WP Hide & Security Enhancer

Version Description

When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
Check if set headers are actually passed-through on the front side, as some servers may block that.
Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.7.8.1
Comparing to
See all releases

Code changes from version 1.7.8 to 1.7.8.1

Files changed (5) hide show

assets/css/wph.css +1 -0
compatibility/wp-rocket.php +2 -0
modules/components/security-check_headers.php +38 -1
readme.txt +6 -1
wp-hide.php +1 -1

assets/css/wph.css CHANGED Viewed

	@@ -134,6 +134,7 @@ table .wph_input tr .cell{}
134	#wph-headers thead th {font-weight: bold}
135	#wph-headers .security-header td:first-child{border-left: 5px solid #7d6591;}
136	#wph-headers-container .found-headers-info small {background-color: #f7fcfe; padding: 3px 5px; border: 1px dashed red;}

137	#wph-headers tr td{border-bottom: 1px solid #dddddd}
138	#wph-headers-container span.wph-pro {font-size: 10px;font-weight: normal;padding: 1px 3px;}
139


134	#wph-headers thead th {font-weight: bold}
135	#wph-headers .security-header td:first-child{border-left: 5px solid #7d6591;}
136	#wph-headers-container .found-headers-info small {background-color: #f7fcfe; padding: 3px 5px; border: 1px dashed red;}
137	+ #wph-headers-container .important {color: #d54e21}
138	#wph-headers tr td{border-bottom: 1px solid #dddddd}
139	#wph-headers-container span.wph-pro {font-size: 10px;font-weight: normal;padding: 1px 3px;}
140

compatibility/wp-rocket.php CHANGED Viewed

	@@ -17,6 +17,8 @@
17	{
18	if( ! $this->is_plugin_active() )
19	return FALSE;


20
21	global $wph;
22


17	{
18	if( ! $this->is_plugin_active() )
19	return FALSE;
20	+
21	+ define ('WP_ROCKET_WHITE_LABEL_FOOTPRINT', true);
22
23	global $wph;
24

modules/components/security-check_headers.php CHANGED Viewed

@@ -174,7 +174,7 @@
                                 $_JSON_response    =   array();
                                 $site_url   =   apply_filters( 'wp-hide/check_headers/url', home_url() );
-            -
                                $response   =   wp_remote_head( $site_url );
                                 if ( ! is_array( $response ) )
+                                    {
@@ -265,7 +265,44 @@
                                     </table>
                                 </div>
                                 <p class="found-headers-info"><small>[ Found <?php echo count ( $found_headers ) ?> security headers ]</small></p>
                                 <p>&nbsp;</p>
                                 <h4><?php _e('Consider adding more security headers:', 'wp-hide-security-enhancer') ?></h4>
                                 <?php


174	$_JSON_response = array();
175
176	$site_url = apply_filters( 'wp-hide/check_headers/url', home_url() );
177	+ $response = wp_remote_head( $site_url, array( 'sslverify' => false, 'timeout' => 60 ) );
178
179	if ( ! is_array( $response ) )
180	{

265	</table>
266	</div>
267	<p class="found-headers-info"><small>[ Found <?php echo count ( $found_headers ) ?> security headers ]</small></p>
268	+ <?php
269	+
270	+ //check if all expected headers
271	+ $site_settings = $this->wph->settings;
272	+ $modules_settings = $site_settings['module_settings'];
273	+
274	+ $expected_headers = array ();
275	+ //reset the options
276	+ $headers = array (
277	+ 'cross_origin_embedder_policy',
278	+ 'cross_origin_opener_policy',
279	+ 'cross_origin_resource_policy',
280	+ 'x_content_type_options',
281	+ 'x_download_options',
282	+ 'x_frame_options',
283	+ 'x_permitted_cross_domain_policies',
284	+ 'x_xss_protection'
285	+ );
286	+ foreach ( $headers as $header )
287	+ {
288	+ if ( ! isset ( $modules_settings[ $header ] ) \|\| ! is_array ( $modules_settings[ $header ] ) )
289	+ continue;
290	+
291	+ if ( $modules_settings[ $header ]['enabled'] == 'yes' )
292	+ $expected_headers[] = str_replace( "_", "-", $header );
293	+ }
294
295	+ $headers_not_found = array_diff( $expected_headers, $found_headers );
296	+ if ( count ( $headers_not_found ) > 0 )
297	+ {
298	+ ?>
299	+ <h4 class="important"><?php _e('Warning! The following headers could not be found:', 'wp-hide-security-enhancer' ); echo "<br />" . implode( '<br />', $headers_not_found); ?></h4>
300	+ <p class="important"><?php _e('Ensure the server mod_headers module is active.', 'wp-hide-security-enhancer' ); ?></p>
301	+ <?php
302	+
303	+ }
304	+
305	+ ?>
306	<p> </p>
307	<h4><?php _e('Consider adding more security headers:', 'wp-hide-security-enhancer') ?></h4>
308	<?php

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.nsp-code.com/
4	Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	Tested up to: 5.9.3
7	- Stable tag: 1.7.8
8	License: GPLv2 or later
9
10	Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
	@@ -378,6 +378,11 @@ Please get in touch with us and we’ll do our best to include it inthe next ver
378
379	== Changelog ==
380





381	= 1.7.8 =
382	* New Security Functionality - Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
383	* Security Headers - Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.


4	Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	Tested up to: 5.9.3
7	+ Stable tag: 1.7.8.1
8	License: GPLv2 or later
9
10	Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.

378
379	== Changelog ==
380
381	+ = 1.7.8.1 =
382	+ * When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
383	+ * Check if set headers are actually passed-through on the front side, as some servers may block that.
384	+ * Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active
385	+
386	= 1.7.8 =
387	* New Security Functionality - Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
388	* Security Headers - Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.

wp-hide.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://wp-hide.com/
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.7.8
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.7.8.1
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/

WP Hide & Security Enhancer - Version 1.7.8.1

Version Description

Release Info

Code changes from version 1.7.8 to 1.7.8.1