Version Description
- When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
- Check if set headers are actually passed-through on the front side, as some servers may block that.
- Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active
Download this release
Release Info
Developer | nsp-code |
Plugin | WP Hide & Security Enhancer |
Version | 1.7.8.1 |
Comparing to | |
See all releases |
Code changes from version 1.7.8 to 1.7.8.1
- assets/css/wph.css +1 -0
- compatibility/wp-rocket.php +2 -0
- modules/components/security-check_headers.php +38 -1
- readme.txt +6 -1
- wp-hide.php +1 -1
assets/css/wph.css
CHANGED
@@ -134,6 +134,7 @@ table .wph_input tr .cell{}
|
|
134 |
#wph-headers thead th {font-weight: bold}
|
135 |
#wph-headers .security-header td:first-child{border-left: 5px solid #7d6591;}
|
136 |
#wph-headers-container .found-headers-info small {background-color: #f7fcfe; padding: 3px 5px; border: 1px dashed red;}
|
|
|
137 |
#wph-headers tr td{border-bottom: 1px solid #dddddd}
|
138 |
#wph-headers-container span.wph-pro {font-size: 10px;font-weight: normal;padding: 1px 3px;}
|
139 |
|
134 |
#wph-headers thead th {font-weight: bold}
|
135 |
#wph-headers .security-header td:first-child{border-left: 5px solid #7d6591;}
|
136 |
#wph-headers-container .found-headers-info small {background-color: #f7fcfe; padding: 3px 5px; border: 1px dashed red;}
|
137 |
+
#wph-headers-container .important {color: #d54e21}
|
138 |
#wph-headers tr td{border-bottom: 1px solid #dddddd}
|
139 |
#wph-headers-container span.wph-pro {font-size: 10px;font-weight: normal;padding: 1px 3px;}
|
140 |
|
compatibility/wp-rocket.php
CHANGED
@@ -17,6 +17,8 @@
|
|
17 |
{
|
18 |
if( ! $this->is_plugin_active() )
|
19 |
return FALSE;
|
|
|
|
|
20 |
|
21 |
global $wph;
|
22 |
|
17 |
{
|
18 |
if( ! $this->is_plugin_active() )
|
19 |
return FALSE;
|
20 |
+
|
21 |
+
define ('WP_ROCKET_WHITE_LABEL_FOOTPRINT', true);
|
22 |
|
23 |
global $wph;
|
24 |
|
modules/components/security-check_headers.php
CHANGED
@@ -174,7 +174,7 @@
|
|
174 |
$_JSON_response = array();
|
175 |
|
176 |
$site_url = apply_filters( 'wp-hide/check_headers/url', home_url() );
|
177 |
-
$response = wp_remote_head( $site_url );
|
178 |
|
179 |
if ( ! is_array( $response ) )
|
180 |
{
|
@@ -265,7 +265,44 @@
|
|
265 |
</table>
|
266 |
</div>
|
267 |
<p class="found-headers-info"><small>[ Found <?php echo count ( $found_headers ) ?> security headers ]</small></p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
268 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
269 |
<p> </p>
|
270 |
<h4><?php _e('Consider adding more security headers:', 'wp-hide-security-enhancer') ?></h4>
|
271 |
<?php
|
174 |
$_JSON_response = array();
|
175 |
|
176 |
$site_url = apply_filters( 'wp-hide/check_headers/url', home_url() );
|
177 |
+
$response = wp_remote_head( $site_url, array( 'sslverify' => false, 'timeout' => 60 ) );
|
178 |
|
179 |
if ( ! is_array( $response ) )
|
180 |
{
|
265 |
</table>
|
266 |
</div>
|
267 |
<p class="found-headers-info"><small>[ Found <?php echo count ( $found_headers ) ?> security headers ]</small></p>
|
268 |
+
<?php
|
269 |
+
|
270 |
+
//check if all expected headers
|
271 |
+
$site_settings = $this->wph->settings;
|
272 |
+
$modules_settings = $site_settings['module_settings'];
|
273 |
+
|
274 |
+
$expected_headers = array ();
|
275 |
+
//reset the options
|
276 |
+
$headers = array (
|
277 |
+
'cross_origin_embedder_policy',
|
278 |
+
'cross_origin_opener_policy',
|
279 |
+
'cross_origin_resource_policy',
|
280 |
+
'x_content_type_options',
|
281 |
+
'x_download_options',
|
282 |
+
'x_frame_options',
|
283 |
+
'x_permitted_cross_domain_policies',
|
284 |
+
'x_xss_protection'
|
285 |
+
);
|
286 |
+
foreach ( $headers as $header )
|
287 |
+
{
|
288 |
+
if ( ! isset ( $modules_settings[ $header ] ) || ! is_array ( $modules_settings[ $header ] ) )
|
289 |
+
continue;
|
290 |
+
|
291 |
+
if ( $modules_settings[ $header ]['enabled'] == 'yes' )
|
292 |
+
$expected_headers[] = str_replace( "_", "-", $header );
|
293 |
+
}
|
294 |
|
295 |
+
$headers_not_found = array_diff( $expected_headers, $found_headers );
|
296 |
+
if ( count ( $headers_not_found ) > 0 )
|
297 |
+
{
|
298 |
+
?>
|
299 |
+
<h4 class="important"><?php _e('Warning! The following headers could not be found:', 'wp-hide-security-enhancer' ); echo "<br />" . implode( '<br />', $headers_not_found); ?></h4>
|
300 |
+
<p class="important"><?php _e('Ensure the server mod_headers module is active.', 'wp-hide-security-enhancer' ); ?></p>
|
301 |
+
<?php
|
302 |
+
|
303 |
+
}
|
304 |
+
|
305 |
+
?>
|
306 |
<p> </p>
|
307 |
<h4><?php _e('Consider adding more security headers:', 'wp-hide-security-enhancer') ?></h4>
|
308 |
<?php
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.nsp-code.com/
|
|
4 |
Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
|
5 |
Requires at least: 2.8
|
6 |
Tested up to: 5.9.3
|
7 |
-
Stable tag: 1.7.8
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
|
@@ -378,6 +378,11 @@ Please get in touch with us and we’ll do our best to include it inthe next ver
|
|
378 |
|
379 |
== Changelog ==
|
380 |
|
|
|
|
|
|
|
|
|
|
|
381 |
= 1.7.8 =
|
382 |
* New Security Functionality - Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
|
383 |
* Security Headers - Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.
|
4 |
Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
|
5 |
Requires at least: 2.8
|
6 |
Tested up to: 5.9.3
|
7 |
+
Stable tag: 1.7.8.1
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
|
378 |
|
379 |
== Changelog ==
|
380 |
|
381 |
+
= 1.7.8.1 =
|
382 |
+
* When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
|
383 |
+
* Check if set headers are actually passed-through on the front side, as some servers may block that.
|
384 |
+
* Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active
|
385 |
+
|
386 |
= 1.7.8 =
|
387 |
* New Security Functionality - Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
|
388 |
* Security Headers - Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.
|
wp-hide.php
CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://wp-hide.com/
|
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
-
Version: 1.7.8
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
+
Version: 1.7.8.1
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|