WP Hide & Security Enhancer

Version Description

Add additional description for potentially dangerous files found within WordPress root.
Typo fix for "Dangerous Files"
Fix: Tipsy JavaScript error
Fix: Undefined variable $site_score within render_overview()
Fix: Divided by zero when calculating the overall scan progress
Fix: Wrong remote_html variable

Release Info

Developer	nsp-code
Plugin	WP Hide & Security Enhancer
Version	1.9.3
Comparing to
See all releases

Code changes from version 1.9.1 to 1.9.3

Files changed (12) hide show

include/admin-interfaces/security-scan.class.php +14 -8
include/admin-interfaces/security-scan/scan_item_firewall.php +23 -19
include/admin-interfaces/security-scan/scan_item_hide_check_child_theme.php +2 -2
include/admin-interfaces/security-scan/scan_item_hide_check_child_theme_style.php +2 -2
include/admin-interfaces/security-scan/scan_item_hide_check_plugins.php +2 -2
include/admin-interfaces/security-scan/scan_item_hide_check_theme.php +2 -2
include/admin-interfaces/security-scan/scan_item_hide_check_theme_style.php +2 -2
include/admin-interfaces/security-scan/scan_item_hide_license_txt.php +6 -1
include/admin-interfaces/security-scan/scan_item_hide_readme_html.php +6 -1
include/admin-interfaces/security-scan/scan_item_unwanted_files.php +10 -10
readme.txt +14 -1
wp-hide.php +1 -1

include/admin-interfaces/security-scan.class.php CHANGED Viewed

	@@ -146,6 +146,7 @@
146
147	function admin_print_styles()
148	{

149
150	wp_register_style('WPHStyle', WPH_URL . '/assets/css/wph.css');
151	wp_enqueue_style( 'WPHStyle');
	@@ -161,10 +162,11 @@
161
162	function admin_print_scripts()
163	{


164	wp_enqueue_script( 'jquery');
165	wp_register_script('wph', WPH_URL . '/assets/js/wph.js', array(), WPH_CORE_VERSION );
166
167	-
168	// Localize the script with new data
169	$translation_array = array(
170
	@@ -289,7 +291,7 @@
289	}
290	else
291	{
292	- $~~results~~ = $this->get_site_score( $site_scan );
293
294	?>
295
	@@ -297,11 +299,11 @@
297	<div class="wph-graph-container">
298	<div class="wph-graph-bg"></div>
299	<div class="wph-graph-text"></div>
300	- <div class="wph-graph-progress" style="transform: rotate(<?php echo $~~results~~['graph_progress'] ?>deg);"></div>
301	- <div class="wph-graph-data"><b><?php echo $~~results~~['progress'] ?>%</b><br><span class="protection"><?php _e( $~~results~~['protection'], 'wp-hide-security-enhancer') ?></span></div>
302	</div>
303	</div>
304	- <p class="hint"><span class="dashicons dashicons-plugins-checked"></span> <?php _e( 'Your curent estimated protection is', 'wp-hide-security-enhancer' ); ?> <span class="protection"><?php _e( $~~results~~['protection'], 'wp-hide-security-enhancer') ?></span>.</p>
305	<?php
306	}
307
	@@ -351,11 +353,11 @@
351	<table><tbody><tr>
352	<td class="passed">
353	<h4><?php _e( 'Passed', 'wp-hide-security-enhancer' ); ?></h4>
354	- <h5><?php echo $~~results~~['success'] ?></h5>
355	</td>
356	<td class="failed">
357	<h4><?php _e( 'Failed', 'wp-hide-security-enhancer' ); ?></h4>
358	- <h5><?php echo $~~results~~['failed'] ?></h5>
359	</td>
360	</tr></tbody></table>
361	</div>
	@@ -436,7 +438,11 @@
436	$results['success'] += 1;
437	}
438
439	- ~~$results['progress'] = intval~~ ( $results['~~achieved_score~~'] * 100 ~~/ $results['total_score']~~ );




440	$results['protection'] = '';
441	if ( $results['progress'] < 30 )
442	$results['protection'] = __( 'Very Poor' , 'wp-hide-security-enhancer' );


146
147	function admin_print_styles()
148	{
149	+ wp_enqueue_style( 'tipsy.css', WPH_URL . '/assets/css/tipsy.css');
150
151	wp_register_style('WPHStyle', WPH_URL . '/assets/css/wph.css');
152	wp_enqueue_style( 'WPHStyle');

162
163	function admin_print_scripts()
164	{
165	+ wp_enqueue_script('jquery.tipsy.js', WPH_URL . '/assets/js/jquery.tipsy.js' );
166	+
167	wp_enqueue_script( 'jquery');
168	wp_register_script('wph', WPH_URL . '/assets/js/wph.js', array(), WPH_CORE_VERSION );
169

170	// Localize the script with new data
171	$translation_array = array(
172

291	}
292	else
293	{
294	+ $site_score = $this->get_site_score( $site_scan );
295
296	?>
297

299	<div class="wph-graph-container">
300	<div class="wph-graph-bg"></div>
301	<div class="wph-graph-text"></div>
302	+ <div class="wph-graph-progress" style="transform: rotate(<?php echo $site_score['graph_progress'] ?>deg);"></div>
303	+ <div class="wph-graph-data"><b><?php echo $site_score['progress'] ?>%</b><br><span class="protection"><?php _e( $site_score['protection'], 'wp-hide-security-enhancer') ?></span></div>
304	</div>
305	</div>
306	+ <p class="hint"><span class="dashicons dashicons-plugins-checked"></span> <?php _e( 'Your curent estimated protection is', 'wp-hide-security-enhancer' ); ?> <span class="protection"><?php _e( $site_score['protection'], 'wp-hide-security-enhancer') ?></span>.</p>
307	<?php
308	}
309

353	<table><tbody><tr>
354	<td class="passed">
355	<h4><?php _e( 'Passed', 'wp-hide-security-enhancer' ); ?></h4>
356	+ <h5><?php echo $site_score['success'] ?></h5>
357	</td>
358	<td class="failed">
359	<h4><?php _e( 'Failed', 'wp-hide-security-enhancer' ); ?></h4>
360	+ <h5><?php echo $site_score['failed'] ?></h5>
361	</td>
362	</tr></tbody></table>
363	</div>

438	$results['success'] += 1;
439	}
440
441	+ if ( $results['total_score'] > 0 )
442	+ $results['progress'] = intval ( $results['achieved_score'] * 100 / $results['total_score'] );
443	+ else
444	+ $results['progress'] = 0;
445	+
446	$results['protection'] = '';
447	if ( $results['progress'] < 30 )
448	$results['protection'] = __( 'Very Poor' , 'wp-hide-security-enhancer' );

include/admin-interfaces/security-scan/scan_item_firewall.php CHANGED Viewed

@@ -71,32 +71,36 @@
                                                     'timeout' => 15
                                                     );
-            -
                                foreach (  $firewall_check  as  $item_id    =>  $firewall_item )
+                                    {
-            -
                                        $url   =   home_url() . '?' . $firewall_item['url'] ;
-            -
                                        $response   =   wp_remote_get( $url, $args  );
-            -
-            -
                                        if ( is_a( $response, 'WP_Error' ))
-            -
                                            {
-            -
                                                $found_errors[$item_id][]   =   $response->get_error_message();
-            -
                                                $found_errors[$item_id][]   =   $firewall_item['message'];
-            -
                                                continue;
-            -
                                            }
-            -
-            -
                                        if ( is_array( $response ) )
+                                            {
-            -
                                                if  ( ! isset( $response['response']['code'] ) )
+                                                    {
-            -
                                                        $found_errors[$item_id][]  =   __('No valid respons for the call.',    'wp-hide-security-enhancer');
                                                         continue;
+                                                    }
-            -
                                                if  ( $response['response']['code'] !=  403 )
+                                                    {
-            -
                                                        $found_errors[$item_id][]  =   $firewall_item['message'];
-            -
                                                        continue;
-            -
                                                    }
+                                            }
+                                    }
@@ -125,7 +129,7 @@
                                     else
+                                    {
                                         $_JSON_response['status']       =   TRUE;
-            -
                                        $_JSON_response['description']  =   __( '<span class="dashicons dashicons-yes"></span>Your site use a Firewall.', 'wp-hide-security-enhancer' );
+                                    }
                                 return $this->return_json_response( $_JSON_response );


71	'timeout' => 15
72	);
73
74	+ //using wordfence?
75	+ if ( ! defined ( 'WFWAF_RUN_COMPLETE' ) )
76	{
77	+ foreach ( $firewall_check as $item_id => $firewall_item )










78	{
79	+ $url = home_url() . '?' . $firewall_item['url'] ;
80	+ $response = wp_remote_get( $url, $args );
81
82	+ if ( is_a( $response, 'WP_Error' ))
83	{
84	+ $found_errors[$item_id][] = $response->get_error_message();
85	+ $found_errors[$item_id][] = $firewall_item['message'];
86	continue;
87	}
88
89	+ if ( is_array( $response ) )
90	{
91	+
92	+ if ( ! isset( $response['response']['code'] ) )
93	+ {
94	+ $found_errors[$item_id][] = __('No valid respons for the call.', 'wp-hide-security-enhancer');
95	+ continue;
96	+ }
97	+
98	+ if ( $response['response']['code'] != 403 )
99	+ {
100	+ $found_errors[$item_id][] = $firewall_item['message'];
101	+ continue;
102	+ }
103	+ }
104	}
105	}
106

129	else
130	{
131	$_JSON_response['status'] = TRUE;
132	+ $_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>Your site appears to use a Firewall.', 'wp-hide-security-enhancer' );
133	}
134
135	return $this->return_json_response( $_JSON_response );

include/admin-interfaces/security-scan/scan_item_hide_check_child_theme.php CHANGED Viewed

	@@ -57,11 +57,11 @@
57	$found_issue = TRUE;
58
59	$found_within_code = FALSE;
60	- if ( ! $found_issue && $this->remote_html )
61	{
62	$seek_url = $this->wph->default_variables['stylesheet_uri'];
63	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
64	- if ( stripos( $this->remote_html, $seek_url ) )
65	$found_within_code = TRUE;
66	}
67


57	$found_issue = TRUE;
58
59	$found_within_code = FALSE;
60	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
61	{
62	$seek_url = $this->wph->default_variables['stylesheet_uri'];
63	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
64	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
65	$found_within_code = TRUE;
66	}
67

include/admin-interfaces/security-scan/scan_item_hide_check_child_theme_style.php CHANGED Viewed

	@@ -54,11 +54,11 @@
54	}
55
56	$found_within_code = FALSE;
57	- if ( ! $found_issue && $this->remote_html )
58	{
59	$seek_url = $this->wph->default_variables['stylesheet_uri'] . '/style.css';
60	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
61	- if ( stripos( $this->remote_html, $seek_url ) )
62	$found_within_code = TRUE;
63	}
64


54	}
55
56	$found_within_code = FALSE;
57	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
58	{
59	$seek_url = $this->wph->default_variables['stylesheet_uri'] . '/style.css';
60	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
61	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
62	$found_within_code = TRUE;
63	}
64

include/admin-interfaces/security-scan/scan_item_hide_check_plugins.php CHANGED Viewed

	@@ -48,11 +48,11 @@
48	$found_issue = TRUE;
49
50	$found_within_code = FALSE;
51	- if ( ! $found_issue && $this->remote_html )
52	{
53	$seek_url = includes_url();
54	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
55	- if ( stripos( $this->remote_html, $seek_url ) )
56	$found_within_code = TRUE;
57	}
58


48	$found_issue = TRUE;
49
50	$found_within_code = FALSE;
51	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
52	{
53	$seek_url = includes_url();
54	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
55	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
56	$found_within_code = TRUE;
57	}
58

include/admin-interfaces/security-scan/scan_item_hide_check_theme.php CHANGED Viewed

	@@ -47,11 +47,11 @@
47	$found_issue = TRUE;
48
49	$found_within_code = FALSE;
50	- if ( ! $found_issue && $this->remote_html )
51	{
52	$seek_url = $this->wph->default_variables['template_url'];
53	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	- if ( stripos( $this->remote_html, $seek_url ) )
55	$found_within_code = TRUE;
56	}
57


47	$found_issue = TRUE;
48
49	$found_within_code = FALSE;
50	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
51	{
52	$seek_url = $this->wph->default_variables['template_url'];
53	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
55	$found_within_code = TRUE;
56	}
57

include/admin-interfaces/security-scan/scan_item_hide_check_theme_style.php CHANGED Viewed

	@@ -47,11 +47,11 @@
47	$found_issue = TRUE;
48
49	$found_within_code = FALSE;
50	- if ( ! $found_issue && $this->remote_html )
51	{
52	$seek_url = $this->wph->default_variables['template_url'] . '/style.css';
53	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	- if ( stripos( $this->remote_html, $seek_url ) )
55	$found_within_code = TRUE;
56	}
57


47	$found_issue = TRUE;
48
49	$found_within_code = FALSE;
50	+ if ( ! $found_issue && $this->wph->security_scan->remote_html )
51	{
52	$seek_url = $this->wph->default_variables['template_url'] . '/style.css';
53	$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
54	+ if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
55	$found_within_code = TRUE;
56	}
57

include/admin-interfaces/security-scan/scan_item_hide_license_txt.php CHANGED Viewed

	@@ -45,7 +45,12 @@
45	$option = $this->wph->functions->get_module_item_setting('block_license_txt');
46
47	if ( empty ( $option ) \|\| $option == 'no' )
48	- ~~$found_issue = TRUE;~~





49
50	if ( $found_issue )
51	{


45	$option = $this->wph->functions->get_module_item_setting('block_license_txt');
46
47	if ( empty ( $option ) \|\| $option == 'no' )
48	+ {
49	+ if ( file_exists ( ABSPATH . 'license.txt' ) )
50	+ {
51	+ $found_issue = TRUE;
52	+ }
53	+ }
54
55	if ( $found_issue )
56	{

include/admin-interfaces/security-scan/scan_item_hide_readme_html.php CHANGED Viewed

	@@ -45,7 +45,12 @@
45	$option = $this->wph->functions->get_module_item_setting('block_readme_html');
46
47	if ( empty ( $option ) \|\| $option == 'no' )
48	- ~~$found_issue = TRUE;~~





49
50	if ( $found_issue )
51	{


45	$option = $this->wph->functions->get_module_item_setting('block_readme_html');
46
47	if ( empty ( $option ) \|\| $option == 'no' )
48	+ {
49	+ if ( file_exists ( ABSPATH . 'readme.html' ) )
50	+ {
51	+ $found_issue = TRUE;
52	+ }
53	+ }
54
55	if ( $found_issue )
56	{

include/admin-interfaces/security-scan/scan_item_unwanted_files.php CHANGED Viewed

	@@ -26,7 +26,7 @@
26	{
27
28	return array(
29	- 'title' => __( '~~Dangerours~~ Files', 'wp-hide-security-enhancer' ),
30	'icon' => 'dashicons-admin-generic',
31
32	'help' => __("This security test checks for any dangerous files on your WordPress root. You should avoid keeping any unnecessary files on domain root.", 'wp-hide-security-enhancer'),
	@@ -47,35 +47,35 @@
47	$unwanted_files = array(
48	'wp-config.php' => array(
49	'regex' => '/(wp-config\.php\|wp-config-sample\.php)(SKIP)(FAIL)\|(^wp-config.*)/m',
50	- 'error_description' => ''
51	),
52	'php_errorlog' => array(
53	'regex' => '/php_errorlog/m',
54	- 'error_description' => ''
55	),
56	'*.log' => array(
57	'regex' => '/.\.log$./m',
58	- 'error_description' => ''
59	),
60	'*.sql' => array(
61	'regex' => '/.\.sql$./m',
62	- 'error_description' => ''
63	),
64	'*.bak' => array(
65	'regex' => '/.\.sql$./m',
66	- 'error_description' => ''
67	),
68	'*.zip' => array(
69	'regex' => '/.\.zip$./m',
70	- 'error_description' => ''
71	),
72	'*.txt' => array(
73	'regex' => '/(license\.txt\|robots\.txt)(SKIP)(FAIL)\|.*\.txt/m',
74	- 'error_description' => ''
75	),
76	'other php' => array(
77	'regex' => '/(index\.php\|wp-activate\.php\|wp-blog-header\.php\|wp-comments-post\.php\|wp-config\.php\|wp-config-sample\.php\|wp-cron\.php\|wp-links-opml\.php\|wp-load\.php\|wp-login\.php\|wp-mail\.php\|wp-settings\.php\|wp-signup\.php\|wp-trackback\.php\|xmlrpc\.php\|wordfence-waf\.php)(SKIP)(FAIL)\|.*\.php/m',
78	- 'error_description' => ''
79	)
80	);
81
	@@ -115,7 +115,7 @@
115	{
116
117	$_JSON_response['description'] .= '<p class="important">';
118	- $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . $data['value'] .'</b>';
119	$_JSON_response['description'] .= '</p>';
120
121	}


26	{
27
28	return array(
29	+ 'title' => __( 'Dangerous Files', 'wp-hide-security-enhancer' ),
30	'icon' => 'dashicons-admin-generic',
31
32	'help' => __("This security test checks for any dangerous files on your WordPress root. You should avoid keeping any unnecessary files on domain root.", 'wp-hide-security-enhancer'),

47	$unwanted_files = array(
48	'wp-config.php' => array(
49	'regex' => '/(wp-config\.php\|wp-config-sample\.php)(SKIP)(FAIL)\|(^wp-config.*)/m',
50	+ 'error_description' => __('PHP executable file', 'wp-hide-security-enhancer')
51	),
52	'php_errorlog' => array(
53	'regex' => '/php_errorlog/m',
54	+ 'error_description' => __('System Error log file', 'wp-hide-security-enhancer')
55	),
56	'*.log' => array(
57	'regex' => '/.\.log$./m',
58	+ 'error_description' => __('System log file', 'wp-hide-security-enhancer')
59	),
60	'*.sql' => array(
61	'regex' => '/.\.sql$./m',
62	+ 'error_description' => __('MySQL database file', 'wp-hide-security-enhancer')
63	),
64	'*.bak' => array(
65	'regex' => '/.\.sql$./m',
66	+ 'error_description' => __('Backup file', 'wp-hide-security-enhancer')
67	),
68	'*.zip' => array(
69	'regex' => '/.\.zip$./m',
70	+ 'error_description' => __('ZIP Archive file', 'wp-hide-security-enhancer')
71	),
72	'*.txt' => array(
73	'regex' => '/(license\.txt\|robots\.txt)(SKIP)(FAIL)\|.*\.txt/m',
74	+ 'error_description' => __('Text file, may contain sensitive data', 'wp-hide-security-enhancer')
75	),
76	'other php' => array(
77	'regex' => '/(index\.php\|wp-activate\.php\|wp-blog-header\.php\|wp-comments-post\.php\|wp-config\.php\|wp-config-sample\.php\|wp-cron\.php\|wp-links-opml\.php\|wp-load\.php\|wp-login\.php\|wp-mail\.php\|wp-settings\.php\|wp-signup\.php\|wp-trackback\.php\|xmlrpc\.php\|wordfence-waf\.php)(SKIP)(FAIL)\|.*\.php/m',
78	+ 'error_description' => __('PHP executable file', 'wp-hide-security-enhancer')
79	)
80	);
81

115	{
116
117	$_JSON_response['description'] .= '<p class="important">';
118	+ $_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . $data['value'] . ' (' . $unwanted_files[ $data['type'] ]['error_description'] . ')</b>';
119	$_JSON_response['description'] .= '</p>';
120
121	}

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.nsp-code.com/
4	Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	Tested up to: 6.1.1
7	- Stable tag: 1.9.1
8	License: GPLv2 or later
9
10	Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
	@@ -83,6 +83,11 @@ Since version 1.2, WP-Hide change individual plugin URLs and made them unrecogni
83
84	= Plugin Sections =
85





86	Hide -> Rewrite > Theme
87
88	* New Theme Path – Changes default theme path
	@@ -388,6 +393,14 @@ Please get in touch with us and we’ll do our best to include it inthe next ver
388
389	== Changelog ==
390








391	= 1.9.1 =
392	* New feature - Security Scan.
393	* Security Scan dashboard widget


4	Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5	Requires at least: 2.8
6	Tested up to: 6.1.1
7	+ Stable tag: 1.9.3
8	License: GPLv2 or later
9
10	Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.

83
84	= Plugin Sections =
85
86	+ **Hide -> Scan
87	+
88	+ * Exhaustive system security examination with analysis and improvements guidance and fixes
89	+
90	+
91	Hide -> Rewrite > Theme
92
93	* New Theme Path – Changes default theme path

393
394	== Changelog ==
395
396	+ = 1.9.3 =
397	+ * Add additional description for potentially dangerous files found within WordPress root.
398	+ * Typo fix for "Dangerous Files"
399	+ * Fix: Tipsy JavaScript error
400	+ * Fix: Undefined variable $site_score within render_overview()
401	+ * Fix: Divided by zero when calculating the overall scan progress
402	+ * Fix: Wrong remote_html variable
403	+
404	= 1.9.1 =
405	* New feature - Security Scan.
406	* Security Scan dashboard widget

wp-hide.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://wp-hide.com/
5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	- Version: 1.9.1
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/


5	Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6	Author: Nsp Code
7	Author URI: http://www.nsp-code.com
8	+ Version: 1.9.3
9	Text Domain: wp-hide-security-enhancer
10	Domain Path: /languages/
11	*/

WP Hide & Security Enhancer - Version 1.9.3

Version Description

Release Info

Code changes from version 1.9.1 to 1.9.3