WP Hide & Security Enhancer

Version Description

Add replacements for urls which does not contain explicit protocol e.g. http: or https:
Avada cache URLs replacements support
Fix processing_order for specific root files
Ignore wp-register.php when blocking other wp-* files
Fixed wp-register.php block
Check for replacements on url encoded links
Show message notices on General/HTML -> Html for options which may interfere with themes.
sanitize_file_path_name fix when slug include a file type extension
Prevent redirect to new url when accessing links through www
New component Feeds
Windows - Global file process rewrite rules update

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.4.5
Comparing to
See all releases

Code changes from version 1.4.4.4 to 1.4.5

Files changed (17) hide show

conflicts/theme-avada.php +57 -0
conflicts/wp-simple-firewall.php +0 -5
css/wph.css +1 -0
include/functions.class.php +55 -14
include/module.class.php +0 -5
include/wph.class.php +8 -8
modules/components/admin-admin_url.php +12 -12
modules/components/admin-new_wp_login_php.php +2 -2
modules/components/general-feed.php +80 -0
modules/components/general-html.php +5 -14
modules/components/general-meta.php +0 -28
modules/components/rewrite-new_theme_path.php +6 -9
modules/components/rewrite-root-files.php +9 -7
modules/module-general.php +3 -0
readme.txt +15 -2
router/environment.php +0 -0
wp-hide.php +2 -2

conflicts/theme-avada.php ADDED Viewed

	@@ -0,0 +1,57 @@


1	+ <?php
2	+
3	+
4	+ class WPH_conflict_theme_avada
5	+ {
6	+
7	+ static function init()
8	+ {
9	+ add_action('plugins_loaded', array('WPH_conflict_theme_avada', 'run') , -1);
10	+ }
11	+
12	+ static function is_theme_active()
13	+ {
14	+
15	+ $theme = wp_get_theme();
16	+
17	+ if( ! $theme instanceof WP_Theme )
18	+ return FALSE;
19	+
20	+ if (isset( $theme->template ) && strtolower( $theme->template ) == 'avada')
21	+ return TRUE;
22	+
23	+ return FALSE;
24	+
25	+ }
26	+
27	+ static public function run()
28	+ {
29	+ if( ! self::is_theme_active())
30	+ return FALSE;
31	+
32	+ global $wph;
33	+
34	+ add_filter ('fusion_dynamic_css_final', array('WPH_conflict_theme_avada', 'url_replacement'), 999);
35	+
36	+ //flush avada cache when settings changes
37	+ add_action('wph/settings_changed', 'avada_reset_all_cache');
38	+
39	+ }
40	+
41	+ static function url_replacement( $css )
42	+ {
43	+
44	+ global $wph;
45	+
46	+ $replacement_list = $wph->functions->get_replacement_list();
47	+
48	+ //replace the urls
49	+ $css = $wph->functions->content_urls_replacement( $css, $replacement_list );
50	+
51	+ return $css;
52	+ }
53	+
54	+ }
55	+
56	+
57	+ ?>

conflicts/wp-simple-firewall.php CHANGED Viewed

	@@ -3,11 +3,6 @@
3
4	class WPH_conflict_handle_wp_simple_firewall
5	{
6	-
7	- function _construct_()
8	- {
9	-
10	- }
11
12	static function is_plugin_active()
13	{


3
4	class WPH_conflict_handle_wp_simple_firewall
5	{





6
7	static function is_plugin_active()
8	{

css/wph.css CHANGED Viewed

	@@ -41,6 +41,7 @@ table.wph_input tbody tr td.label .description .dashicons, table.wph_input tbody
41	table.wph_input tbody tr td.label .description span {padding-left: 5px; line-height: 18px;}
42	table.wph_input tbody tr td.label .description span a {display: block}
43	table.wph_input tbody tr td.label .description span.important {color: #444}

44	table.wph_input tbody tr td.label .description .pointer {cursor:pointer}
45	table.wph_input tbody tr td.label .description .notice-success, table.wph_input tbody tr td.label .description .notice-error {padding: 10px 12px; background-color: #fff;}
46	table.wph_input tbody tr td.label .description a.button {display: inline-block; vertical-align: middle;}


41	table.wph_input tbody tr td.label .description span {padding-left: 5px; line-height: 18px;}
42	table.wph_input tbody tr td.label .description span a {display: block}
43	table.wph_input tbody tr td.label .description span.important {color: #444}
44	+ table.wph_input tbody tr td.label .description span.info {padding-left: 0px; color:#d54e21; font-style: italic;}
45	table.wph_input tbody tr td.label .description .pointer {cursor:pointer}
46	table.wph_input tbody tr td.label .description .notice-success, table.wph_input tbody tr td.label .description .notice-error {padding: 10px 12px; background-color: #fff;}
47	table.wph_input tbody tr td.label .description a.button {display: inline-block; vertical-align: middle;}

include/functions.class.php CHANGED Viewed

	@@ -12,11 +12,6 @@
12	$this->wph = &$wph;
13	}
14
15	- function __destruct()
16	- {
17	-
18	- }
19	-
20	function get_module_default_setting()
21	{
22	$defaults = array (
	@@ -1054,14 +1049,24 @@
1054	}
1055
1056
1057	-




1058	function untrailingslashit_all($value)
1059	{
1060	$value = ltrim(rtrim($value, "/"), "/");
1061
1062	return $value;
1063	}
1064	-






1065	function sanitize_file_path_name($value)
1066	{
1067	$value = trim($value);
	@@ -1069,21 +1074,36 @@
1069	if(empty($value))
1070	return $value;
1071
1072	- ~~$parts = explode("/", $value);~~






1073	$parts = array_filter($parts);
1074
1075	foreach($parts as $key => $part_item)
1076	{
1077	- $parts[$key] = ~~sanitize_file_name~~($part_item);
1078	}
1079
1080	$value = implode("/", $parts);
1081


1082	$value = strtolower($value);
1083
1084	return $value;
1085	}

1086






1087	function php_extension_required($value)
1088	{
1089	$value = trim($value);
	@@ -1098,7 +1118,11 @@
1098	return $value;
1099	}
1100
1101	-




1102	function get_current_url()
1103	{
1104
	@@ -1109,15 +1133,17 @@
1109	}
1110
1111

1112	/**
1113	* Add replacement withint the list
1114	*
1115	* @param mixed $old_url
1116	* @param mixed $new_url

1117	*/
1118	function add_replacement($old_url, $new_url, $priority = 'normal')
1119	{
1120	-
1121	if($this->replacement_exists($old_url))
1122	return;
1123
	@@ -1211,10 +1237,16 @@
1211	$_relative_domain_url_replacements[ '"' . str_ireplace( $domain_url_ssl, "", $old_url) ] = '"' . str_ireplace( $domain_url_ssl, "", $new_url);
1212	$_relative_domain_url_replacements[ "'" . str_ireplace( $domain_url_ssl, "", $old_url) ] = "'" . str_ireplace( $domain_url_ssl, "", $new_url);
1213
1214	- ~~$old_url = str_ireplace( array('http://',~~ ~~'https://'), "",~~ ~~$old_url);~~
1215	- $~~new_url~~ = str_ireplace( array('http~~://~~', 'https~~://~~'), "", $~~new_url~~);






1216
1217	- $_replacements[$~~old_url~~] = $~~new_url~~;
1218	}
1219
1220
	@@ -1234,6 +1266,15 @@
1234
1235	$text = str_ireplace( $old_url, $new_url ,$text );
1236	}









1237
1238	return $text;
1239	}


12	$this->wph = &$wph;
13	}
14





15	function get_module_default_setting()
16	{
17	$defaults = array (

1049	}
1050
1051
1052	+ /**
1053	+ * Replace all slashes from begining and the end of string
1054	+ *
1055	+ * @param mixed $value
1056	+ */
1057	function untrailingslashit_all($value)
1058	{
1059	$value = ltrim(rtrim($value, "/"), "/");
1060
1061	return $value;
1062	}
1063	+
1064	+
1065	+ /**
1066	+ * saniteize including a possible extension
1067	+ *
1068	+ * @param mixed $value
1069	+ */
1070	function sanitize_file_path_name($value)
1071	{
1072	$value = trim($value);

1074	if(empty($value))
1075	return $value;
1076
1077	+ //check for any extension
1078	+ $pathinfo = pathinfo($value);
1079	+
1080	+ $dirname = (!empty($pathinfo['dirname']) && $pathinfo['dirname'] != '.') ? $pathinfo['dirname'] : '';
1081	+ $path = !empty($dirname) ? trailingslashit($dirname) . $pathinfo['filename'] : $pathinfo['filename'];
1082	+
1083	+ $parts = explode("/", $path);
1084	$parts = array_filter($parts);
1085
1086	foreach($parts as $key => $part_item)
1087	{
1088	+ $parts[$key] = sanitize_title($part_item);
1089	}
1090
1091	$value = implode("/", $parts);
1092
1093	+ $value .= !empty($pathinfo['extension']) ? '.' . $pathinfo['extension'] : '';
1094	+
1095	$value = strtolower($value);
1096
1097	return $value;
1098	}
1099	+
1100
1101	+ /**
1102	+ * make sure there's a php extension included within the slug
1103	+ *
1104	+ * @param mixed $value
1105	+ * @return mixed
1106	+ */
1107	function php_extension_required($value)
1108	{
1109	$value = trim($value);

1118	return $value;
1119	}
1120
1121	+
1122	+ /**
1123	+ * return current url
1124	+ *
1125	+ */
1126	function get_current_url()
1127	{
1128

1133	}
1134
1135
1136	+
1137	/**
1138	* Add replacement withint the list
1139	*
1140	* @param mixed $old_url
1141	* @param mixed $new_url
1142	+ * @param mixed $priority
1143	*/
1144	function add_replacement($old_url, $new_url, $priority = 'normal')
1145	{
1146	+
1147	if($this->replacement_exists($old_url))
1148	return;
1149

1237	$_relative_domain_url_replacements[ '"' . str_ireplace( $domain_url_ssl, "", $old_url) ] = '"' . str_ireplace( $domain_url_ssl, "", $new_url);
1238	$_relative_domain_url_replacements[ "'" . str_ireplace( $domain_url_ssl, "", $old_url) ] = "'" . str_ireplace( $domain_url_ssl, "", $new_url);
1239
1240	+ //match urls without protocol
1241	+ $_old_url = str_ireplace( array('http:', 'https:'), "", $old_url);
1242	+ $_new_url = str_ireplace( array('http:', 'https:'), "", $new_url);
1243	+
1244	+ $_replacements[$_old_url] = $_new_url;
1245	+
1246	+ $_old_url = str_ireplace( array('http://', 'https://'), "", $old_url);
1247	+ $_new_url = str_ireplace( array('http://', 'https://'), "", $new_url);
1248
1249	+ $_replacements[$_old_url] = $_new_url;
1250	}
1251
1252

1266
1267	$text = str_ireplace( $old_url, $new_url ,$text );
1268	}
1269	+
1270	+ //check for url encoded urls
1271	+ foreach($_replacements as $old_url => $new_url)
1272	+ {
1273	+ $old_url = trim(urlencode($old_url), '"');
1274	+ $new_url = trim(urlencode($new_url), '"');
1275	+
1276	+ $text = str_ireplace( $old_url, $new_url ,$text );
1277	+ }
1278
1279	return $text;
1280	}

include/module.class.php CHANGED Viewed

	@@ -22,11 +22,6 @@
22
23	$this->load_components();
24	}
25	-
26	- function __destruct()
27	- {
28	-
29	- }
30
31	function load_components()
32	{


22
23	$this->load_components();
24	}





25
26	function load_components()
27	{

include/wph.class.php CHANGED Viewed

	@@ -43,16 +43,11 @@
43	define('WPH_CACHE_PATH', WP_CONTENT_DIR . '/cache/wph/' );
44
45	}
46	-
47	- function __destruct()
48	- {
49	-
50	- }
51
52
53	function init()
54	{
55	-
56	$this->settings = $this->functions->get_settings();
57
58	//set the urls_replacement priority blocks
	@@ -511,7 +506,8 @@
511	add_action('request', array($this, 'change_request'), 999);
512	add_action('parse_request', array($this, 'change_parse_request'), 999);
513
514	- remove_action( 'template_redirect', '~~wp_redirect_admin_locations~~', ~~999~~ );

515
516	}
517
	@@ -1062,7 +1058,7 @@
1062	$this->default_variables['upload_url'] = $wp_upload_dir['baseurl'];
1063
1064	//used across modules
1065	- $this->default_variables['site_wordpress_relative_path'] = $this->functions->get_url_path( rtrim( ~~site_url~~(), '/' ));
1066
1067	//themes url
1068	$this->templates_data['themes_url'] = trailingslashit( get_theme_root_uri() );
	@@ -1232,6 +1228,10 @@
1232	include_once(WPH_PATH . 'conflicts/wp-rocket.php');
1233	WPH_conflict_handle_wp_rocket::init();
1234




1235	}
1236
1237


43	define('WPH_CACHE_PATH', WP_CONTENT_DIR . '/cache/wph/' );
44
45	}





46
47
48	function init()
49	{
50	+
51	$this->settings = $this->functions->get_settings();
52
53	//set the urls_replacement priority blocks

506	add_action('request', array($this, 'change_request'), 999);
507	add_action('parse_request', array($this, 'change_parse_request'), 999);
508
509	+ remove_action( 'template_redirect', 'redirect_canonical' );
510	+ remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
511
512	}
513

1058	$this->default_variables['upload_url'] = $wp_upload_dir['baseurl'];
1059
1060	//used across modules
1061	+ $this->default_variables['site_wordpress_relative_path'] = $this->functions->get_url_path( rtrim( network_site_url(), '/' ));
1062
1063	//themes url
1064	$this->templates_data['themes_url'] = trailingslashit( get_theme_root_uri() );

1228	include_once(WPH_PATH . 'conflicts/wp-rocket.php');
1229	WPH_conflict_handle_wp_rocket::init();
1230
1231	+ //Theme Avada
1232	+ include_once(WPH_PATH . 'conflicts/theme-avada.php');
1233	+ WPH_conflict_theme_avada::init();
1234	+
1235	}
1236
1237

modules/components/admin-admin_url.php CHANGED Viewed

	@@ -250,25 +250,25 @@
250	if($this->wph->server_htaccess_config === TRUE)
251	{
252	$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
253	- $text .= "RewriteRule ^" . $rewrite_base ."wp-admin(.+) $site_index [L]\n";
254	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
255
256	//theme my login usage
257	//$text .= "RewriteRule ^login(.+) $site_index?throw_404 [L]\n";
258	//$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
259
260	- $text .= "RewriteRule ^dashboard(.+) $site_index [L]\n";
261	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
262	- $text .= "RewriteRule ^admin(.+) $site_index [L]\n";
263
264	if(!empty($path))
265	{
266	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
267	- $text .= "RewriteRule ^".$path."wp-admin(.+) $site_index [L]\n";
268	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
269	- $text .= "RewriteRule ^".$path."dashboard(.+) $site_index [L]\n";
270	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
271	- $text .= "RewriteRule ^".$path."admin(.+) $site_index [L]";
272	}
273	}
274
	@@ -277,15 +277,15 @@
277	$text = '
278	<rule name="wph-block_default_admin_url1" stopProcessing="true">
279	<match url="^'. $rewrite_base .'wp-admin(.+)" />
280	- <action type="Rewrite" url="'. $site_index .'" />
281	</rule>
282	<rule name="wph-block_default_admin_url2" stopProcessing="true">
283	<match url="^dashboard(.+)" />
284	- <action type="Rewrite" url="'. $site_index .'" />
285	</rule>
286	<rule name="wph-block_default_admin_url3" stopProcessing="true">
287	<match url="^admin(.+)" />
288	- <action type="Rewrite" url="'. $site_index .'" />
289	</rule>
290	';
291	if(!empty($path))
	@@ -293,15 +293,15 @@
293	$text .= '
294	<rule name="wph-block_default_admin_url4" stopProcessing="true">
295	<match url="^'. $path .'wp-admin(.+)" />
296	- <action type="Rewrite" url="'. $site_index .'" />
297	</rule>
298	<rule name="wph-block_default_admin_url5" stopProcessing="true">
299	<match url="^'. $path .'dashboard(.+)" />
300	- <action type="Rewrite" url="'. $site_index .'" />
301	</rule>
302	<rule name="wph-block_default_admin_url6" stopProcessing="true">
303	<match url="^'. $path .'admin(.+)" />
304	- <action type="Rewrite" url="'. $site_index .'" />
305	</rule>
306	';
307	}


250	if($this->wph->server_htaccess_config === TRUE)
251	{
252	$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
253	+ $text .= "RewriteRule ^" . $rewrite_base ."wp-admin(.+) $site_index?wph-throw-404 [L]\n";
254	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
255
256	//theme my login usage
257	//$text .= "RewriteRule ^login(.+) $site_index?throw_404 [L]\n";
258	//$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
259
260	+ $text .= "RewriteRule ^dashboard(.+) $site_index?wph-throw-404 [L]\n";
261	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
262	+ $text .= "RewriteRule ^admin(.+) $site_index?wph-throw-404 [L]\n";
263
264	if(!empty($path))
265	{
266	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
267	+ $text .= "RewriteRule ^".$path."wp-admin(.+) $site_index?wph-throw-404 [L]\n";
268	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
269	+ $text .= "RewriteRule ^".$path."dashboard(.+) $site_index?wph-throw-404 [L]\n";
270	$text .= "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
271	+ $text .= "RewriteRule ^".$path."admin(.+) $site_index?wph-throw-404 [L]";
272	}
273	}
274

277	$text = '
278	<rule name="wph-block_default_admin_url1" stopProcessing="true">
279	<match url="^'. $rewrite_base .'wp-admin(.+)" />
280	+ <action type="Rewrite" url="'. $site_index .'?wph-throw-404" />
281	</rule>
282	<rule name="wph-block_default_admin_url2" stopProcessing="true">
283	<match url="^dashboard(.+)" />
284	+ <action type="Rewrite" url="'. $site_index .'?wph-throw-404" />
285	</rule>
286	<rule name="wph-block_default_admin_url3" stopProcessing="true">
287	<match url="^admin(.+)" />
288	+ <action type="Rewrite" url="'. $site_index .'?wph-throw-404" />
289	</rule>
290	';
291	if(!empty($path))

293	$text .= '
294	<rule name="wph-block_default_admin_url4" stopProcessing="true">
295	<match url="^'. $path .'wp-admin(.+)" />
296	+ <action type="Rewrite" url="'. $site_index .'?wph-throw-404" />
297	</rule>
298	<rule name="wph-block_default_admin_url5" stopProcessing="true">
299	<match url="^'. $path .'dashboard(.+)" />
300	+ <action type="Rewrite" url="'. $site_index .'?wph-throw-404" />
301	</rule>
302	<rule name="wph-block_default_admin_url6" stopProcessing="true">
303	<match url="^'. $path .'admin(.+)" />
304	+ <action type="Rewrite" url="'. $site_index .'?wph-throw-404" />
305	</rule>
306	';
307	}

modules/components/admin-new_wp_login_php.php CHANGED Viewed

	@@ -139,14 +139,14 @@
139	if($this->wph->server_htaccess_config === TRUE)
140	{
141	$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
142	- $text .= "RewriteRule ^" . $path ." ". $this->wph->default_variables['site_wordpress_relative_path'] ."index.php [L]";
143	}
144
145	if($this->wph->server_web_config === TRUE)
146	$text = '
147	<rule name="wph-block_default_wp_login_php" stopProcessing="true">
148	<match url="^'. $path .'" />
149	- <action type="Rewrite" url="'. $this->wph->default_variables['site_wordpress_relative_path'] .'index.php" />
150	</rule>
151	';
152


139	if($this->wph->server_htaccess_config === TRUE)
140	{
141	$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
142	+ $text .= "RewriteRule ^" . $path ." ". $this->wph->default_variables['site_wordpress_relative_path'] ."index.php?wph-throw-404 [L]";
143	}
144
145	if($this->wph->server_web_config === TRUE)
146	$text = '
147	<rule name="wph-block_default_wp_login_php" stopProcessing="true">
148	<match url="^'. $path .'" />
149	+ <action type="Rewrite" url="'. $this->wph->default_variables['site_wordpress_relative_path'] .'index.php?wph-throw-404" />
150	</rule>
151	';
152

modules/components/general-feed.php ADDED Viewed

	@@ -0,0 +1,80 @@


1	+ <?php
2	+
3	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4	+
5	+ class WPH_module_general_feed extends WPH_module_component
6	+ {
7	+ function get_component_title()
8	+ {
9	+ return "Feed";
10	+ }
11	+
12	+ function get_module_settings()
13	+ {
14	+ $this->module_settings[] = array(
15	+ 'id' => 'remove_feed_links',
16	+ 'label' => 'Remove feed\|rdf\|rss\|rss2\|atom links',
17	+ 'description' => __('Remove feed\|rdf\|rss\|rss2\|atom links within head. Also block such content functionality.', 'wp-hide-security-enhancer'),
18	+
19	+ 'input_type' => 'radio',
20	+ 'options' => array(
21	+ 'yes' => __('Yes', 'wp-hide-security-enhancer'),
22	+ 'no' => __('No', 'wp-hide-security-enhancer'),
23	+ ),
24	+ 'default_value' => 'no',
25	+
26	+ 'sanitize_type' => array('sanitize_title', 'strtolower')
27	+
28	+ );
29	+
30	+
31	+ return $this->module_settings;
32	+ }
33	+
34	+
35	+
36	+ function _init_remove_feed_links($saved_field_data)
37	+ {
38	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
39	+ return FALSE;
40	+
41	+ remove_action('wp_head', 'feed_links', 2);
42	+ remove_action('wp_head', 'feed_links_extra', 3);
43	+
44	+
45	+ }
46	+
47	+
48	+ function _callback_saved_remove_feed_links($saved_field_data)
49	+ {
50	+
51	+ if(empty($saved_field_data) \|\| $saved_field_data == 'no')
52	+ return FALSE;
53	+
54	+ $processing_response = array();
55	+
56	+ $rewrite = '';
57	+
58	+ if($this->wph->server_htaccess_config === TRUE)
59	+ {
60	+ $rewrite .= "\nRewriteCond %{REQUEST_URI} ([^/]+)/(feed\|rdf\|rss\|rss2\|atom)/?$ [OR]"
61	+ . "\nRewriteCond %{REQUEST_URI} ^/(feed\|rdf\|rss\|rss2\|atom)/?$"
62	+ . "\nRewriteRule . /index.php?wph-throw-404 [L]";
63	+
64	+ }
65	+
66	+ if($this->wph->server_web_config === TRUE)
67	+ {
68	+ //+++ To be implemented
69	+
70	+ }
71	+
72	+ $processing_response['rewrite'] = $rewrite;
73	+
74	+ return $processing_response;
75	+
76	+ }
77	+
78	+ }
79	+
80	+ ?>

modules/components/general-html.php CHANGED Viewed

	@@ -30,9 +30,7 @@
30	$this->module_settings[] = array(
31	'id' => 'clean_body_classes',
32	'label' => 'Remove general classes from body tag',
33	- 'description' => __('Remove general classes from body tag.', 'wp-hide-security-enhancer'),
34	- // . ' ' . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/remove-classes-html/" target="_blank">Remove classes from HTML</a>',
35	-
36	'input_type' => 'radio',
37	'options' => array(
38	'yes' => __('Yes', 'wp-hide-security-enhancer'),
	@@ -47,9 +45,7 @@
47	$this->module_settings[] = array(
48	'id' => 'clean_menu_items_id',
49	'label' => 'Remove ID from Menu items',
50	- 'description' => __('Remove ID attribute from all menu items.', 'wp-hide-security-enhancer'),
51	- // . ' ' . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/remove-classes-html/" target="_blank">Remove classes from HTML</a>',
52	-
53	'input_type' => 'radio',
54	'options' => array(
55	'yes' => __('Yes', 'wp-hide-security-enhancer'),
	@@ -64,8 +60,7 @@
64	$this->module_settings[] = array(
65	'id' => 'clean_menu_items_classes',
66	'label' => 'Remove class from Menu items',
67	- 'description' => __('Remove class attribute from all menu items. Any classes which include a "current" prefix or contain "has-children" will be preserved.', 'wp-hide-security-enhancer'),
68	- // . ' ' . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/remove-classes-html/" target="_blank">Remove classes from HTML</a>',
69
70	'input_type' => 'radio',
71	'options' => array(
	@@ -81,9 +76,7 @@
81	$this->module_settings[] = array(
82	'id' => 'clean_post_classes',
83	'label' => 'Remove general classes from post',
84	- 'description' => __('Remove general classes from post.', 'wp-hide-security-enhancer'),
85	- // . ' ' . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/remove-classes-html/" target="_blank">Remove classes from HTML</a>',
86	-
87	'input_type' => 'radio',
88	'options' => array(
89	'yes' => __('Yes', 'wp-hide-security-enhancer'),
	@@ -98,9 +91,7 @@
98	$this->module_settings[] = array(
99	'id' => 'clean_image_classes',
100	'label' => 'Remove general classes from images',
101	- 'description' => __('Remove general classes from media tags.', 'wp-hide-security-enhancer'),
102	- // . ' ' . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/remove-classes-html/" target="_blank">Remove classes from HTML</a>',
103	-
104	'input_type' => 'radio',
105	'options' => array(
106	'yes' => __('Yes', 'wp-hide-security-enhancer'),


30	$this->module_settings[] = array(
31	'id' => 'clean_body_classes',
32	'label' => 'Remove general classes from body tag',
33	+ 'description' => __('Remove general classes from body tag.', 'wp-hide-security-enhancer') . '<br /><span class="info"> '. __('This can produce layout issues with certain themes, if something break this should be turned off.', 'wp-hide-security-enhancer') . '</span>',


34	'input_type' => 'radio',
35	'options' => array(
36	'yes' => __('Yes', 'wp-hide-security-enhancer'),

45	$this->module_settings[] = array(
46	'id' => 'clean_menu_items_id',
47	'label' => 'Remove ID from Menu items',
48	+ 'description' => __('Remove ID attribute from all menu items.', 'wp-hide-security-enhancer'). '<br /><span class="info"> '. __('This can produce layout issues with certain themes, if something break this should be turned off.', 'wp-hide-security-enhancer') . '</span>',


49	'input_type' => 'radio',
50	'options' => array(
51	'yes' => __('Yes', 'wp-hide-security-enhancer'),

60	$this->module_settings[] = array(
61	'id' => 'clean_menu_items_classes',
62	'label' => 'Remove class from Menu items',
63	+ 'description' => __('Remove class attribute from all menu items. Any classes which include a "current" prefix or contain "has-children" will be preserved.', 'wp-hide-security-enhancer') . '<br /><span class="info"> '. __('This can produce layout issues with certain themes, if something break this should be turned off.', 'wp-hide-security-enhancer') . '</span>',

64
65	'input_type' => 'radio',
66	'options' => array(

76	$this->module_settings[] = array(
77	'id' => 'clean_post_classes',
78	'label' => 'Remove general classes from post',
79	+ 'description' => __('Remove general classes from post.', 'wp-hide-security-enhancer') . '<br /><span class="info"> '. __('This can produce layout issues with certain themes, if something break this should be turned off.', 'wp-hide-security-enhancer') . '</span>',


80	'input_type' => 'radio',
81	'options' => array(
82	'yes' => __('Yes', 'wp-hide-security-enhancer'),

91	$this->module_settings[] = array(
92	'id' => 'clean_image_classes',
93	'label' => 'Remove general classes from images',
94	+ 'description' => __('Remove general classes from media tags.', 'wp-hide-security-enhancer') . '<br /><span class="info"> '. __('This can produce layout issues with certain themes, if something break this should be turned off.', 'wp-hide-security-enhancer') . '</span>',


95	'input_type' => 'radio',
96	'options' => array(
97	'yes' => __('Yes', 'wp-hide-security-enhancer'),

modules/components/general-meta.php CHANGED Viewed

@@ -92,23 +92,6 @@
                                                                                 );
-            -
-            -
                                $this->module_settings[]                  =   array(
-            -
                                                                                'id'            =>  'remove_feed_links',
-            -
                                                                                'label'         =>  'Remove feed_links Meta',
-            -
                                                                                'description'   =>  __('Remove the feed_links tag within head.',  'wp-hide-security-enhancer'),
-            -
-            -
                                                                                'input_type'    =>  'radio',
-            -
                                                                                'options'       =>  array(
-            -
                                                                                                            'yes'       =>  __('Yes',    'wp-hide-security-enhancer'),
-            -
                                                                                                            'no'        =>  __('No',     'wp-hide-security-enhancer'),
-            -
                                                                                                            ),
-            -
                                                                                'default_value' =>  'no',
-            -
-            -
                                                                                'sanitize_type' =>  array('sanitize_title', 'strtolower')
-            -
-            -
                                                                                );
-            -
                                 $this->module_settings[]                  =   array(
                                                                                 'id'            =>  'disable_json_rest_wphead_link',
@@ -336,17 +319,6 @@
+                            }
-            -
                        function _init_remove_feed_links($saved_field_data)
-            -
                            {
-            -
                                if(empty($saved_field_data) ||  $saved_field_data   ==  'no')
-            -
                                    return FALSE;
-            -
-            -
                                remove_action('wp_head',    'feed_links',          2);
-            -
                                remove_action('wp_head',    'feed_links_extra',    3);
-            -
-            -
                            }
-            -
-            -
                         function _init_disable_json_rest_wphead_link($saved_field_data)
+                            {
                                 if(empty($saved_field_data) ||  $saved_field_data   ==  'no')

                                                                                 );
                                 $this->module_settings[]                  =   array(
                                                                                 'id'            =>  'disable_json_rest_wphead_link',
+                            }
                         function _init_disable_json_rest_wphead_link($saved_field_data)
+                            {
                                 if(empty($saved_field_data) ||  $saved_field_data   ==  'no')

modules/components/rewrite-new_theme_path.php CHANGED Viewed

	@@ -26,7 +26,7 @@
26	'value_description' => __('e.g. my_template', 'wp-hide-security-enhancer'),
27	'input_type' => 'text',
28
29	- 'sanitize_type' => array(~~array($this->wph->functions~~, '~~sanitize_file_path_name~~')),
30	'processing_order' => 10
31	);
32
	@@ -34,9 +34,7 @@
34	$this->module_settings[] = array(
35	'id' => 'new_style_file_path',
36	'label' => __('New Style File Path', 'wp-hide-security-enhancer'),
37	- 'description' => __('The default theme style file style.css path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' , $this->wph->default_variables['template_url']) .'/style.css</strong>'
38	- .'<div class="description"><div class="notice-error"><div alt="f534" class="dashicons dashicons-warning">warning</div> <span class="important">'. __('If style file contain relative URLs it should not include additional path, just the actual filename.', 'wp-hide-security-enhancer') .'. '. __('More details at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/new-style-file-path-along-with-internal-relative-urls/" target="_blank">New Style File Path along with relative URLs</a></span></div></div>'
39	- ,
40
41	'value_description' => __('e.g. custom-style-file.css', 'wp-hide-security-enhancer'),
42	'input_type' => 'text',
	@@ -86,15 +84,14 @@
86	'value_description' => __('e.g. my_child_template', 'wp-hide-security-enhancer'),
87	'input_type' => 'text',
88
89	- 'sanitize_type' => array(~~array($this->wph->functions~~, '~~sanitize_file_path_name~~')),
90	'processing_order' => 9
91	);
92
93	$this->module_settings[] = array(
94	'id' => 'child_style_file_path',
95	'label' => __('Child - New Style File Path', 'wp-hide-security-enhancer'),
96	- 'description' => __('The default theme style file style.css path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' , $this->wph->default_variables['stylesheet_uri']) .'/style.css</strong>'
97	- .'<div class="description"><div class="notice-error"><div alt="f534" class="dashicons dashicons-warning">warning</div> <span class="important">'. __('If style file contain relative URLs it should not include additional path, just the actual filename.', 'wp-hide-security-enhancer') .'. '. __('More details at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/new-style-file-path-along-with-internal-relative-urls/" target="_blank">New Style File Path along with relative URLs</a></span></div></div>',
98
99	'value_description' => __('e.g. custom-style-file.css', 'wp-hide-security-enhancer'),
100	'input_type' => 'text',
	@@ -678,9 +675,9 @@
678	<rule name="wph_rewrite_global_file_process" stopProcessing="true">
679	<match url=".*" />
680	<conditions>
681	- <add input="' . $cache_path . '/cache/wph/{HTTP_HOST}{~~REQUEST_URI~~}" matchType="IsFile" />
682	</conditions>
683	- <action type="Rewrite" url="' . $actual_cache_path . '/cache/wph/{HTTP_HOST}{~~REQUEST_URI~~}" appendQueryString="false" />
684	</rule>' ."\n";
685
686	}


26	'value_description' => __('e.g. my_template', 'wp-hide-security-enhancer'),
27	'input_type' => 'text',
28
29	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
30	'processing_order' => 10
31	);
32

34	$this->module_settings[] = array(
35	'id' => 'new_style_file_path',
36	'label' => __('New Style File Path', 'wp-hide-security-enhancer'),
37	+ 'description' => __('The default theme style file style.css path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' , $this->wph->default_variables['template_url']) .'/style.css</strong>',


38
39	'value_description' => __('e.g. custom-style-file.css', 'wp-hide-security-enhancer'),
40	'input_type' => 'text',

84	'value_description' => __('e.g. my_child_template', 'wp-hide-security-enhancer'),
85	'input_type' => 'text',
86
87	+ 'sanitize_type' => array('sanitize_title', 'strtolower'),
88	'processing_order' => 9
89	);
90
91	$this->module_settings[] = array(
92	'id' => 'child_style_file_path',
93	'label' => __('Child - New Style File Path', 'wp-hide-security-enhancer'),
94	+ 'description' => __('The default theme style file style.css path is set to', 'wp-hide-security-enhancer') . ' <strong>'. str_replace(get_bloginfo('wpurl'), '' , $this->wph->default_variables['stylesheet_uri']) .'/style.css</strong>',

95
96	'value_description' => __('e.g. custom-style-file.css', 'wp-hide-security-enhancer'),
97	'input_type' => 'text',

675	<rule name="wph_rewrite_global_file_process" stopProcessing="true">
676	<match url=".*" />
677	<conditions>
678	+ <add input="' . $cache_path . '/cache/wph/{HTTP_HOST}{URL}" matchType="IsFile" />
679	</conditions>
680	+ <action type="Rewrite" url="' . $actual_cache_path . '/cache/wph/{HTTP_HOST}{URL}" appendQueryString="false" />
681	</rule>' ."\n";
682
683	}

modules/components/rewrite-root-files.php CHANGED Viewed

	@@ -27,7 +27,7 @@
27	'default_value' => 'no',
28
29	'sanitize_type' => array('sanitize_title', 'strtolower'),
30	- 'processing_order' => 60
31	);
32
33	$this->module_settings[] = array(
	@@ -43,7 +43,7 @@
43	'default_value' => 'no',
44
45	'sanitize_type' => array('sanitize_title', 'strtolower'),
46	- 'processing_order' => 60
47	);
48
49	$this->module_settings[] = array(
	@@ -59,7 +59,7 @@
59	'default_value' => 'no',
60
61	'sanitize_type' => array('sanitize_title', 'strtolower'),
62	- 'processing_order' => 60
63	);
64
65	$this->module_settings[] = array(
	@@ -75,7 +75,7 @@
75	'default_value' => 'no',
76
77	'sanitize_type' => array('sanitize_title', 'strtolower'),
78	- 'processing_order' => 60
79	);
80
81	$this->module_settings[] = array(
	@@ -291,19 +291,19 @@
291	if(empty($saved_field_data) \|\| $saved_field_data == 'no')
292	return $processing_response;
293
294	- $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-~~signup~~.php' : 'wp-~~signup~~.php';
295
296	if($this->wph->server_htaccess_config === TRUE)
297	{
298	$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
299	- $text .= "RewriteRule ^~~wp-register~~.~~php~~ /index.php~~?wph-throw-404~~ [L]";
300	}
301
302	if($this->wph->server_web_config === TRUE)
303	$text = '
304	<rule name="wph-block_default_wp_register_php" stopProcessing="true">
305	<match url="^wp-register.php" />
306	- <action type="Rewrite" url="'. $this->wph->default_variables['site_wordpress_relative_path'] .'index.php~~?wph-throw-404~~" />
307	</rule>
308	';
309
	@@ -329,6 +329,7 @@
329	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-activate.php [NC]\n";
330	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-cron.php [NC]\n";
331	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-signup.php [NC]\n";

332	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
333	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
334
	@@ -344,6 +345,7 @@
344	<add input="{REQUEST_FILENAME}" pattern="wp-activate.php" ignoreCase="true" negate="true" />
345	<add input="{REQUEST_FILENAME}" pattern="wp-cron.php" ignoreCase="true" negate="true" />
346	<add input="{REQUEST_FILENAME}" pattern="wp-signup.php" ignoreCase="true" negate="true" />

347	<add input="{REQUEST_FILENAME}" pattern="wp-comments-post.php" ignoreCase="true" negate="true" />
348	<add input="{REQUEST_FILENAME}" pattern="wp-login.php" ignoreCase="true" negate="true" />
349	</conditions>


27	'default_value' => 'no',
28
29	'sanitize_type' => array('sanitize_title', 'strtolower'),
30	+ 'processing_order' => 55
31	);
32
33	$this->module_settings[] = array(

43	'default_value' => 'no',
44
45	'sanitize_type' => array('sanitize_title', 'strtolower'),
46	+ 'processing_order' => 55
47	);
48
49	$this->module_settings[] = array(

59	'default_value' => 'no',
60
61	'sanitize_type' => array('sanitize_title', 'strtolower'),
62	+ 'processing_order' => 55
63	);
64
65	$this->module_settings[] = array(

75	'default_value' => 'no',
76
77	'sanitize_type' => array('sanitize_title', 'strtolower'),
78	+ 'processing_order' => 55
79	);
80
81	$this->module_settings[] = array(

291	if(empty($saved_field_data) \|\| $saved_field_data == 'no')
292	return $processing_response;
293
294	+ $rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-register.php' : 'wp-register.php';
295
296	if($this->wph->server_htaccess_config === TRUE)
297	{
298	$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
299	+ $text .= "RewriteRule ^" . $rewrite_file_base ." ". $this->wph->default_variables['site_wordpress_relative_path'] ."index.php [L]";
300	}
301
302	if($this->wph->server_web_config === TRUE)
303	$text = '
304	<rule name="wph-block_default_wp_register_php" stopProcessing="true">
305	<match url="^wp-register.php" />
306	+ <action type="Rewrite" url="'. $this->wph->default_variables['site_wordpress_relative_path'] .'index.php" />
307	</rule>
308	';
309

329	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-activate.php [NC]\n";
330	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-cron.php [NC]\n";
331	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-signup.php [NC]\n";
332	+ $text .= "RewriteCond %{REQUEST_FILENAME} !wp-register.php [NC]\n";
333	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-comments-post.php [NC]\n";
334	$text .= "RewriteCond %{REQUEST_FILENAME} !wp-login.php [NC]\n";
335

345	<add input="{REQUEST_FILENAME}" pattern="wp-activate.php" ignoreCase="true" negate="true" />
346	<add input="{REQUEST_FILENAME}" pattern="wp-cron.php" ignoreCase="true" negate="true" />
347	<add input="{REQUEST_FILENAME}" pattern="wp-signup.php" ignoreCase="true" negate="true" />
348	+ <add input="{REQUEST_FILENAME}" pattern="wp-register.php" ignoreCase="true" negate="true" />
349	<add input="{REQUEST_FILENAME}" pattern="wp-comments-post.php" ignoreCase="true" negate="true" />
350	<add input="{REQUEST_FILENAME}" pattern="wp-login.php" ignoreCase="true" negate="true" />
351	</conditions>

modules/module-general.php CHANGED Viewed

	@@ -12,6 +12,9 @@
12	include(WPH_PATH . "/modules/components/general-meta.php");
13	$this->components[] = new WPH_module_general_meta();
14



15	include(WPH_PATH . "/modules/components/general-tobots-txt.php");
16	$this->components[] = new WPH_module_general_robots_txt();
17


12	include(WPH_PATH . "/modules/components/general-meta.php");
13	$this->components[] = new WPH_module_general_meta();
14
15	+ include(WPH_PATH . "/modules/components/general-feed.php");
16	+ $this->components[] = new WPH_module_general_feed();
17	+
18	include(WPH_PATH . "/modules/components/general-tobots-txt.php");
19	$this->components[] = new WPH_module_general_robots_txt();
20

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: nsp-code, tdgu
3	Donate link: http://www.nsp-code.com/donate.php
4	Tags: wordpress hide, hide, security, improve security, hacking, wp hide, custom login, wp-loging.php, ap-admin, admin hide
5	Requires at least: 2.8
6	- Tested up to: 4.~~7.3~~
7	- Stable tag: 1.4.~~4.4~~
8	License: GPLv2 or later
9
10	Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
	@@ -243,6 +243,19 @@ Please get in touch with us and we'll do our best to include it for a next versi
243
244	== Changelog ==
245













246	= 1.4.4.4 =
247	* If no server type identification possible, try to check for .htaccess file
248	* Improved .htaccess search mod, Use preg_grep for identify the begin and end of WordPress rules


3	Donate link: http://www.nsp-code.com/donate.php
4	Tags: wordpress hide, hide, security, improve security, hacking, wp hide, custom login, wp-loging.php, ap-admin, admin hide
5	Requires at least: 2.8
6	+ Tested up to: 4.8
7	+ Stable tag: 1.4.5
8	License: GPLv2 or later
9
10	Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.

243
244	== Changelog ==
245
246	+ = 1.4.5 =
247	+ * Add replacements for urls which does not contain explicit protocol e.g. http: or https:
248	+ * Avada cache URLs replacements support
249	+ * Fix processing_order for specific root files
250	+ * Ignore wp-register.php when blocking other wp-* files
251	+ * Fixed wp-register.php block
252	+ * Check for replacements on url encoded links
253	+ * Show message notices on General/HTML -> Html for options which may interfere with themes.
254	+ * sanitize_file_path_name fix when slug include a file type extension
255	+ * Prevent redirect to new url when accessing links through www
256	+ * New component Feeds
257	+ * Windows - Global file process rewrite rules update
258	+
259	= 1.4.4.4 =
260	* If no server type identification possible, try to check for .htaccess file
261	* Improved .htaccess search mod, Use preg_grep for identify the begin and end of WordPress rules

router/environment.php ADDED Viewed

File without changes

wp-hide.php CHANGED Viewed

	@@ -5,9 +5,9 @@ Plugin URI: http://www.nsp-code.com
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.4.~~4.4~~
9	Text Domain: wp-hide-security-enhancer
10	- Domain Path: /languages/
11	*/
12
13	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.4.5
9	Text Domain: wp-hide-security-enhancer
10	+ Domain Path: /languages/
11	*/
12
13	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly

WP Hide & Security Enhancer - Version 1.4.5

Version Description

Release Info

Code changes from version 1.4.4.4 to 1.4.5