
95 |
+
|
96 |
+
* New Plugins Path - Change default wp-content/plugins path / url
|
97 |
+
* Block plugins URL - Block default wp-content/plugins url
|
98 |
+
* New path / url for Every Active Plugin
|
99 |
+
* Custom path and name for any active plugins
|
100 |
+
|
101 |
+
**Rewrite > Uploads**
|
102 |
+
|
103 |
+
* New Uploads Path - Change default media files path / url
|
104 |
+
* Block uploads URL - Block default media files url
|
105 |
+
|
106 |
+
**Rewrite > XML-RPC**
|
107 |
+
|
108 |
+
* New XML-RPC Path - Change default XML-RPC path / url
|
109 |
+
* Block default xmlrpc.php - Block default XML-RPC url
|
110 |
+
* Disable XML-RPC authentication - Filter whether XML-RPC methods requiring authentication
|
111 |
+
* Remove pingback - Remove pingback link tag from theme
|
112 |
+
|
113 |
+
**Rewrite > JSON REST**
|
114 |
+
|
115 |
+
* Disable JSON REST V1 service - Disable an API service for WordPress which is active by default.
|
116 |
+
* Disable JSON REST V2 service - Disable an API service for WordPress which is active by default.
|
117 |
+
* Block any JSON REST calls - Any call for JSON REST API service will be blocked.
|
118 |
+
* Disable output the REST API link tag into page header
|
119 |
+
* Disable JSON REST WP RSD endpoint from XML-RPC responses
|
120 |
+
* Disable Sends a Link header for the REST API
|
121 |
+
|
122 |
+
**Rewrite > Root Files**
|
123 |
+
|
124 |
+
* New wp-comments-post.php Path
|
125 |
+
* Block wp-comments-post.php
|
126 |
+
* Block license.txt - Block access to license.txt root file
|
127 |
+
* Block readme.html - Block access to readme.html root file
|
128 |
+
* Block wp-activate.php - Block access to wp-activate.php file
|
129 |
+
* Block wp-cron.php - Block access to wp-cron.php file
|
130 |
+
* Block wp-signup.php - Block default wp-signup.php file
|
131 |
+
* Block other wp-*.php files - Block other wp-*.php files within WordPress Root
|
132 |
+
|
133 |
+
**Rewrite > URL Slash**
|
134 |
+
|
135 |
+
* URL's add Slash - Add a slash to any links without. This disguise any existing uppon a file, folder or a wrong url, they all be all slashed.
|
136 |
+
|
137 |
+
|
138 |
+
**General / Html > Meta**
|
139 |
+
|
140 |
+
* Remove WordPress Generator Meta
|
141 |
+
* Remove Other Generator Meta
|
142 |
+
* Remove Resource Hints
|
143 |
+
* Remove wlwmanifest Meta
|
144 |
+
* Remove feed_links Meta
|
145 |
+
* Disable output the REST API link tag into page header
|
146 |
+
* Remove rsd_link Meta
|
147 |
+
* Remove adjacent_posts_rel Meta
|
148 |
+
* Remove profile link
|
149 |
+
* Remove canonical link
|
150 |
+
|
151 |
+
**General / Html > Emoji**
|
152 |
+
|
153 |
+
* Disable Emoji
|
154 |
+
* Disable TinyMC Emoji
|
155 |
+
|
156 |
+
**General / Html > Styles**
|
157 |
+
|
158 |
+
* Remove Version
|
159 |
+
* Remove ID from link tags
|
160 |
+
|
161 |
+
**General / Html > Scripts**
|
162 |
+
|
163 |
+
* Remove Version
|
164 |
+
|
165 |
+
**General / Html > Oembed**
|
166 |
+
|
167 |
+
* Remove Oembed
|
168 |
+
|
169 |
+
**General / Html > Headers**
|
170 |
+
|
171 |
+
* Remove X-Powered-By Header
|
172 |
+
* Remove X-Pingback Header
|
173 |
+
|
174 |
+
**General / Html > HTML**
|
175 |
+
|
176 |
+
* Remove HTML Comments
|
177 |
+
* Remove general classes from body tag
|
178 |
+
* Remove ID from Menu items
|
179 |
+
* Remove class from Menu items
|
180 |
+
* Remove general classes from post
|
181 |
+
* Remove general classes from images
|
182 |
+
|
183 |
+
**Admin > wp-login.php**
|
184 |
+
|
185 |
+
* New wp-login.php - Map a new wp-login.php instead default
|
186 |
+
* Block default wp-login.php - Block default wp-login.php file from being accesible
|
187 |
+
|
188 |
+
**Admin > Admin URL**
|
189 |
+
|
190 |
+
* New Admin Url - Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
|
191 |
+
* Block default Admin Url - Block default admin url and files from being accesible
|
192 |
+
|
193 |
+
<br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.wp-hide.com">Contact</a> and we'll check it out.
|
194 |
+
|
195 |
+
<br />A website example can be found at <a target="_blank" href="http://nsp-code.com/demo/wp-hide/">http://nsp-code.com/demo/wp-hide/</a>
|
196 |
+
|
197 |
+
<br />Plugin homepage at <a target="_blank" href="http://www.wp-hide.com/">WordPress Hide and Security Enhancer</a>
|
198 |
+
|
199 |
+
<br />
|
200 |
+
<br />This plugin is developed by <a target="_blank" href="http://www.nsp-code.com">Nsp-Code</a>
|
201 |
+
|
202 |
+
== Installation ==
|
203 |
+
|
204 |
+
1. Upload the plugin files to the `/wp-content/plugins/wp-hide-security-enhancer` directory, or install the plugin through the WordPress plugins screen directly.
|
205 |
+
2. Activate the plugin through the 'Plugins' screen in WordPress.
|
206 |
+
3. Use the WP Hide menu screen to configure the plugin.
|
207 |
+
|
208 |
+
== Frequently Asked Questions ==
|
209 |
+
|
210 |
+
Feel free to contact us at electronice_delphi@yahoo.com
|
211 |
+
|
212 |
+
= Something is wrong, what can i do? =
|
213 |
+
|
214 |
+
* First, stay calm. There will be no harm, guaranteed :)
|
215 |
+
* Go to admin and change some of plugin options to see which one cause the problem. Then report it to forum or get in touch with us to fix it.
|
216 |
+
* If you can't login to admin, use the Recovery Link which has been sent to your e-mail. This will reset the login to default.
|
217 |
+
* If for some reason the site appear broken, you should back-up then **replace the .htaccess file** located on your WordPress root. Then **remove the wp-hide-security-enhancer** from your plugin directory.
|
218 |
+
|
219 |
+
* At this point the site should run as before. If for some reason still not working, you missed something, please get in touch with us at electronice_delphi@yahoo.com and we'll fix it for you in no time!
|
220 |
+
|
221 |
+
= I have no PHP knowledge at all, is this plugin for me? =
|
222 |
+
|
223 |
+
There's no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.
|
224 |
+
|
225 |
+
= I can't find a functionality that i'am looking for =
|
226 |
+
|
227 |
+
Please get in touch with us and we'll do our best to include it for a next version.
|
228 |
+
|
229 |
+
== Screenshots ==
|
230 |
+
|
231 |
+
1. Admin Interface.
|
232 |
+
2. Sample front html code.
|
233 |
+
|
234 |
+
== Changelog ==
|
235 |
+
|
236 |
+
= 1.3.7 =
|
237 |
+
* Sanitize Admin Url for not using extension (e.g. .php) as it confuse the server upon the headers to sent
|
238 |
+
* Fix: replacements links when using custom directory for WordPress core files
|
239 |
+
* Fix: child theme path fix when changing style filename
|
240 |
+
* New Theme Path - help resource link fix
|
241 |
+
* Changed from DOMDocument to preg_replace for better compatibility with themes and plugins
|
242 |
+
* Improved execution speed
|
243 |
+
|
244 |
+
= 1.3.6.3 =
|
245 |
+
* Fixed PHP Notice: Undefined variable: dom
|
246 |
+
|
247 |
+
= 1.3.6.2 =
|
248 |
+
* W3 Total Cache - Page Cache compatibility fix
|
249 |
+
* Canonical tag replacement improvements
|
250 |
+
* Pingback tag replacement improvements
|
251 |
+
* Fix custom Background Images for body on themes which support that feature
|
252 |
+
|
253 |
+
= 1.3.6 =
|
254 |
+
* Post-process on options interface save for unique slugs on any text inputs to prevent conflicts.
|
255 |
+
* Processing Order change for new_theme_child_path to occur before new_theme_path
|
256 |
+
* New COmponent General -> Oembed
|
257 |
+
* Remove Oembed tags from header
|
258 |
+
* Remove Remove Resource Hints tags from header
|
259 |
+
* rewrite rules update to match only non base, from (.*) to (.+)
|
260 |
+
* wph-throw-404 improvements
|
261 |
+
* BuddyPress conflict handle for uploaded gravatars
|
262 |
+
* Admin Style changes
|
263 |
+
* BuddyPress Conflict Class handler
|
264 |
+
* Separate WordPress meta Generator and Other Meta Generator
|
265 |
+
* Process Location value within sent Headers list if exists
|
266 |
+
* Replacements for https and http urls relative to domain
|
267 |
+
* Add replacements for relative paths to cover WordPress installs within a folder.
|
268 |
+
* Use untralingslashit when creating theme and child theme url replacements
|
269 |
+
* Fix for Call to a member function is_404() on a non-object within wp_redirect
|
270 |
+
|
271 |
+
= 1.3.5.1 =
|
272 |
+
* Fix the Remove general classes from images component when within admin dashboard
|
273 |
+
|
274 |
+
= 1.3.5 =
|
275 |
+
* New component element : Remove general classes from body tag
|
276 |
+
* New component element : Remove general classes from post
|
277 |
+
* New component element : Remove general classes from images
|
278 |
+
* New component: JSON REST
|
279 |
+
* Disable JSON REST V1 service
|
280 |
+
* Disable JSON REST V2 service
|
281 |
+
* Block any JSON REST calls
|
282 |
+
* Disable output the REST API link tag into page header
|
283 |
+
* Disable JSON REST WP RSD endpoint from XML-RPC responses
|
284 |
+
* Disable Sends a Link header for the REST API
|
285 |
+
* Improved Styles and Scripts version remove
|
286 |
+
* Speed improvements
|
287 |
+
* Set Last-Modified header attribute for routed files
|
288 |
+
* Moved the plugins custom paths from 'plugins_url' filter to class init to allow replacements to occur when HTML has been created.
|
289 |
+
* Removed 'admin_url' and 'wp_default_scripts' filters to allow replacement at the end, within the buffer
|
290 |
+
* Updated PO / MO translation files
|
291 |
+
|
292 |
+
= 1.3.4 =
|
293 |
+
* Improved replacement code for Uploads, when "Block uploads URL" is set for "No" it use default media urls within the admin editor, to ensure links are still functional if plugin is disabled.
|
294 |
+
* Priority (high, normal, low) for replacement urls
|
295 |
+
* Replacement Urls for gziped buffer
|
296 |
+
* Fix rule name for child_style_file_clean on web.config IIS
|
297 |
+
* bbPress Compatibility
|
298 |
+
* BuddyPress Compatibility
|
299 |
+
* Prevent replacements on wp_redirect filter if is_404()
|
300 |
+
* Updated PO / MO translation files
|
301 |
+
* Removed in line components filters which changed the urls, leave for end buffering to make all changes.
|
302 |
+
* Fix for mod_rewrite line on child theme when router is turned Off, append the default style.css filename
|
303 |
+
* Improvements for Templates default variables to match customized themes like Sage
|
304 |
+
* Compatibility fix for Super Cache plugin ob callback
|
305 |
+
* Add IfModule mod_env.c before set nSetEnv HTTP_MOD_REWRITE On to prevent server internal error in case mod_env module is not available
|
306 |
+
* Check for Empty $saved_field_data within new plugin path component, to avoid creating rewrite rule if empty and existent path
|
307 |
+
* Improved get_home_path()
|
308 |
+
* Replacements for Relative URL's
|
309 |
+
|
310 |
+
See full list of changelogs at http://www.wp-hide.com/plugin-changelogs/
|
311 |
+
|
312 |
+
== Upgrade Notice ==
|
313 |
+
|
314 |
+
Always keep plugin up to date.
|
315 |
+
|
316 |
+
|
317 |
+
== Localization ==
|
318 |
+
Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
|
319 |
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
320 |
Please help by promoting this plugin with an article on your site or any other place. If you liked this code or helped on your your project, consider to leave a 5 star review on this board.
|
wp-hide.php
CHANGED
@@ -5,14 +5,14 @@ Plugin URI: http://www.nsp-code.com
|
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
-
Version: 1.3.
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|
12 |
|
13 |
|
14 |
define('WPH_PATH', plugin_dir_path(__FILE__));
|
15 |
-
define('WPH_VERSION', '1.3.
|
16 |
|
17 |
//load language files
|
18 |
add_action( 'plugins_loaded', 'WPH_load_textdomain');
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
+
Version: 1.3.7
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|
12 |
|
13 |
|
14 |
define('WPH_PATH', plugin_dir_path(__FILE__));
|
15 |
+
define('WPH_VERSION', '1.3.7');
|
16 |
|
17 |
//load language files
|
18 |
add_action( 'plugins_loaded', 'WPH_load_textdomain');
|