=== Plugin Name ===
Contributors: nsp-code
Donate link: http://www.nsp-code.com/donate.php
Tags: hide, security, improve security, hacking, wp hide, wordpress hide
Requires at least: 2.8
Tested up to: 4.4.2
Stable tag: 1.2.2

Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.

== Description ==

The **easy way to completely hide your WordPress** core files path from being show on front side. This is a huge improvement over Site Security. Provide a simple way to clean up html by removing WordPress fingerprints.

Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes makes the vulnerable spot of every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin. 
Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites. 
Over 99,9% of hacked WordPress websites are target of automated malware scripts, who search for certain WordPress fingerprints. This plugin hide or replace those traces, making the hacking boots attacks useless.

Works fine with custom WordPress directory structure.

**Main plugin functionality:**

* Custom Admin Url
* Block default admin Url
* Block any direct folder access to completely hide the structure
* Custom wp-login.php filename
* Block default wp-login.php
* Block default wp-signup.php
* Block XML-RPC API
* New XML-RPC path
* Adjustable theme url
* New child Theme url
* Change theme style file name
* Custom wp-include 
* Block default wp-include paths
* Block defalt wp-content
* Custom plugins urls
* Individual plugin url change 
* Block default plugins paths
* New upload url
* Block default upload urls
* Remove wordpress version
* Meta Generator block
* Disble the emoji and required javascript code
* Remove pingback tag
* Remove wlwmanifest Meta
* Remove rsd_link Meta
* Remove wpemoji

and many more.

This plugin allow to change default Admin Url's from **wp-login.php** and **wp-admin** to something else. All original links return default theme 404 Not Found page, like nothing exists there. Beside the huge security advantage, this save lots of server processing time by reducing php code and MySQL usage since brute-force attacks trigger wrong urls.

**Important:** Compared to all other similar plugins which mainly use redirects, this plugin return a default theme 404 error page for all **block url** functionality, so is not reveal at all the link existence.

Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.

<br />Something is wrong with this plugin on your site? Just use the forum or get in touch with us at <a target="_blank" href="http://www.nsp-code.com">Contact</a> and we'll check it out.

= Plugin Sections =

**Rewrite > Theme**

* New Theme Path - Change default theme path
* New Theme Child Path - Change default child theme path
* New Style File Path - Change theme stylesheed file path and name

**Rewrite > WP includes**

* New Includes Path - Change default wp-includes path / url
* Block wp-includes URL - Block default wp-includes url

**Rewrite > WP content**

* New Content Path - Change default wp-content path / url
* Block wp-content URL - Block default content url

**Rewrite > Plugins**

* New Plugins Path - Change default wp-content/plugins path / url
* Block plugins URL - Block default wp-content/plugins url
* New path / url for every active plugins

**Rewrite > Uploads**

* New Uploads Path - Change default media files path / url
* Block uploads URL - Block default media files url

**Rewrite > XML-RPC**

* New XML-RPC Path - Change default XML-RPC path / url
* Block default xmlrpc.php - Block default XML-RPC url
* Remove pingback - Remove pingback link tag from theme

**Rewrite > Root Files**

* Block license.txt - Block access to license.txt root file
* Block readme.html - Block access to readme.html root file
* Block wp-activate.php - Block access to wp-activate.php file
* Block wp-signup.php - Block default wp-signup.php file
* Block other wp-*.php files - Block other wp-*.php files within WordPress Root

**General / Html**

* Disable Emoji
* Disable TinyMC Emoji
* Remove Version
* Remove Generator Meta
* Remove wlwmanifest Meta
* Remove feed_links Meta
* Remove rsd_link Meta
* Remove adjacent_posts_rel Meta
* Remove profile link
* Remove canonical link

**Admin > wp-login.php**

* New wp-login.php - Map a new wp-login.php instead default
* Block default wp-login.php - Block default wp-login.php file from being accesible

**Admin > Admin URL**

* New Admin Url - Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
* Block default Admin Url - Block default admin url and files from being accesible


<br />A website example can be found at <a target="_blank" href="http://nsp-code.com/demo/wp-hide/">http://nsp-code.com/demo/wp-hide/</a>

<br />Plugin homepage at <a target="_blank" href="http://www.wp-hide.com/">WordPress Hide and Security Enhancer</a>

<br />
<br />This plugin is developed by <a target="_blank" href="http://www.nsp-code.com">Nsp-Code</a>

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/wp-hide` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress.
3. Use the WP Hide screen to configure the plugin.

== Frequently Asked Questions ==

Feel free to contact us at electronice_delphi@yahoo.com

= Something is wrong, what can i do? =

* First, stay calm. There will be no harm, guaranteed :)
* Go to admin and change some of plugin options to see which one cause the problem. Then report it to forum or get in touch with us to fix it.
* If you can't login to admin, use the Recovery Link which has been sent to your e-mail. This will reset the login to default.
* If for some reason the site appear broken, you should back-up then replace the .htaccess file located on your WordPress root. Then remove the wp-hide-security-enhancer from your plugin directory.
* If still no luck, please get in touch with us at electronice_delphi@yahoo.com and we'll fix it for you in no time!

= I have no PHP knowledge at all, is this plugin for me? =

There's no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.

= I can't find a functionality that i'am looking for =

Please get in touch with us and we'll do our best to include it for a next version.

== Screenshots ==

1. Admin Interface.
2. Sample front html code.

== Changelog ==

= 1.2.2 =
* New Content Path
* New Component : Root Files
* Block license.txt
* Block readme.html
* Block wp-activate.php
* Block wp-signup.php
* Block other wp-*.php files
* licence.txt and readme.html block
* PO translations update

= 1.2 =
* New Feature Change individual plugin url path
* Admin layout improvments
* Fix for Admin canonical filter remove if remove canonical option set
* PO translations update
* Translation

= 1.1.7 =
* Remove profile link meta tag within head.
* Remove canonical link meta tag within head
* New XML-RPC Path
* Block default xmlrpc.php
* Remove pingback tag
* Recovery link for default wp-login.php and admin urls
* Css changes and warning messages update
* PO translations update
* TinyMCE emojicons callback fix

= 1.1.2 =
* Add a custom url for login_url filter
* Better description and warning for wp-login.php change
* Add default replacement for uploads
* conflict handle - Security Firewall (WordPress Security Firewall) >  Login Protection > Rename WP Login Page functionality
* wp-includes block when not logged-in
* wp-content block when not logged-in
* readme update

= 1.1 =
* Po / Mo localisation files update
* Update class to process the further structure changes and current components fields name change.
* New Component : Wp-content folder access block
* New Component : Block default wp-signup.php file from being accesible.
* Fix: New admin url save when permalinks disable. keep on default admin url instead redirect.
* Rewrite Default mod_rewrite code, append slashes to all urls to avoid actual directory reveal
* Send e-mail notification when admin e-mail change, to prevent url forget / lose
* New Component Disable Emoji
* New Component Disable TinyMC Emoji
* Structure change on the modules, split into chunks called components
* Code Clean-up
* Set processing order for component settings to allow mod_rewrite rules placement at certain position related to another line
* Improved Template dir when child theme is active
* Allow parent theme / child theme rewrite
* mod_rewrite change for 404 error, set for WordPress internal 404 error page instead default server

= 1.0.4 =
* Text Domain fix from wp-hide to wp-hide-security-enhancer

= 1.0.3 =
* Certain sections improvments and code redo
* Admin module cleanup
* removed block for wp-include
* Removed router functionality
* Created Change relative urls within load-style block, load the tyles on a separate file to change the links

= 1.0 =
* Initial release.

== Upgrade Notice ==

Always keep plugin up to date.


== Localization ==
Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer