WP Hide & Security Enhancer

Version Description

Check for filterable buffer content type, before doing replacements, to prevent erroneously changes
Update only URLs on XML content type
Updated plugin demo site URL on readme file
Compatibility update for ShortPixel Image Optimizer plugin
Notice possible issue for Cron block on certain servers

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.5.9.3
Comparing to
See all releases

Code changes from version 1.5.9 to 1.5.9.3

Files changed (7) hide show

compatibility/shortpixel-image-optimiser.php +57 -0
include/class.compatibility.php +3 -0
include/functions.class.php +109 -0
include/wph.class.php +62 -0
modules/components/rewrite-root-files.php +8 -1
readme.txt +55 -19
wp-hide.php +1 -1

compatibility/shortpixel-image-optimiser.php ADDED Viewed

	@@ -0,0 +1,57 @@


1	+ <?php
2	+
3	+ /**
4	+ * Compatibility for Plugin Name: ShortPixel Image Optimizer
5	+ * Compatibility checked on Version: 4.15.3
6	+ */
7	+
8	+
9	+ class WPH_conflict_shortpixel_image_optimizer
10	+ {
11	+
12	+ static function init()
13	+ {
14	+ if( ! self::is_plugin_active())
15	+ return FALSE;
16	+
17	+ add_action('shortpixel_image_urls', array( 'WPH_conflict_shortpixel_image_optimizer', 'shortpixel_image_urls') , 99, 2 );
18	+ }
19	+
20	+ static function is_plugin_active()
21	+ {
22	+
23	+ include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
24	+
25	+ if(is_plugin_active( 'shortpixel-image-optimiser/wp-shortpixel.php' ))
26	+ return TRUE;
27	+ else
28	+ return FALSE;
29	+ }
30	+
31	+
32	+ static function shortpixel_image_urls( $urls, $handler_id )
33	+ {
34	+ global $wph;
35	+
36	+ if ( empty ( $urls ) )
37	+ return $urls;
38	+
39	+ //retrieve the replacements list
40	+ $replacement_list = $wph->functions->get_replacement_list();
41	+
42	+ foreach ( $urls as $key => $url )
43	+ {
44	+ $urls[ $key ] = $wph->functions->content_urls_replacement( $urls[ $key ], $replacement_list );
45	+ }
46	+
47	+ return $urls;
48	+ }
49	+
50	+
51	+ }
52	+
53	+
54	+ WPH_conflict_shortpixel_image_optimizer::init();
55	+
56	+
57	+ ?>

include/class.compatibility.php CHANGED Viewed

	@@ -96,6 +96,9 @@
96
97	//WP Smush
98	include_once(WPH_PATH . 'compatibility/wp-smush.php');



99
100
101	/**


96
97	//WP Smush
98	include_once(WPH_PATH . 'compatibility/wp-smush.php');
99	+
100	+ //ShortCode Image Optimizer
101	+ include_once(WPH_PATH . 'compatibility/shortpixel-image-optimiser.php');
102
103
104	/**

include/functions.class.php CHANGED Viewed

@@ -2367,6 +2367,87 @@
                         /**
                         * Get available themes
+                        *
@@ -2634,6 +2715,34 @@
+                                    }
+                            }
                         function get_ad_banner()
+                            {


2367
2368
2369
2370	+ /**
2371	+ * Attempt to update the outputed headers
2372	+ *
2373	+ * @param mixed $headers
2374	+ * @param mixed $response_headers
2375	+ */
2376	+ function update_headers( $headers, $response_headers )
2377	+ {
2378	+
2379	+ $replacement_list = $this->get_replacement_list();
2380	+
2381	+ foreach ( $headers as $header )
2382	+ {
2383	+ if(isset($response_headers[ $header ]))
2384	+ {
2385	+ $header_value = $response_headers[ $header ];
2386	+ $new_header_value = $this->content_urls_replacement($header_value, $replacement_list );
2387	+
2388	+ if($header_value != $new_header_value)
2389	+ {
2390	+ header_remove("Location");
2391	+ header( 'Location: ' . $new_header_value );
2392	+ }
2393	+ }
2394	+ }
2395	+
2396	+ }
2397	+
2398	+
2399	+
2400	+ /**
2401	+ * Check if current content is filterable, depending on header content type
2402	+ *
2403	+ */
2404	+ function is_filterable_content_type()
2405	+ {
2406	+
2407	+ $is_filterable = TRUE;
2408	+
2409	+ $headers_content_type = $this->get_headers_list_content_type();
2410	+
2411	+ $allow_type = array(
2412	+ 'text/css',
2413	+ 'text/html',
2414	+ 'text/csv',
2415	+ 'application/javascript',
2416	+ 'text/javascript',
2417	+ 'application/json'
2418	+ );
2419	+ if ( ! in_array( $headers_content_type , $allow_type ) )
2420	+ $is_filterable = FALSE;
2421	+
2422	+ return $is_filterable;
2423	+
2424	+ }
2425	+
2426	+
2427	+ function get_headers_list_content_type()
2428	+ {
2429	+ $headers = headers_list();
2430	+
2431	+ //there is no header to check
2432	+ if ( ! is_array( $headers ) \|\| count ( $headers ) < 1 )
2433	+ return FALSE;
2434	+
2435	+
2436	+ $found = preg_grep('/^Content-Type\s?:.*/i', $headers);
2437	+ if ( ! is_array ( $found ) \|\| count ( $found ) < 1 )
2438	+ return FALSE;
2439	+
2440	+ reset( $found );
2441	+ $header_field = $headers[ key( $found ) ];
2442	+ $header_field = preg_replace('/Content-Type\s?:/i', '', $header_field);
2443	+ $header_field = trim ( $header_field );
2444	+ $header_field_parts = explode(";", $header_field);
2445	+ $header_content_type = trim( $header_field_parts[0] );
2446	+
2447	+ return $header_content_type;
2448	+ }
2449	+
2450	+
2451	/**
2452	* Get available themes
2453	*

2715	}
2716	}
2717
2718	+
2719	+ /**
2720	+ * Dirty check if a specified caller is in the backtrace debug list
2721	+ *
2722	+ * @param mixed $type
2723	+ * @param mixed $name
2724	+ */
2725	+ function _is_caller_in_backtrace( $elements )
2726	+ {
2727	+
2728	+ $stack = debug_backtrace();
2729	+
2730	+ foreach ( $stack as $stack_item )
2731	+ {
2732	+ $elements_seek = $elements;
2733	+ foreach ( $elements as $key => $value )
2734	+ {
2735	+ if ( isset( $stack_item[ $key ] ) && $stack_item[ $key ] == $value )
2736	+ unset( $elements_seek[$key]);
2737	+ }
2738	+
2739	+ if ( count ( $elements_seek ) < 1 )
2740	+ return TRUE;
2741	+ }
2742	+
2743	+ return FALSE;
2744	+ }
2745	+
2746
2747	function get_ad_banner()
2748	{

include/wph.class.php CHANGED Viewed

@@ -171,6 +171,9 @@
                                 //restart the buffering if already outputed. This is usefull for plugin / theme update iframe
                                 add_action('admin_print_footer_scripts',    array($this, 'admin_print_footer_scripts'), -1);
+                            }
@@ -575,6 +578,49 @@
                                 if($this->disable_ob_start_callback === TRUE)
                                     return $buffer;
                                 //provide a filter to disable the replacements
                                 if  ( apply_filters('wp-hide/ignore_ob_start_callback', FALSE, $buffer)     === TRUE   )
@@ -631,6 +677,22 @@
                                 return $buffer;
+                            }
                         /**
                         * check for any query and headers change


171
172	//restart the buffering if already outputed. This is usefull for plugin / theme update iframe
173	add_action('admin_print_footer_scripts', array($this, 'admin_print_footer_scripts'), -1);
174	+
175	+ //prevent the buffer processing if not filterable available
176	+ add_filter( 'wp-hide/ignore_ob_start_callback', array($this, 'ignore_ob_start_callback'), 999 );
177
178	}
179

578
579	if($this->disable_ob_start_callback === TRUE)
580	return $buffer;
581	+
582	+ $response_headers = array();
583	+
584	+ if ( empty ( $buffer ) )
585	+ {
586	+ //attempt to change the headers urls
587	+ if(function_exists('apache_response_headers'))
588	+ {
589	+ $response_headers = apache_response_headers();
590	+ }
591	+ else
592	+ {
593	+ if ( ! is_null ($this->functions) )
594	+ $response_headers = $this->functions->parseRequestHeaders();
595	+ }
596	+
597	+ if ( ! is_null ($this->functions) )
598	+ $this->functions->update_headers ( array ( 'Location' ) , $response_headers );
599	+
600	+ return $buffer;
601	+ }
602	+
603	+ //check for xml content tupe
604	+ $headers_content_type = array();
605	+ if ( ! is_null ( $this->functions ) )
606	+ $headers_content_type = $this->functions->get_headers_list_content_type();
607	+ if ( in_array( $headers_content_type , array( 'text/xml' ) ) && ! is_null ( $this->functions ) )
608	+ {
609	+
610	+ //do only url replacements
611	+ $replacement_list = $this->functions->get_replacement_list();
612	+
613	+ //replace the urls
614	+ $buffer = $this->functions->content_urls_replacement($buffer, $replacement_list );
615	+
616	+ //if html comments remove is on, run a regex
617	+ $option_remove_html_comments = $this->functions->get_site_module_saved_value( 'remove_html_comments', $this->functions->get_blog_id_setting_to_use() );
618	+ if ( ! empty ( $option_remove_html_comments ) && $option_remove_html_comments == 'yes' )
619	+ $buffer = WPH_module_general_html::remove_html_comments( $buffer );
620	+
621	+ return $buffer;
622	+ }
623	+
624
625	//provide a filter to disable the replacements
626	if ( apply_filters('wp-hide/ignore_ob_start_callback', FALSE, $buffer) === TRUE )

677	return $buffer;
678
679	}
680	+
681	+
682	+ /**
683	+ * Ignore the buffer processing if the content is not filterable by header content type
684	+ *
685	+ * @param mixed $ignore
686	+ */
687	+ function ignore_ob_start_callback( $ignore )
688	+ {
689	+ $is_filterable = $this->functions->is_filterable_content_type();
690	+
691	+ if ( $is_filterable === FALSE )
692	+ $ignore = TRUE;
693	+
694	+ return $ignore;
695	+ }
696
697	/**
698	* check for any query and headers change

modules/components/rewrite-root-files.php CHANGED Viewed

	@@ -90,6 +90,7 @@
90	else
91	{
92	$option_description .= '<br /><span class="important">' . __('Site domain rezolved to IP', 'wp-hide-security-enhancer') . ' ' . $local_ip . ' ' . __('If blocked, all internal calls to cron will continue to run fine. All calls from a different IP are blocked, including direct calls.', 'wp-hide-security-enhancer') . '</span>';

93	}
94
95	$this->module_settings[] = array(
	@@ -98,12 +99,18 @@
98	'description' => "Block access to wp-cron.php file",
99
100	'help' => array(
101	- 'title' => __('Help', 'wp-hide-security-enhancer') . ' - ' . __('Block wp-~~activate~~.php', 'wp-hide-security-enhancer'),
102	'description' => __("The file wp-cron.php is the portion of WordPress that handles scheduled events within a WordPress site. If remote cron calls not being used this can be set to Yes..", 'wp-hide-security-enhancer') .
103	"<br />" . $option_description,
104	'option_documentation_url' => 'https://www.wp-hide.com/documentation/rewrite-root-files/'
105	),
106






107	'input_type' => 'radio',
108	'options' => array(
109	'no' => __('No', 'wp-hide-security-enhancer'),


90	else
91	{
92	$option_description .= '<br /><span class="important">' . __('Site domain rezolved to IP', 'wp-hide-security-enhancer') . ' ' . $local_ip . ' ' . __('If blocked, all internal calls to cron will continue to run fine. All calls from a different IP are blocked, including direct calls.', 'wp-hide-security-enhancer') . '</span>';
93	+ $option_description .= '<br /><span class="important">' . __('On certain servers, different ip\'s can be used to call the cron internally. If the Cron service apepars to not trigger anymore, this option should be disabled.', 'wp-hide-security-enhancer') . '</span>';
94	}
95
96	$this->module_settings[] = array(

99	'description' => "Block access to wp-cron.php file",
100
101	'help' => array(
102	+ 'title' => __('Help', 'wp-hide-security-enhancer') . ' - ' . __('Block wp-cron.php', 'wp-hide-security-enhancer'),
103	'description' => __("The file wp-cron.php is the portion of WordPress that handles scheduled events within a WordPress site. If remote cron calls not being used this can be set to Yes..", 'wp-hide-security-enhancer') .
104	"<br />" . $option_description,
105	'option_documentation_url' => 'https://www.wp-hide.com/documentation/rewrite-root-files/'
106	),
107
108	+ 'advanced_option' => array(
109	+
110	+ 'description' => '<b>' . __('This is an advanced option !', 'wp-hide-security-enhancer') . '</b><br />' . __('The Cron service is how WordPress handles scheduling time-based tasks in WordPress. If not working correctly, some core features such as checking for updates and publishing scheduled will fail.', 'wp-hide-security-enhancer')
111	+
112	+ ),
113	+
114	'input_type' => 'radio',
115	'options' => array(
116	'no' => __('No', 'wp-hide-security-enhancer'),

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: nsp-code, tdgu
3	Donate link: https://www.nsp-code.com/
4	Tags: wordpress hide, hide, security, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	- Tested up to: 5.3
7	- Stable tag: 1.5.9
8	License: GPLv2 or later
9
10	Hide and increase Security for your WordPress site using smart techniques. No files are changed on your server. Change default admin and wp-login urls
	@@ -236,7 +236,7 @@ Since version 1.2 Change individual plugin urls which make them unrecognizable,
236
237	<br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.wp-hide.com">Contact</a> and we'll check it out.
238
239	- <br />A website example can be found at <a target="_blank" href="http://~~nsp-code~~.~~com/demo/~~wp-hide/">http://~~nsp-code~~.~~com/demo/~~wp-hide/</a> or our website <a target="_blank" href="http://www.wp-hide.com/">WP Hide and Security Enhancer</a>
240
241	<br />Plugin homepage at <a target="_blank" href="http://www.wp-hide.com/">WordPress Hide and Security Enhancer</a>
242
	@@ -245,41 +245,70 @@ Since version 1.2 Change individual plugin urls which make them unrecognizable,
245
246	== Installation ==
247
248	- 1. ~~Upload~~ the plugin ~~files~~ to the `/wp-content/plugins/wp-hide-security-enhancer` directory~~, or install the plugin through the WordPress plugins screen directly~~.
249	2. Activate the plugin through the 'Plugins' screen in WordPress.
250	3. Use the WP Hide menu screen to configure the plugin.
251
252	== Frequently Asked Questions ==
253
254	- Feel free to contact us at ~~electronice_delphi~~@~~yahoo~~.com
255
256	= Does the plugin change anything on my server =
257
258	- Absolute ~~none~~! ~~No file and directory is being changed anywhere, everything is processed virtually! The plugin code use URL rewrite techniques and WordPress filters to apply all internal functionality and features.~~

259
260	- = ~~Can~~ i ~~still~~ ~~update~~ ~~WordPress~~, my ~~plugins~~ ~~and~~ ~~themes~~? =



















261
262	- ~~Everything~~ ~~works~~ as ~~before,~~ no ~~functionality~~ is being ~~breaked~~. ~~You~~ ~~can~~ ~~run~~ ~~updates~~ at ~~any~~ ~~time~~.
263
264	- = ~~What~~ ~~servers~~ ~~this~~ plugin ~~can~~ ~~work =~~
265
266	- ~~This~~ ~~free~~ ~~code~~ ~~can~~ ~~with~~ ~~Apache~~ ~~and~~ ~~IIS~~ ~~server~~ ~~types~~. ~~For~~ ~~all~~ ~~others~~ ~~check~~ ~~the~~ PRO version at ~~http~~://www.wp-hide.com
267
268	- = ~~Something~~ is ~~wrong,~~ ~~what~~ ~~can~~ i ~~do?~~ ~~How~~ ~~can~~ i ~~recover~~ my ~~site~~? =













269
270	* First, stay calm. There will be no harm, guaranteed :)
271	- * Go to admin and change some of plugin options to see which one ~~cause~~ the problem. Then report it to forum or get in touch with us to fix it.
272	- * If you can't ~~login~~ to admin, use the Recovery Link which has been sent to your e-mail. This will reset the login to default.
273	- * If you can't find the recovery link or none ~~mentioned~~ above worked, delete the plugin from your wp-content/plugins directory. Then remove any lines in your .htaccess file between
274	BEGIN WP Hide & Security Enhancer
275	..
276	END WP Hide & Security Enhancer
277
278	- * At this point the site should run as before. If for some reason still not working, you missed something, please get in touch with us at ~~electronice_delphi~~@~~yahoo~~.com and we'll fix it for you in no time!
279	-
280	- = I have no PHP knowledge at all, is this plugin for me? =
281	-
282	- There's no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.
283
284	= I can't find a functionality that i'am looking for =
285
	@@ -292,6 +321,13 @@ Please get in touch with us and we'll do our best to include it for a next versi
292
293	== Changelog ==
294







295	= 1.5.9 =
296	* New admin interfaces skin.
297	* Relocated plugin assets within a different folder for better organisator.


3	Donate link: https://www.nsp-code.com/
4	Tags: wordpress hide, hide, security, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	+ Tested up to: 5.3.2
7	+ Stable tag: 1.5.9.3
8	License: GPLv2 or later
9
10	Hide and increase Security for your WordPress site using smart techniques. No files are changed on your server. Change default admin and wp-login urls

236
237	<br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.wp-hide.com">Contact</a> and we'll check it out.
238
239	+ <br />A website example can be found at <a target="_blank" href="http://demo.wp-hide.com/">http://demo.wp-hide.com/</a> or our website <a target="_blank" href="http://www.wp-hide.com/">WP Hide and Security Enhancer</a>
240
241	<br />Plugin homepage at <a target="_blank" href="http://www.wp-hide.com/">WordPress Hide and Security Enhancer</a>
242

245
246	== Installation ==
247
248	+ 1. Install the plugin through the WordPress plugins screen directly or upload the pacckage to `/wp-content/plugins/wp-hide-security-enhancer` directory.
249	2. Activate the plugin through the 'Plugins' screen in WordPress.
250	3. Use the WP Hide menu screen to configure the plugin.
251
252	== Frequently Asked Questions ==
253
254	+ Feel free to contact us at contact@wp-hide.com for fast support.
255
256	= Does the plugin change anything on my server =
257
258	+ Absolute None!
259	+ No files and directories are being changed on your server, everything is processed virtually! The plugin code use URL rewrite techniques and WordPress filters to apply all internal functionality and features.
260
261	+ = I have no PHP knowledge at all, is this plugin for me? =
262	+
263	+ There's no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.
264	+
265	+ = Can I still update WordPress, my plugins and themes? =
266	+
267	+ Everything works as before, no functionality is being broken. You can run updates at any time.
268	+
269	+ = What servers this plugin can work with =
270	+
271	+ This free code can with Apache, IIS server types and any other set-up which rely on .htaccess usage.
272	+ For all other checks the PRO version at <a target="_blank" href="https://www.wp-hide.com">WP Hide PRO</a>
273	+
274	+ = Is there any demo I can check? =
275	+
276	+ A demo instance can be found at <a target="_blank" href="http://demo.wp-hide.com/">http://demo.wp-hide.com/</a> or our own website <a target="_blank" href="http://www.wp-hide.com/">WP Hide and Security Enhancer</a>
277	+
278	+ = How to make it work with my OpenLiteSpeed server =
279	+
280	+ There are few things to consider when run on litespeed servers:
281
282	+ * Ensure the liteserver actually process the .htaccess file where the rewrite data is being saved. Check with the following topic regarding this issue <a target="_blank" href="https://www.litespeedtech.com/support/forum/threads/htaccess-is-ignored.15500/">Post</a>
283
284	+ * If you use Litespeed Cache plugin, in the Optimization Settings area, disable the CSS / JS Minify
285
286	+ * If your litespeed server requires to place the rewrite lines in a different file e.g. config file or interface, consider upgrading to PRO version which includes a Setup page where you can get the rewrite code href="https://www.wp-hide.com/wp-hide-pro-now-available/">WP Hide PRO</a>.
287
288	+ = .htaccess file writing error - Unable to write custom rules to your .htaccess. Is this file writable?
289	+
290	+ I'm seeing this error "Unable to write custom rules to your .htaccess. Is this file writable" what does it mean?
291	+ The error appear when the plugin is not able to write to .htaccess file located in your WordPress root. You can try the followings to make a fix:
292	+
293	+ * Check if your .htaccess file is writable. This can be different from server to server, but usually require rw-rw-r– / 0664 Also ensure the file owner is the same group as php
294	+
295	+ * Sometimes the other codes wrongly use the flush_rules() which hijack the default filters for rewrite. Try to disable the other plugins and theme to figure out which ones produce the issue.
296	+
297	+ * De-activate and RE-activate the plugin, apparently worked for some users.
298	+
299	+ * Create a backup of .htaccess, then delete it from the server. Go to Settings > Permalinks > update once, this should create the file again on the WordPress root. If so, try to change any WP Hide options which will update the .htaccess content accordingly.
300	+
301	+ = Something is wrong, what can I do? How can I recover my site? =
302
303	* First, stay calm. There will be no harm, guaranteed :)
304	+ * Go to admin and change some of the plugin options to see which one causes the problem. Then report it to the forum or get in touch with us to fix it.
305	+ * If you can't log in to admin, use the Recovery Link which has been sent to your e-mail. This will reset the login to default.
306	+ * If you can't find the recovery link or none of the above worked, delete the plugin from your wp-content/plugins directory. Then remove any lines in your .htaccess file between
307	BEGIN WP Hide & Security Enhancer
308	..
309	END WP Hide & Security Enhancer
310
311	+ * At this point, the site should run as before. If for some reason still not working, you missed something, please get in touch with us at contact@wp-hide.com and we'll fix it for you in no time!




312
313	= I can't find a functionality that i'am looking for =
314

321
322	== Changelog ==
323
324	+ = 1.5.9.3 =
325	+ * Check for filterable buffer content type, before doing replacements, to prevent erroneously changes
326	+ * Update only URLs on XML content type
327	+ * Updated plugin demo site URL on readme file
328	+ * Compatibility update for ShortPixel Image Optimizer plugin
329	+ * Notice possible issue for Cron block on certain servers
330	+
331	= 1.5.9 =
332	* New admin interfaces skin.
333	* Relocated plugin assets within a different folder for better organisator.

wp-hide.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://www.wp-hide.com/
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.5.9
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.5.9.3
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/

WP Hide & Security Enhancer - Version 1.5.9.3

Version Description

Release Info

Code changes from version 1.5.9 to 1.5.9.3