WP Hide & Security Enhancer

2.6.2

• New feature – Enable the 2FA for specific roles. Choose the roles for which the 2FA feature will trigger.
• Fill the missing options with the component default value.
• Avoid re-loading the settings if they exists in the WPH class.
• Update the GoogleAuthenticator.php
• Fix: Creation of dynamic property WPH::$_2fa is deprecated

2.6.1

• Comparison fix within WPForms Lite compatibility file.
• Fix: Missing 2Fa icons and js asset.

2.6

• New feature – 2FA – Two-Factor Authentication
• 2FA – Email
• 2FA – Auth APP
• 2FA – Recovery Codes
• Minor bug fixes
• Readme content text description updates
• Readme video demo update

2.5.8

• Separate all module components settings from the components settings description, to ensure the __() and _e() translation functions trigger after the init action.
• Relocate the filter wp-hide/ignore_ob_start_callback higher in the ob_start_callback method, to allow by-passing the buffer processing.
• Ignore the comments removal when the content type is application/json
• Use module separate method get_interface_menu_position for setting up the position hierarchy in the menus.
• Fix: Ensure the security widget is loading the correct data for any users that has access to the dashboard.
• Fix: avoid calling the get_plugins() as it triggers a rare issue on ceertain servers, when loading over HTTP protocol.

2.5.6

• Add separate components description texts, for the translations to be available, after init action ( changed in the WordPress 6.5 )
• Update the Components classes ( rewrites ) to use separate description.
• Updated the translation PO file.
• Fix: Check if $all_themes has the key, before retrieve the value in is_child_theme()

2.5.4

• Fix: Remove the protocol from URLs in the theme’s style file module, to prevent issues when the site’s protocol is inconsistent (e.g., using both HTTP and HTTPS).

2.5.2

• Fix: Sanitize the replacement_path in the router.
• WordPress 6.7.1 compatibility check and tag update.

2.5.1

• Update the compatibility file for WPForms Lite and WPForms PRO

2.5

• Include a version number for all script and style assets to ensure the correct data loads when cached.
• Load the user interaction JavaScript on the login page as well, to ensure functionality on that page.
• Add submenu items to the main menu for improved accessibility.
• Check if LSWCP_TAG_PREFIX is defined when using LiteSpeed Cache before clearing the caches.
• Clear the Elementor caches, if active, when options change.
• Fix: Use rtrim instead of trim to strip the trailing / in the URL.
• Update and check compatibility with WordPress 6.7.

2.4.7

• Fix: Check if data block is serialized, before applying the revert replacements.
• Compatibility update for WP Job Manager
• WP Rocket: check if contant WP_ROCKET_WHITE_LABEL_FOOTPRINT is already defined before define.
• Compatibility file for Dokan

2.4.4

• Prevent redirection to the login page when using GravityForms and use the query gf_page.
• On option_block_revert check if the variable is serialized before processing the reverting for the block.
• WordPress 6.6.1 compatibility check and tag update.

2.4.2

• Undefined function fix.

2.4.1

• Add self_admin_url filter for components like WordPress update routine.
• Check if the correct page before add the admin_enqueue_scripts action, for the custom logo interface.
• WordPress 6.6 compatibility check and tag update.

2.4

• New feature: Block common Theme / Plugin detectors and scanners https://wp-hide.com/documentation/block-theme-plugin-detectors/
• Fix: Return true when checking the post meta update if not changed.

2.3.9

• New feature: Customize the default login page Logo
• Improve the default plugin set-up with more options and include the Headers sample settings.
• Slight visual improvements.
• Inform to restart the LiteSpeed on certain servers (e.g. Hostinger ).
• Use preg_replace to sanitize the input for security improvements.
• Compatibility file for WPForms Lite
• WordPress 6.5.3 compatibility check and tag update

2.3.8.2

• Disable the filter wph/components/rewrite-default/superglobal_variables_replacements and the ignore for _wp_http_referer as produce issues with specific plugins

2.3.8.1

• Fix Too few arguments to function WPH_module_rewrite_default::_array_replacements_recursivelly()

2.3.8

• Ignore the _wp_http_referer when reversing urls, to ensure when compared with existing is not failing.
• Fix for WPForms Lite plugin when using a custom admin URL.

2.3.7

• Preserve the field types when replacing superglobals data.

2.3.6

• Ensure the is_user_logged_in function is available before calling it.

2.3.5

• Update the plugin headers
• New module – Disable Admin Url redirect to Login page
• Remove deprecated admin-new-_wp-login_php file
• WordPress 6.5 compatibility check and tag update

2.3.1

• New filter wp-hide/interface/process/minimum_slug_length for customizing the minimum length of the admin and login slug https://wp-hide.com/documentation/wp-hide-interface-process-minimum_slug_length/
• Oxygen builder compatibility file updates.
• Add end slash for admin custom slug, into the rewrite, to ensure exact match.
• Add the filter wph/components/force_run_on_admin to more options for allowing to run into the admin https://wp-hide.com/documentation/wph-components-force_run_on_admin/
• WordPress 6.4.2 compatibility check and tag update

2.2.9

• Allow custom login URL without requiring a PHP extension.
• Require at least 5 chars for the customization of login and admin URL to avoid words conflicts.
• Scan XML RPC update, check if the service is disabled to avoid returning false positive.
• Compatibility with Redirection plugin; show the default redirect URLs within the interfaces.
• Add FLYING_PRESS_VERSION and LiteSpeed Purge to the internal site_cache_clear()
• WordPress 6.4.1 compatibility tag update

2.2.4

• Fix Undefined array key “file” warning.
• Ignore wp-admin, wp-content, wp-includes as custom slugs for any of the options, to avoid code conflicts.

2.2.1

• Reverse the replacements for $_FILES super global variable too.
• Adjust the login form width, when using the Google Captcha or Cloudflare Turnstile Captcha
• Use init action, to send the customized login e-mail, to avoid sending multiple time on certain servers environment.
• Use debug_backtrace to avoid looping, in conjunction with certain plugins, for login_url filter.
• Add a filter for site_url to apply the login customisation when the scheme is ‘login’ or ‘login_post’
• Fix reset options form and submit buttons.
• Fix various texts and instances.
• Tested for WordPress 6.4

2.1.8

• New feature Captcha for Login, Register, Password Forget pages etc.
• New Captcha – Google Captcha V2
• New Captcha – Google Captcha V3
• Tested for PHP 8.2.4

2.1.5

• Use transient for domain_get_ip to avoid execution delays with certain hosts.
• Separate options for Copy / Cut / Paste into the User Interactions interface for better control over the options
• Few Typos fix
• Compatibility updates for TranslatePress – Multilingual

2.1.1

• New filter wph/components/components_run/ignore_component which allows selective disabling for specific components to apply on the front site
  https://wp-hide.com/documentation/wph-components-components_run-ignore_component/
• Set minimum required WordPress version as 4.0
• Set minimum required PHP version as 5.4

2.1

• Relocate the plugins_themes_compatibility prior module components initialization.
• Avoid looping with certain 3rd codes by caching the home url.
• HTML Comments removal regex updates.
• Compatibility update for qTranslate-XT plugin, when using the option redirect to language and customizing the default login url through WP Hide

2.0.6

• Use regex patterns for Scan – Replacements, for better accuracy in the identification of the fingerprints proposed to be changed.
• Deprecated Expect-CT.
• Remove the Expect-CT from the recommended headers.

2.0.4

• Suppress the option to block the Developer Tools / Inspect when page/post preview.
• Add to cache clear for Autoptimize, Perfmatters, Breeze, Site Ground Cache, when flushing the caches.
• Site Ground Cachepress plugin compatibility update
• WordPress compatibility check for 6.2
• WordPress compatibility tag update.

1.9.9

• Decrease the Scan progress background AJAX update, to avoid time-outs on slow connections.
• Improvement: When using the Disable Developer Tools option, check if iPhone device and disable, through JavaScript instead PHP, to avoid caching.
• New Screenshot for better pre-visualization of the actual interface.
• Fix: Scan Admin component, Fix button URL.

1.9.7

• New Security Headers component – Referrer-Policy.
• Check the post meta and option value if serialized ( double serialization ), before reversing the URLs.
• Code improvements.
• Updated translation PO file.

1.9.5

• Replaced the deprecated Feature-Policy with Permissions-Policy security header.
• Fix: Scan disable redirects when testing firewall, to ensure correct results
• Fix count() error for not countable variable.
• PO language file updates

1.9.3

• Add additional description for potentially dangerous files found within WordPress root.
• Typo fix for “Dangerous Files”
• Fix: Tipsy JavaScript error
• Fix: Undefined variable $site_score within render_overview()
• Fix: Divided by zero when calculating the overall scan progress
• Fix: Wrong remote_html variable

1.9.1

• New feature – Security Scan.
• Security Scan dashboard widget
• Inform on possible LiteSpeed service restart if use such system.
• Check if HTTP_USER_AGENT environment variable exists before making comparison.
• Fix Oxigen compatibility when using the HTML Minify.
• Fix: Cache Enable static call.

1.8.8

• New component Headers -> Remove Server Header.
• Prevent output of “document.addEventListener” unless an user-interaction option is active.
• Add X-XSS-Protection into the headers list, to avoid reporting as not used as security header.
• Code Improvements and clean-up.
• PO language file update.

1.8.6

• Ignore the “Disable Developer Tools” on iPhone
• WordPress 6.1 compatibility tag
• Fix: Security headers progress comparison step.
• Slight css changes

1.8.5

• Improved Disable Developer Tools feature, by returning an empty page.
• W3 Total Cache – implements support for Push CDN and custom folders
• Compatibility fix with JCH Optimize.
• Ignore invalid SSL certificate when testing rewrites, to allow local instances.
• Fix: static to public functions for a2-optimized compatibility class.
• Fix: use preg_match to ensure the HTML data is valid and avoid faulty code with multiple head tags.
• Slight text changes within some options, for better explanations.

1.8.3

• New options interface – User Interactions: Disable Mouse right click, Disable Text Selection, Disable Copy / Paste, Disable Print, Disable Print Screen, Disable Developer Tools, Disable View Source, Disable Drag / Drop
• Better accessibility for additional details regarding each of the options.
• Improved progress score calculation for Headers.
• A2 Optimized WP – compatibility fix.
• WordPress 6.0.2 tag compatibility update
• Fix CDN option external help page URL.

1.8.1

• Improved server environment rewrite test checking routines.
• Separate rewrite tests for static files and PHP files. This avoids reporting issues for servers not supporting rewrites for php-files.

1.8

• Add a new button to reset the current page options.
• Use regex to sanitize the URL arguments
• Relocated the Reset All Settings button to the bottom of the interface.
• Compatibility for Super Page Cache for Cloudflare
• Slight layout improvements and changes.
• WordPress 6.0.1 compatibilit tag

1.7.9.2

• Change the advanced_notice class within the interfaces to avoid issues caused by 3rd theme.
• Do not remove comments when json request
• WordPress 6.0 compatibilit tag

1.7.8.1

• When checking and calculating the the Headers protection score, ignore the SSL verification for the domain, to allow usage of invalid certificates.
• Check if set headers are actually passed-through on the front side, as some servers may block that.
• Set WP_ROCKET_WHITE_LABEL_FOOTPRINT to remove the footer comment for WP Rocket, when active

1.7.8

• New Security Functionality – Headers. HTTP Response Headers are a powerful tool to Harden Your Website Security.
• Security Headers – Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.
• Security Headers – Protection Level graph
• Security Headers – Sample Setup
• Security Headers – Recovery functionality
• Styles and layout improvements
• Code clean-up
• Fix: Append URL arguments to login URL, if exists

1.7.6

• Run on revision posts, to match URLs and revert to default WordPress ( e.g. when using Gutenberg editor )
• Require a .php for the customization of the default wp-login.php to avoid cookie issues on password change area.
• WooCommerce 5.9 compatibility check and tag.

1.7.3

• Fix: If Emulate CMS active, ensure the buffer is an HTML content

1.7.3

• New functionality, block wp-json for everyone or non-logged-in users.
• Fix Emulate CMS documentation url.
• Removed Twitter share.

1.7.1

• New plugin feature: Emulate CMS
• Update PO language file
• Skip comment removal when admin dashboard.
• Fix: Ignore comment removal when Gutenberg JSON call for blocks, to avoid formatting issues.

1.6.4

• Ensure compatibility with PHP 8.0
• Update PO language file
• Update documentation URLs within the plugin interfaces, with the non-www domain wp-hide.com

1.6.3.9

• Include the “Clean the REST API response” within Sample Setup.

1.6.3.8

• New option for JSON REST module – “Clean the REST API response”
• Relocated Feed tab to Rewrite module

1.6.3.7

• Output the help title only if there’s an help section available through the module settings
• Fix undefined $found_issues
• WordPress 5.8 compatibility tag

1.6.3.6

• Add dashboard and cpanel to system reserved to avoid permalinks conflicts
• LiteSpeed Cache compatibility update
• WP-Optimize compatibility update

1.6.3.4

• Update compatibility file for TranslatePress – Multilingual

1.6.3.3

• Fix attachment_url_to_postid
• Fix undefined get_metadata_raw

See full list of changelogs at https://wp-hide.com/plugin-changelogs/