WP Hide & Security Enhancer - Version 1.4.1

Version Description

  • Security improvments
Download this release

Release Info

Developer nsp-code
Plugin Icon 128x128 WP Hide & Security Enhancer
Version 1.4.1
Comparing to
See all releases

Code changes from version 1.4 to 1.4.1

Files changed (35) hide show
  1. conflicts/js/wp_simple_firewall.js +3 -1
  2. conflicts/wp-simple-firewall.php +26 -3
  3. include/admin-interface.class.php +8 -7
  4. include/functions.class.php +15 -6
  5. include/module.class.php +2 -1
  6. include/module.component.class.php +2 -1
  7. include/update.class.php +20 -8
  8. include/wph.class.php +6 -1
  9. modules/components/admin-admin_url.php +2 -0
  10. modules/components/admin-new_wp_login_php.php +2 -0
  11. modules/components/general-headers.php +2 -0
  12. modules/components/general-html.php +2 -0
  13. modules/components/general-meta.php +2 -0
  14. modules/components/general-oembed.php +2 -0
  15. modules/components/general-scripts.php +2 -0
  16. modules/components/general-styles.php +2 -0
  17. modules/components/general-wpemoji.php +2 -0
  18. modules/components/rewrite-comments.php +2 -0
  19. modules/components/rewrite-default.php +2 -0
  20. modules/components/rewrite-json-rest.php +2 -0
  21. modules/components/rewrite-new_include_path.php +2 -0
  22. modules/components/rewrite-new_plugin_path.php +2 -0
  23. modules/components/rewrite-new_theme_path.php +2 -0
  24. modules/components/rewrite-new_upload_path.php +3 -1
  25. modules/components/rewrite-new_xml-rpc-path.php +2 -0
  26. modules/components/rewrite-root-files.php +2 -0
  27. modules/components/rewrite-slash.php +2 -0
  28. modules/components/rewrite-wp_content_path.php +2 -0
  29. modules/module-admin.php +2 -1
  30. modules/module-general.php +2 -1
  31. modules/module-rewrite.php +2 -1
  32. mu-loader/wp-hide-loader.php +10 -7
  33. readme.txt +4 -1
  34. router/file-process.php +2 -4
  35. wp-hide.php +4 -2
conflicts/js/wp_simple_firewall.js CHANGED
@@ -2,7 +2,9 @@
2
 
3
  jQuery(document).on( 'click', '#WPH_conflict_handle_wp_simple_firewall_login .notice-dismiss', function() {
4
 
5
- var queryString = { "action": "wph_notice_ignore_wp_simple_firewall", "type" : 'login'};
 
 
6
  //send the data through ajax
7
  jQuery.ajax({
8
  type: 'POST',
2
 
3
  jQuery(document).on( 'click', '#WPH_conflict_handle_wp_simple_firewall_login .notice-dismiss', function() {
4
 
5
+ var nonce = jQuery('#WPH_conflict_handle_wp_simple_firewall_login_nonce').val();
6
+
7
+ var queryString = { "action": "wph_notice_ignore_wp_simple_firewall", "type" : 'login', '_wpnonce' : nonce};
8
  //send the data through ajax
9
  jQuery.ajax({
10
  type: 'POST',
conflicts/wp-simple-firewall.php CHANGED
@@ -11,10 +11,14 @@
11
 
12
  static function is_plugin_active()
13
  {
14
- if(defined('ICWP_DS'))
 
 
 
15
  return TRUE;
16
  else
17
  return FALSE;
 
18
  }
19
 
20
  static public function custom_login_check()
@@ -22,6 +26,14 @@
22
  if( ! self::is_plugin_active())
23
  return FALSE;
24
 
 
 
 
 
 
 
 
 
25
  global $oICWP_Wpsf_Controller;
26
 
27
  //check if custom login is active
@@ -31,7 +43,7 @@
31
  global $wph;
32
 
33
  //attempt to disable other plugin code
34
- add_action( 'init', array( 'WPH_conflict_handle_wp_simple_firewall', '_on_filter_init' ), -1 );
35
 
36
  }
37
 
@@ -78,6 +90,9 @@
78
  if ( empty($WPH_notice_wp_simple_firewall__login ))
79
  {
80
  echo '<div id="WPH_conflict_handle_wp_simple_firewall_login" class="error notice is-dismissible"><p>';
 
 
 
81
  printf('<button class="notice-dismiss" type="button"><span class="screen-reader-text">Dismiss this notice.</span></button>', '?wph_conflicts_report_wp_simple_firewall=0');
82
  _e('<b>Conflict notice</b>: The Security Firewall - Login Protection use the Rename WP Login Page functionality which is the same as WP Hide - Admin Login Url change. ', 'wp-hide-security-enhancer');
83
  echo "</p></div>";
@@ -90,7 +105,15 @@
90
  global $current_user;
91
  $user_id = $current_user->ID;
92
 
93
- $type = isset($_POST['type']) ? $_POST['type'] : '';
 
 
 
 
 
 
 
 
94
 
95
  switch($type)
96
  {
11
 
12
  static function is_plugin_active()
13
  {
14
+
15
+ include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
16
+
17
+ if(is_plugin_active( 'wp-simple-firewall/icwp-wpsf.php' ))
18
  return TRUE;
19
  else
20
  return FALSE;
21
+
22
  }
23
 
24
  static public function custom_login_check()
26
  if( ! self::is_plugin_active())
27
  return FALSE;
28
 
29
+ add_action('plugins_loaded', array( 'WPH_conflict_handle_wp_simple_firewall', 'on_plugins_loaded' ), -1);
30
+
31
+ }
32
+
33
+
34
+ static public function on_plugins_loaded()
35
+ {
36
+
37
  global $oICWP_Wpsf_Controller;
38
 
39
  //check if custom login is active
43
  global $wph;
44
 
45
  //attempt to disable other plugin code
46
+ add_action( 'init', array( 'WPH_conflict_handle_wp_simple_firewall', '_on_filter_init' ), -1 );
47
 
48
  }
49
 
90
  if ( empty($WPH_notice_wp_simple_firewall__login ))
91
  {
92
  echo '<div id="WPH_conflict_handle_wp_simple_firewall_login" class="error notice is-dismissible"><p>';
93
+
94
+ wp_nonce_field( 'WPH_conflict_handle_wp_simple_firewall_login-error-nottice-disable', 'WPH_conflict_handle_wp_simple_firewall_login_nonce' );
95
+
96
  printf('<button class="notice-dismiss" type="button"><span class="screen-reader-text">Dismiss this notice.</span></button>', '?wph_conflicts_report_wp_simple_firewall=0');
97
  _e('<b>Conflict notice</b>: The Security Firewall - Login Protection use the Rename WP Login Page functionality which is the same as WP Hide - Admin Login Url change. ', 'wp-hide-security-enhancer');
98
  echo "</p></div>";
105
  global $current_user;
106
  $user_id = $current_user->ID;
107
 
108
+ $nonce = isset($_POST['_wpnonce']) ? $_POST['_wpnonce'] : '';
109
+ $type = isset($_POST['type']) ? sanitize_text_field($_POST['type']) : '';
110
+
111
+ if ( ! wp_verify_nonce( $nonce, 'WPH_conflict_handle_wp_simple_firewall_login-error-nottice-disable' ) )
112
+ die();
113
+
114
+ //only for admins
115
+ If ( ! current_user_can ( 'manage_options' ) )
116
+ return FALSE;
117
 
118
  switch($type)
119
  {
include/admin-interface.class.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_interface
5
  {
6
  var $screen_slug;
@@ -30,8 +31,8 @@
30
  function _render($interface_name)
31
  {
32
 
33
- $this->screen_slug = $_GET['page'];
34
- $this->tab_slug = isset($_GET['component']) ? $_GET['component'] : FALSE;
35
 
36
  //identify the module by slug
37
  $this->module = $this->functions->get_module_by_slug($this->screen_slug);
@@ -190,7 +191,7 @@
190
  case 'text' :
191
  $class = 'text';
192
 
193
- ?><input name="<?php echo $module_setting['id'] ?>" class="<?php echo $class ?>" value="<?php echo $value ?>" placeholder="<?php echo $module_setting['placeholder'] ?>" type="text"><?php
194
 
195
  break;
196
 
@@ -203,7 +204,7 @@
203
 
204
  foreach($module_setting['options'] as $option_value => $option_title)
205
  {
206
- ?><label><input type="radio" class="<?php echo $class ?>" <?php checked($value, $option_value) ?> value="<?php echo $option_value ?>" name="<?php echo $module_setting['id'] ?>"> <span><?php echo $option_title ?></span></label><?php
207
  }
208
 
209
  ?>
@@ -243,14 +244,14 @@
243
  $class = 'nav-tab-active';
244
 
245
  ?>
246
- <a href="<?php echo admin_url( 'admin.php?page=' . $this->screen_slug . '&component=' . $module_component->id); ?>" class="nav-tab <?php echo $class ?>"><?php echo $module_component->title ?></a>
247
  <?php
248
  }
249
 
250
  ?>
251
  <a href="javascript:void(0)" class="button-secondary cancel alignright" onClick="WPH.setting_reset()" id="reset_settings" type="button">Reset All Settings</a>
252
  </h2>
253
- <form id="reset_settings_form" action="<?php echo admin_url( 'admin.php?page=wp-hide') ?>" method="post">
254
  <input type="hidden" name="reset-settings" value="true" />
255
  <?php wp_nonce_field( 'wp-hide-reset-settings', '_wpnonce' ); ?>
256
  </form>
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_interface
6
  {
7
  var $screen_slug;
31
  function _render($interface_name)
32
  {
33
 
34
+ $this->screen_slug = sanitize_text_field($_GET['page']);
35
+ $this->tab_slug = isset($_GET['component']) ? sanitize_text_field($_GET['component']) : FALSE;
36
 
37
  //identify the module by slug
38
  $this->module = $this->functions->get_module_by_slug($this->screen_slug);
191
  case 'text' :
192
  $class = 'text';
193
 
194
+ ?><input name="<?php echo $module_setting['id'] ?>" class="<?php echo $class ?>" value="<?php echo esc_html($value) ?>" placeholder="<?php echo esc_html($module_setting['placeholder']) ?>" type="text"><?php
195
 
196
  break;
197
 
204
 
205
  foreach($module_setting['options'] as $option_value => $option_title)
206
  {
207
+ ?><label><input type="radio" class="<?php echo $class ?>" <?php checked($value, $option_value) ?> value="<?php echo $option_value ?>" name="<?php echo $module_setting['id'] ?>"> <span><?php echo esc_html($option_title) ?></span></label><?php
208
  }
209
 
210
  ?>
244
  $class = 'nav-tab-active';
245
 
246
  ?>
247
+ <a href="<?php echo esc_url(admin_url( 'admin.php?page=' . $this->screen_slug . '&component=' . $module_component->id)); ?>" class="nav-tab <?php echo $class ?>"><?php echo $module_component->title ?></a>
248
  <?php
249
  }
250
 
251
  ?>
252
  <a href="javascript:void(0)" class="button-secondary cancel alignright" onClick="WPH.setting_reset()" id="reset_settings" type="button">Reset All Settings</a>
253
  </h2>
254
+ <form id="reset_settings_form" action="<?php echo esc_url(admin_url( 'admin.php?page=wp-hide')) ?>" method="post">
255
  <input type="hidden" name="reset-settings" value="true" />
256
  <?php wp_nonce_field( 'wp-hide-reset-settings', '_wpnonce' ); ?>
257
  </form>
include/functions.class.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_functions
5
  {
6
  var $wph;
@@ -83,6 +84,10 @@
83
  $nonce = $_POST['_wpnonce'];
84
  if ( ! wp_verify_nonce( $nonce, 'wp-hide-reset-settings' ) )
85
  return FALSE;
 
 
 
 
86
 
87
  global $wph;
88
 
@@ -131,12 +136,16 @@
131
  $nonce = $_POST['wph-interface-nonce'];
132
  if ( ! wp_verify_nonce( $nonce, 'wph/interface_fields' ) )
133
  return FALSE;
 
 
 
 
134
 
135
- $screen_slug = $_GET['page'];
136
  if(empty($screen_slug))
137
  return FALSE;
138
 
139
- $tab_slug = isset($_GET['component']) ? $_GET['component'] : FALSE;
140
 
141
  $module = $this->get_module_by_slug($screen_slug);
142
  if(!is_object($module))
@@ -171,7 +180,7 @@
171
 
172
  $field_name = $module_setting['id'];
173
 
174
- $value = isset($_POST[$field_name]) ? $_POST[$field_name] : '';
175
 
176
  //if empty use the default
177
  if(empty($value))
@@ -632,7 +641,7 @@
632
  if ( strpos($_SERVER['REQUEST_URI'] ,'customize.php') !== FALSE )
633
  return TRUE;
634
 
635
- if ( isset($_POST['wp_customize']) && $_POST['wp_customize'] == "on" )
636
  return TRUE;
637
 
638
  return FALSE;
@@ -1019,7 +1028,7 @@
1019
  //feetch a new set of settings
1020
  $settings = $this->get_settings();
1021
 
1022
- $wph_recovery = isset($_GET['wph-recovery']) ? $_GET['wph-recovery'] : '';
1023
  if(empty($wph_recovery) || $wph_recovery != $this->wph->settings['recovery_code'])
1024
  return;
1025
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_functions
6
  {
7
  var $wph;
84
  $nonce = $_POST['_wpnonce'];
85
  if ( ! wp_verify_nonce( $nonce, 'wp-hide-reset-settings' ) )
86
  return FALSE;
87
+
88
+ //only for admins
89
+ If ( ! current_user_can ( 'manage_options' ) )
90
+ return FALSE;
91
 
92
  global $wph;
93
 
136
  $nonce = $_POST['wph-interface-nonce'];
137
  if ( ! wp_verify_nonce( $nonce, 'wph/interface_fields' ) )
138
  return FALSE;
139
+
140
+ //only for admins
141
+ If ( ! current_user_can ( 'manage_options' ) )
142
+ return FALSE;
143
 
144
+ $screen_slug = sanitize_text_field( $_GET['page'] );
145
  if(empty($screen_slug))
146
  return FALSE;
147
 
148
+ $tab_slug = isset($_GET['component']) ? sanitize_text_field($_GET['component']) : FALSE;
149
 
150
  $module = $this->get_module_by_slug($screen_slug);
151
  if(!is_object($module))
180
 
181
  $field_name = $module_setting['id'];
182
 
183
+ $value = isset($_POST[$field_name]) ? sanitize_text_field($_POST[$field_name]) : '';
184
 
185
  //if empty use the default
186
  if(empty($value))
641
  if ( strpos($_SERVER['REQUEST_URI'] ,'customize.php') !== FALSE )
642
  return TRUE;
643
 
644
+ if ( isset($_POST['wp_customize']) && sanitize_text_field($_POST['wp_customize']) == "on" )
645
  return TRUE;
646
 
647
  return FALSE;
1028
  //feetch a new set of settings
1029
  $settings = $this->get_settings();
1030
 
1031
+ $wph_recovery = isset($_GET['wph-recovery']) ? sanitize_text_field($_GET['wph-recovery']) : '';
1032
  if(empty($wph_recovery) || $wph_recovery != $this->wph->settings['recovery_code'])
1033
  return;
1034
 
include/module.class.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_module
5
  {
6
  var $components = array();
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module
6
  {
7
  var $components = array();
include/module.component.class.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_module_component
5
  {
6
  var $wph;
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_component
6
  {
7
  var $wph;
include/update.class.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_update
5
  {
6
  var $wph;
@@ -78,13 +79,7 @@
78
 
79
  $version = '1.3';
80
  }
81
-
82
- if(version_compare($version, '1.3.1', '<'))
83
- {
84
- //run update 2
85
-
86
- $version = '1.3.1';
87
- }
88
 
89
  if(version_compare($version, '1.3.2', '<'))
90
  {
@@ -128,6 +123,23 @@
128
  $_triggered_flush_rules = TRUE;
129
  }
130
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
131
  }
132
 
133
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_update
6
  {
7
  var $wph;
79
 
80
  $version = '1.3';
81
  }
82
+
 
 
 
 
 
 
83
 
84
  if(version_compare($version, '1.3.2', '<'))
85
  {
123
  $_triggered_flush_rules = TRUE;
124
  }
125
 
126
+ $version = '1.4';
127
+
128
+ }
129
+
130
+ /**
131
+ * Update the environemnt file and mu loader
132
+ */
133
+ if(version_compare($version, '1.4.1', '<'))
134
+ {
135
+
136
+ $this->wph->set_static_environemnt_file( FALSE );
137
+
138
+ //copy over the new mu-loader version
139
+ WPH_functions::copy_mu_loader( TRUE );
140
+
141
+
142
+ $version = '1.4.1';
143
  }
144
 
145
 
include/wph.class.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH
5
  {
6
 
@@ -632,6 +633,10 @@
632
  ob_start();
633
 
634
  echo "<?php ";
 
 
 
 
635
  echo '$environment_variable = \''. json_encode($environment_variable) .'\'';
636
  echo " ?>";
637
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH
6
  {
7
 
633
  ob_start();
634
 
635
  echo "<?php ";
636
+ ?>
637
+ //this can be accesses only from file-process.php
638
+ $backtrace = debug_backtrace(); if(!is_array($backtrace) || !isset($backtrace[0]) || strpos($backtrace[0]['file'], 'file-process.php') === FALSE || $backtrace[0]['function'] != 'include') die();
639
+ <?php
640
  echo '$environment_variable = \''. json_encode($environment_variable) .'\'';
641
  echo " ?>";
642
 
modules/components/admin-admin_url.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_admin_admin_url extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_admin_admin_url extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/admin-new_wp_login_php.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_admin_new_wp_login_php extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_admin_new_wp_login_php extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-headers.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_headers extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_headers extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-html.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_html extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_html extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-meta.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_meta extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_meta extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-oembed.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_oembed extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_oembed extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-scripts.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_scripts extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_scripts extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-styles.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_styles extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_styles extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/general-wpemoji.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_general_wpemoji extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general_wpemoji extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/rewrite-comments.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_comments extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_comments extends WPH_module_component
6
  {
7
 
modules/components/rewrite-default.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_default extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_default extends WPH_module_component
6
  {
7
 
modules/components/rewrite-json-rest.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_json_rest extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_json_rest extends WPH_module_component
6
  {
7
 
modules/components/rewrite-new_include_path.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_new_include_path extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_new_include_path extends WPH_module_component
6
  {
7
 
modules/components/rewrite-new_plugin_path.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_new_plugin_path extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_new_plugin_path extends WPH_module_component
6
  {
7
 
modules/components/rewrite-new_theme_path.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_new_theme_path extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_new_theme_path extends WPH_module_component
6
  {
7
 
modules/components/rewrite-new_upload_path.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_new_upload_path extends WPH_module_component
4
  {
5
 
@@ -60,7 +62,7 @@
60
  $preserve_upload_url = FALSE;
61
  if($preserve_upload_url && defined('DOING_AJAX') && constant('DOING_AJAX') === TRUE)
62
  {
63
- if(isset($_POST['action']) && !in_array($_POST['action'], array('query-attachments', 'upload-attachment', 'send-attachment-to-editor', 'set-post-thumbnail')))
64
  $preserve_upload_url = FALSE;
65
  }
66
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_new_upload_path extends WPH_module_component
6
  {
7
 
62
  $preserve_upload_url = FALSE;
63
  if($preserve_upload_url && defined('DOING_AJAX') && constant('DOING_AJAX') === TRUE)
64
  {
65
+ if(isset($_POST['action']) && !in_array(sanitize_text_field($_POST['action']), array('query-attachments', 'upload-attachment', 'send-attachment-to-editor', 'set-post-thumbnail')))
66
  $preserve_upload_url = FALSE;
67
  }
68
 
modules/components/rewrite-new_xml-rpc-path.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_new_xml_rpc_path extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_new_xml_rpc_path extends WPH_module_component
6
  {
7
 
modules/components/rewrite-root-files.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_root_files extends WPH_module_component
4
  {
5
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_root_files extends WPH_module_component
6
  {
7
 
modules/components/rewrite-slash.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_slash extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_slash extends WPH_module_component
6
  {
7
  function get_component_title()
modules/components/rewrite-wp_content_path.php CHANGED
@@ -1,5 +1,7 @@
1
  <?php
2
 
 
 
3
  class WPH_module_rewrite_wp_content_path extends WPH_module_component
4
  {
5
  function get_component_title()
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite_wp_content_path extends WPH_module_component
6
  {
7
  function get_component_title()
modules/module-admin.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_module_admin extends WPH_module
5
  {
6
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_admin extends WPH_module
6
  {
7
 
modules/module-general.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_module_general extends WPH_module
5
  {
6
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_general extends WPH_module
6
  {
7
 
modules/module-rewrite.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
-
 
4
  class WPH_module_rewrite extends WPH_module
5
  {
6
 
1
  <?php
2
 
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
  class WPH_module_rewrite extends WPH_module
6
  {
7
 
mu-loader/wp-hide-loader.php CHANGED
@@ -1,10 +1,13 @@
1
  <?php
2
- /**
3
- *
4
- * WP Hide & Security Enhancer - MU plugin loader
5
- *
6
- *
7
- */
 
 
 
8
 
9
  //check if the plugin still exists, or this file should be removed
10
  if(! file_exists(WP_PLUGIN_DIR . '/wp-hide-security-enhancer/wp-hide.php' ))
@@ -17,7 +20,7 @@
17
 
18
  define('WPH_PATH', trailingslashit( dirname( WP_PLUGIN_DIR . '/wp-hide-security-enhancer/wp-hide.php' ) ) );
19
  define('WPH_MULOADER', TRUE);
20
- define('WPH_MULOADER_VERSION', '1.2');
21
 
22
  include_once(WPH_PATH . '/include/wph.class.php');
23
  include_once(WPH_PATH . '/include/functions.class.php');
1
  <?php
2
+
3
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4
+
5
+ /**
6
+ *
7
+ * WP Hide & Security Enhancer - MU plugin loader
8
+ *
9
+ *
10
+ */
11
 
12
  //check if the plugin still exists, or this file should be removed
13
  if(! file_exists(WP_PLUGIN_DIR . '/wp-hide-security-enhancer/wp-hide.php' ))
20
 
21
  define('WPH_PATH', trailingslashit( dirname( WP_PLUGIN_DIR . '/wp-hide-security-enhancer/wp-hide.php' ) ) );
22
  define('WPH_MULOADER', TRUE);
23
+ define('WPH_MULOADER_VERSION', '1.3');
24
 
25
  include_once(WPH_PATH . '/include/wph.class.php');
26
  include_once(WPH_PATH . '/include/functions.class.php');
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.nsp-code.com/donate.php
4
  Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
5
  Requires at least: 2.8
6
  Tested up to: 4.7.2
7
- Stable tag: 1.4
8
  License: GPLv2 or later
9
 
10
  Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
@@ -239,6 +239,9 @@ Please get in touch with us and we'll do our best to include it for a next versi
239
 
240
  == Changelog ==
241
 
 
 
 
242
  = 1.4 =
243
  * Fix: Allow only css files to be processed through the router to prevent other types from being displayed arbitrary.
244
  * Mu-loader updated version
4
  Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
5
  Requires at least: 2.8
6
  Tested up to: 4.7.2
7
+ Stable tag: 1.4.1
8
  License: GPLv2 or later
9
 
10
  Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
239
 
240
  == Changelog ==
241
 
242
+ = 1.4.1 =
243
+ * Security improvments
244
+
245
  = 1.4 =
246
  * Fix: Allow only css files to be processed through the router to prevent other types from being displayed arbitrary.
247
  * Mu-loader updated version
router/file-process.php CHANGED
@@ -1,9 +1,7 @@
1
  <?php
2
-
3
- error_reporting(0);
4
 
5
- $action = isset($_GET['action']) ? $_GET['action'] : '';
6
- $file_path = isset($_GET['file_path']) ? $_GET['file_path'] : '';
7
 
8
  if(empty($action) || empty($file_path))
9
  die();
1
  <?php
 
 
2
 
3
+ $action = isset($_GET['action']) ? filter_var ( $_GET['action'], FILTER_SANITIZE_STRING) : '';
4
+ $file_path = isset($_GET['file_path']) ? filter_var ( $_GET['file_path'], FILTER_SANITIZE_STRING) : '';
5
 
6
  if(empty($action) || empty($file_path))
7
  die();
wp-hide.php CHANGED
@@ -5,11 +5,13 @@ Plugin URI: http://www.nsp-code.com
5
  Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6
  Author: Nsp Code
7
  Author URI: http://www.nsp-code.com
8
- Version: 1.4
9
  Text Domain: wp-hide-security-enhancer
10
  Domain Path: /languages/
11
  */
12
-
 
 
13
  //if mu-plugins component not being loaded trigger a later init
14
  if(!defined('WPH_PATH'))
15
  {
5
  Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6
  Author: Nsp Code
7
  Author URI: http://www.nsp-code.com
8
+ Version: 1.4.1
9
  Text Domain: wp-hide-security-enhancer
10
  Domain Path: /languages/
11
  */
12
+
13
+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
14
+
15
  //if mu-plugins component not being loaded trigger a later init
16
  if(!defined('WPH_PATH'))
17
  {