WP Hide & Security Enhancer

Registro de cambios

2.2.9

• Allow custom login URL without requiring a PHP extension.
• Require at least 5 chars for the customization of login and admin URL to avoid words conflicts.
• Scan XML RPC update, check if the service is disabled to avoid returning false positive.
• Compatibility with Redirection plugin; show the default redirect URLs within the interfaces.
• Add FLYING_PRESS_VERSION and LiteSpeed Purge to the internal site_cache_clear()
• WordPress 6.4.1 compatibility tag update

2.2.4

• Fix Undefined array key «file» warning.
• Ignore wp-admin, wp-content, wp-includes as custom slugs for any of the options, to avoid code conflicts.

2.2.1

• Reverse the replacements for $_FILES super global variable too.
• Adjust the login form width, when using the Google Captcha or Cloudflare Turnstile Captcha
• Use init action, to send the customized login e-mail, to avoid sending multiple time on certain servers environment.
• Use debug_backtrace to avoid looping, in conjunction with certain plugins, for login_url filter.
• Add a filter for site_url to apply the login customisation when the scheme is ‘login’ or ‘login_post’
• Fix reset options form and submit buttons.
• Fix various texts and instances.
• Tested for WordPress 6.4

2.1.8

• New feature Captcha for Login, Register, Password Forget pages etc.
• New Captcha – Google Captcha V2
• New Captcha – Google Captcha V3
• Tested for PHP 8.2.4

2.1.5

• Use transient for domain_get_ip to avoid execution delays with certain hosts.
• Separate options for Copy / Cut / Paste into the User Interactions interface for better control over the options
• Few Typos fix
• Compatibility updates for TranslatePress – Multilingual

2.1.1

• New filter wph/components/components_run/ignore_component which allows selective disabling for specific components to apply on the front site
  https://wp-hide.com/documentation/wph-components-components_run-ignore_component/
• Set minimum required WordPress version as 4.0
• Set minimum required PHP version as 5.4

2.1

• Relocate the plugins_themes_compatibility prior module components initialization.
• Avoid looping with certain 3rd codes by caching the home url.
• HTML Comments removal regex updates.
• Compatibility update for qTranslate-XT plugin, when using the option redirect to language and customizing the default login url through WP Hide

2.0.6

• Use regex patterns for Scan – Replacements, for better accuracy in the identification of the fingerprints proposed to be changed.
• Deprecated Expect-CT.
• Remove the Expect-CT from the recommended headers.

2.0.4

• Suppress the option to block the Developer Tools / Inspect when page/post preview.
• Add to cache clear for Autoptimize, Perfmatters, Breeze, Site Ground Cache, when flushing the caches.
• Site Ground Cachepress plugin compatibility update
• WordPress compatibility check for 6.2
• WordPress compatibility tag update.

1.9.9

• Decrease the Scan progress background AJAX update, to avoid time-outs on slow connections.
• Improvement: When using the Disable Developer Tools option, check if iPhone device and disable, through JavaScript instead PHP, to avoid caching.
• New Screenshot for better pre-visualization of the actual interface.
• Fix: Scan Admin component, Fix button URL.

1.9.7

• New Security Headers component – Referrer-Policy.
• Check the post meta and option value if serialized ( double serialization ), before reversing the URLs.
• Code improvements.
• Updated translation PO file.

1.9.5

• Replaced the deprecated Feature-Policy with Permissions-Policy security header.
• Fix: Scan disable redirects when testing firewall, to ensure correct results
• Fix count() error for not countable variable.
• PO language file updates

1.9.3

• Add additional description for potentially dangerous files found within WordPress root.
• Typo fix for «Dangerous Files»
• Fix: Tipsy JavaScript error
• Fix: Undefined variable $site_score within render_overview()
• Fix: Divided by zero when calculating the overall scan progress
• Fix: Wrong remote_html variable

1.9.1

• New feature – Security Scan.
• Security Scan dashboard widget
• Inform on possible LiteSpeed service restart if use such system.
• Check if HTTP_USER_AGENT environment variable exists before making comparison.
• Fix Oxigen compatibility when using the HTML Minify.
• Fix: Cache Enable static call.

1.8.8

• New component Headers -> Remove Server Header.
• Prevent output of «document.addEventListener» unless an user-interaction option is active.
• Add X-XSS-Protection into the headers list, to avoid reporting as not used as security header.
• Code Improvements and clean-up.
• PO language file update.

1.8.6

• Ignore the «Disable Developer Tools» on iPhone
• WordPress 6.1 compatibility tag
• Fix: Security headers progress comparison step.
• Slight css changes

1.8.5

• Improved Disable Developer Tools feature, by returning an empty page.
• W3 Total Cache – implements support for Push CDN and custom folders
• Compatibility fix with JCH Optimize.
• Ignore invalid SSL certificate when testing rewrites, to allow local instances.
• Fix: static to public functions for a2-optimized compatibility class.
• Fix: use preg_match to ensure the HTML data is valid and avoid faulty code with multiple head tags.
• Slight text changes within some options, for better explanations.

1.8.3

• New options interface – User Interactions: Disable Mouse right click, Disable Text Selection, Disable Copy / Paste, Disable Print, Disable Print Screen, Disable Developer Tools, Disable View Source, Disable Drag / Drop
• Better accessibility for additional details regarding each of the options.
• Improved progress score calculation for Headers.
• A2 Optimized WP – compatibility fix.
• WordPress 6.0.2 tag compatibility update
• Fix CDN option external help page URL.

1.8.1

• Improved server environment rewrite test checking routines.
• Separate rewrite tests for static files and PHP files. This avoids reporting issues for servers not supporting rewrites for php-files.

1.8

• Add a new button to reset the current page options.
• Use regex to sanitize the URL arguments
• Relocated the Reset All Settings button to the bottom of the interface.
• Compatibility for Super Page Cache for Cloudflare
• Slight layout improvements and changes.
• WordPress 6.0.1 compatibilit tag

1.7.9.2

• Change the advanced_notice class within the interfaces to avoid issues caused by 3rd theme.
• Do not remove comments when json request
• WordPress 6.0 compatibilit tag

1.7.8.1

• When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
• Check if set headers are actually passed-through on the front side, as some servers may block that.
• Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active

1.7.8

• New Security Functionality – Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
• Security Headers – Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.
• Security Headers – Protection Level graph
• Security Headers – Sample Setup
• Security Headers – Recovery functionality
• Styles and layout improvements
• Code clean-up
• Fix: Append URL arguments to login URL, if exists

1.7.6

• Run on revision posts, to match URLs and revert to default WordPress ( e.g. when using Gutenberg editor )
• Require a .php for the customization of the default wp-login.php to avoid cookie issues on password change area.
• WooCommerce 5.9 compatibility check and tag.

1.7.3

• Fix: If Emulate CMS active, ensure the buffer is an HTML content

1.7.3

• New functionality, block wp-json for everyone or non-logged-in users.
• Fix Emulate CMS documentation url.
• Removed Twitter share.

1.7.1

• Nueva característica del plugin: Emular un CMS
• Update PO language file
• Skip comment removal when admin dashboard.
• Fix: Ignore comment removal when Gutenberg JSON call for blocks, to avoid formatting issues.

1.6.4

• Ensure compatibility with PHP 8.0
• Update PO language file
• Update documentation URLs within the plugin interfaces, with the non-www domain wp-hide.com

1.6.3.9

• Incluir la «Limpieza de la respuesta de la API REST» dentro de la configuración de ejemplo.

1.6.3.8

• Nueva opción para el módulo JSON REST – «Limpiar la respuesta de la API REST»
• Relocated Feed tab to Rewrite module

1.6.3.7

• Output the help title only if there’s an help section available through the module settings
• Fix undefined $found_issues
• WordPress 5.8 compatibility tag

1.6.3.6

• Add dashboard and cpanel to system reserved to avoid permalinks conflicts
• LiteSpeed Cache compatibility update
• WP-Optimize compatibility update

1.6.3.4

• Update compatibility file for TranslatePress – Multilingual

1.6.3.3

• Fix attachment_url_to_postid
• Fix undefined get_metadata_raw

1.6.3.2

• Confirmation page for Recovery link
• Use home_url() instead site_url() for recovery links to ensure the format is correct for WordPress instances using own directory
• Trigger the login URL change e-mail at shutdown instead init
• Compatibility with TranslatePress – Multilingual
• Fix undefined notice
• Fix meta Uncaught TypeError: count(): Argument
• Slight code improvements

1.6.3.1

• Improved description for Test Rewrite procedure, when the server fails to provide a valid response, rewrite engine is not active or the custom urls are not allowd.
• Fixed Undefined Property Notice

1.6.3

• Server Environment Check to ensure there are no rewrite issues and the plugin can be safely deployed.
• Interactive feedback with hints and explanations for environment issues.
• Improved UI
• Clear fusion cache when plugin options changed if avada active
• Fix New Search Path replacement to include an end slash, to avoid catch wrong urls
• Check and tag for WordPress 5.7

1.6.2.5

• Fix: Add slash for «New Search Path» to avoid wrong replacements with urls containing the new search slug.

1.6.2.4

• Reverse URLs when saving a options, to avoid custom urls to be writted within the database.
• Check if string before making a replacement on metadata
• Compatibility file for Oxigen editor, when using Signatures
• Simple Firewall compatibility file update – check if FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller class exists before apply

1.6.2.0.4

• Update Compatibility file with Oxygen editor, for image with link wrapper
• WordPress 5.6 compatibility tag update

1.6.2.0.3

• Compatibility file with Oxygen editor

1.6.2.0.2

• Fix: Check the replacements for update_post_metadata method on text and array types.

1.6.2

• Reverse URLs when saving a meta data field, to avoid custom urls to be writted within the database.
• Trigger a system notice when deployed on MultiSite, as not being compatible.
• Don’t run _init_remove_html_new_lines when AJAX call to avoid front side processing errors.
• WP Rocket compatibility file updates, to works with combined CSS assets
• Shield Security compatibility update, to works with version 10 and up.
• Prevent nottices and errors when attempt to rite on .htaccess file.
• New filter wph/components/wp_oembed_add_discovery_links to allow disabling the Remove Oembed – wp_oembed_add_discovery_links
• New filter wph/components/wp_oembed_add_host_js to allow disabling the Remove Oembed – wp_oembed_add_host_js
• New compatibility file for wePOS plugin
• New compatibility file for Asset CleanUp Pro Page Speed Booster plugin

1.6.1.3

• Compatibility with Hyper Cache
• Update JSON REST service disable, remove the json_enabled as being deprecated, rely on rest_authentication_errors filter
• Fix WooCommerce Update Database link when changing the default /wp-admin/ slug
• Fix password forget return URL
• Remove callback for Compatibility file for Shield Security within new-admin module

1.6.1.1

• Fix: Remove callback for Compatibility file for Shield Security within custom login module

1.6.1

• Compatibility file fix for Shield Security
• Etiqueta de compatibilidad con WordPress 5.5.1

1.6.0.9.1

• Ignore CDN value check for domain name similitude

1.6.0.9

• LiteSpeed guide on Setup interface
• Nueva funcionalidad – Desactivar el clic derecho del ratón
• Compatibility file – JobBoardWP
• Compatibility WP-Optimize – Clean, Compress, Cache
• Etiqueta de compatibilidad con WordPress 505

1.6.0.8

• Avoid using domain name as replacement for any option, or might conclude to wrong replacements within the outputted HTML or wrong reversed urls.
• Add system reserved words as ‘wp’, ‘admin’, ‘admin-ajax.php’
• Slight General code improvements
• Clean cookie for the new custom slug, if set.
• Integration with WP-Optimize – Clean, Compress, Cache

1.6.0.6

• WP Job Manager – compatibility update

1.6.0.5

• New Setup interface with helps and hints on how to use the plugin.
• New Sample Setup, which deploy a basic set-up of plugin options
• Remove internal wp_mail and rely on WordPress core
• Improved FAQ area
• Updated base language file

1.6.0.4

• Purga la caché para el plugin Fast Velocity Minify, al limpiar la caché interna
• Devuelve el nuevo slug de administración al llamar a admin_url() y si la administración por defecto está personalizada
• Utiliza sin protocolo al cargar los archivos, para garantizar que se carguen sobre el protocolo de dominio actual
• Actualización del archivo de compatibilidad con BuddyPress
• Actualización del archivo de compatibilidad con Elementor
• Actualización del archivo de compatibilidad con ShortPixel Adaptive Images
• Actualización del archivo de compatibilidad con WooCommerce
• Actualización del archivo de compatibilidad con WP Rocket
• Nuevo archivo de compatibilidad con Fast Velocity Minify
• Nuevo archivo de compatibilidad con LiteSpeed ​​Cache
• Nuevo archivo de compatibilidad con Swift Performance
• Nuevo archivo de compatibilidad con WP Speed ​​of Light

1.6

• Nuevo filtro wp-hide/content_urls_replacement
• Compatibilidad con Ultimate Member, corregida la subida de imágenes de usuario
• Compatibilidad actualizada con W3 Cache, utilizando la opción postprocessorRequire
• Actualizaciones de compatibilidad con Fluentform
• Emite toda la pila de errores para $wp_filesystem si existe
• Corrección tipográfica en el módulo subidas

1.5.9.9

• Procedimiento actualizado para la identificación del tipo de servidor
• Añadido nuevo tipo de texto/plano para el contenido filtrable
• Añadido server_nginx_config a la clase principal, para ser usado dentro de otros módulos
• Actualización del cuantificador de reescritura para IIS de .+ to .*
• Ignorado el bloque wp-content si el agente es LiteSpeed-Image

1.5.9.5

• Actualizado el método is_filterable_content_type, devuelve TRUE si no encuentra la cabecera Content-Type

1.5.9.4

• Corregido el protocolo del sitio de demostración de léeme

1.5.9.4

• Corrección «undefined method WPH_functions::get_site_module_saved_value()» cuando el tipo de contenido es text/xml

1.5.9.3

• Comprueba el tipo de contenido del búfer filtrable, antes de hacer reemplazos, para evitar cambios erróneos
• Actualizar sólo las URL en el tipo de contenido XML
• URL actualizada del sitio de demostración del plugin en el archivo léame
• Actualización de la compatibilidad del plugin ShortPixel Image Optimizer
• Aviso de un posible problema de bloqueo de Cron en ciertos servidores

1.5.9

• New admin interfaces skin.
• Relocated plugin assets within a different folder for better organisator.
• Updated mu-loader module
• Add help and hints for each options for easier understanding.
• Allow same base slug to be used for individual plugins
• Updated language file
• Check if environment file is not available and outputs admin messages
• Environment class with relocated environment json, to avoid security scanners false reports.
• Cache Enabler plugin compatibility module
• WoodMart theme compatibility
• Compatibility module for WP Smush and WP Smush PRO plugins
• Add the new filter available for WP Rocket to change css content
• WebARX compatibility module update
• W3 Cache module update

1.5.8.2

• Ensure base slug (e.g. base_slug/slug ) is not being used for another option to prevent rewrite conflicts
• Return correct home path when using own directory for WordPress and hosting account use the same slug in the path.
• Relocated get_default_variables() function on a higher priority execution level, to get default system details.
• Switched Yes / No options selection, to outputs first No then Yes ( more logical )

1.5.8

• Add reserved option names to avoid conflicts e.g. wp
• Always clear any code plugin cache when plugin update
• Easy Digital Downloads compatibility
• Elementor plugin compatibility
• Fusion Builder plugin compatibility
• Divi theme compatibility updates
• WP Fastest Cache plugin compatibility updates
• Check if ob_gzhandler and zlib.output_compression before using ‘ob_gzhandler’ output buffering handler

1.5.7

• Autoptimize css/js cache and minify compatibility
• Wp Hummingbird and WP Hummingbird PRO assets cache compatibility

1.5.6.9

• Nueva funcionalidad: Quitar el enlace de la cabecera

1.5.6.8

• Corrección: Llamada a un método no vákido WP_Error::has_errors()
• Corrección: Se intenta borrar Opcache si no se restringe la API

1.5.6.7

• Permite que los trabajos cron internos se ejecuten incluso si wp-cron.php está bloqueado.
• Comprueba con wp_filesystem cualquier error y envía los mensaje,s antes de intentar escribir cualquier contenido
• Provocar el vaciado de la caché del sitio en los ajustes cambiados o en la actualización del código
• Pequeñas actualizaciones de css
• Marca la opción de bloqueo en texto rojo para una mejor visibilidad y conocimiento del usuario

1.5.6.4

• Fix: Keep double quote at the start of the replacements when doing JSON matches to avoid replacing strings for other domains
• Corrección: Ejecuta el paquete de compatibilidad para «ShortPixel Adaptive Images» solo cuando el plugin esté activo

1.5.6.3

• Fix: remove javascript comments produce worng replacements on specific format.

1.5.6.2

• Usar el prefijo actual de tu sitio al obtener ‘user_roles’

1.5.6

• Fix BBPress menus by calling directly the wp_user_roles option ratter get_roles()
• Replace comments within inline JavaScript code when Remove Comments active
• Posibles avisos de conflicto de acceso al usar WebArx, WPS Hide Login
• New action wp-hide/admin_notices when plugin admin notices
• Return updated url when calling admin_url instead replaced when buffer outputs to ensure compatibility with specific plugins

1.5.5.9

• Módulo de compatibilidad con el plugin ShortPixel Adaptive Images
• Añadida compatibilidad con campos de área de texto dentro de la interfaz de opciones del plugin
• Corregidas las urls de los archivos minificados al usar el plugin de caché WP Rocket

1.5.5.7

• Filter remove fix

1.5.5.6

• Corregida la página de inicio de sesión cuando se utiliza la caché de Wp Rocket

1.5.5.5

• Corregida sustitución del escritorio de administración cuando se usa la caché de Wp Rocket

See full list of changelogs at https://wp-hide.com/plugin-changelogs/