WP Hide & Security Enhancer

Version Description

New feature - Security Scan.
Security Scan dashboard widget
Inform on possible LiteSpeed service restart if use such system.
Check if HTTP_USER_AGENT environment variable exists before making comparison.
Fix Oxigen compatibility when using the HTML Minify.
Fix: Cache Enable static call.

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.9.1
Comparing to
See all releases

Code changes from version 1.8.8 to 1.9.1

Files changed (67) hide show

assets/css/dashboard-widget.css +9 -0
assets/css/security-scan.css +42 -0
assets/css/wph.css +1 -39
assets/js/wph.js +114 -22
compatibility/cache-enabler.php +13 -8
compatibility/oxygen-class.php +2 -2
compatibility/oxygen.php +8 -2
include/admin-interfaces/notice-is-litespeed.php +4 -1
include/admin-interfaces/security-scan.class.php +823 -0
include/admin-interfaces/security-scan/scan_item.class.php +48 -0
include/admin-interfaces/security-scan/scan_item_database_prefix.php +71 -0
include/admin-interfaces/security-scan/scan_item_db_debug.php +72 -0
include/admin-interfaces/security-scan/scan_item_disable_file_edit.php +70 -0
include/admin-interfaces/security-scan/scan_item_firewall.php +138 -0
include/admin-interfaces/security-scan/scan_item_headers.php +120 -0
include/admin-interfaces/security-scan/scan_item_hide_admin_ajax.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_admin_url.php +76 -0
include/admin-interfaces/security-scan/scan_item_hide_check_child_theme.php +105 -0
include/admin-interfaces/security-scan/scan_item_hide_check_child_theme_style.php +102 -0
include/admin-interfaces/security-scan/scan_item_hide_check_comments.php +95 -0
include/admin-interfaces/security-scan/scan_item_hide_check_plugins.php +96 -0
include/admin-interfaces/security-scan/scan_item_hide_check_theme.php +95 -0
include/admin-interfaces/security-scan/scan_item_hide_check_theme_style.php +95 -0
include/admin-interfaces/security-scan/scan_item_hide_check_wp_content.php +95 -0
include/admin-interfaces/security-scan/scan_item_hide_check_wp_includes.php +95 -0
include/admin-interfaces/security-scan/scan_item_hide_emulate.php +76 -0
include/admin-interfaces/security-scan/scan_item_hide_json.php +77 -0
include/admin-interfaces/security-scan/scan_item_hide_json_clean_api.php +76 -0
include/admin-interfaces/security-scan/scan_item_hide_license_txt.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_new_wp_login.php +76 -0
include/admin-interfaces/security-scan/scan_item_hide_other_generator.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_postprocessing.php +79 -0
include/admin-interfaces/security-scan/scan_item_hide_readme_html.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_registration.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_remove_header_link.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_remove_headers.php +102 -0
include/admin-interfaces/security-scan/scan_item_hide_remove_html_comments.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_replacements.php +164 -0
include/admin-interfaces/security-scan/scan_item_hide_robots.php +76 -0
include/admin-interfaces/security-scan/scan_item_hide_wlwmanifest.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_wordpress_generator.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_wordpress_tagline.php +75 -0
include/admin-interfaces/security-scan/scan_item_hide_xml_rpc.php +76 -0
include/admin-interfaces/security-scan/scan_item_keys_and_salts.php +89 -0
include/admin-interfaces/security-scan/scan_item_mysql_version.php +71 -0
include/admin-interfaces/security-scan/scan_item_old_plugins.php +122 -0
include/admin-interfaces/security-scan/scan_item_outdated_plugins.php +102 -0
include/admin-interfaces/security-scan/scan_item_outdated_themes.php +97 -0
include/admin-interfaces/security-scan/scan_item_php_allow_url_include.php +77 -0
include/admin-interfaces/security-scan/scan_item_php_display_errors.php +73 -0
include/admin-interfaces/security-scan/scan_item_php_expose.php +74 -0
include/admin-interfaces/security-scan/scan_item_php_register_globals.php +74 -0
include/admin-interfaces/security-scan/scan_item_php_safe_mode.php +74 -0
include/admin-interfaces/security-scan/scan_item_php_version.php +72 -0
include/admin-interfaces/security-scan/scan_item_unwanted_files.php +143 -0
include/admin-interfaces/security-scan/scan_item_use_admin_user.php +76 -0
include/admin-interfaces/security-scan/scan_item_wp_debug.php +70 -0
include/admin-interfaces/security-scan/scan_item_wp_version.php +103 -0
include/admin-interfaces/security-scan/scan_item_wp_version_stability.php +110 -0
include/functions.class.php +19 -0
include/widgets.class.php +65 -0
include/wph.class.php +47 -16
modules/components/general-html.php +1 -1
modules/components/general-user-interactions.php +7 -1
modules/components/rewrite-new_plugin_path.php +5 -1
readme.txt +10 -2
wp-hide.php +1 -1

assets/css/dashboard-widget.css ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ #scan_overview p.hint {display: none}
2	+ #scan_overview .wph_graph > div {text-align: center}
3	+ #scan_overview #wph-graph {background-color: #FFF; max-width: 100%;box-sizing: border-box;overflow: hidden;}
4	+ #scan_overview #wph-graph .wph-graph-text{ background-color: #FFF }
5	+ #wph-scan-score table td.passed {background-color: #fbfbfb;}
6	+ #scan_overview p.actions {display: none}
7	+ #scan_overview .wph_results p {padding: 0px}
8	+ #scan_overview.header {border: none}
9	+ #wph-scan-score {padding: 0px}

assets/css/security-scan.css ADDED Viewed

	@@ -0,0 +1,42 @@


1	+ #security-scan #scan_overview .spinner {float: none}
2	+ #security-scan #scan_overview .working {display: none; vertical-align: middle;}
3	+ #security-scan #scan_overview .working span.progress, #security-scan #scan_overview .working span.total_items {font-weight: bold}
4	+ #security-scan #scan_overview .new-items {color: #f04d46 }
5	+ #security-scan .item.processing {opacity: 0.3; pointer-events: none;-webkit-user-select: none; /* Safari / -ms-user-select: none; / IE 10 and IE 11 / user-select: none; / Standard syntax */;transition: opacity 0.5s linear; -webkit-transition: opacity 0.5s linear; -moz-transition: opacity 0.5s linear; }
6	+ #wph-site-scan-button {padding: 10px}
7	+ #security-scan .wph_input .row.cell.label {background-color: #FFF}
8	+ #security-scan .wph_input.issue_found {border-left: 4px solid #d63638;}
9	+ #security-scan .wph_input.unknown {border-left: 4px solid #E7D1A9;}
10	+ #security-scan .description code {padding: 0px}
11	+ #security-scan .dashicons-no {color: #d63638}
12	+ #security-scan .dashicons-yes {color: #229d51}
13	+ #security-scan .wph_input .row.cell.label .description {line-height: inherit;}
14	+ #security-scan .wph_input .row.cell.label .description span {line-height: inherit;}
15	+ #security-scan .wph_input .row.cell.label .description .error { color: #d63638}
16	+ #security-scan .outdated_plugin {clear: both; width: 50%; display: inline-block;}
17	+ #security-scan .outdated_plugin .icon {max-height: 40px; max-width: 40px; float: left; margin-right: 10px}
18	+ #security-scan .important {color: #333; }
19	+ #security-scan .item .actions {text-align: right}
20	+ #security-scan .item .actions .restore {display: none}
21	+ #security-scan .item .actions .wph-pro { background-color: #f04d46; border-color: transparent; font-weight: bold}
22	+ #security-scan .item .actions .wph-pro:hover {background-color: #c83e38}
23	+ #security-scan #hidden-items {padding-top: 40px}
24	+ #security-scan #hidden-items > div {opacity: 0.3; transition: opacity 0.2s linear; -webkit-transition: opacity 0.2s linear; -moz-transition: opacity 0.2s linear; }
25	+ #security-scan #hidden-items > div:hover {opacity: 1}
26	+ #security-scan #hidden-items .actions .restore {display: inline-block}
27	+ #security-scan #hidden-items .actions .ignore {display: none}
28	+ #wph-scan-score {padding: 0px 0 30px 0}
29	+ #wph-scan-score table { width: 100%; border-collapse: collapse;}
30	+ #wph-scan-score table td {text-align: center; border-bottom: 1px dotted #bbb; padding-bottom: 30px; padding-top: 20px}
31	+ #wph-scan-score table td.failed { background-color: #f0f0f1;}
32	+ #wph-scan-score table h4 {font-weight: normal;font-size: 14px;margin-bottom: 10px;}
33	+ #wph-scan-score table h5 {font-size: 32px; margin: 0px; font-weight: normal;}
34	+ #wph-scan-score table .failed h4 {color:#f04d46}
35	+ #wph-scan-score table td.passed {}
36	+ #security-scan .wph_results {background-color: #f9f9f9; padding: 0; box-sizing: border-box; overflow: hidden; position:relative; border-left: 1px solid #f1f1f1; flex-grow: 1;}
37	+ #security-scan .wph_results p {padding-left: 20px}
38	+ #scan_overview .last_scan {font-size: 12px; color: #999; padding-top: 20px}
39	+ #scan_overview.header {margin-bottom: 10px;overflow: hidden;position: relative;
40	+ min-width: 255px;
41	+ border: 1px solid #e5e5e5;box-shadow: 0 1px 1px rgba(0,0,0,.04);
42	+ background: #fff;}

assets/css/wph.css CHANGED Viewed

@@ -190,45 +190,7 @@ table .wph_input tr td{}
             .conditional_rules .wph_input td.param{width: 40%}
             .conditional_rules .wph_input td.comparison{width: 12%}
-            -
            #security-scan #scan_overview .spinner {float: none}
-            -
            #security-scan #scan_overview .working {display: none; vertical-align: middle;}
-            -
            #security-scan #scan_overview .working span.progress, #security-scan #scan_overview .working span.total_items {font-weight: bold}
-            -
            #security-scan #scan_overview .new-items {color: #f04d46 }
-            -
            #security-scan .item.processing {opacity: 0.3; pointer-events: none;-webkit-user-select: none; /* Safari */  -ms-user-select: none; /* IE 10 and IE 11 */  user-select: none; /* Standard syntax */;transition: opacity 0.5s linear;    -webkit-transition: opacity 0.5s linear;      -moz-transition: opacity 0.5s linear;   }
-            -
            #wph-site-scan-button {padding: 10px}
-            -
            #security-scan .wph_input .row.cell.label {background-color: #FFF}
-            -
            #security-scan .wph_input.issue_found {border-left: 4px solid #d63638;}
-            -
            #security-scan .wph_input.unknown {border-left: 4px solid #E7D1A9;}
-            -
            #security-scan .description code {padding: 0px}
-            -
            #security-scan .dashicons-no {color: #d63638}
-            -
            #security-scan .dashicons-yes {color: #229d51}
-            -
            #security-scan .wph_input .row.cell.label .description {line-height: inherit;}
-            -
            #security-scan .wph_input .row.cell.label .description span {line-height: inherit;}
-            -
            #security-scan .wph_input .row.cell.label .description .error { color: #d63638}
-            -
            #security-scan .outdated_plugin {clear: both; width: 50%; display: inline-block;}
-            -
            #security-scan .outdated_plugin .icon {max-height: 40px; max-width: 40px; float: left; margin-right: 10px}
-            -
            #security-scan .important {color: #333; }
-            -
            #security-scan .actions {text-align: right}
-            -
            #security-scan .actions .restore {display: none}
-            -
            #security-scan .actions .wph-pro { background-color: #f04d46; border-color: transparent; font-weight: bold}
-            -
            #security-scan .actions .wph-pro:hover {background-color: #c83e38}
-            -
            #security-scan #hidden-items {padding-top: 40px}
-            -
            #security-scan #hidden-items > div {opacity: 0.3; transition: opacity 0.2s linear;    -webkit-transition: opacity 0.2s linear;      -moz-transition: opacity 0.2s linear; }
-            -
            #security-scan #hidden-items > div:hover {opacity: 1}
-            -
            #security-scan #hidden-items .actions .restore {display: inline-block}
-            -
            #security-scan #hidden-items .actions .ignore {display: none}
-            -
            #wph-scan-score {padding: 0px 0 30px 0}
-            -
            #wph-scan-score table { width: 100%; border-collapse: collapse;}
-            -
            #wph-scan-score table td {text-align: center; border-bottom: 1px dotted #bbb; padding-bottom: 30px; padding-top: 20px}
-            -
            #wph-scan-score table td.failed { background-color: #f0f0f1;}
-            -
            #wph-scan-score table  h4 {font-weight: normal;font-size: 14px;margin-bottom: 10px;}
-            -
            #wph-scan-score table  h5 {font-size: 32px; margin: 0px; font-weight: normal;}
-            -
            #wph-scan-score table  .failed h4 {color:#f04d46}
-            -
            #wph-scan-score table td.passed {}
-            -
            #security-scan .wph_results {background-color: #f9f9f9; padding: 0; box-sizing: border-box; overflow: hidden; position:relative; border-left: 1px solid #f1f1f1; flex-grow: 1;}
-            -
            #security-scan .wph_results p {padding-left: 20px}
-            -
            #scan_overview .last_scan {font-size: 12px; color: #999; padding-top: 20px}
-            -
             table .select.multiple {height: 82px}
             .postbox h3 span {display: inline-block; vertical-align: middle}

             .conditional_rules .wph_input td.param{width: 40%}
             .conditional_rules .wph_input td.comparison{width: 12%}
+            +
             table .select.multiple {height: 82px}
             .postbox h3 span {display: inline-block; vertical-align: middle}

assets/js/wph.js CHANGED Viewed

@@ -1,6 +1,11 @@
                 class WPH_Class  {
                         selectText(node)
+                            {
@@ -124,10 +129,26 @@
                         site_scan( nonce )
+                            {
                                 jQuery('#wph-site-scan-button').addClass( 'disabled' );
                                 jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'visible');
                                 jQuery('#security-scan #scan_overview .working').css( 'display', 'inline-block');
-            -
                                //jQuery('#security-scan .wph-postbox.item').slideUp( 400 );
                                 var LastResponseLength  =   false;
                                 var Response        =   '';
@@ -140,36 +161,107 @@
                                         'action':'wph_site_scan',
                                         'nonce' : nonce
                                     },
-            -
                                    xhrFields: {
-            -
                                        onprogress: function(e) {
-            -
                                            var thisResponse, Response = e.currentTarget.response;
-            -
                                            if( LastResponseLength === false) {
-            -
                                                thisResponse = Response;
-            -
                                                LastResponseLength = Response.length;
-            -
                                            } else {
-            -
                                                thisResponse = Response.substring( LastResponseLength );
-            -
                                                LastResponseLength = Response.length;
-            -
                                            }
-            -
-            -
                                            Response = JSON.parse( thisResponse );
-            -
-            -
                                            jQuery ( '#security-scan #scan_overview .working .progress' ).html( Response.progress );
-            -
                                            jQuery ( '#security-scan #scan_overview .working .total_items' ).html( Response.total );
-            -
                                            jQuery ( '#security-scan #scan_overview .working .current_scan' ).html( Response.next_item_id );
-            -
                                        }
-            -
                                    },
                                     success:function(data) {
-            -
                                        jQuery('#wph-site-scan-button').removeClass( 'disabled' );
                                         jQuery('#security-scan #scan_overview  p.new-items').removeClass( 'new-items' );
                                         jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
                                         jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
-            -
                                        location.reload();
                                     },
                                     error: function(errorThrown){
-            -
                                        jQuery('#wph-site-scan-button').removeClass( 'disabled' );
                                         jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
                                         jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
+                                    }
                                 });
+                            }


1
2
3	class WPH_Class {
4	+
5	+ constructor() {
6	+ this.SiteScanProgress_interval = false;
7	+ this.AJAX_data = false
8	+ }
9
10	selectText(node)
11	{

129
130	site_scan( nonce )
131	{
132	+ if ( jQuery('#wph-site-scan-button').hasClass( 'disabled' ) )
133	+ return;
134	+
135	jQuery('#wph-site-scan-button').addClass( 'disabled' );
136	jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'visible');
137	jQuery('#security-scan #scan_overview .working').css( 'display', 'inline-block');
138	+
139	+ jQuery('#wph-scan-score .passed h5').html('0');
140	+ jQuery('#wph-scan-score .failed h5').html('0');
141	+
142	+ jQuery('#wph-graph .wph-graph-progress' ).css( 'transform', 'rotate(0deg)' );
143	+ jQuery('#wph-graph .wph-graph-data b' ).html( '0%' );
144	+ jQuery('#scan_overview .protection' ).html( 'Unknown' );
145	+
146	+ jQuery('#all-scann-items div.item').not('.ajax_updated').each ( function ( ) {
147	+ jQuery(this).find(' > .wph_input').addClass('unknown').removeClass('issue_found');
148	+ jQuery(this).find('.info').html('');
149	+ jQuery(this).find('.description').html('');
150	+ jQuery(this).find('.actions').html('');
151	+ })
152
153	var LastResponseLength = false;
154	var Response = '';

161	'action':'wph_site_scan',
162	'nonce' : nonce
163	},


















164	success:function(data) {
165	+
166	+ //jQuery('#wph-site-scan-button').removeClass( 'disabled' );
167	jQuery('#security-scan #scan_overview p.new-items').removeClass( 'new-items' );
168	jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
169	jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
170
171	+ setTimeout ( function(){ location.reload(); }, 2000);
172	+
173	},
174	error: function(errorThrown){
175	+ //jQuery('#wph-site-scan-button').removeClass( 'disabled' );
176	jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
177	jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
178	+
179	+ clearInterval( WPH.SiteScanProgress_interval );
180	+ }
181	+ });
182	+
183	+ setTimeout( function() { WPH.site_scan_progress_start( nonce ) }, 3000 );
184	+
185	+ }
186	+
187	+ site_scan_progress_start ( nonce )
188	+ {
189	+ this.SiteScanProgress_interval = setInterval( function() { WPH.site_scan_progres( nonce ) }, 1000);
190	+ }
191	+
192	+ site_scan_progres ( nonce )
193	+ {
194	+ jQuery.ajax({
195	+ type: 'POST',
196	+ url: ajaxurl,
197	+ dataType: "json",
198	+ data: {
199	+ 'action':'wph_site_scan_progress',
200	+ 'nonce' : nonce
201	+ },
202	+ success:function(data) {
203	+
204	+ WPH.AJAX_data = data;
205	+
206	+ jQuery ( '#security-scan #scan_overview .working .progress' ).html( data.items_progress );
207	+ jQuery('#wph-scan-score .passed h5').html( data.success );
208	+ jQuery('#wph-scan-score .failed h5').html( data.failed );
209	+
210	+ jQuery('#wph-graph .wph-graph-progress' ).css( 'transform', 'rotate(' + data.graph_progress + 'deg)' );
211	+ jQuery('#wph-graph .wph-graph-data b' ).html( data.progress + '%' );
212	+ jQuery('#scan_overview .protection' ).html( data.protection );
213	+
214	+ if ( data.scann_in_progress == false )
215	+ clearInterval( WPH.SiteScanProgress_interval );
216	+
217	+ jQuery('#all-scann-items div.item').not('.ajax_updated').each ( function ( ) {
218	+ var item_id = jQuery(this).attr('id');
219	+ var el_item_id = item_id.replace("item-", "")
220	+ if ( eval ( "WPH.AJAX_data.results." + el_item_id ) != undefined )
221	+ {
222	+ var item_response = eval ( "WPH.AJAX_data.results." + el_item_id );
223	+
224	+ jQuery('#' + item_id ).removeClass('valid-item');
225	+
226	+ if ( item_response.status != undefined )
227	+ {
228	+ jQuery('#' + item_id ).addClass( item_response.status );
229	+
230	+ jQuery('#' + item_id + " > .wph_input").removeClass( 'unknown' );
231	+
232	+ if ( item_response.status == true )
233	+ jQuery('#' + item_id ).addClass('valid-item');
234	+ else if ( item_response.status == false )
235	+ jQuery('#' + item_id + " > .wph_input").addClass( 'issue_found' );
236	+ }
237	+
238	+ jQuery('#' + item_id + " .info").html( '' );
239	+ if ( item_response.info != undefined )
240	+ {
241	+ jQuery('#' + item_id + " .info").html( item_response.info );
242	+ }
243	+
244	+ jQuery('#' + item_id + " .description").html( '' );
245	+ if ( item_response.description != undefined )
246	+ {
247	+ jQuery('#' + item_id + " .description").html( item_response.description );
248	+ }
249	+
250	+ jQuery('#' + item_id + " .actions").html( '' );
251	+ if ( item_response.actions != undefined )
252	+ {
253	+ jQuery('#' + item_id + " .actions").html( item_response.actions );
254	+ }
255	+
256	+ jQuery('#' + item_id ).addClass('ajax_updated');
257	+
258	+ }
259	+
260	+ })
261	+
262	+ },
263	+ error: function(errorThrown){
264	+ jQuery('#scan_overview .wph_results').append( '<p>Error while retrieving the AJAX update.</p>');
265	}
266	});
267	}

compatibility/cache-enabler.php CHANGED Viewed

	@@ -9,17 +9,22 @@
9
10	class WPH_conflict_handle_cache_enabler
11	{
12	-
13	- ~~static function init()~~

14	{
15	- if( ! ~~self::~~is_plugin_active() )
16	return FALSE;




17
18	- add_filter( 'cache_enabler_before_store', array( ~~'WPH_conflict_handle_cache_enabler'~~, 'cache_enabler_before_store'), 999 );
19
20	- }
21
22	- ~~static~~ function is_plugin_active()
23	{
24
25	include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
	@@ -30,7 +35,7 @@
30	return FALSE;
31	}
32
33	- ~~static~~ function cache_enabler_before_store( $buffer )
34	{
35
36	global $wph;
	@@ -44,7 +49,7 @@
44	}
45
46
47	- WPH_conflict_handle_cache_enabler~~::init~~();
48
49
50	?>


9
10	class WPH_conflict_handle_cache_enabler
11	{
12	+
13	+
14	+ function __construct()
15	{
16	+ if( ! $this->is_plugin_active() )
17	return FALSE;
18	+
19	+ global $wph;
20	+
21	+ $this->wph = $wph;
22
23	+ add_filter( 'cache_enabler_before_store', array( $this, 'cache_enabler_before_store'), 999 );
24
25	+ }
26
27	+ function is_plugin_active()
28	{
29
30	include_once( ABSPATH . 'wp-admin/includes/plugin.php' );

35	return FALSE;
36	}
37
38	+ function cache_enabler_before_store( $buffer )
39	{
40
41	global $wph;

49	}
50
51
52	+ new WPH_conflict_handle_cache_enabler();
53
54
55	?>

compatibility/oxygen-class.php CHANGED Viewed

	@@ -3,9 +3,9 @@
3
4	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5
6	- if(!class_exists('OXYGEN_VSB_Signature'))
7	{
8	- include_once( ABSPATH . 'wp-content/plugins/oxygen/~~functions~~.php' );
9	}
10
11	Class WPH_OXYGEN_VSB_Signature extends OXYGEN_VSB_Signature


3
4	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5
6	+ if( ! class_exists('OXYGEN_VSB_Signature'))
7	{
8	+ include_once( ABSPATH . 'wp-content/plugins/oxygen/component-framework/signature.class.php' );
9	}
10
11	Class WPH_OXYGEN_VSB_Signature extends OXYGEN_VSB_Signature

compatibility/oxygen.php CHANGED Viewed

	@@ -2,7 +2,8 @@
2
3	/**
4	* Compatibility for Plugin Name: Oxygen
5	- * ~~Compatibility checked on Version~~: 3.6

6	*/
7
8	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
	@@ -21,7 +22,12 @@
21	$this->wph = $wph;
22
23	add_filter( 'plugins_loaded', array( $this, 'plugins_loaded'), 999 );
24	-





25	}
26
27	function is_plugin_active()


2
3	/**
4	* Compatibility for Plugin Name: Oxygen
5	+ * Since: 3.1
6	+ * Last checked: 4.1.1
7	*/
8
9	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly

22	$this->wph = $wph;
23
24	add_filter( 'plugins_loaded', array( $this, 'plugins_loaded'), 999 );
25	+
26	+ if ( isset ( $_GET['ct_builder'] ) )
27	+ {
28	+ $WPH_module_general_html = $this->wph->functions->return_component_instance( 'WPH_module_general_html' );
29	+ remove_filter('wp-hide/ob_start_callback', array( $WPH_module_general_html, 'remove_html_new_lines'));
30	+ }
31	}
32
33	function is_plugin_active()

include/admin-interfaces/notice-is-litespeed.php CHANGED Viewed

	@@ -3,5 +3,8 @@
3	?>
4
5	<li>
6	- <p~~><span class="dashicons dashicons-flag error"></span~~> <?php _e( "Your site runs on LiteSpeed ! Before starting, ensure your server is properly configured and it processes the .htaccess file, or there might be layout and functionality breaks.", 'wp-hide-security-enhancer' ) ?> <?php _e( "For more details check at", 'wp-hide-security-enhancer' ) ?> <a target="_blank" href="https://wp-hide.com/setup-wp-hide-on-litespeed/">Setup WP Hide on LiteSpeed</a></p>



7	</li>


3	?>
4
5	<li>
6	+ <p>
7	+ <span class="dashicons dashicons-flag error critical"></span> <?php _e( "Your site runs on LiteSpeed ! Before starting, ensure your server is properly configured and it processes the .htaccess file, or there might be layout and functionality breaks.", 'wp-hide-security-enhancer' ) ?> <?php _e( "For more details check at", 'wp-hide-security-enhancer' ) ?> <a target="_blank" href="https://wp-hide.com/setup-wp-hide-on-litespeed/">Setup WP Hide on LiteSpeed</a>
8	+ <br /><?php _e( "Also, once the plugin options changed, a LiteSpeed service may be required. Through SSH run the command", 'wp-hide-security-enhancer' ) ?> <b class="highlight">sudo systemctl restart lsws</b>
9	+ </p>
10	</li>

include/admin-interfaces/security-scan.class.php ADDED Viewed

	@@ -0,0 +1,823 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan
7	+ {
8	+
9	+ var $wph;
10	+ var $functions;
11	+
12	+ var $scan_items = array();
13	+
14	+ var $remote_started = FALSE;
15	+ var $remote_html = FALSE;
16	+ var $remote_headers = FALSE;
17	+ var $remote_errors = FALSE;
18	+
19	+
20	+ function __construct()
21	+ {
22	+ add_action ( 'init', array ( $this, 'init') );
23	+ }
24	+
25	+ function init()
26	+ {
27	+ if ( is_admin() && current_user_can ( 'manage_options' ) )
28	+ $this->run();
29	+ }
30	+
31	+ function get_scan_items()
32	+ {
33	+ $scan_items = array (
34	+ 'wp_version',
35	+ 'wp_version_stability',
36	+ 'php_version',
37	+ 'mysql_version',
38	+ 'wp_debug',
39	+ 'db_debug',
40	+ 'use_admin_user',
41	+ 'outdated_themes',
42	+ 'outdated_plugins',
43	+ 'old_plugins',
44	+ 'disable_file_edit',
45	+
46	+ 'firewall',
47	+ 'unwanted_files',
48	+
49	+ 'php_display_errors',
50	+ 'php_register_globals',
51	+ 'php_safe_mode',
52	+ 'php_allow_url_include',
53	+ 'php_expose',
54	+ 'database_prefix',
55	+ 'keys_and_salts',
56	+
57	+ 'headers',
58	+
59	+ 'hide_check_theme',
60	+ 'hide_check_theme_style',
61	+ 'hide_check_child_theme',
62	+ 'hide_check_child_theme_style',
63	+ 'hide_check_wp_content',
64	+ 'hide_check_wp_includes',
65	+ 'hide_check_plugins',
66	+ 'hide_check_comments',
67	+ 'hide_xml_rpc',
68	+ 'hide_json',
69	+ 'hide_json_clean_api',
70	+ 'hide_registration',
71	+ 'hide_license_txt',
72	+ 'hide_readme_html',
73	+ 'hide_wordpress_tagline',
74	+ 'hide_wordpress_generator',
75	+ 'hide_other_generator',
76	+ 'hide_wlwmanifest',
77	+ 'hide_emulate',
78	+ 'hide_robots',
79	+ 'hide_remove_header_link',
80	+ 'hide_remove_headers',
81	+ 'hide_remove_html_comments',
82	+ 'hide_new_wp_login',
83	+ 'hide_admin_url',
84	+ 'hide_admin_ajax',
85	+ 'hide_postprocessing',
86	+ 'hide_replacements'
87	+ );
88	+
89	+ return $scan_items;
90	+ }
91	+
92	+
93	+ function menu_warning()
94	+ {
95	+ $site_scan = (array)get_site_option('wph/site_scan');
96	+
97	+ $page_visited = isset ( $site_scan['visited'] ) ? $site_scan['visited'] : '';
98	+
99	+ if ( ( ! isset ( $site_scan['last_scan'] ) \|\| empty ( $site_scan['last_scan'] ) ) && empty ( $page_visited ) )
100	+ {
101	+ if ( isset ( $_GET['page'] ) && $_GET['page'] == 'wp-hide-security-scan')
102	+ return FALSE;
103	+
104	+ return TRUE;
105	+ }
106	+
107	+ $found_new_scan_items = FALSE;
108	+ $scan_items = $this->get_scan_items();
109	+
110	+ if ( ! empty ( $page_visited ) && md5 ( json_encode( $scan_items ) ) != $page_visited )
111	+ return TRUE;
112	+
113	+ return FALSE;
114	+ }
115	+
116	+ function run()
117	+ {
118	+ global $wph;
119	+ $this->wph = &$wph;
120	+
121	+ $this->functions = new WPH_functions();
122	+
123	+ include_once( WPH_PATH . '/include/admin-interfaces/security-scan/scan_item.class.php' );
124	+
125	+ $scan_item = $this->get_scan_items();
126	+ foreach ( $scan_item as $scan_item )
127	+ {
128	+
129	+ include_once( WPH_PATH . '/include/admin-interfaces/security-scan/scan_item_' . $scan_item . '.php' );
130	+
131	+ $item_instance_class_name = 'WPH_security_scan_' . $scan_item;
132	+ $item_instance = new $item_instance_class_name;
133	+
134	+ $this->scan_items[ $scan_item ] = $item_instance;
135	+
136	+ }
137	+
138	+ add_action( 'admin_notice', array ( $this, 'admin_notices' ) );
139	+
140	+ add_action( 'wp_ajax_wph_site_scan', array ( $this, 'wp_ajax_wph_site_scan' ) );
141	+ add_action( 'wp_ajax_wph_site_scan_progress', array ( $this, 'wp_ajax_wph_site_scan_progress' ) );
142	+ add_action( 'wp_ajax_wph_site_scan_ignore', array ( $this, 'wp_ajax_wph_site_scan_ignore' ) );
143	+ add_action( 'wp_ajax_wph_site_scan_restore', array ( $this, 'wp_ajax_wph_site_scan_restore' ) );
144	+
145	+ }
146	+
147	+ function admin_print_styles()
148	+ {
149	+
150	+ wp_register_style('WPHStyle', WPH_URL . '/assets/css/wph.css');
151	+ wp_enqueue_style( 'WPHStyle');
152	+
153	+ wp_register_style('wph-graphs', WPH_URL . '/assets/css/graph.css');
154	+ wp_enqueue_style( 'wph-graphs');
155	+
156	+ wp_register_style('wph-security-scan', WPH_URL . '/assets/css/security-scan.css');
157	+ wp_enqueue_style( 'wph-security-scan');
158	+
159	+ }
160	+
161	+
162	+ function admin_print_scripts()
163	+ {
164	+ wp_enqueue_script( 'jquery');
165	+ wp_register_script('wph', WPH_URL . '/assets/js/wph.js', array(), WPH_CORE_VERSION );
166	+
167	+
168	+ // Localize the script with new data
169	+ $translation_array = array(
170	+
171	+ );
172	+ wp_localize_script( 'wph', 'wph_vars', $translation_array );
173	+
174	+ wp_enqueue_script( 'wph');
175	+
176	+ }
177	+
178	+
179	+
180	+ function _render()
181	+ {
182	+
183	+ $site_scan = (array)get_site_option('wph/site_scan');
184	+ $site_scan['visited'] = md5 ( json_encode( $this->get_scan_items() ) );
185	+ update_site_option ( 'wph/site_scan', $site_scan );
186	+
187	+ ?>
188	+ <div id="wph" class="wrap">
189	+ <h1>WP Hide & Security Enhancer - <?php _e( "Security Scan", 'wp-hide-security-enhancer' ) ?></h1>
190	+
191	+ <?php echo $this->functions->get_ad_banner(); ?>
192	+
193	+
194	+ <div class="start-container title security_scan">
195	+ <h2><?php _e( "Security Scan", 'wp-hide-security-enhancer' ) ?></h2>
196	+ </div>
197	+ <div id="security-scan">
198	+
199	+ <?php $this->render_overview( $site_scan ); ?>
200	+
201	+ <p><br /></p>
202	+
203	+ <div id="all-scann-items">
204	+ <div id="scann-items">
205	+ <?php
206	+
207	+ $wph_site_scan_ignore = isset ( $site_scan['ignore'] ) ? (array)$site_scan['ignore'] : array();
208	+
209	+ foreach ( $this->scan_items as $scan_item_id => $item_instance )
210	+ {
211	+
212	+ if ( in_array ( $scan_item_id, $wph_site_scan_ignore ) )
213	+ continue;
214	+
215	+ $scan_item_data = $item_instance->get_settings();
216	+ $scan_response = isset ( $site_scan['results'][ $scan_item_id ] ) ? $site_scan['results'][ $scan_item_id ] : FALSE ;
217	+
218	+ if ( ! $scan_response )
219	+ {
220	+ $scan_response = new stdClass();
221	+ $scan_response->status = 'unknown';
222	+ $scan_response->info = '';
223	+ $scan_response->description = '<h5>' . __( 'Unknow - Start a new Scan', 'wp-hide-security-enhancer' ) .'</h5>';
224	+ $scan_response->actions = array();
225	+ }
226	+
227	+ $this->render_item( $scan_item_id, $scan_item_data, $scan_response );
228	+
229	+ }
230	+ ?>
231	+ </div>
232	+ <div id="hidden-items">
233	+ <?php
234	+
235	+ foreach ( $this->scan_items as $scan_item_id => $item_instance )
236	+ {
237	+
238	+ if ( ! in_array ( $scan_item_id, $wph_site_scan_ignore ) )
239	+ continue;
240	+
241	+ $scan_item_data = $item_instance->get_settings();
242	+ $scan_response = isset ( $site_scan['results'][ $scan_item_id ] ) ? $site_scan['results'][ $scan_item_id ] : FALSE ;
243	+
244	+ /*
245	+ if ( ! $scan_response )
246	+ {
247	+ $scan_response = json_decode ( $item_instance->scan() );
248	+ $site_scan['results'][ $scan_item_id ] = $scan_response;
249	+ }
250	+ */
251	+
252	+ $this->render_item( $scan_item_id, $scan_item_data, $scan_response );
253	+
254	+ }
255	+ ?>
256	+ </div>
257	+ </div>
258	+ </div>
259	+
260	+
261	+ <?php
262	+
263	+ }
264	+
265	+
266	+ public function render_overview( $site_scan, $context = '' )
267	+ {
268	+ ?>
269	+ <div id="scan_overview" class="wph-postbox header">
270	+ <div class="wph_graph wph_input widefat">
271	+ <div class="row cell label">
272	+ <?php
273	+
274	+
275	+ if ( ! isset ( $site_scan['last_scan'] ) \|\| empty ( $site_scan['last_scan'] ) )
276	+ {
277	+ ?>
278	+
279	+ <div id="wph-graph">
280	+ <div class="wph-graph-container">
281	+ <div class="wph-graph-bg"></div>
282	+ <div class="wph-graph-text"></div>
283	+ <div class="wph-graph-progress" style="transform: rotate(0deg);"></div>
284	+ <div class="wph-graph-data"><b>0%</b><br><span class="protection"><?php _e('Unknown', 'wp-hide-security-enhancer') ?></span></div>
285	+ </div>
286	+ </div>
287	+ <p class="hint"><span class="dashicons dashicons-plugins-checked"></span> <?php _e( 'Running first Scan.. Please wait!', 'wp-hide-security-enhancer') ?></p>
288	+ <?php
289	+ }
290	+ else
291	+ {
292	+ $results = $this->get_site_score( $site_scan );
293	+
294	+ ?>
295	+
296	+ <div id="wph-graph">
297	+ <div class="wph-graph-container">
298	+ <div class="wph-graph-bg"></div>
299	+ <div class="wph-graph-text"></div>
300	+ <div class="wph-graph-progress" style="transform: rotate(<?php echo $results['graph_progress'] ?>deg);"></div>
301	+ <div class="wph-graph-data"><b><?php echo $results['progress'] ?>%</b><br><span class="protection"><?php _e( $results['protection'], 'wp-hide-security-enhancer') ?></span></div>
302	+ </div>
303	+ </div>
304	+ <p class="hint"><span class="dashicons dashicons-plugins-checked"></span> <?php _e( 'Your curent estimated protection is', 'wp-hide-security-enhancer' ); ?> <span class="protection"><?php _e( $results['protection'], 'wp-hide-security-enhancer') ?></span>.</p>
305	+ <?php
306	+ }
307	+
308	+ ?>
309	+ </div>
310	+
311	+ </div>
312	+ <div class="wph_results">
313	+ <div class="text">
314	+ <?php
315	+
316	+ reset ( $this->scan_items );
317	+ $first_scan_item_id = ucwords ( key ( $this->scan_items ) );
318	+
319	+ //check for scann in progress
320	+ $scan_in_progress = FALSE;
321	+ if ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 && $site_scan['last_scan_progress'] > time() - 60 )
322	+ $scan_in_progress = TRUE;
323	+
324	+ if ( ! isset ( $site_scan['last_scan'] ) \|\| empty ( $site_scan['last_scan'] ) )
325	+ {
326	+ ?>
327	+ <p class="actions">
328	+ <button id="wph-site-scan-button" type="button" class="button <?php if ( $scan_in_progress ) { echo 'disabled'; } ?> button-primary" onClick="WPH.site_scan( '<?php echo esc_attr ( wp_create_nonce( 'wph/site_scan') ) ?>')"><?php _e( 'Start First Scan', 'wp-hide-security-enhancer' ); ?></button>
329	+ <span class="spinner" style="visibility: hidden;"></span>
330	+ <span class="working"><?php _e( 'Working', 'wp-hide-security-enhancer' ); ?> <span class="progress">0</span> <?php _e( 'of', 'wp-hide-security-enhancer' ); ?> <span class="total_items"><?php echo count ( $this->scan_items ) ?></span> <?php _e( 'total tests', 'wp-hide-security-enhancer' ); ?></span>
331	+ <br />
332	+ <b><?php _e( 'Running first Scan.. Please wait!', 'wp-hide-security-enhancer') ?></b></p>
333	+ <p class="last_scan"><b><?php _e( 'Last Scan', 'wp-hide-security-enhancer' ); ?>:</b> <?php _e( 'Unavailable', 'wp-hide-security-enhancer' ); ?></p>
334	+ <script type="text/javascript">
335	+ jQuery( document ).ready(function() {
336	+ jQuery('#wph-site-scan-button').click();
337	+ });
338	+ </script>
339	+ <?php
340	+
341	+ //check for scann in progress
342	+ if ( $scan_in_progress )
343	+ {
344	+ ?><p class="new-items"><?php _e( 'Another Scan instance in progress. Refresh the page in a minute.', 'wp-hide-security-enhancer' ) ?></p><?php
345	+ }
346	+ }
347	+ else
348	+ {
349	+ ?>
350	+ <div id="wph-scan-score">
351	+ <table><tbody><tr>
352	+ <td class="passed">
353	+ <h4><?php _e( 'Passed', 'wp-hide-security-enhancer' ); ?></h4>
354	+ <h5><?php echo $results['success'] ?></h5>
355	+ </td>
356	+ <td class="failed">
357	+ <h4><?php _e( 'Failed', 'wp-hide-security-enhancer' ); ?></h4>
358	+ <h5><?php echo $results['failed'] ?></h5>
359	+ </td>
360	+ </tr></tbody></table>
361	+ </div>
362	+ <p class="actions">
363	+ <button id="wph-site-scan-button" type="button" class="button <?php if ( $scan_in_progress ) { echo 'disabled'; } ?> button-primary" onClick="WPH.site_scan( '<?php echo esc_attr ( wp_create_nonce( 'wph/site_scan') ) ?>')"><?php _e( 'Start New Scan', 'wp-hide-security-enhancer' ); ?></button>
364	+ <span class="spinner" style="visibility: hidden;"></span>
365	+ <span class="working"><?php _e( 'Working', 'wp-hide-security-enhancer' ); ?> <span class="progress">0</span> <?php _e( 'of', 'wp-hide-security-enhancer' ); ?> <span class="total_items"><?php echo count ( $this->scan_items ) ?></span> <?php _e( 'total tests', 'wp-hide-security-enhancer' ); ?></span>
366	+ </p>
367	+ <?php
368	+
369	+ //check if new items
370	+ $found_new_scan_items = FALSE;
371	+ foreach ( $this->scan_items as $scan_item_id => $item_instance )
372	+ {
373	+ $scan_item_data = $item_instance->get_settings();
374	+ $scan_response = isset ( $site_scan['results'][ $scan_item_id ] ) ? $site_scan['results'][ $scan_item_id ] : FALSE ;
375	+
376	+ if ( ! $scan_response )
377	+ {
378	+ $found_new_scan_items = TRUE;
379	+ break;
380	+ }
381	+ }
382	+
383	+ //check for scann in progress
384	+ if ( $scan_in_progress )
385	+ {
386	+ ?><p class="new-items"><?php _e( 'Another Scan instance in progress. Refresh the page in a minute.', 'wp-hide-security-enhancer' ) ?></p><?php
387	+ }
388	+
389	+ if ( ! $scan_in_progress && $found_new_scan_items )
390	+ {
391	+ ?><p class="new-items"><?php _e( 'Found new Items, a new Security Scann is recommended.', 'wp-hide-security-enhancer' ) ?></p><?php
392	+ }
393	+
394	+ ?>
395	+ <p class="last_scan"><b><?php _e( 'Last Scan', 'wp-hide-security-enhancer' ); ?>:</b> <?php echo date( "Y-m-d H:i:s", $site_scan['last_scan'] ); ?></p>
396	+ <?php if ( empty ( $context ) ) { ?>
397	+ <p class="security_hints"><?php echo $this->get_security_hints( $site_score ) ?></p>
398	+ <?php } ?>
399	+ <?php
400	+ }
401	+ ?>
402	+ </div>
403	+ </div>
404	+ </div>
405	+
406	+ <?php
407	+
408	+ }
409	+
410	+
411	+ function get_site_score( $site_scan )
412	+ {
413	+ $results = array();
414	+ $results['success'] = 0;
415	+ $results['failed'] = 0;
416	+ $results['total_score'] = 0;
417	+ $results['achieved_score'] = 0;
418	+
419	+ $site_scan = (array)get_site_option('wph/site_scan');
420	+ $wph_site_scan_ignore = isset ( $site_scan['ignore'] ) ? (array)$site_scan['ignore'] : array();
421	+
422	+ foreach ( $this->scan_items as $scan_item_id => $item_instance )
423	+ {
424	+ if ( in_array ( $scan_item_id, $wph_site_scan_ignore ) )
425	+ continue;
426	+
427	+ $scan_item_data = $item_instance->get_settings();
428	+ $results['total_score'] += $scan_item_data['score_points'];
429	+
430	+ if ( isset ( $site_scan['results'][$scan_item_id ] ) && $site_scan['results'][$scan_item_id ]->status === TRUE )
431	+ $results['achieved_score'] += $scan_item_data['score_points'];
432	+
433	+ if ( isset ( $site_scan['results'][$scan_item_id] ) && $site_scan['results'][$scan_item_id]->status === FALSE )
434	+ $results['failed'] += 1;
435	+ else if ( isset ( $site_scan['results'][$scan_item_id] ) && $site_scan['results'][$scan_item_id]->status === TRUE )
436	+ $results['success'] += 1;
437	+ }
438	+
439	+ $results['progress'] = intval ( $results['achieved_score'] * 100 / $results['total_score'] );
440	+ $results['protection'] = '';
441	+ if ( $results['progress'] < 30 )
442	+ $results['protection'] = __( 'Very Poor' , 'wp-hide-security-enhancer' );
443	+ else if ( $results['progress'] >= 30 and $results['progress'] < 50 )
444	+ $results['protection'] = __( 'Poor', 'wp-hide-security-enhancer' );
445	+ else if ( $results['progress'] >= 50 and $results['progress'] < 70 )
446	+ $results['protection'] = __( 'Fair', 'wp-hide-security-enhancer' );
447	+ else if ( $results['progress'] >= 70 and $results['progress'] < 80 )
448	+ $results['protection'] = __( 'Good', 'wp-hide-security-enhancer' );
449	+ else if ( $results['progress'] >= 80 and $results['progress'] < 90 )
450	+ $results['protection'] = __( 'Great', 'wp-hide-security-enhancer' );
451	+ else if ( $results['progress'] >= 90 and $results['progress'] <= 99 )
452	+ $results['protection'] = __( 'Excelent', 'wp-hide-security-enhancer' );
453	+ else if ( $results['progress'] > 99 )
454	+ $results['protection'] = __( 'Perfect', 'wp-hide-security-enhancer' );
455	+
456	+ $results['graph_progress'] = round ( $results['progress'] * 180 / 100 );
457	+
458	+ return $results;
459	+ }
460	+
461	+
462	+ private function render_item( $scan_item_id, $scan_item_data, $response )
463	+ {
464	+
465	+ ?>
466	+ <div id="item-<?php echo $scan_item_id ?>" class="postbox wph-postbox item<?php if ( $response->status ) { echo ' valid-item'; } ?>">
467	+ <div class="wph_input widefat<?php
468	+ if ( ! $response->status ) { echo ' issue_found';}
469	+ else if ( $response->status === 'unknown' ) { echo ' unknown';}
470	+ ?>">
471	+ <div class="row cell label">
472	+ <label><span class="dashicons <?php echo $scan_item_data['icon'] ?>"></span> <?php echo $scan_item_data['title'] ?></label>
473	+ <p class="info"><?php echo $response->info; ?></p>
474	+ <div class="description"><?php echo $response->description; ?></div>
475	+ <div class="actions">
476	+ <?php
477	+ if ( count ( (array)$response->actions ) > 0 )
478	+ foreach ( $response->actions as $action_type => $action )
479	+ {
480	+ echo " " . $this->get_action_html( $action_type, $action, $scan_item_id );
481	+ }
482	+ ?></div>
483	+ </div>
484	+
485	+ </div>
486	+ <div class="wph_help option_help">
487	+ <div class="text">
488	+ <?php echo wpautop( $scan_item_data['help'] ) ?>
489	+ </div>
490	+ </div>
491	+ </div>
492	+ <?php
493	+
494	+ }
495	+
496	+
497	+ function get_security_hints( $site_score, $context = 'security-scan-interface' )
498	+ {
499	+ if (! is_array ( $site_score ) )
500	+ {
501	+ $site_scan = (array)get_site_option('wph/site_scan');
502	+ $site_score = $this->get_site_score( $site_scan );
503	+ }
504	+
505	+ $hints = '';
506	+
507	+ if ( $site_score['progress'] < 90)
508	+ {
509	+ $level = '';
510	+ switch ( $site_score['progress'] )
511	+ {
512	+ case ( $site_score['progress'] >= 75 ):
513	+ $level = __( 'unsatisfactory', 'wp-hide-security-enhancer');
514	+ break;
515	+ case ( $site_score['progress'] > 40 && $site_score['progress'] < 75 ):
516	+ $level = __( 'unsatisfactory', 'wp-hide-security-enhancer');
517	+ break;
518	+ case ( $site_score['progress'] <= 40 ):
519	+ $level = __( 'dangerously low, an imminent security breach is highly likely.', 'wp-hide-security-enhancer');
520	+ break;
521	+ }
522	+
523	+ $hints .= __( 'The current protection level is ' , 'wp-hide-security-enhancer' ) . $level . ' ' .__ ('Consider improving the overall security by fixing the issues reported by the Scan', 'wp-hide-security-enhancer' );
524	+
525	+ if ( $context != 'security-scan-interface' )
526	+ $hints .= '<br /><br /><a class="button button-primary" href="' . network_admin_url ( 'admin.php?page=wp-hide-security-scan' ) . '">'. __( 'Security Scan', 'wp-hide-security-enhancer') .'</a>';
527	+ }
528	+
529	+ return $hints;
530	+
531	+ }
532	+
533	+
534	+ private function get_action_html( $action_type, $action, $scan_item_id )
535	+ {
536	+ $html = '';
537	+
538	+ switch( $action_type )
539	+ {
540	+ case 'ignore' :
541	+ $html = '<a class="button ignore" href="javascript: void(0)" onclick="WPH.scan_ignore_item(\'' . $scan_item_id . '\', \''. esc_attr ( wp_create_nonce( 'wph/site_scan/ignore') ) .'\')">'. __( 'Ignore', 'wp-hide-security-enhancer' ) .'</a>';
542	+ break;
543	+ case 'restore' :
544	+ $html = '<a class="button restore" href="javascript: void(0)" onclick="WPH.scan_restore_item(\'' . $scan_item_id . '\', \''. esc_attr ( wp_create_nonce( 'wph/site_scan/restore') ) .'\')">'. __( 'Restore', 'wp-hide-security-enhancer' ) .'</a>';
545	+ break;
546	+ default:
547	+ $html = $action;
548	+ }
549	+
550	+ return $html;
551	+
552	+ }
553	+
554	+
555	+ function wp_ajax_wph_site_scan()
556	+ {
557	+
558	+ if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan' ) )
559	+ die();
560	+
561	+ $this->get_HTML();
562	+
563	+ $site_scan = (array)get_site_option('wph/site_scan');
564	+
565	+ $response = array();
566	+
567	+ //allow a timeout of 60 secconds
568	+ if ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 && $site_scan['last_scan_progress'] > time() - 60 )
569	+ {
570	+ return __( 'Another Scan instance in progress. Please wait until completed.', 'wp-hide-security-enhancer' );
571	+ }
572	+
573	+ $site_scan['results'] = array();
574	+
575	+ $progress = 1;
576	+
577	+ foreach ( $this->scan_items as $scan_item => $item_instance )
578	+ {
579	+ $site_scan['last_scan_progress'] = time();
580	+
581	+ $scan_item_data = $item_instance->get_settings();
582	+ $scan_response = json_decode( $item_instance->scan() );
583	+
584	+ $site_scan['results'][ $scan_item ] = $scan_response;
585	+
586	+
587	+ usleep ( 400000 );
588	+
589	+ update_site_option( 'wph/site_scan', $site_scan );
590	+
591	+ $progress++;
592	+ }
593	+
594	+ $site_scan['last_scan'] = time();
595	+ $site_scan['visited'] = md5 ( json_encode( $this->get_scan_items() ) );
596	+ $site_scan['last_scan_progress'] = FALSE;
597	+
598	+ update_site_option( 'wph/site_scan', $site_scan );
599	+
600	+ _e( 'Scan completed.', 'wp-hide-security-enhancer' );
601	+
602	+ die();
603	+
604	+ }
605	+
606	+
607	+ function wp_ajax_wph_site_scan_progress()
608	+ {
609	+
610	+ if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan' ) )
611	+ die();
612	+
613	+ wp_ob_end_flush_all();
614	+
615	+ $site_scan = (array)get_site_option('wph/site_scan');
616	+
617	+ $response = array();
618	+ $response['results'] = $site_scan['results'];
619	+ $response['scann_in_progress'] = ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 ) ? TRUE: FALSE;
620	+
621	+ if ( $response['scann_in_progress'] )
622	+ $response['scann_status'] = 'Working';
623	+ else
624	+ $response['scann_status'] = 'Idle';
625	+
626	+ if ( count ( (array)$response['results'] ) > 0 )
627	+ {
628	+ foreach ( $response['results'] as $scan_item_id => $item_scan_data )
629	+ {
630	+ if ( count ( (array)$item_scan_data->actions ) > 0 )
631	+ {
632	+ $actions = '';
633	+ foreach ( $item_scan_data->actions as $action_type => $action )
634	+ {
635	+ $actions .= ' ' . $this->get_action_html( $action_type, $action, $scan_item_id );
636	+ }
637	+ $response['results'][$scan_item_id]->actions = $actions;
638	+ }
639	+ }
640	+ }
641	+
642	+ //check if timeout
643	+ if ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 && $site_scan['last_scan_progress'] < time() - 60 )
644	+ {
645	+ $response['scann_in_progress'] = FALSE;
646	+ $response['scann_status'] = 'Timed Out';
647	+ }
648	+
649	+ $response['total'] = count ( $this->scan_items );
650	+ $response['items_progress'] = count ( $response['results'] );
651	+
652	+ $results = $this->get_site_score( $site_scan );
653	+
654	+ $response['success'] = $results['success'];
655	+ $response['failed'] = $results['failed'];
656	+ $response['graph_progress'] = $results['graph_progress'];
657	+ $response['progress'] = $results['progress'];
658	+ $response['protection'] = __( $results['protection'], 'wp-hide-security-enhancer');
659	+
660	+ echo json_encode( $response );
661	+
662	+ die();
663	+
664	+ }
665	+
666	+ function wp_ajax_wph_site_scan_ignore()
667	+ {
668	+
669	+ if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan/ignore' ) )
670	+ die();
671	+
672	+ $item_id = preg_replace( '/[^a-zA-Z0-9\-\_$]/m' , "", $_POST['item_id'] );
673	+
674	+ if ( ! empty ( $item_id ) )
675	+ {
676	+ $site_scan = (array)get_site_option('wph/site_scan');
677	+ $wph_site_scan_ignore = (array)$site_scan['ignore'];
678	+ $wph_site_scan_ignore[] = $item_id;
679	+ $wph_site_scan_ignore = array_unique ( array_filter ( $wph_site_scan_ignore ) );
680	+
681	+ $wph_site_scan_ignore = array_unique ( array_filter ( $wph_site_scan_ignore ) );
682	+
683	+ $site_scan['ignore'] = $wph_site_scan_ignore;
684	+
685	+ update_site_option ( 'wph/site_scan', $site_scan );
686	+ }
687	+
688	+ $response = array();
689	+ $response['item_id'] = $item_id;
690	+
691	+ $site_scan = (array)get_site_option('wph/site_scan');
692	+ $site_score = $this->get_site_score( $site_scan );
693	+ $response = $response + $site_score;
694	+
695	+ echo json_encode( $response );
696	+
697	+ die();
698	+ }
699	+
700	+ function wp_ajax_wph_site_scan_restore()
701	+ {
702	+
703	+ if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan/restore' ) )
704	+ die();
705	+
706	+ $item_id = preg_replace( '/[^a-zA-Z0-9\-\_$]/m' , "", $_POST['item_id'] );
707	+
708	+ if ( ! empty ( $item_id ) )
709	+ {
710	+ $site_scan = (array)get_site_option('wph/site_scan');
711	+ $wph_site_scan_ignore = (array)$site_scan['ignore'];
712	+ $index = array_search( $item_id, $wph_site_scan_ignore );
713	+ if ( $index !== FALSE )
714	+ unset ( $wph_site_scan_ignore[$index] );
715	+
716	+ $wph_site_scan_ignore = array_unique ( array_filter ( $wph_site_scan_ignore ) );
717	+
718	+ $site_scan['ignore'] = $wph_site_scan_ignore;
719	+
720	+ update_site_option ( 'wph/site_scan', $site_scan );
721	+ }
722	+
723	+ $response = array();
724	+ $response['item_id'] = $item_id;
725	+
726	+ $site_scan = (array)get_site_option('wph/site_scan');
727	+ $site_score = $this->get_site_score( $site_scan );
728	+ $response = $response + $site_score;
729	+
730	+ echo json_encode( $response );
731	+
732	+ die();
733	+ }
734	+
735	+ function get_remote_content()
736	+ {
737	+ if ( $this->remote_errors !== FALSE )
738	+ return FALSE;
739	+
740	+ if ( $this->remote_html === FALSE )
741	+ $this->get_HTML();
742	+
743	+ return $this->remote_html;
744	+ }
745	+
746	+
747	+ function get_remote_headers()
748	+ {
749	+ if ( $this->remote_errors !== FALSE )
750	+ return FALSE;
751	+
752	+ return $this->remote_headers;
753	+ }
754	+
755	+ function get_HTML()
756	+ {
757	+ $this->remote_started = TRUE;
758	+
759	+ $args = array(
760	+ 'sslverify' => false,
761	+ 'timeout' => 30
762	+ );
763	+ $site_url = apply_filters( 'wp-hide/security-scan/url', home_url() );
764	+ $response = wp_remote_get( $site_url, $args );
765	+
766	+ if ( is_a( $response, 'WP_Error' ))
767	+ {
768	+ $this->remote_errors = $response->get_error_message();
769	+ return FALSE;
770	+ }
771	+
772	+ if ( is_array( $response ) )
773	+ {
774	+
775	+ if ( ! isset( $response['response']['code'] ) )
776	+ return FALSE;
777	+
778	+ if ( $response['response']['code'] != 200 )
779	+ {
780	+ if ( $response['response']['code'] == 404 )
781	+ {
782	+ $this->remote_errors = __( "The wp_remote_get() returns a Not Found page.", 'wp-hide-security-enhancer' );
783	+ return FALSE;
784	+ }
785	+
786	+ if ( $response['response']['code'] == 401 )
787	+ {
788	+ $this->remote_errors = __( "The wp_remote_get() returns a 401 error code, the request could not be authenticated. Does the site use an httpd password?", 'wp-hide-security-enhancer' );
789	+ return FALSE;
790	+ }
791	+
792	+ if ( ! empty ( $response['response']['code'] ) )
793	+ {
794	+ $this->remote_errors = __( "The wp_remote_get() returns a", 'wp-hide-security-enhancer' ) . " " . $response['response']['code'] . " " . __( "error code", 'wp-hide-security-enhancer' );
795	+ return FALSE;
796	+ }
797	+
798	+ $this->remote_errors = __( "Unespected error code for wp_remote_get() call.", 'wp-hide-security-enhancer' );
799	+ return FALSE;
800	+ }
801	+
802	+ $this->remote_html = $response['body'];
803	+ $this->remote_headers = $response['http_response']->get_headers();
804	+
805	+ return TRUE;
806	+
807	+ }
808	+
809	+ return FALSE;
810	+
811	+ }
812	+
813	+
814	+
815	+
816	+
817	+
818	+
819	+
820	+ }
821	+
822	+
823	+ ?>

include/admin-interfaces/security-scan/scan_item.class.php ADDED Viewed

	@@ -0,0 +1,48 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+
29	+ }
30	+
31	+ public function return_json_response( $response )
32	+ {
33	+ $defaults = array (
34	+ 'info' => '',
35	+ 'status' => FALSE,
36	+ 'description' => '',
37	+ 'actions' => array()
38	+ );
39	+
40	+ $response = wp_parse_args ( $response, $defaults );
41	+
42	+ return json_encode( $response );
43	+ }
44	+
45	+ }
46	+
47	+
48	+ ?>

include/admin-interfaces/security-scan/scan_item_database_prefix.php ADDED Viewed

	@@ -0,0 +1,71 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_database_prefix extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'database_prefix';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Database Prefix',
30	+ 'icon' => 'dashicons-database',
31	+
32	+ 'help' => __("WordPress security is a serious matter and you can improve it by changing the WordPress database prefix. A WordPress database contains all of the information for your website, which makes it a prime target for hackers.
33	+ By default, the WordPress database prefix is “wp_” and is quite easy to locate and target.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ global $wpdb;
45	+
46	+ $_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . $wpdb->prefix;
47	+
48	+ if ( $wpdb->prefix == 'wp_' )
49	+ {
50	+ $_JSON_response['status'] = FALSE;
51	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The database prefix use the default wp_ prefix.', 'wp-hide-security-enhancer' );
52	+ $_JSON_response['actions'] = array (
53	+ 'read_more' => '<a class="button" target="_blank" href="https://wp-staging.com/3-ways-to-change-the-wordpress-database-prefix-method-simplified/">Read More</a>',
54	+ 'ignore' => '//--post-generated--',
55	+ 'restore' => '//--post-generated--',
56	+ );
57	+ }
58	+ else
59	+ {
60	+ $_JSON_response['status'] = TRUE;
61	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The database prefix use a custom name.', 'wp-hide-security-enhancer' );
62	+ }
63	+
64	+ return $this->return_json_response( $_JSON_response );
65	+
66	+ }
67	+
68	+ }
69	+
70	+
71	+ ?>

include/admin-interfaces/security-scan/scan_item_db_debug.php ADDED Viewed

	@@ -0,0 +1,72 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_db_debug extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'db_debug';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Database Debug',
30	+ 'icon' => 'dashicons-code-standards',
31	+
32	+ 'help' => __("Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins and themes.
33	+ On production sites, the debug should be disabled to avoid exposing paths and other pieces of information related to the site. ", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 5,
36	+
37	+ 'callback' => 'scan_item_db_debug',
38	+ );
39	+ }
40	+
41	+
42	+ function scan()
43	+ {
44	+ $_JSON_response = array();
45	+
46	+ global $wpdb;
47	+
48	+ $_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . ( $wpdb->show_errors === TRUE ? 'TRUE' : 'FALSE' );
49	+
50	+ if ( $wpdb->show_errors === TRUE )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The database debug is active. Check your site wp-config.php and comment the WP_DEBUG and WP_DEBUG_DISPLAY ( if exists ) constants declaration.', 'wp-hide-security-enhancer' );
54	+ $_JSON_response['actions'] = array (
55	+ 'ignore' => '//--post-generated--',
56	+ 'restore' => '//--post-generated--',
57	+ );
58	+ }
59	+ else
60	+ {
61	+ $_JSON_response['status'] = TRUE;
62	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The database debug is disabled.', 'wp-hide-security-enhancer' );
63	+ }
64	+
65	+ return $this->return_json_response( $_JSON_response );
66	+
67	+ }
68	+
69	+ }
70	+
71	+
72	+ ?>

include/admin-interfaces/security-scan/scan_item_disable_file_edit.php ADDED Viewed

	@@ -0,0 +1,70 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_disable_file_edit extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'disable_file_edit';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Theme/Plugin File Editor',
30	+ 'icon' => 'dashicons-code-standards',
31	+
32	+ 'help' => __("The WordPress theme/plugin file editor lets you open files from the site. It displays the file content on the text editor allowing changes to the code, directly on the dashboard.
33	+ <br />Unless this is a development instance, it should be disabled.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 5,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . ( defined ( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT === TRUE ? 'TRUE' : 'FALSE' );
45	+
46	+ if ( ! defined ( 'DISALLOW_FILE_EDIT' ) \|\| DISALLOW_FILE_EDIT === FALSE )
47	+ {
48	+ $_JSON_response['status'] = FALSE;
49	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The file editor is enabled.
50	+ <br />To fix this security issue, add/change the wp-config.php:
51	+ <br /><code>define ( \'DISALLOW_FILE_EDIT\', TRUE );</code>.', 'wp-hide-security-enhancer' );
52	+ $_JSON_response['actions'] = array (
53	+ 'ignore' => '//--post-generated--',
54	+ 'restore' => '//--post-generated--',
55	+ );
56	+ }
57	+ else
58	+ {
59	+ $_JSON_response['status'] = TRUE;
60	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The file editor is disabled.', 'wp-hide-security-enhancer' );
61	+ }
62	+
63	+ return $this->return_json_response( $_JSON_response );
64	+
65	+ }
66	+
67	+ }
68	+
69	+
70	+ ?>

include/admin-interfaces/security-scan/scan_item_firewall.php ADDED Viewed

	@@ -0,0 +1,138 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_firewall extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'firewall';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Firewall', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-shield',
31	+
32	+ 'help' => __("A Firewall is a security piece of software that adds a layer of protection to your site. A firewall works as a rules-based filter for all incoming traffic to a website, it ensures only the secure traffic is reaching the server, all malicious attempts will be blocked and logged.
33	+ <br />A Firewall works as Proactive ratter reactive security solution, so it helps to protect a website before the malicious and malware actually reach it. This is a huge improvement for security, as preventing any harm and damages to a site, spare the administrators of incalculable losses which the malware can do.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 20,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_errors = array();
45	+
46	+ $firewall_check = array (
47	+ 'header' => array (
48	+ 'url' => 'query=header:',
49	+ 'message' => __('Failed to block requests using malicious header calls.', 'wp-hide-security-enhancer')
50	+ ),
51	+ 'set_cookie' => array(
52	+ 'url' => 'query=set-cookie:=',
53	+ 'message' => __('Failed to block requests using malicious set-cookie calls.', 'wp-hide-security-enhancer')
54	+ ),
55	+ 'union' => array(
56	+ 'url' => 'query=union(select(',
57	+ 'message' => __('Failed to block requests using malicious MySQL code.', 'wp-hide-security-enhancer')
58	+ ),
59	+ 'globals' => array(
60	+ 'url' => 'query=globals=',
61	+ 'message' => __('Failed to block requests using malicious globals calls.', 'wp-hide-security-enhancer')
62	+ ),
63	+ 'request' => array(
64	+ 'url' => 'query=request=',
65	+ 'message' => __('Failed to block requests using malicious request calls.', 'wp-hide-security-enhancer')
66	+ )
67	+ );
68	+
69	+ $args = array(
70	+ 'sslverify' => false,
71	+ 'timeout' => 15
72	+ );
73	+
74	+ foreach ( $firewall_check as $item_id => $firewall_item )
75	+ {
76	+ $url = home_url() . '?' . $firewall_item['url'] ;
77	+ $response = wp_remote_get( $url, $args );
78	+
79	+ if ( is_a( $response, 'WP_Error' ))
80	+ {
81	+ $found_errors[$item_id][] = $response->get_error_message();
82	+ $found_errors[$item_id][] = $firewall_item['message'];
83	+ continue;
84	+ }
85	+
86	+ if ( is_array( $response ) )
87	+ {
88	+
89	+ if ( ! isset( $response['response']['code'] ) )
90	+ {
91	+ $found_errors[$item_id][] = __('No valid respons for the call.', 'wp-hide-security-enhancer');
92	+ continue;
93	+ }
94	+
95	+ if ( $response['response']['code'] != 403 )
96	+ {
97	+ $found_errors[$item_id][] = $firewall_item['message'];
98	+ continue;
99	+ }
100	+ }
101	+ }
102	+
103	+ if ( count ( $found_errors ) > 0 )
104	+ {
105	+ $_JSON_response['status'] = FALSE;
106	+
107	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site does not appear to use a Firewall or fails to block specific hacks.', 'wp-hide-security-enhancer' );
108	+ $_JSON_response['description'] .= '<br /><br />';
109	+
110	+ foreach ( $found_errors as $found_error_messages )
111	+ {
112	+
113	+ $_JSON_response['description'] .= '<p class="important">';
114	+ $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . __( 'Found', 'wp-hide-security-enhancer' ) .' - ' . implode ( '<br />' , $found_error_messages ) .'</b>';
115	+ $_JSON_response['description'] .= '</p>';
116	+
117	+ }
118	+
119	+ $_JSON_response['actions'] = array (
120	+ 'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
121	+ 'ignore' => '//--post-generated--',
122	+ 'restore' => '//--post-generated--',
123	+ );
124	+ }
125	+ else
126	+ {
127	+ $_JSON_response['status'] = TRUE;
128	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>Your site use a Firewall.', 'wp-hide-security-enhancer' );
129	+ }
130	+
131	+ return $this->return_json_response( $_JSON_response );
132	+
133	+ }
134	+
135	+ }
136	+
137	+
138	+ ?>

include/admin-interfaces/security-scan/scan_item_headers.php ADDED Viewed

	@@ -0,0 +1,120 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_headers extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'headers';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('HTTP Response Security Headers', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("HTTP Response Headers are a powerful tool to Harden Your Website.
33	+ The Hypertext Transfer Protocol (HTTP) is based on a client-server architecture, in which the client ( typically a web browser application ) establishes a connection with the server through a destination URL and waits for a response.
34	+ The HTTP Headers allow the client and the server send additional pieces of information with the HTTP request or response.
35	+ The HTTP Headers are categorised by their purpose: Authentication, Caching, Client hints, Conditionals, Connection management, Content negotiation, Controls, Cookies, CORS, Downloads, Message body information, Proxies, Redirects, Request context, Response context, Range requests, Security, Server-sent events, Transfer coding, WebSockets, Other
36	+ This area provides support for the <a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#security' target='_blank'>Security Headers</a> type. Those are the ones responsible for the security implementation for any page.", 'wp-hide-security-enhancer'),
37	+
38	+ 'score_points' => 20,
39	+ );
40	+ }
41	+
42	+
43	+ function scan()
44	+ {
45	+ $_JSON_response = array();
46	+
47	+ $found_issue = FALSE;
48	+ $found_headers = array();
49	+ $not_found_headers = array();
50	+
51	+ if ( $this->wph->security_scan->remote_headers )
52	+ {
53	+ $WPH_module_general_security_check_headers = new WPH_module_general_security_check_headers();
54	+
55	+ $headers = $this->wph->security_scan->remote_headers;
56	+
57	+ $found_headers = array ( );
58	+
59	+ foreach ( $headers->getAll() as $header_key => $header_value )
60	+ {
61	+ $header_key = strtolower ( $header_key ) ;
62	+ $header_key = trim ( $header_key );
63	+
64	+ if ( isset( $WPH_module_general_security_check_headers->headers[ $header_key ] ) )
65	+ $found_headers[] = $header_key;
66	+ }
67	+
68	+ foreach ( $WPH_module_general_security_check_headers->headers as $header_key => $header_data )
69	+ {
70	+ if ( in_array ( $header_key, $found_headers ) )
71	+ continue;
72	+
73	+ $not_found_headers[] = $header_key;
74	+ }
75	+
76	+ if ( count ( $not_found_headers ) > 0 )
77	+ $found_issue = TRUE;
78	+ }
79	+ else
80	+ $found_issue = TRUE;
81	+
82	+ if ( $found_issue )
83	+ {
84	+ $_JSON_response['status'] = FALSE;
85	+
86	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site is missing some security headers.', 'wp-hide-security-enhancer' );
87	+
88	+ foreach ( $not_found_headers as $not_found_header )
89	+ {
90	+
91	+ $_JSON_response['description'] .= '<p class="important">';
92	+ $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> Not Found - ' . ucfirst ( $not_found_header ) .'</b>';
93	+ $_JSON_response['description'] .= '</p>';
94	+
95	+ }
96	+
97	+ if ( $this->wph->security_scan->remote_started && $this->wph->security_scan->remote_errors !== FALSE )
98	+ $_JSON_response['description'] .= "<br /><br /><span class='error'>" . __('Unable to complete this security task as an error occoured', 'wp-hide-security-enhancer' ) . ': <b>' .$this->wph->security_scan->remote_errors . '</b></span>';
99	+
100	+ $_JSON_response['actions'] = array (
101	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-security-headers', 'admin' ) .'">Fix</a>',
102	+ 'fix2' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
103	+ 'ignore' => '//--post-generated--',
104	+ 'restore' => '//--post-generated--',
105	+ );
106	+ }
107	+ else
108	+ {
109	+ $_JSON_response['status'] = TRUE;
110	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no headers containing valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
111	+ }
112	+
113	+ return $this->return_json_response( $_JSON_response );
114	+
115	+ }
116	+
117	+ }
118	+
119	+
120	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_admin_ajax.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_admin_ajax extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_admin_ajax';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New admin-ajax.php', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The admin-ajax.php is being used by WordPress core and many plugins to initiate AJAX calls from dashboard and front side. This is specific to WordPress, a site using such slug is an easy target to hack attempts.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 20,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('new_admin_ajax_php');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Rewriting the admin-ajax.php to another slug to increase overall security for a WordPress site.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_admin_url.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_admin_url extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_admin_url';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New Admin Url', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Despite the flexibility of WordPress framework, there are few ways to configure the admin login url customization for making a bit safer against unauthorized access and brute force attempts. All methods are not provided out of the box through WordPress core but require custom code to make it happen.
33	+ <br />This feature provide an easy way to change the default /wp-admin/ to a different slug.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 20,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+
46	+ $option = $this->wph->functions->get_module_item_setting('admin_url');
47	+
48	+ if ( empty ( $option ) \|\| $option == 'no' )
49	+ $found_issue = TRUE;
50	+
51	+ if ( $found_issue )
52	+ {
53	+ $_JSON_response['status'] = FALSE;
54	+
55	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Map a new admin url instead default prevent hackers boot to attempt to brute force a site login.', 'wp-hide-security-enhancer' );
56	+
57	+ $_JSON_response['actions'] = array (
58	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-admin&component=wp-login-php', 'admin' ) .'">Fix</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_child_theme.php ADDED Viewed

	@@ -0,0 +1,105 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_child_theme extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_child_theme';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New Child Theme Path', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("This option helps to change the theme url to a custom one. As default all theme assets ( styles, JavaScript etc ) are loaded using the theme url and appear on front side HTML source code.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ if ( ! $this->wph->templates_data['use_child_theme'] )
44	+ {
45	+ $_JSON_response = array (
46	+ 'status' => TRUE,
47	+ 'description' => __( '<span class="dashicons dashicons-yes"></span>On the last scan, you are not using a Child Theme.', 'wp-hide-security-enhancer' )
48	+ );
49	+
50	+ return $this->return_json_response( $_JSON_response );
51	+ }
52	+
53	+ $found_issue = FALSE;
54	+ $option_value = $this->wph->functions->get_module_item_setting('new_theme_child_path');
55	+
56	+ if ( empty ( $option_value ) )
57	+ $found_issue = TRUE;
58	+
59	+ $found_within_code = FALSE;
60	+ if ( ! $found_issue && $this->remote_html )
61	+ {
62	+ $seek_url = $this->wph->default_variables['stylesheet_uri'];
63	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
64	+ if ( stripos( $this->remote_html, $seek_url ) )
65	+ $found_within_code = TRUE;
66	+ }
67	+
68	+ if ( $found_within_code )
69	+ $found_issue = TRUE;
70	+
71	+ if ( $found_issue )
72	+ {
73	+ $_JSON_response['status'] = FALSE;
74	+
75	+ if ( empty ( $option_value ) )
76	+ {
77	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url has not been customised.', 'wp-hide-security-enhancer' );
78	+ }
79	+ else
80	+ {
81	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url is still found within the source HTML.', 'wp-hide-security-enhancer' );
82	+ if ( $found_within_code )
83	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
84	+ }
85	+
86	+ $_JSON_response['actions'] = array (
87	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
88	+ 'ignore' => '//--post-generated--',
89	+ 'restore' => '//--post-generated--',
90	+ );
91	+ }
92	+ else
93	+ {
94	+ $_JSON_response['status'] = TRUE;
95	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
96	+ }
97	+
98	+ return $this->return_json_response( $_JSON_response );
99	+
100	+ }
101	+
102	+ }
103	+
104	+
105	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_child_theme_style.php ADDED Viewed

	@@ -0,0 +1,102 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_child_theme_style extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_child_theme_style';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New Child Theme Style File Path', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("This allow to change the default style.css filename to something else e.g. template-style.css. Per this example, on front side the main style link change from /style.css to /template-style.css ", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+ $option_value = $this->wph->functions->get_module_item_setting('child_style_file_path');
45	+
46	+ if ( empty ( $option_value ) )
47	+ {
48	+ $_JSON_response = array (
49	+ 'status' => TRUE,
50	+ 'description' => __( '<span class="dashicons dashicons-yes"></span>On the last scan, you are not using a Child Theme.', 'wp-hide-security-enhancer' )
51	+ );
52	+
53	+ return $this->return_json_response( $_JSON_response );
54	+ }
55	+
56	+ $found_within_code = FALSE;
57	+ if ( ! $found_issue && $this->remote_html )
58	+ {
59	+ $seek_url = $this->wph->default_variables['stylesheet_uri'] . '/style.css';
60	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
61	+ if ( stripos( $this->remote_html, $seek_url ) )
62	+ $found_within_code = TRUE;
63	+ }
64	+
65	+ if ( $found_within_code )
66	+ $found_issue = TRUE;
67	+
68	+ if ( $found_issue )
69	+ {
70	+ $_JSON_response['status'] = FALSE;
71	+
72	+ if ( empty ( $option_value ) )
73	+ {
74	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url has not been customised.', 'wp-hide-security-enhancer' );
75	+ }
76	+ else
77	+ {
78	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url is still found within the source HTML.', 'wp-hide-security-enhancer' );
79	+ if ( $found_within_code )
80	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
81	+ }
82	+
83	+ $_JSON_response['actions'] = array (
84	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
85	+ 'ignore' => '//--post-generated--',
86	+ 'restore' => '//--post-generated--',
87	+ );
88	+ }
89	+ else
90	+ {
91	+ $_JSON_response['status'] = TRUE;
92	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme style url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
93	+ }
94	+
95	+ return $this->return_json_response( $_JSON_response );
96	+
97	+ }
98	+
99	+ }
100	+
101	+
102	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_comments.php ADDED Viewed

	@@ -0,0 +1,95 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_comments extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_comments';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New wp-comments-post.php', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("To avoid boots to create smap comments, the default wp-comments-post.php should be changed to a custom one.
33	+ <br />This makes it easy to recognise as WordPress form. Boots always search for such file ( wp-comments-post.php ) and automatically submit spam messages.Though this option a new file slug can replace the default.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+ $option_value = $this->wph->functions->get_module_item_setting('new_wp_comments_post');
46	+
47	+ if ( empty ( $option_value ) )
48	+ $found_issue = TRUE;
49	+
50	+ $found_within_code = FALSE;
51	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
52	+ {
53	+ $seek_url = $option_value;
54	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
55	+ $found_within_code = TRUE;
56	+ }
57	+
58	+ if ( $found_within_code )
59	+ $found_issue = TRUE;
60	+
61	+ if ( $found_issue )
62	+ {
63	+ $_JSON_response['status'] = FALSE;
64	+
65	+ if ( empty ( $option_value ) )
66	+ {
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default wp-comments-post.php has not been customised.', 'wp-hide-security-enhancer' );
68	+ }
69	+ else
70	+ {
71	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default wp-comments-post.php is still found within the source HTML.', 'wp-hide-security-enhancer' );
72	+ if ( $found_within_code )
73	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
74	+ }
75	+
76	+ $_JSON_response['actions'] = array (
77	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=comments', 'admin' ) .'">Fix</a>',
78	+ 'ignore' => '//--post-generated--',
79	+ 'restore' => '//--post-generated--',
80	+ );
81	+ }
82	+ else
83	+ {
84	+ $_JSON_response['status'] = TRUE;
85	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default wp-comments-post.php cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
86	+ }
87	+
88	+ return $this->return_json_response( $_JSON_response );
89	+
90	+ }
91	+
92	+ }
93	+
94	+
95	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_plugins.php ADDED Viewed

	@@ -0,0 +1,96 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_plugins extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_plugins';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New Plugins Path', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("In WordPress, a plugin is a small software application that extends the features and functions of a WordPress website.
33	+ <br />Plugins play a major role in building great websites using WordPress. They make it easier for users to add features to their website without knowing a single line of code.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+ $option_value = $this->wph->functions->get_module_item_setting('new_plugin_path');
46	+
47	+ if ( empty ( $option_value ) )
48	+ $found_issue = TRUE;
49	+
50	+ $found_within_code = FALSE;
51	+ if ( ! $found_issue && $this->remote_html )
52	+ {
53	+ $seek_url = includes_url();
54	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
55	+ if ( stripos( $this->remote_html, $seek_url ) )
56	+ $found_within_code = TRUE;
57	+ }
58	+
59	+ if ( $found_within_code )
60	+ $found_issue = TRUE;
61	+
62	+ if ( $found_issue )
63	+ {
64	+ $_JSON_response['status'] = FALSE;
65	+
66	+ if ( empty ( $option_value ) )
67	+ {
68	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default plugins path has not been customised.', 'wp-hide-security-enhancer' );
69	+ }
70	+ else
71	+ {
72	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default plugins path is still found within the source HTML.', 'wp-hide-security-enhancer' );
73	+ if ( $found_within_code )
74	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
75	+ }
76	+
77	+ $_JSON_response['actions'] = array (
78	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=plugins', 'admin' ) .'">Fix</a>',
79	+ 'ignore' => '//--post-generated--',
80	+ 'restore' => '//--post-generated--',
81	+ );
82	+ }
83	+ else
84	+ {
85	+ $_JSON_response['status'] = TRUE;
86	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default plugins path cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
87	+ }
88	+
89	+ return $this->return_json_response( $_JSON_response );
90	+
91	+ }
92	+
93	+ }
94	+
95	+
96	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_theme.php ADDED Viewed

	@@ -0,0 +1,95 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_theme extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_theme';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New Theme Path', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("This option helps to change the theme url to a custom one. As default all theme assets ( styles, JavaScript etc ) are loaded using the theme url and appear on front side HTML source code.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+ $option_value = $this->wph->functions->get_module_item_setting('new_theme_path');
45	+
46	+ if ( empty ( $option_value ) )
47	+ $found_issue = TRUE;
48	+
49	+ $found_within_code = FALSE;
50	+ if ( ! $found_issue && $this->remote_html )
51	+ {
52	+ $seek_url = $this->wph->default_variables['template_url'];
53	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	+ if ( stripos( $this->remote_html, $seek_url ) )
55	+ $found_within_code = TRUE;
56	+ }
57	+
58	+ if ( $found_within_code )
59	+ $found_issue = TRUE;
60	+
61	+ if ( $found_issue )
62	+ {
63	+ $_JSON_response['status'] = FALSE;
64	+
65	+ if ( empty ( $option_value ) )
66	+ {
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url has not been customised.', 'wp-hide-security-enhancer' );
68	+ }
69	+ else
70	+ {
71	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url is still found within the source HTML.', 'wp-hide-security-enhancer' );
72	+ if ( $found_within_code )
73	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
74	+ }
75	+
76	+ $_JSON_response['actions'] = array (
77	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
78	+ 'ignore' => '//--post-generated--',
79	+ 'restore' => '//--post-generated--',
80	+ );
81	+ }
82	+ else
83	+ {
84	+ $_JSON_response['status'] = TRUE;
85	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
86	+ }
87	+
88	+ return $this->return_json_response( $_JSON_response );
89	+
90	+ }
91	+
92	+ }
93	+
94	+
95	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_theme_style.php ADDED Viewed

	@@ -0,0 +1,95 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_theme_style extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_theme_style';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New Theme Style File Path', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("This allow to change the default style.css filename to something else e.g. template-style.css. Per this example, on front side the main style link change from /style.css to /template-style.css ", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+ $option_value = $this->wph->functions->get_module_item_setting('new_style_file_path');
45	+
46	+ if ( empty ( $option_value ) )
47	+ $found_issue = TRUE;
48	+
49	+ $found_within_code = FALSE;
50	+ if ( ! $found_issue && $this->remote_html )
51	+ {
52	+ $seek_url = $this->wph->default_variables['template_url'] . '/style.css';
53	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	+ if ( stripos( $this->remote_html, $seek_url ) )
55	+ $found_within_code = TRUE;
56	+ }
57	+
58	+ if ( $found_within_code )
59	+ $found_issue = TRUE;
60	+
61	+ if ( $found_issue )
62	+ {
63	+ $_JSON_response['status'] = FALSE;
64	+
65	+ if ( empty ( $option_value ) )
66	+ {
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url has not been customised.', 'wp-hide-security-enhancer' );
68	+ }
69	+ else
70	+ {
71	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url is still found within the source HTML.', 'wp-hide-security-enhancer' );
72	+ if ( $found_within_code )
73	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
74	+ }
75	+
76	+ $_JSON_response['actions'] = array (
77	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
78	+ 'ignore' => '//--post-generated--',
79	+ 'restore' => '//--post-generated--',
80	+ );
81	+ }
82	+ else
83	+ {
84	+ $_JSON_response['status'] = TRUE;
85	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme style url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
86	+ }
87	+
88	+ return $this->return_json_response( $_JSON_response );
89	+
90	+ }
91	+
92	+ }
93	+
94	+
95	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_wp_content.php ADDED Viewed

	@@ -0,0 +1,95 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_wp_content extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_wp_content';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Hide default /wp-content/ ', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("As default a WordPress installation contain a wp-content folder which store files and resources used by themes and plugin. The wp-content is a common fingerprint, which makes easily to anyone to identify the site as being created on WordPress.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+ $option_value = $this->wph->functions->get_module_item_setting('new_content_path');
45	+
46	+ if ( empty ( $option_value ) )
47	+ $found_issue = TRUE;
48	+
49	+ $found_within_code = FALSE;
50	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
51	+ {
52	+ $seek_url = content_url();
53	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
55	+ $found_within_code = TRUE;
56	+ }
57	+
58	+ if ( $found_within_code )
59	+ $found_issue = TRUE;
60	+
61	+ if ( $found_issue )
62	+ {
63	+ $_JSON_response['status'] = FALSE;
64	+
65	+ if ( empty ( $option_value ) )
66	+ {
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-content/ has not been customised.', 'wp-hide-security-enhancer' );
68	+ }
69	+ else
70	+ {
71	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-content/ is still found within the source HTML.', 'wp-hide-security-enhancer' );
72	+ if ( $found_within_code )
73	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
74	+ }
75	+
76	+ $_JSON_response['actions'] = array (
77	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=wp-content', 'admin' ) .'">Fix</a>',
78	+ 'ignore' => '//--post-generated--',
79	+ 'restore' => '//--post-generated--',
80	+ );
81	+ }
82	+ else
83	+ {
84	+ $_JSON_response['status'] = TRUE;
85	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default /wp-content/ cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
86	+ }
87	+
88	+ return $this->return_json_response( $_JSON_response );
89	+
90	+ }
91	+
92	+ }
93	+
94	+
95	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_check_wp_includes.php ADDED Viewed

	@@ -0,0 +1,95 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_check_wp_includes extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_check_wp_includes';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Hide default /wp-includes/ ', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("As default a WordPress installation contain a wp-include folder which store files and resources used by WordPress core, themes and plugin. The wp-includes is a common fingerprint, which makes easily to anyone to identify the site as being created on WordPress.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+ $option_value = $this->wph->functions->get_module_item_setting('new_include_path');
45	+
46	+ if ( empty ( $option_value ) )
47	+ $found_issue = TRUE;
48	+
49	+ $found_within_code = FALSE;
50	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
51	+ {
52	+ $seek_url = includes_url();
53	+ $seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
55	+ $found_within_code = TRUE;
56	+ }
57	+
58	+ if ( $found_within_code )
59	+ $found_issue = TRUE;
60	+
61	+ if ( $found_issue )
62	+ {
63	+ $_JSON_response['status'] = FALSE;
64	+
65	+ if ( empty ( $option_value ) )
66	+ {
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-includes/ has not been customised.', 'wp-hide-security-enhancer' );
68	+ }
69	+ else
70	+ {
71	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-includes/ is still found within the source HTML.', 'wp-hide-security-enhancer' );
72	+ if ( $found_within_code )
73	+ $_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
74	+ }
75	+
76	+ $_JSON_response['actions'] = array (
77	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=wp-includes', 'admin' ) .'">Fix</a>',
78	+ 'ignore' => '//--post-generated--',
79	+ 'restore' => '//--post-generated--',
80	+ );
81	+ }
82	+ else
83	+ {
84	+ $_JSON_response['status'] = TRUE;
85	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default /wp-includes/ cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
86	+ }
87	+
88	+ return $this->return_json_response( $_JSON_response );
89	+
90	+ }
91	+
92	+ }
93	+
94	+
95	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_emulate.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_emulate extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_emulate';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Emulate CMS', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Using the option the system try to misguide the used WordPress by outputting the wrong traces, of the selected CMS.
33	+ <br />Misleading and making a false lead provides an extra security, as the attacker search and attempt to hack something which not exist.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+
46	+ $option = $this->wph->functions->get_module_item_setting('emulate_cms');
47	+
48	+ if ( empty ( $option ) \|\| $option == 'no' )
49	+ $found_issue = TRUE;
50	+
51	+ if ( $found_issue )
52	+ {
53	+ $_JSON_response['status'] = FALSE;
54	+
55	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>It\'s recommended to use the option to output specific CMSs HTML traces to mislead any peculiar check.', 'wp-hide-security-enhancer' );
56	+
57	+ $_JSON_response['actions'] = array (
58	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=emulate-cms', 'admin' ) .'">Fix</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_json.php ADDED Viewed

	@@ -0,0 +1,77 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_json extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_json';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('JSON REST', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The WordPress REST API is an easy-to-use set of HTTP endpoints which allows access a site data in simple JSON format. That including users, posts, taxonomies and more. Retrieving or updating is as simple as sending a HTTP request.
33	+ <br />A REST API can be consumed everywhere. On mobile applications, on front-end (web apps) or any other devices that have access on the net, practically everything can connect from anywhere to your site and interact though JSON REST API service.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+
46	+ $disable_json_rest_v1 = $this->wph->functions->get_module_item_setting('disable_json_rest_v1');
47	+ $disable_json_rest_v2 = $this->wph->functions->get_module_item_setting('disable_json_rest_v2');
48	+
49	+ if ( ( empty ( $disable_json_rest_v1 ) \|\| $disable_json_rest_v1 == 'no' ) && ( empty ( $disable_json_rest_v2 ) \|\| $disable_json_rest_v2 == 'no' ) )
50	+ $found_issue = TRUE;
51	+
52	+ if ( $found_issue )
53	+ {
54	+ $_JSON_response['status'] = FALSE;
55	+
56	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The JSON endpoint should be customised. If not used, should be disabled.', 'wp-hide-security-enhancer' );
57	+
58	+ $_JSON_response['actions'] = array (
59	+ 'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
60	+ 'ignore' => '//--post-generated--',
61	+ 'restore' => '//--post-generated--',
62	+ );
63	+ }
64	+ else
65	+ {
66	+ $_JSON_response['status'] = TRUE;
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
68	+ }
69	+
70	+ return $this->return_json_response( $_JSON_response );
71	+
72	+ }
73	+
74	+ }
75	+
76	+
77	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_json_clean_api.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_json_clean_api extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_json_clean_api';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Clean the REST API response', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("When calling the site REST API base route ( e.g. /wp-json/ or ?rest_route=/ ) the service outputs all available namespaces and routes for current site. This can be a breach for the system, as outputs important information regarding certain used theme and plugins.
33	+ <br />Recommended selection for this option is Yes, to ensure no inside data is being exposed. ", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+
46	+ $clean_json_base_route = $this->wph->functions->get_module_item_setting('clean_json_base_route');
47	+
48	+ if ( empty ( $clean_json_base_route ) \|\| $clean_json_base_route == 'no' )
49	+ $found_issue = TRUE;
50	+
51	+ if ( $found_issue )
52	+ {
53	+ $_JSON_response['status'] = FALSE;
54	+
55	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The "Clean the REST API response" should be active.', 'wp-hide-security-enhancer' );
56	+
57	+ $_JSON_response['actions'] = array (
58	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=json-rest', 'admin' ) .'">Fix</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_license_txt.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_license_txt extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_license_txt';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Block license.txt', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("This is a text file which contain the licensing terms for WordPress framework. Obviously you don't want that visible as every site containing such file must be a WordPress.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('block_license_txt');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The license.txt file is still accessible.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=root-files', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_new_wp_login.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_new_wp_login extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_new_wp_login';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('New wp-login.php', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("There are a lot of security issues that come from having your login page open to the public. Most specifically, brute force attacks. Because of the ubiquity of WordPress, these kinds of attacks are becoming more and more common.
33	+ <br />Map a new wp-login.php instead default prevent hackers boot to attempt to brute force a site login. Being known only by the site owner, the url itself becomes private.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 20,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+
46	+ $option = $this->wph->functions->get_module_item_setting('new_wp_login_php');
47	+
48	+ if ( empty ( $option ) \|\| $option == 'no' )
49	+ $found_issue = TRUE;
50	+
51	+ if ( $found_issue )
52	+ {
53	+ $_JSON_response['status'] = FALSE;
54	+
55	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Map a new wp-login.php instead default prevent hackers boot to attempt to brute force a site login. Being known only by the site owner, the url itself becomes private.', 'wp-hide-security-enhancer' );
56	+
57	+ $_JSON_response['actions'] = array (
58	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-admin&component=wp-login-php', 'admin' ) .'">Fix</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_other_generator.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_other_generator extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_other_generator';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Remove Other Generator Meta', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Remove other meta generated tags within head (eg Theme Name, Theme Version).", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 20,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('remove_other_generator_meta');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The Other Generator Meta is still visible through the HTML code.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=meta', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_postprocessing.php ADDED Viewed

	@@ -0,0 +1,79 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_postprocessing extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_postprocessing';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Post-Processing', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The feature provides a post-processing engine for all site assets ( CSS / JavaScript ). That encodes the CSS and JavaScript, which makes it unable to read. Also, ensure perfect URLs disguise, as even if changing the plugin's name, most of the URLs still contain traces within.
33	+ This is also a great tool for making optimisation of the site assets by combining, minifying, comment removal etc.
34	+ Perfectly functional and integration in conjunction with other SEO/Optimisation plugins.
35	+ <p> </p>
36	+ <p>There are 4 types of processing options:
37	+ <b>Combine</b>: Merge all code in (usually) 2 files, one in the header and another in the footer.
38	+ <b>Combine & Encode Inline</b>: Merge all code in (usually) 2 files, one in the header and another in the footer. Additionally, the Inline code will be base64 encoded and placed in the same spot.
39	+ <b>In Place</b>: All JavaScript code will be processed and the results will be placed in the same spot. Any InLine code will be processed and saved into a data-collection directory for later usage.
40	+ <b>In Place & Encode Inline</b>: All code will be processed and the results will be placed in the same spot. Additionally, the Inline code will be base64 encoded.</p>", 'wp-hide-security-enhancer'),
41	+
42	+ 'score_points' => 30,
43	+ );
44	+ }
45	+
46	+
47	+ function scan()
48	+ {
49	+ $_JSON_response = array();
50	+
51	+ //The free code does not include such functionality
52	+ $found_issue = TRUE;
53	+
54	+ if ( $found_issue )
55	+ {
56	+ $_JSON_response['status'] = FALSE;
57	+
58	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site assets still contain traceable data within CSS / JavaScript', 'wp-hide-security-enhancer' );
59	+
60	+ $_JSON_response['actions'] = array (
61	+ 'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
62	+ 'ignore' => '//--post-generated--',
63	+ 'restore' => '//--post-generated--',
64	+ );
65	+ }
66	+ else
67	+ {
68	+ $_JSON_response['status'] = TRUE;
69	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
70	+ }
71	+
72	+ return $this->return_json_response( $_JSON_response );
73	+
74	+ }
75	+
76	+ }
77	+
78	+
79	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_readme_html.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_readme_html extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_readme_html';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Block readme.html', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("A Hypertext Markup Language file with general information about installed WordPress, version, instalation steps, updating, requirements, resources etc.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('block_readme_html');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The readme.html file is still accessible.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=root-files', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_registration.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_registration extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_registration';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('User Registration', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Through your site, if the WordPress Membership option is active, anyone can register.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $users_can_register = get_option('users_can_register');
46	+
47	+ if ( ! empty ( $users_can_register ) )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The Registration should be customised or disabled through Dashboard > Settings.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_remove_header_link.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_remove_header_link extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_remove_header_link';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Remove Link Header', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Remove Link Header being set as default by WordPress which outputs the site JSON URL.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('remove_header_link');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The site pages header still contain the site JSON url.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=headers', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_remove_headers.php ADDED Viewed

	@@ -0,0 +1,102 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_remove_headers extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_remove_headers';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Remove Environment Headers', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Remove the X-Powered-By and Server Headers if set. This type of header information discloses important details regarding your server environment.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 5,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+ $found_headers = array();
45	+
46	+ if ( $this->wph->security_scan->remote_headers )
47	+ {
48	+ foreach ( $this->wph->security_scan->remote_headers->getAll() as $header_name => $header_value )
49	+ {
50	+ if ( stripos( $header_name, 'x-powered-by' ) === 0 )
51	+ {
52	+ $found_headers[] = 'x-powered-by';
53	+ $found_issue = TRUE;
54	+ }
55	+ if ( stripos( $header_name, 'server' ) === 0 )
56	+ {
57	+ $found_headers[] = 'server';
58	+ $found_issue = TRUE;
59	+ }
60	+ }
61	+ }
62	+ else
63	+ $found_issue = TRUE;
64	+
65	+ if ( $found_issue )
66	+ {
67	+ $_JSON_response['status'] = FALSE;
68	+
69	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site headers still contain some valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
70	+
71	+ foreach ( $found_headers as $found_header )
72	+ {
73	+
74	+ $_JSON_response['description'] .= '<p class="important">';
75	+ $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> Found - ' . ucfirst ( $found_header ) .'</b>';
76	+ $_JSON_response['description'] .= '</p>';
77	+
78	+ }
79	+
80	+ if ( $this->wph->security_scan->remote_started && $this->wph->security_scan->remote_errors !== FALSE )
81	+ $_JSON_response['description'] .= "<br /><br /><span class='error'>" . __('Unable to complete this security task as an error occoured', 'wp-hide-security-enhancer' ) . ': <b>' .$this->wph->security_scan->remote_errors . '</b></span>';
82	+
83	+ $_JSON_response['actions'] = array (
84	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=headers', 'admin' ) .'">Fix</a>',
85	+ 'ignore' => '//--post-generated--',
86	+ 'restore' => '//--post-generated--',
87	+ );
88	+ }
89	+ else
90	+ {
91	+ $_JSON_response['status'] = TRUE;
92	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no headers containing valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
93	+ }
94	+
95	+ return $this->return_json_response( $_JSON_response );
96	+
97	+ }
98	+
99	+ }
100	+
101	+
102	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_remove_html_comments.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_remove_html_comments extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_remove_html_comments';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Remove Comments', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The HTML source code usually contain many comment lines, however there is no use for that, unless debugging. Remove all HTML Comments, which usually specify Plugins Name and Version. Any Internet Explorer conditional tags are preserved.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('remove_html_comments');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The site pages still contain HTML comments which may provide essential pieces of information regarding the active plugins and themes.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=html', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_replacements.php ADDED Viewed

	@@ -0,0 +1,164 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_replacements extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_replacements';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Replacements', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The module implements a post-processing engine, which allows arbitrary words to be replaced with custom ones. This works for all site data as HTML, Css, JavaScript assets.
33	+ This is the perfect tool to white-label any plugins or active code on a site, by replacing the specific words (classes, tags, JavaScript variables etc).
34	+ Examples can be found at <a href='https://wp-hide.com/how-to-easily-hide-elementor-page-builder/' target='_blank'>How to white label Elementor</a> also <a href='https://wp-hide.com/hide-your-avada-theme-avada-builder-and-fusion-core/' target='_blank'>HowHide your Avada Theme, Avada Builder and Fusion core</a> this makes the plugins totally unrecognizable for anonymous users.
35	+ <p> </p>
36	+ <p>This feature integrates perfectly with any site environment, regardles of the used plugins and themes. Changing any fingerprint does not break the site layout or disable any existing functionality.</p>", 'wp-hide-security-enhancer'),
37	+
38	+ 'score_points' => 50,
39	+ );
40	+ }
41	+
42	+
43	+ function scan()
44	+ {
45	+ $_JSON_response = array();
46	+
47	+ $found_issue = FALSE;
48	+ $found_traces = array();
49	+
50	+ $fingerprints = array (
51	+ 'Common WordPress fingerprints' => array (
52	+ 'search' => array ( 'wp-', '-wp' ),
53	+ 'replacements' => array( 'wp-' )
54	+ ),
55	+ 'Astra' => array (
56	+ 'search' => array ('astra-', '-astra'),
57	+ 'replacements' => array( 'astra' )
58	+ ),
59	+ 'Avada' => array (
60	+ 'search' => array ( 'avada-', '-avada'),
61	+ 'replacements' => array( 'avada' )
62	+ ),
63	+ 'Divi' => array (
64	+ 'search' => array ( 'divi-', '-divi'),
65	+ 'replacements' => array( 'divi' )
66	+ ),
67	+ 'Elementor' => array (
68	+ 'search' => array ( 'elementor-', '-elementor'),
69	+ 'replacements' => array( 'elementor' )
70	+ ),
71	+ 'Fusion Builder' => array (
72	+ 'search' => array ( 'fusion-', '-fusion'),
73	+ 'replacements' => array( 'fusion' )
74	+ ),
75	+ 'Flatsome' => array (
76	+ 'search' => array ( 'flatsome-'),
77	+ 'replacements' => array( 'flatsome' )
78	+ ),
79	+ 'Porto' => array (
80	+ 'search' => array ( 'porto-', '-porto'),
81	+ 'replacements' => array( 'porto' )
82	+ ),
83	+ 'Themify' => array (
84	+ 'search' => array ( 'themify-', '-themify'),
85	+ 'replacements' => array( 'themify' )
86	+ ),
87	+ 'Uncode' => array (
88	+ 'search' => array ( 'uncode-', '-uncode'),
89	+ 'replacements' => array( 'uncode' )
90	+ ),
91	+ 'Yoast SEO' => array (
92	+ 'search' => array ( 'yoast-'),
93	+ 'replacements' => array( 'yoast' )
94	+ ),
95	+ 'WoodMart' => array (
96	+ 'search' => array ( 'woodmart-', '-woodmart'),
97	+ 'replacements' => array( 'woodmart' )
98	+ ),
99	+ 'WooCommerce' => array (
100	+ 'search' => array ( 'woocommerce-', '-woocommerce', 'wc_'),
101	+ 'replacements' => array( 'woocommerce' )
102	+ ),
103	+ 'WP Bakery' => array (
104	+ 'search' => array ( 'js-composer', 'vc_', 'wpb_'),
105	+ 'replacements' => array( 'js-composer', 'vc_' )
106	+ ),
107	+ );
108	+
109	+ if ( $this->wph->security_scan->remote_html )
110	+ {
111	+ foreach ( $fingerprints as $code_name => $fingerprints_group )
112	+ {
113	+ foreach ( $fingerprints_group['search'] as $fingerprints_item )
114	+ {
115	+ if ( stripos( $this->wph->security_scan->remote_html, $fingerprints_item ) )
116	+ {
117	+ $found_issue = TRUE;
118	+ $found_traces[ $code_name ] = TRUE;
119	+ }
120	+ }
121	+ }
122	+ }
123	+ else
124	+ $found_issue = TRUE;
125	+
126	+ if ( $found_issue )
127	+ {
128	+ $_JSON_response['status'] = FALSE;
129	+
130	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site assets still contain traceable data within HTML / CSS / JavaScript. Those can be removed using the Replacements functionality.', 'wp-hide-security-enhancer' );
131	+ $_JSON_response['description'] .= '<br /><br />';
132	+
133	+ foreach ( $found_traces as $code_name => $found_status )
134	+ {
135	+
136	+ $_JSON_response['description'] .= '<p class="important">';
137	+ $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . __( 'Found', 'wp-hide-security-enhancer' ) .' - ' . $code_name .'</b>. ' . __( 'Add replacements for <code>', 'wp-hide-security-enhancer' ) . implode ( "</code>, <code>", $fingerprints[$code_name]['replacements'] ) . '</code>';
138	+ $_JSON_response['description'] .= '</p>';
139	+
140	+ }
141	+
142	+ if ( $this->wph->security_scan->remote_errors !== FALSE )
143	+ $_JSON_response['description'] .= "<br /><br /><span class='error'>" . __('Unable to complete this security task as an error occoured', 'wp-hide-security-enhancer' ) . ': <b>' .$this->wph->security_scan->remote_errors . '</b></span>';
144	+
145	+ $_JSON_response['actions'] = array (
146	+ 'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
147	+ 'ignore' => '//--post-generated--',
148	+ 'restore' => '//--post-generated--',
149	+ );
150	+ }
151	+ else
152	+ {
153	+ $_JSON_response['status'] = TRUE;
154	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no obvious fingerprints.', 'wp-hide-security-enhancer' );
155	+ }
156	+
157	+ return $this->return_json_response( $_JSON_response );
158	+
159	+ }
160	+
161	+ }
162	+
163	+
164	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_robots.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_robots extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_robots';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Process robots.txt', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The robots.txt file plays a major role in search engine ranking. It blocks search engine bots and helps index and crawl important parts of your site.
33	+ <br />As default the robots.txt also includes an allow clause to admin URL and admin-ajax.php url. Once customized those areas, the new slugs might not want to be show to anyone. Turn this option to Yes removed any reference to new wp-admin and admin-ajax.php.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $found_issue = FALSE;
45	+
46	+ $option = $this->wph->functions->get_module_item_setting('disable_robots_txt');
47	+
48	+ if ( empty ( $option ) \|\| $option == 'no' )
49	+ $found_issue = TRUE;
50	+
51	+ if ( $found_issue )
52	+ {
53	+ $_JSON_response['status'] = FALSE;
54	+
55	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The robots.txt should be processed to ensure none of the default URLs is still used.', 'wp-hide-security-enhancer' );
56	+
57	+ $_JSON_response['actions'] = array (
58	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=robots-txt', 'admin' ) .'">Fix</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_wlwmanifest.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_wlwmanifest extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_wlwmanifest';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Remove wlwmanifest Meta', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The wlwmanifest link is actually used by Windows Live Writer. If you don't te application, this is just unnecessary code.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('remove_wlwmanifest');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Unless using the Windows Live Writer, the file have no usage so should be disabled.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=meta', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_wordpress_generator.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_wordpress_generator extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_wordpress_generator';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Remove WordPress Generator Meta', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("Remove the autogenerated meta generator tag within head (WordPress Version).", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 30,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = $this->wph->functions->get_module_item_setting('remove_generator_meta');
46	+
47	+ if ( empty ( $option ) \|\| $option == 'no' )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The WordPress Generator is still visible through the HTML code.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=meta', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_wordpress_tagline.php ADDED Viewed

	@@ -0,0 +1,75 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_wordpress_tagline extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_wordpress_tagline';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('Change WordPress TagLine', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("The WordPress tagline is a short description of your website. The WordPress tagline can be modified by accessing the Dasboard > Settings > General", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $option = get_option ( 'blogdescription' );
46	+
47	+ if ( $option == __('Just another WordPress site') )
48	+ $found_issue = TRUE;
49	+
50	+ if ( $found_issue )
51	+ {
52	+ $_JSON_response['status'] = FALSE;
53	+
54	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The tagline still uses the default WordPress sample, and should be customised.', 'wp-hide-security-enhancer' );
55	+
56	+ $_JSON_response['actions'] = array (
57	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'options-general.php', 'admin' ) .'">Fix</a>',
58	+ 'ignore' => '//--post-generated--',
59	+ 'restore' => '//--post-generated--',
60	+ );
61	+ }
62	+ else
63	+ {
64	+ $_JSON_response['status'] = TRUE;
65	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
66	+ }
67	+
68	+ return $this->return_json_response( $_JSON_response );
69	+
70	+ }
71	+
72	+ }
73	+
74	+
75	+ ?>

include/admin-interfaces/security-scan/scan_item_hide_xml_rpc.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_hide_xml_rpc extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'hide_xml_rpc';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __('XML-RPC', 'wp-hide-security-enhancer'),
30	+ 'icon' => 'dashicons-hidden',
31	+
32	+ 'help' => __("XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. This service allow other applications to talk to your WordPress site.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $found_issue = FALSE;
44	+
45	+ $new_xml_rpc_path = $this->wph->functions->get_module_item_setting('new_xml_rpc_path');
46	+ $disable_xml_rpc_auth = $this->wph->functions->get_module_item_setting('disable_xml_rpc_auth');
47	+
48	+ if ( empty ( $new_xml_rpc_path ) && ( empty ( $disable_xml_rpc_auth ) \|\| $disable_xml_rpc_auth == 'no' ) )
49	+ $found_issue = TRUE;
50	+
51	+ if ( $found_issue )
52	+ {
53	+ $_JSON_response['status'] = FALSE;
54	+
55	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The XML-RPC module has not been customised.', 'wp-hide-security-enhancer' );
56	+
57	+ $_JSON_response['actions'] = array (
58	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=xml-rpc', 'admin' ) .'">Fix</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The XML-RPC appears properly configured.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_keys_and_salts.php ADDED Viewed

	@@ -0,0 +1,89 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_keys_and_salts extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'keys_and_salts';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Authentication Unique Keys and Salts',
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("WordPress security authentication or secret key or SALT keys, are the encrypted code that protects your login information.
33	+ Salt keys are cryptographic elements used to 'hash' data in order to secure it. In fact, most serious platforms and systems use similar mechanisms to protect sensitive data.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $wrong_value = FALSE;
45	+
46	+ $constants = array(
47	+ 'AUTH_KEY',
48	+ 'SECURE_AUTH_KEY',
49	+ 'LOGGED_IN_KEY',
50	+ 'NONCE_KEY',
51	+ 'AUTH_SALT',
52	+ 'SECURE_AUTH_SALT',
53	+ 'LOGGED_IN_SALT',
54	+ 'NONCE_SALT'
55	+ );
56	+
57	+ foreach ( $constants as $constant )
58	+ {
59	+ if ( empty ( constant ( $constant ) ) \|\| constant ( $constant ) == 'put your unique phrase here' )
60	+ {
61	+ $wrong_value = TRUE;
62	+ break;
63	+ }
64	+ }
65	+
66	+ if ( $wrong_value )
67	+ {
68	+ $_JSON_response['status'] = FALSE;
69	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The Authentication unique keys and salts are empty or invalid.', 'wp-hide-security-enhancer' );
70	+ $_JSON_response['actions'] = array (
71	+ 'read_more' => '<a class="button" target="_blank" href="https://www.malcare.com/blog/wordpress-salts/">Read More</a>',
72	+ 'ignore' => '//--post-generated--',
73	+ 'restore' => '//--post-generated--',
74	+ );
75	+ }
76	+ else
77	+ {
78	+ $_JSON_response['status'] = TRUE;
79	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The Authentication unique keys and salts are correctly set-up.', 'wp-hide-security-enhancer' );
80	+ }
81	+
82	+ return $this->return_json_response( $_JSON_response );
83	+
84	+ }
85	+
86	+ }
87	+
88	+
89	+ ?>

include/admin-interfaces/security-scan/scan_item_mysql_version.php ADDED Viewed

	@@ -0,0 +1,71 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_mysql_version extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'mysql_version';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'MySQL Version',
30	+ 'icon' => 'dashicons-database',
31	+
32	+ 'help' => __("Using a higher MySQL version ensures better capability for your system. Older versions are often exploitable making the system unstable and predisposing to security breaches.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 5,
35	+
36	+ 'callback' => 'scan_item_mysql_version',
37	+ );
38	+ }
39	+
40	+
41	+ function scan()
42	+ {
43	+ $_JSON_response = array();
44	+
45	+ global $wpdb;
46	+
47	+ $_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $wpdb->db_version();
48	+
49	+ if ( version_compare ( $wpdb->db_version(), '5.0', '>=' ) )
50	+ {
51	+ $_JSON_response['status'] = TRUE;
52	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> You are using at least the minimum recommended PHP version.', 'wp-hide-security-enhancer' );
53	+ }
54	+ else
55	+ {
56	+ $_JSON_response['status'] = FALSE;
57	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> You are using an older PHP version that the minimum recommended.', 'wp-hide-security-enhancer' );
58	+ $_JSON_response['actions'] = array (
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+
64	+ return $this->return_json_response( $_JSON_response );
65	+
66	+ }
67	+
68	+ }
69	+
70	+
71	+ ?>

include/admin-interfaces/security-scan/scan_item_old_plugins.php ADDED Viewed

	@@ -0,0 +1,122 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_old_plugins extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'old_plugins';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Old Plugins',
30	+ 'icon' => 'dashicons-admin-plugins',
31	+
32	+ 'help' => __("Old WordPress plugins can do damage to your website. Vulnerabilities are found within plugins all the time. Unmaintained code drastically increase the risk, as there are no patches for known issues.
33	+ Inconsistent updates can lead to serious security issues and compatibility problems, and land you in technical debt.
34	+ This will check for plugins with more than a year since their last update.", 'wp-hide-security-enhancer'),
35	+
36	+ 'score_points' => 10,
37	+
38	+ 'use_transient' => TRUE
39	+ );
40	+ }
41	+
42	+
43	+ function scan()
44	+ {
45	+ $_JSON_response = array();
46	+
47	+ $found_old = array();
48	+
49	+ $active_plugins = get_option( 'active_plugins' );
50	+ $all_plugins = apply_filters( 'all_plugins', get_plugins() );
51	+
52	+ foreach ( $active_plugins as $active_plugin )
53	+ {
54	+ list ( $plugin_slug, $file ) = explode ( '/' , $active_plugin );
55	+ if ( empty ( $plugin_slug ) )
56	+ continue;
57	+
58	+ $response = wp_remote_get( 'https://api.wordpress.org/plugins/info/1.0/' . $plugin_slug . '.json' , array( 'sslverify' => false, 'timeout' => 10 ) );
59	+ $http_response = $response['http_response'];
60	+
61	+ if ( ! is_array( $response ) \|\| ! is_object( $http_response ) \|\| $http_response->get_status() != 200 )
62	+ continue;
63	+
64	+ $response_body = json_decode ( $response['body'] );
65	+
66	+ $last_update = strtotime ( $response_body->last_updated );
67	+ if ( $last_update > strtotime ( "-1 year") )
68	+ continue;
69	+
70	+ $found_old[ $plugin_slug ] = array (
71	+ 'name' => $response_body->name,
72	+ 'last_updated' => $response_body->last_updated,
73	+ );
74	+ if ( isset ( $response_body->screenshots ) && isset ( $response_body->screenshots->{1} ) )
75	+ $found_old[ $plugin_slug ]['screenshot'] = $response_body->screenshots->{1}->src;
76	+ else
77	+ $found_old[ $plugin_slug ]['screenshot'] = 'https://ps.w.org/classic-editor/assets/icon-256x256.png';
78	+ }
79	+
80	+ if ( $found_old )
81	+ $_JSON_response['info'] = __( 'Found old plugins: ', 'wp-hide-security-enhancer' ) . count ( $found_old );
82	+
83	+ if ( count ( $found_old ) > 0 )
84	+ {
85	+ $_JSON_response['status'] = FALSE;
86	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The following plugins are very old and appear unmaintained:', 'wp-hide-security-enhancer' );
87	+
88	+ foreach ( $found_old as $plugin_slug => $plugin_data )
89	+ {
90	+
91	+ $_JSON_response['description'] .= '<p class="outdated_plugin">';
92	+
93	+ $_JSON_response['description'] .= '<img class="icon" src="'. $plugin_data['screenshot'].'" /> ';
94	+
95	+ $_JSON_response['description'] .= '<b>' . $plugin_data['name'] .'</b><br />' . __( ' Last updated on ', 'wp-hide-security-enhancer' ) . $plugin_data['last_updated'];
96	+
97	+ $_JSON_response['description'] .= '</p>';
98	+
99	+ }
100	+
101	+ $_JSON_response['description'] .= __( '<br /><p class="description">We strongly suggest finding replacements for the above plugins and remove from your site.</p>', 'wp-hide-security-enhancer' );
102	+
103	+ $_JSON_response['actions'] = array (
104	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'plugins.php', 'admin' ) .'">Fix</a>',
105	+ 'ignore' => '//--post-generated--',
106	+ 'restore' => '//--post-generated--',
107	+ );
108	+ }
109	+ else
110	+ {
111	+ $_JSON_response['status'] = TRUE;
112	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no Old Plugins.', 'wp-hide-security-enhancer' );
113	+ }
114	+
115	+ return $this->return_json_response( $_JSON_response );
116	+
117	+ }
118	+
119	+ }
120	+
121	+
122	+ ?>

include/admin-interfaces/security-scan/scan_item_outdated_plugins.php ADDED Viewed

	@@ -0,0 +1,102 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_outdated_plugins extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'outdated_plugins';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Outdated Plugins',
30	+ 'icon' => 'dashicons-admin-plugins',
31	+
32	+ 'help' => __("Keeping your plugins up to date is important for the stability and security of your WordPress site. It also lets you take advantage of any new features the plugin's developers have added.
33	+ A key concept of updating WordPress core, themes, and plugins is to protect your site from the possible vulnerabilities that allow a hacker to compromise your site. ", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 15,
36	+
37	+ 'callback' => 'scan_item_outdated_plugins',
38	+ 'use_transient' => TRUE
39	+ );
40	+ }
41	+
42	+
43	+ function scan()
44	+ {
45	+ $_JSON_response = array();
46	+
47	+ wp_update_plugins();
48	+
49	+ $update_plugins = get_site_transient('update_plugins');
50	+ $found_outdated = array();
51	+ if ( $update_plugins && is_array( $update_plugins->response ) && count ( $update_plugins->response ) > 0 )
52	+ $found_outdated = $update_plugins->response;
53	+
54	+ if ( count ( $found_outdated ) > 0 )
55	+ $_JSON_response['info'] = __( 'Found outdated plugins: ', 'wp-hide-security-enhancer' ) . count ( $found_outdated );
56	+
57	+ if ( count ( $found_outdated ) > 0 )
58	+ {
59	+ $_JSON_response['status'] = FALSE;
60	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The following plugins are found outdated on your site:', 'wp-hide-security-enhancer' );
61	+
62	+ $all_plugins = apply_filters( 'all_plugins', get_plugins() );
63	+
64	+ foreach ( $found_outdated as $plugin_slug => $plugin_data )
65	+ {
66	+ $plugin_data = array_merge ( (array)$plugin_data, $all_plugins[$plugin_slug]);
67	+
68	+ $_JSON_response['description'] .= '<p class="outdated_plugin">';
69	+
70	+ if ( isset ( $plugin_data['icons'] ) && isset ( $plugin_data['icons']['2x'] ) )
71	+ $_JSON_response['description'] .= '<img class="icon" src="'. $plugin_data['icons']['2x'].'" /> ';
72	+ else
73	+ $_JSON_response['description'] .= '<img class="icon" src="https://ps.w.org/classic-editor/assets/icon-256x256.png" /> ';
74	+
75	+ $_JSON_response['description'] .= '<b>' . $plugin_data['Name'] .'</b><br />' . __( ' Upgrade from ', 'wp-hide-security-enhancer' ) . $plugin_data['Version'] . __( ' to ', 'wp-hide-security-enhancer' ) . $plugin_data['new_version'];
76	+
77	+ $_JSON_response['description'] .= '</p>';
78	+
79	+ }
80	+
81	+ $_JSON_response['description'] .= __( '<br /><p class="description">The inactive plugins require updating as well, as may contain harmful vulnerabilities, exploaitable even if the code is not active.</p>', 'wp-hide-security-enhancer' );
82	+
83	+ $_JSON_response['actions'] = array (
84	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'plugins.php', 'admin' ) .'">Fix</a>',
85	+ 'ignore' => '//--post-generated--',
86	+ 'restore' => '//--post-generated--',
87	+ );
88	+ }
89	+ else
90	+ {
91	+ $_JSON_response['status'] = TRUE;
92	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>All plugins are Up to Date.', 'wp-hide-security-enhancer' );
93	+ }
94	+
95	+ return $this->return_json_response( $_JSON_response );
96	+
97	+ }
98	+
99	+ }
100	+
101	+
102	+ ?>

include/admin-interfaces/security-scan/scan_item_outdated_themes.php ADDED Viewed

	@@ -0,0 +1,97 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_outdated_themes extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'outdated_themes';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'Outdated Themes',
30	+ 'icon' => 'dashicons-admin-appearance',
31	+
32	+ 'help' => __("The biggest reason to keep your WordPress website up to date is Security. When you do not update your WordPress themes, you create a security risk and expose your site to existing vulnerabilities and imminent attacks.
33	+ The WordPress developers are constantly fixing security breaches or improving security.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 15,
36	+
37	+ 'callback' => 'scan_item_outdated_themes',
38	+ 'use_transient' => TRUE
39	+ );
40	+ }
41	+
42	+
43	+ function scan()
44	+ {
45	+ $_JSON_response = array();
46	+
47	+ wp_update_themes();
48	+
49	+ $update_themes = get_site_transient('update_themes');
50	+ $found_outdated = array();
51	+ if ( $update_themes && is_array( $update_themes->response ) && count ( $update_themes->response ) > 0 )
52	+ $found_outdated = $update_themes->response;
53	+
54	+ if ( count ( $found_outdated ) > 0 )
55	+ $_JSON_response['info'] = __( 'Found outdated themes: ', 'wp-hide-security-enhancer' ) . count ( $found_outdated );
56	+
57	+ if ( count ( $found_outdated ) > 0 )
58	+ {
59	+ $_JSON_response['status'] = FALSE;
60	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The following plugins are found outdated on your site:', 'wp-hide-security-enhancer' );
61	+
62	+ foreach ( $found_outdated as $theme_slug => $theme_data )
63	+ {
64	+ $theme = wp_get_theme( $theme_slug );
65	+
66	+ $_JSON_response['description'] .= '<p class="outdated_plugin">';
67	+
68	+ $_JSON_response['description'] .= '<img class="icon" src="'. $theme->get_screenshot() .'" /> ';
69	+
70	+ $_JSON_response['description'] .= '<b>' . $theme->get('Name') .'</b><br />' . __( ' Upgrade from ', 'wp-hide-security-enhancer' ) . $theme->get('Version') . __( ' to ', 'wp-hide-security-enhancer' ) . $theme_data['new_version'];
71	+
72	+ $_JSON_response['description'] .= '</p>';
73	+
74	+ }
75	+
76	+ $_JSON_response['description'] .= __( '<br /><p class="description">The inactive themes require updating as well, as may contain harmful vulnerabilities, exploaitable even if the code is not active.</p>', 'wp-hide-security-enhancer' );
77	+
78	+ $_JSON_response['actions'] = array (
79	+ 'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'themes.php', 'admin' ) .'">Fix</a>',
80	+ 'ignore' => '//--post-generated--',
81	+ 'restore' => '//--post-generated--',
82	+ );
83	+ }
84	+ else
85	+ {
86	+ $_JSON_response['status'] = TRUE;
87	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>All themes are Up to Date.', 'wp-hide-security-enhancer' );
88	+ }
89	+
90	+ return $this->return_json_response( $_JSON_response );
91	+
92	+ }
93	+
94	+ }
95	+
96	+
97	+ ?>

include/admin-interfaces/security-scan/scan_item_php_allow_url_include.php ADDED Viewed

	@@ -0,0 +1,77 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_php_allow_url_include extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'php_allow_url_include';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'PHP allow_url_include',
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("The allow_url_include allows a developer to include a remote file using a URL rather than a local file path. This technique is used to reduce the load on the server.
33	+ There are many servers with PHP configuration directive allow_url_include as enabled. When this setting is enabled, the server’s directory allows data retrieval from remote locations.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 10,
36	+ );
37	+ }
38	+
39	+
40	+ function scan()
41	+ {
42	+ $_JSON_response = array();
43	+
44	+ $allow_url_include = (bool)ini_get( 'allow_url_include' );
45	+
46	+ if ( $allow_url_include === TRUE )
47	+ {
48	+ $_JSON_response['status'] = FALSE;
49	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The allow_url_include is ON.
50	+ To fix this security issue, change the php.ini:
51	+
52	+ <br /><code>allow_url_include = "off"</code>
53	+
54	+ <br />or within .htaccess:
55	+
56	+ <br /><code>php_flag allow_url_include off</code>
57	+ <br />or within wp-config.php:
58	+ <br /><code>ini_set("allow_url_include", "0");</code>.', 'wp-hide-security-enhancer' );
59	+ $_JSON_response['actions'] = array (
60	+ 'ignore' => '//--post-generated--',
61	+ 'restore' => '//--post-generated--',
62	+ );
63	+ }
64	+ else
65	+ {
66	+ $_JSON_response['status'] = TRUE;
67	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The allow_url_include is Off.', 'wp-hide-security-enhancer' );
68	+ }
69	+
70	+ return $this->return_json_response( $_JSON_response );
71	+
72	+ }
73	+
74	+ }
75	+
76	+
77	+ ?>

include/admin-interfaces/security-scan/scan_item_php_display_errors.php ADDED Viewed

	@@ -0,0 +1,73 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_php_display_errors extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'php_display_errors';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'PHP display_errors',
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("The display_error setting in PHP is used to determine whether errors should be printed to the screen or not.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 5,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $display_errors = (bool)ini_get( 'display_errors' );
44	+
45	+ if ( $display_errors === TRUE )
46	+ {
47	+ $_JSON_response['status'] = FALSE;
48	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The display_errors is ON.
49	+ <br />To fix this security issue, change the php.ini:
50	+ <br /><code>display_errors = "off"</code>
51	+ <br />or within .htaccess:
52	+ <br /><code>php_flag display_errors off</code>
53	+ <br />or within wp-config.php:
54	+ <br /><code>ini_set("display_errors", "0");</code>.', 'wp-hide-security-enhancer' );
55	+ $_JSON_response['actions'] = array (
56	+ 'ignore' => '//--post-generated--',
57	+ 'restore' => '//--post-generated--',
58	+ );
59	+ }
60	+ else
61	+ {
62	+ $_JSON_response['status'] = TRUE;
63	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The display_errors is Off.', 'wp-hide-security-enhancer' );
64	+ }
65	+
66	+ return $this->return_json_response( $_JSON_response );
67	+
68	+ }
69	+
70	+ }
71	+
72	+
73	+ ?>

include/admin-interfaces/security-scan/scan_item_php_expose.php ADDED Viewed

	@@ -0,0 +1,74 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_php_expose extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'php_expose';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'PHP expose',
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("When the expose_php directive is enabled, PHP includes critical pieces of information within the HTTP response X-Powered-By header when a page is requested.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 10,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $expose_php = (bool)ini_get( 'expose_php' );
44	+
45	+ if ( $expose_php === TRUE )
46	+ {
47	+ $_JSON_response['status'] = FALSE;
48	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The expose_php is ON.
49	+ To fix this security issue, change the php.ini:
50	+
51	+ <br /><code>expose_php = "off"</code>
52	+
53	+ <br />or within .htaccess:
54	+
55	+ <br /><code>php_flag expose_php off</code>.', 'wp-hide-security-enhancer' );
56	+ $_JSON_response['actions'] = array (
57	+ 'ignore' => '//--post-generated--',
58	+ 'restore' => '//--post-generated--',
59	+ );
60	+ }
61	+ else
62	+ {
63	+ $_JSON_response['status'] = TRUE;
64	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The expose_php is Off.', 'wp-hide-security-enhancer' );
65	+ }
66	+
67	+ return $this->return_json_response( $_JSON_response );
68	+
69	+ }
70	+
71	+ }
72	+
73	+
74	+ ?>

include/admin-interfaces/security-scan/scan_item_php_register_globals.php ADDED Viewed

	@@ -0,0 +1,74 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_php_register_globals extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'php_register_globals';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'PHP register_globals',
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("When register_globals is enabled, PHP will automatically create variables in the global scope for any value passed in GET, POST or COOKIE. This, combined with the use of variables without initialization, has led to numerous security vulnerabilities.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 20,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $register_globals = (bool)ini_get( 'register_globals' );
44	+
45	+ if ( $register_globals === TRUE )
46	+ {
47	+ $_JSON_response['status'] = FALSE;
48	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The register_globals is ON.
49	+ To fix this security issue, change the php.ini:
50	+
51	+ <br /><code>register_globals = "off"</code>
52	+
53	+ <br />or within .htaccess:
54	+
55	+ <br /><code>php_flag register_globals off</code>.', 'wp-hide-security-enhancer' );
56	+ $_JSON_response['actions'] = array (
57	+ 'ignore' => '//--post-generated--',
58	+ 'restore' => '//--post-generated--',
59	+ );
60	+ }
61	+ else
62	+ {
63	+ $_JSON_response['status'] = TRUE;
64	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The register_globals is Off.', 'wp-hide-security-enhancer' );
65	+ }
66	+
67	+ return $this->return_json_response( $_JSON_response );
68	+
69	+ }
70	+
71	+ }
72	+
73	+
74	+ ?>

include/admin-interfaces/security-scan/scan_item_php_safe_mode.php ADDED Viewed

	@@ -0,0 +1,74 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_php_safe_mode extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'php_safe_mode';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'PHP safe_mode',
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 5,
35	+ );
36	+ }
37	+
38	+
39	+ function scan()
40	+ {
41	+ $_JSON_response = array();
42	+
43	+ $safe_mode = (bool)ini_get( 'safe_mode' );
44	+
45	+ if ( $safe_mode === TRUE )
46	+ {
47	+ $_JSON_response['status'] = FALSE;
48	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The register_globals is ON.
49	+ To fix this security issue, change the php.ini:
50	+
51	+ <br /><code>safe_mode = "off"</code>
52	+
53	+ <br />or within .htaccess:
54	+
55	+ <br /><code>php_flag safe_mode off</code>.', 'wp-hide-security-enhancer' );
56	+ $_JSON_response['actions'] = array (
57	+ 'ignore' => '//--post-generated--',
58	+ 'restore' => '//--post-generated--',
59	+ );
60	+ }
61	+ else
62	+ {
63	+ $_JSON_response['status'] = TRUE;
64	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The safe_mode is Off.', 'wp-hide-security-enhancer' );
65	+ }
66	+
67	+ return $this->return_json_response( $_JSON_response );
68	+
69	+ }
70	+
71	+ }
72	+
73	+
74	+ ?>

include/admin-interfaces/security-scan/scan_item_php_version.php ADDED Viewed

	@@ -0,0 +1,72 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_php_version extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'php_version';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __( 'PHP Version', 'wp-hide-security-enhancer' ),
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("Using the latest PHP version ensures the longevity of security updates. While older versions of PHP offer security updates for a time past “end of life,” the most secure option is the version that is actively maintained.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 5,
35	+
36	+ 'callback' => 'scan_item_php_version',
37	+ );
38	+ }
39	+
40	+
41	+ function scan()
42	+ {
43	+ $_JSON_response = array();
44	+
45	+ $phpversion = phpversion();
46	+
47	+ $_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $phpversion;
48	+
49	+
50	+ if ( version_compare ( $phpversion, '7.0', '>=' ) )
51	+ {
52	+ $_JSON_response['status'] = TRUE;
53	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> You are using at least the minimum recommended PHP version.', 'wp-hide-security-enhancer' );
54	+ }
55	+ else
56	+ {
57	+ $_JSON_response['status'] = FALSE;
58	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> You are using an older PHP version that the minimum recommended.', 'wp-hide-security-enhancer' );
59	+ $_JSON_response['actions'] = array (
60	+ 'ignore' => '//--post-generated--',
61	+ 'restore' => '//--post-generated--',
62	+ );
63	+ }
64	+
65	+ return $this->return_json_response( $_JSON_response );
66	+
67	+ }
68	+
69	+ }
70	+
71	+
72	+ ?>

include/admin-interfaces/security-scan/scan_item_unwanted_files.php ADDED Viewed

	@@ -0,0 +1,143 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_unwanted_files extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'unwanted_files';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => __( 'Dangerours Files', 'wp-hide-security-enhancer' ),
30	+ 'icon' => 'dashicons-admin-generic',
31	+
32	+ 'help' => __("This security test checks for any dangerous files on your WordPress root. You should avoid keeping any unnecessary files on domain root.", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 15,
35	+
36	+ 'callback' => 'scan_item_php_version',
37	+ );
38	+ }
39	+
40	+
41	+ function scan()
42	+ {
43	+ $_JSON_response = array();
44	+
45	+ $found_issue = FALSE;
46	+
47	+ $unwanted_files = array(
48	+ 'wp-config.php' => array(
49	+ 'regex' => '/(wp-config\.php\|wp-config-sample\.php)(SKIP)(FAIL)\|(^wp-config.*)/m',
50	+ 'error_description' => ''
51	+ ),
52	+ 'php_errorlog' => array(
53	+ 'regex' => '/php_errorlog/m',
54	+ 'error_description' => ''
55	+ ),
56	+ '*.log' => array(
57	+ 'regex' => '/.\.log$./m',
58	+ 'error_description' => ''
59	+ ),
60	+ '*.sql' => array(
61	+ 'regex' => '/.\.sql$./m',
62	+ 'error_description' => ''
63	+ ),
64	+ '*.bak' => array(
65	+ 'regex' => '/.\.sql$./m',
66	+ 'error_description' => ''
67	+ ),
68	+ '*.zip' => array(
69	+ 'regex' => '/.\.zip$./m',
70	+ 'error_description' => ''
71	+ ),
72	+ '*.txt' => array(
73	+ 'regex' => '/(license\.txt\|robots\.txt)(SKIP)(FAIL)\|.*\.txt/m',
74	+ 'error_description' => ''
75	+ ),
76	+ 'other php' => array(
77	+ 'regex' => '/(index\.php\|wp-activate\.php\|wp-blog-header\.php\|wp-comments-post\.php\|wp-config\.php\|wp-config-sample\.php\|wp-cron\.php\|wp-links-opml\.php\|wp-load\.php\|wp-login\.php\|wp-mail\.php\|wp-settings\.php\|wp-signup\.php\|wp-trackback\.php\|xmlrpc\.php\|wordfence-waf\.php)(SKIP)(FAIL)\|.*\.php/m',
78	+ 'error_description' => ''
79	+ )
80	+ );
81	+
82	+ $founds = array();
83	+
84	+ $files = scandir ( ABSPATH );
85	+ foreach ( $files as $file )
86	+ {
87	+ if ( ! is_file ( ABSPATH . $file ) )
88	+ continue;
89	+
90	+ foreach ( $unwanted_files as $key => $data )
91	+ {
92	+ if ( preg_match ( $data['regex'], $file ) )
93	+ {
94	+ $founds[] = array(
95	+ 'type' => $key,
96	+ 'value' => $file
97	+ );
98	+ break;
99	+ }
100	+
101	+ }
102	+ }
103	+
104	+ if ( count ( $founds ) > 0 )
105	+ $found_issue = TRUE;
106	+
107	+ if ( $found_issue )
108	+ {
109	+ $_JSON_response['status'] = FALSE;
110	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> Your WordPress root still includes dangerous files which may contain valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
111	+ $_JSON_response['description'] .= '<br /><br />' . __( 'Consider re-locating the followng files from your site root:', 'wp-hide-security-enhancer' );
112	+ $_JSON_response['description'] .= '<br /><br />';
113	+
114	+ foreach ( $founds as $data )
115	+ {
116	+
117	+ $_JSON_response['description'] .= '<p class="important">';
118	+ $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . $data['value'] .'</b>';
119	+ $_JSON_response['description'] .= '</p>';
120	+
121	+ }
122	+
123	+ $_JSON_response['actions'] = array (
124	+ 'ignore' => '//--post-generated--',
125	+ 'restore' => '//--post-generated--',
126	+ );
127	+
128	+ }
129	+ else
130	+ {
131	+ $_JSON_response['status'] = TRUE;
132	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> Your WordPress root still includes dangerous files which may contain valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
133	+
134	+ }
135	+
136	+ return $this->return_json_response( $_JSON_response );
137	+
138	+ }
139	+
140	+ }
141	+
142	+
143	+ ?>

include/admin-interfaces/security-scan/scan_item_use_admin_user.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_use_admin_user extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'use_admin_user';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'User using Admin or Administrator',
30	+ 'icon' => 'dashicons-admin-users',
31	+
32	+ 'help' => __("When setting up a new WordPress site, many users create the default administrator account using the username `admin`.
33	+ Considering entering the dashboard requires a username and a password, using the login `admin` makes the hackers have an easier time trying to brute force in. ", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 5,
36	+
37	+ 'callback' => 'scan_item_use_admin_user',
38	+ );
39	+ }
40	+
41	+
42	+ function scan()
43	+ {
44	+ $_JSON_response = array();
45	+
46	+ $args = array (
47	+ 'login__in' => array ( 'admin', 'administrator' )
48	+ );
49	+ $user_query = new WP_User_Query( $args );
50	+ $found_users = $user_query->get_results();
51	+ $_JSON_response['info'] = __( 'Found users: ', 'wp-hide-security-enhancer' ) . count ( $found_users );
52	+
53	+ if ( count ( $found_users ) > 0 )
54	+ {
55	+ $_JSON_response['status'] = FALSE;
56	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The admin or administrator usernames were found on your system!', 'wp-hide-security-enhancer' );
57	+ $_JSON_response['actions'] = array (
58	+ 'read_more' => '<a class="button" target="_blank" href="https://www.wpbeginner.com/wp-tutorials/how-to-change-your-wordpress-username/">Read More</a>',
59	+ 'ignore' => '//--post-generated--',
60	+ 'restore' => '//--post-generated--',
61	+ );
62	+ }
63	+ else
64	+ {
65	+ $_JSON_response['status'] = TRUE;
66	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no admin or administrator usernames.', 'wp-hide-security-enhancer' );
67	+ }
68	+
69	+ return $this->return_json_response( $_JSON_response );
70	+
71	+ }
72	+
73	+ }
74	+
75	+
76	+ ?>

include/admin-interfaces/security-scan/scan_item_wp_debug.php ADDED Viewed

	@@ -0,0 +1,70 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_wp_debug extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'wp_debug';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'WP Debug',
30	+ 'icon' => 'dashicons-code-standards',
31	+
32	+ 'help' => __("Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins and themes.
33	+ On production sites, the debug should be disabled to avoid exposing paths and other pieces of information related to the site. ", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 5,
36	+
37	+ 'callback' => 'scan_item_wp_debug',
38	+ );
39	+ }
40	+
41	+
42	+ function scan()
43	+ {
44	+ $_JSON_response = array();
45	+
46	+ $_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . ( WP_DEBUG === TRUE ? 'TRUE' : 'FALSE' );
47	+
48	+ if ( defined ( 'WP_DEBUG' ) && WP_DEBUG === TRUE )
49	+ {
50	+ $_JSON_response['status'] = FALSE;
51	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The WP_DEBUG is active. Check your site wp-config.php and comment the constant declaration.', 'wp-hide-security-enhancer' );
52	+ $_JSON_response['actions'] = array (
53	+ 'ignore' => '//--post-generated--',
54	+ 'restore' => '//--post-generated--',
55	+ );
56	+ }
57	+ else
58	+ {
59	+ $_JSON_response['status'] = TRUE;
60	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The WP_DEBUG is disabled.', 'wp-hide-security-enhancer' );
61	+ }
62	+
63	+ return $this->return_json_response( $_JSON_response );
64	+
65	+ }
66	+
67	+ }
68	+
69	+
70	+ ?>

include/admin-interfaces/security-scan/scan_item_wp_version.php ADDED Viewed

	@@ -0,0 +1,103 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_wp_version extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'wp_version';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'WordPress Version',
30	+ 'icon' => 'dashicons-wordpress-alt',
31	+
32	+ 'help' => __("WordPress is a permanent evolving software with regularly released security fixes. The core updates ensure the safety and efficiency of the WordPress system.
33	+ WordPress updates often include security fixes. It’s an ongoing battle since hackers find vulnerabilities all the time. It’s important to keep WordPress up to date to get the latest protections from new types of attacks.", 'wp-hide-security-enhancer'),
34	+
35	+ 'score_points' => 5,
36	+
37	+ 'callback' => array ( $this, 'scan' ),
38	+ 'use_transient' => TRUE
39	+ );
40	+ }
41	+
42	+
43	+ function scan()
44	+ {
45	+ global $wp_version;
46	+
47	+ $_JSON_response = array();
48	+ $wp_latest = FALSE;
49	+
50	+ $_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $wp_version;
51	+
52	+ $response = wp_remote_get( 'https://api.wordpress.org/core/version-check/1.7/', array( 'sslverify' => false, 'timeout' => 10 ) );
53	+
54	+ $http_response = FALSE;
55	+ if ( ! is_wp_error( $response ) )
56	+ $http_response = $response['http_response'];
57	+
58	+ if ( ! is_array( $response ) \|\| ! is_object( $http_response ) \|\| $http_response->get_status() != 200 )
59	+ {
60	+ $_JSON_response['status'] = FALSE;
61	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> Unable to connect with WordPress API. Try again later.', 'wp-hide-security-enhancer' );
62	+ $_JSON_response['actions'] = array (
63	+ 'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
64	+ 'ignore' => '<a class="button read_more" target="_blank" onclick="WPH.scan_ignore_item(\''. $this->get_id() .'\')" href="javascript: void(0)">Ignore</a>',
65	+ );
66	+
67	+ return $this->return_json_response( $_JSON_response );
68	+ }
69	+
70	+ $response_body = json_decode ( $response['body'] );
71	+ if ( $response_body->offers[0] )
72	+ {
73	+ $block = $response_body->offers[0];
74	+ $wp_latest = $block->version;
75	+ }
76	+
77	+ if ( $wp_latest )
78	+ {
79	+ if ( version_compare ( $wp_version, $wp_latest, '==' ) )
80	+ {
81	+ $_JSON_response['status'] = TRUE;
82	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> You are up to date with the latest Wordpress version.', 'wp-hide-security-enhancer' );
83	+ }
84	+ else
85	+ {
86	+ $_JSON_response['status'] = FALSE;
87	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> An updated version ', 'wp-hide-security-enhancer' ) . $wp_latest . __(' of WordPress is available.', 'wp-hide-security-enhancer' );
88	+ $_JSON_response['actions'] = array (
89	+ 'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
90	+ 'ignore' => '//--post-generated--',
91	+ 'restore' => '//--post-generated--',
92	+ );
93	+ }
94	+ }
95	+
96	+ return $this->return_json_response( $_JSON_response );
97	+
98	+ }
99	+
100	+ }
101	+
102	+
103	+ ?>

include/admin-interfaces/security-scan/scan_item_wp_version_stability.php ADDED Viewed

	@@ -0,0 +1,110 @@


1	+ <?php
2	+
3	+
4	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
5	+
6	+ class WPH_security_scan_wp_version_stability extends WPH_security_scan_item
7	+ {
8	+ var $wph;
9	+
10	+ function __construct()
11	+ {
12	+ $this->id = $this->get_id();
13	+
14	+ global $wph;
15	+
16	+ $this->wph = $wph;
17	+ }
18	+
19	+ public function get_id()
20	+ {
21	+ return 'wp_version_stability';
22	+ }
23	+
24	+
25	+ public function get_settings()
26	+ {
27	+
28	+ return array(
29	+ 'title' => 'WordPress Version Stability',
30	+ 'icon' => 'dashicons-wordpress-alt',
31	+
32	+ 'help' => __("Over time, security breaches are found within the WordPress core. This option checks whenever the WordPress version deployed on your site is succeptible to a known vulenrability. ", 'wp-hide-security-enhancer'),
33	+
34	+ 'score_points' => 5,
35	+
36	+ 'callback' => 'scan_item_wp_version_stability',
37	+ 'use_transient' => TRUE
38	+ );
39	+ }
40	+
41	+
42	+ function scan()
43	+ {
44	+ global $wp_version;
45	+
46	+ $_JSON_response = array();
47	+ $wp_stability = FALSE;
48	+
49	+ $_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $wp_version;
50	+
51	+ $response = wp_remote_get( 'http://api.wordpress.org/core/stable-check/1.0/', array( 'sslverify' => false, 'timeout' => 10 ) );
52	+
53	+ $http_response = FALSE;
54	+ if ( ! is_wp_error( $response ) )
55	+ $http_response = $response['http_response'];
56	+
57	+ if ( ! is_array( $response ) \|\| ! is_object( $http_response ) \|\| $http_response->get_status() != 200 )
58	+ {
59	+ $_JSON_response['status'] = FALSE;
60	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> Unable to connect with WordPress API. Try again later.', 'wp-hide-security-enhancer' );
61	+ $_JSON_response['actions'] = array (
62	+ 'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
63	+ 'ignore' => '//--post-generated--',
64	+ 'restore' => '//--post-generated--',
65	+ );
66	+
67	+ return $this->return_json_response( $_JSON_response );
68	+ }
69	+
70	+ $response_body = json_decode ( $response['body'] );
71	+ if ( $response_body->{$wp_version} )
72	+ {
73	+ $wp_stability = $response_body->{$wp_version};
74	+ }
75	+
76	+ if ( $wp_stability )
77	+ {
78	+ if ( $wp_stability == 'latest' )
79	+ {
80	+ $_JSON_response['status'] = TRUE;
81	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> The current Wordpress version stability tag is ', 'wp-hide-security-enhancer' ) . '<b> ' . strtoupper ( $wp_stability ) .'</b> ' ;
82	+ }
83	+ else
84	+ {
85	+ $_JSON_response['status'] = FALSE;
86	+
87	+ if ( $wp_stability == 'outdated' )
88	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> The current Wordpress version stability tag is ', 'wp-hide-security-enhancer' ) . '<b> ' . strtoupper ( $wp_stability ) .'</b> ';
89	+ else
90	+ {
91	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> The current Wordpress version stability tag is ', 'wp-hide-security-enhancer' ) . '<b> ' . strtoupper ( $wp_stability ) .'</b> ' . __('. This is critical and require urgent WordPress update.', 'wp-hide-security-enhancer' );
92	+ $_JSON_response['score_points'] = 20;
93	+ }
94	+
95	+ $_JSON_response['actions'] = array (
96	+ 'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
97	+ 'ignore' => '//--post-generated--',
98	+ 'restore' => '//--post-generated--',
99	+ );
100	+ }
101	+ }
102	+
103	+ return $this->return_json_response( $_JSON_response );
104	+
105	+ }
106	+
107	+ }
108	+
109	+
110	+ ?>

include/functions.class.php CHANGED Viewed

@@ -2606,6 +2606,25 @@
+                            }
                         /**
                         * Check the plugins directory and retrieve all plugin files with plugin data.


2606	}
2607
2608
2609	+ function return_component_instance( $component_class_name )
2610	+ {
2611	+
2612	+ foreach ( $this->wph->modules as $priority => $data )
2613	+ {
2614	+ if ( is_array ( $data->components ) && count ( $data->components ) > 0 )
2615	+ {
2616	+ foreach ( $data->components as $component )
2617	+ {
2618	+ if ( get_class( $component ) == $component_class_name )
2619	+ return $component;
2620	+ }
2621	+ }
2622	+ }
2623	+
2624	+ return FALSE;
2625	+
2626	+ }
2627	+
2628
2629	/**
2630	* Check the plugins directory and retrieve all plugin files with plugin data.

include/widgets.class.php ADDED Viewed

	@@ -0,0 +1,65 @@


1	+ <?php
2	+
3	+ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
4	+
5	+ class WPH_widgets
6	+ {
7	+ var $wph;
8	+
9	+ function __construct()
10	+ {
11	+ global $wph;
12	+ $this->wph = &$wph;
13	+ }
14	+
15	+ function _get_dashboard_overview_widget_id()
16	+ {
17	+ return 'wp-hide-overview';
18	+ }
19	+
20	+
21	+ function dashboard_overview_styles()
22	+ {
23	+ wp_register_style('wph-graphs', WPH_URL . '/assets/css/graph.css');
24	+ wp_enqueue_style( 'wph-graphs');
25	+
26	+ wp_register_style('wph-security-scan', WPH_URL . '/assets/css/security-scan.css');
27	+ wp_enqueue_style( 'wph-security-scan');
28	+
29	+ wp_register_style('wph-dashboard-widget', WPH_URL . '/assets/css/dashboard-widget.css');
30	+ wp_enqueue_style( 'wph-dashboard-widget');
31	+ }
32	+
33	+
34	+ function dashboard_overview_widget_content()
35	+ {
36	+ $this->dashboard_overview_styles();
37	+
38	+ $site_scan = (array)get_site_option('wph/site_scan');
39	+ $this->wph->security_scan->render_overview( $site_scan, 'widget' );
40	+
41	+ $site_score = $this->wph->security_scan->get_site_score( $site_scan );
42	+
43	+ if ( isset ( $site_scan['last_scan'] ) && ! empty ( $site_scan['last_scan'] ) )
44	+ {
45	+ ?>
46	+ <p><?php _e( 'Your curent estimated protection is', 'wp-hide-security-enhancer') ?> <b><?php _e( $site_score['protection'], 'wp-hide-security-enhancer') ?></b>.<br /><?php
47	+
48	+ echo $this->wph->security_scan->get_security_hints( $site_score, 'widget' );
49	+
50	+ ?></p>
51	+ <?php
52	+ }
53	+ else
54	+ {
55	+ ?>
56	+ <p><?php _e( 'Run a fist scan to determine the current protection level of your website.', 'wp-hide-security-enhancer') ?><br /><br /><a class="button button-primary" href="<?php echo network_admin_url ( 'admin.php?page=wp-hide-security-scan' ) ?>"><?php _e( 'Security Scan', 'wp-hide-security-enhancer') ?></a></p>
57	+ <?php
58	+ }
59	+
60	+ }
61	+
62	+ }
63	+
64	+
65	+ ?>

include/wph.class.php CHANGED Viewed

	@@ -111,38 +111,40 @@
111	/**
112	* Filters
113	*/
114	- add_action( 'activated_plugin', array($this, 'activated_plugin'), 999, 2 );
115
116
117	//change any links within email message
118	- add_filter('wp_mail', array($this, 'apply_for_wp_mail') , 999);
119
120	//process redirects
121	- add_action('wp_redirect', array($this, 'wp_redirect') , 999, 2);
122	//hijack a redirect on permalink change
123	- add_action('admin_head', array($this, 'permalink_change_redirect') , 999, 2);
124
125	- add_action('logout_redirect', array($this, 'logout_redirect') , 999, 3);
126
127	//check if force 404 error
128	- add_action('init', array($this, 'check_for_404'));
129
130	- add_action('admin_menu', array($this, 'admin_menus'));
131	- add_action('admin_init', array($this, 'admin_init'), 11);
132	- add_action('admin_print_styles', array($this, 'admin_print_styles_general' ) );


133
134	//make sure to clear cache files on certain actions
135	- add_action("after_switch_theme", array($this->functions, 'cache_clear'));
136
137
138	//rebuild and change uppon settings modified
139	- add_action('wph/settings_changed', array($this, 'settings_changed'));
140
141	//create the static file which contain different environment variables which will be used on router
142	- add_action('wph/settings_changed', array($this, 'set_static_environment_file'), 999);
143
144	//create the static file which contain different environment variables which will be used on router
145	- add_action('admin_init', array($this, 'environment_check'), 999);
146
147	add_action('admin_init', array($this, 'mu_loader_check'), 999);
148
	@@ -233,7 +235,10 @@
233
234	//filter available for mu-plugins
235	$this->modules = apply_filters('wp-hide/loaded_modules', $this->modules);
236	-



237
238	}
239
	@@ -390,7 +395,7 @@
390	if ( isset ( $_GET['page'] ) && $_GET['page'] == 'wp-hide' )
391	$first_view = 'false';
392	$menu_title = 'WP Hide';
393	- if ( empty ( $first_view ) \|\| $system_warning )
394	$menu_title .= ' <span class="update-plugins count-1"><span class="plugin-count">!</span></span>';
395	$hookID = add_menu_page('WP Hide', $menu_title, 'manage_options', 'wp-hide');
396
	@@ -402,7 +407,13 @@
402	add_action('admin_print_styles-' . $hookID , array($setup_interface, 'admin_print_styles'));
403	add_action('admin_print_scripts-' . $hookID , array($setup_interface, 'admin_print_scripts'));
404
405	-






406	foreach($this->modules as $module)
407	{
408	$interface_menu_data = $module->get_interface_menu_data();
	@@ -617,6 +628,26 @@
617	}
618
619	}




















620
621	/**
622	* Buffer Callback. This is the place to replace all data


111	/**
112	* Filters
113	*/
114	+ add_action( 'activated_plugin', array($this, 'activated_plugin'), 999, 2 );
115
116
117	//change any links within email message
118	+ add_filter('wp_mail', array($this, 'apply_for_wp_mail') , 999);
119
120	//process redirects
121	+ add_action('wp_redirect', array($this, 'wp_redirect') , 999, 2);
122	//hijack a redirect on permalink change
123	+ add_action('admin_head', array($this, 'permalink_change_redirect') , 999, 2);
124
125	+ add_action('logout_redirect', array($this, 'logout_redirect') , 999, 3);
126
127	//check if force 404 error
128	+ add_action('init', array($this, 'check_for_404'));
129
130	+ add_action('admin_menu', array($this, 'admin_menus'));
131	+ add_action('admin_init', array($this, 'admin_init'), 11);
132	+ add_action('admin_print_styles', array($this, 'admin_print_styles_general' ) );
133	+
134	+ add_action('wp_dashboard_setup', array($this, 'wp_dashboard_setup' ), 999 );
135
136	//make sure to clear cache files on certain actions
137	+ add_action("after_switch_theme", array($this->functions, 'cache_clear'));
138
139
140	//rebuild and change uppon settings modified
141	+ add_action('wph/settings_changed', array($this, 'settings_changed'));
142
143	//create the static file which contain different environment variables which will be used on router
144	+ add_action('wph/settings_changed', array($this, 'set_static_environment_file'), 999);
145
146	//create the static file which contain different environment variables which will be used on router
147	+ add_action('admin_init', array($this, 'environment_check'), 999);
148
149	add_action('admin_init', array($this, 'mu_loader_check'), 999);
150

235
236	//filter available for mu-plugins
237	$this->modules = apply_filters('wp-hide/loaded_modules', $this->modules);
238	+
239	+ //load other components
240	+ include_once(WPH_PATH . '/include/admin-interfaces/security-scan.class.php');
241	+ $this->security_scan = new WPH_security_scan();
242
243	}
244

395	if ( isset ( $_GET['page'] ) && $_GET['page'] == 'wp-hide' )
396	$first_view = 'false';
397	$menu_title = 'WP Hide';
398	+ if ( empty ( $first_view ) \|\| $system_warning \|\| $this->security_scan->menu_warning() )
399	$menu_title .= ' <span class="update-plugins count-1"><span class="plugin-count">!</span></span>';
400	$hookID = add_menu_page('WP Hide', $menu_title, 'manage_options', 'wp-hide');
401

407	add_action('admin_print_styles-' . $hookID , array($setup_interface, 'admin_print_styles'));
408	add_action('admin_print_scripts-' . $hookID , array($setup_interface, 'admin_print_scripts'));
409
410	+ $menu_title = '<span class="wph-info">Overview→</span> Scan';
411	+ if ( $this->security_scan->menu_warning() )
412	+ $menu_title .= ' <span class="update-plugins count-1"><span class="plugin-count">!</span></span>';
413	+ $hookID = add_submenu_page( 'wp-hide', 'WP Hide', $menu_title, 'manage_options', 'wp-hide-security-scan', array( $this->security_scan,'_render' ) );
414	+ add_action('admin_print_styles-' . $hookID , array( $this->security_scan, 'admin_print_styles'));
415	+ add_action('admin_print_scripts-' . $hookID , array( $this->security_scan, 'admin_print_scripts'));
416	+
417	foreach($this->modules as $module)
418	{
419	$interface_menu_data = $module->get_interface_menu_data();

628	}
629
630	}
631	+
632	+
633	+
634	+ function wp_dashboard_setup()
635	+ {
636	+ include_once(WPH_PATH . '/include/widgets.class.php');
637	+
638	+ $WPH_widgets = new WPH_widgets();
639	+
640	+ wp_add_dashboard_widget( $WPH_widgets->_get_dashboard_overview_widget_id(), esc_html__( 'WP Hide Security Overview', 'wp-hide-security-enhancer' ), array ( $WPH_widgets, 'dashboard_overview_widget_content' ) );
641	+
642	+ global $wp_meta_boxes;
643	+
644	+ $dashboard = $wp_meta_boxes['dashboard']['normal']['core'];
645	+ $widget = array (
646	+ $WPH_widgets->_get_dashboard_overview_widget_id() => $dashboard[ $WPH_widgets->_get_dashboard_overview_widget_id() ],
647	+ );
648	+ $wp_meta_boxes['dashboard']['normal']['core'] = array_merge( $widget, $dashboard );
649	+ }
650	+
651
652	/**
653	* Buffer Callback. This is the place to replace all data

modules/components/general-html.php CHANGED Viewed

	@@ -238,7 +238,7 @@
238	if( defined('WP_ADMIN') && ( !defined('DOING_AJAX') \|\| ( defined('DOING_AJAX') && DOING_AJAX === TRUE )) && ! apply_filters('wph/components/force_run_on_admin', FALSE, 'remove_html_new_lines' ) )
239	return;
240
241	- add_filter('wp-hide/ob_start_callback', array($this, 'remove_html_new_lines'));
242
243	}
244


238	if( defined('WP_ADMIN') && ( !defined('DOING_AJAX') \|\| ( defined('DOING_AJAX') && DOING_AJAX === TRUE )) && ! apply_filters('wph/components/force_run_on_admin', FALSE, 'remove_html_new_lines' ) )
239	return;
240
241	+ add_filter('wp-hide/ob_start_callback', array( $this, 'remove_html_new_lines' ));
242
243	}
244

modules/components/general-user-interactions.php CHANGED Viewed

	@@ -217,7 +217,7 @@
217
218	$disable_developer_tools = $this->wph->functions->get_module_item_setting('disable_developer_tools');
219
220	- if ( $disable_developer_tools == 'no' \|\| stripos ( $_SERVER['HTTP_USER_AGENT'],"iPhone") )
221	return;
222
223	wp_register_script('devtools-detect', WPH_URL . '/assets/js/devtools-detect.js');
	@@ -242,6 +242,12 @@
242	if ( $disable_mouse_right_click == 'no' && $disable_text_selection == 'no' && $disable_copy_paste == 'no' && $disable_print == 'no' && $disable_print_screen == 'no' && $disable_developer_tools == 'no' && $disable_view_source == 'no' && $disable_drag_drop == 'no' )
243	return;
244






245	?>
246	<script type="text/javascript">
247	<?php


217
218	$disable_developer_tools = $this->wph->functions->get_module_item_setting('disable_developer_tools');
219
220	+ if ( $disable_developer_tools == 'no' \|\| ( isset ( $_SERVER['HTTP_USER_AGENT'] ) && stripos ( $_SERVER['HTTP_USER_AGENT'],"iPhone") ) )
221	return;
222
223	wp_register_script('devtools-detect', WPH_URL . '/assets/js/devtools-detect.js');

242	if ( $disable_mouse_right_click == 'no' && $disable_text_selection == 'no' && $disable_copy_paste == 'no' && $disable_print == 'no' && $disable_print_screen == 'no' && $disable_developer_tools == 'no' && $disable_view_source == 'no' && $disable_drag_drop == 'no' )
243	return;
244
245	+ if ( $disable_print == 'yes' ) { ?>
246	+ <style type="text/css" media="print">
247	+ body { visibility: hidden !important; display: none !important}
248	+ </style>
249	+ <?php }
250	+
251	?>
252	<script type="text/javascript">
253	<?php

modules/components/rewrite-new_plugin_path.php CHANGED Viewed

	@@ -138,6 +138,10 @@
138	$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
139	$replace_url = trailingslashit( trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory );
140	$replacement_url = trailingslashit( trailingslashit( home_url() ) . $plugin_custom_path );




141	$this->wph->functions->add_replacement( $replace_url, $replacement_url);
142
143	}
	@@ -195,7 +199,7 @@
195	$plugin_rewrite_to = $this->wph->functions->get_rewrite_to_base( trailingslashit($plugin_path) . $active_plugin_directory );
196
197	if($this->wph->server_htaccess_config === TRUE)
198	- $rewrite .= "\nRewriteRule ^" . trailingslashit( $plugin_custom_path ) . '(.+) '. $plugin_rewrite_to .'$1 [L,QSA]';
199
200	if($this->wph->server_web_config === TRUE)
201	$rewrite .= '


138	$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
139	$replace_url = trailingslashit( trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory );
140	$replacement_url = trailingslashit( trailingslashit( home_url() ) . $plugin_custom_path );
141	+
142	+ //replace any spaces
143	+ $replace_url = str_replace (" ", "%20", $replace_url );
144	+
145	$this->wph->functions->add_replacement( $replace_url, $replacement_url);
146
147	}

199	$plugin_rewrite_to = $this->wph->functions->get_rewrite_to_base( trailingslashit($plugin_path) . $active_plugin_directory );
200
201	if($this->wph->server_htaccess_config === TRUE)
202	+ $rewrite .= "\nRewriteRule ^" . trailingslashit( $plugin_custom_path ) . '(.+) "'. $plugin_rewrite_to .'$1" [L,QSA]';
203
204	if($this->wph->server_web_config === TRUE)
205	$rewrite .= '

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: nsp-code, tdgu
3	Donate link: https://www.nsp-code.com/
4	Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	- Tested up to: 6.1
7	- Stable tag: 1.8.8
8	License: GPLv2 or later
9
10	Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
	@@ -388,6 +388,14 @@ Please get in touch with us and we’ll do our best to include it inthe next ver
388
389	== Changelog ==
390








391	= 1.8.8 =
392	* New component Headers -> Remove Server Header.
393	* Prevent output of "document.addEventListener" unless an user-interaction option is active.


3	Donate link: https://www.nsp-code.com/
4	Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	+ Tested up to: 6.1.1
7	+ Stable tag: 1.9.1
8	License: GPLv2 or later
9
10	Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.

388
389	== Changelog ==
390
391	+ = 1.9.1 =
392	+ * New feature - Security Scan.
393	+ * Security Scan dashboard widget
394	+ * Inform on possible LiteSpeed service restart if use such system.
395	+ * Check if HTTP_USER_AGENT environment variable exists before making comparison.
396	+ * Fix Oxigen compatibility when using the HTML Minify.
397	+ * Fix: Cache Enable static call.
398	+
399	= 1.8.8 =
400	* New component Headers -> Remove Server Header.
401	* Prevent output of "document.addEventListener" unless an user-interaction option is active.

wp-hide.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://wp-hide.com/
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.8.8
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.9.1
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/

WP Hide & Security Enhancer - Version 1.9.1

Version Description

Release Info

Code changes from version 1.8.8 to 1.9.1