Articles

Article updates

Customize the default wp die page ( error 404 )

Last updated: February 28, 2025 No Comments

Customizing the WP Die Layout in WP Hide PRO

WP Hide PRO allows users to customize the default WordPress 404 error page using the option at WP Hide > General / HTML > WP Die -> WP Die Layout. This feature enables control over the error layout, replacing the standard WordPress die message with a custom design.

Implementing Custom WP Die Layout

To modify the WP Hide PRO – WP Die Layout, you can hook into the wp_die_handler filter and define your own function that outputs the desired error message. This allows you to create a fully customized error page that aligns with your site’s branding.

Steps to Customize:

  1. Add a custom function in your theme’s functions.php file or a custom plugin.
  2. Hook into the wp_die_handler filter to replace the default error handler.
  3. Define your own error layout with custom HTML, CSS, or JavaScript.

Code Example:

https://pastebin.com/iwQZ8VCJ

wph/components/force_run_on_admin

Last updated: February 18, 2025 No Comments
This functionality is available for PRO version.

Name: wph/components/force_run_on_admin
Type: Filter
Arguments:
(bool) $status
(string) $component_id

By default, certain features are disabled on the WordPress Dashboard to prevent potential conflicts and ensure the stability of core functionalities. However, if needed, you can use this filter to override the default behavior and enable specific modules to run within the admin dashboard as well. This allows for greater flexibility while maintaining control over which features are active in the backend environment.
Continue reading

wp-hide/2fa/email/email_message

Last updated: January 29, 2025 No Comments

Name: wp-hide/2fa/email/email_message
Type: Filter
Arguments:
(str) $message
(integer) $code
(integer) $user_ID

This filter allows customization of the HTML email message sent to users when using the 2FA email login feature in WP Hide PRO. It enables developers to modify the email content, including styling, text, and structure, before the message is sent.

Continue reading

Import / Export plugin settings

Last updated: January 22, 2025 No Comments

The Import / Export feature in WP Hide PRO offers a streamlined solution for replicating and migrating configuration settings between different WordPress installations. This functionality is particularly beneficial when transferring a setup from one site to another, ensuring consistency and saving time during deployment. Below, we provide a detailed guide to using this feature effectively.

Overview of the Import / Export Feature

The Import / Export functionality allows you to back up, transfer, or restore your WP Hide PRO configurations quickly. This is ideal for developers managing multiple websites or users who wish to clone a site’s setup without manually reconfiguring each parameter.

The process is straightforward:

  1. Export Settings: Generate a configuration file or text from the source website.
  2. Import Settings: Apply the exported configuration to the target website.

By doing so, you can seamlessly replicate complex configurations and then make adjustments as necessary to align with the new site’s plugins, themes, and structure.

Step-by-Step Guide

Exporting Settings from the Source Website

  1. Navigate to Import / Export:
    • Log into your WordPress dashboard.
    • Go to WP Hide > Settings > Import / Export.
  2. Export Current Settings:
    • Click the Export Settings button.
    • A block of text representing your current WP Hide configuration will be generated.
    • Copy this text and save it in a secure location, such as a text file on your local system.

Importing Settings to the Target Website

  1. Navigate to Import / Export:
    • On the target WordPress site, go to WP Hide > Settings > Import / Export.
  2. Paste Configuration Data:
    • Locate the previously exported configuration text.
    • Paste it into the text area under Import Settings.
  3. Apply the Configuration:
    • Click the Import Settings button.
    • WP Hide PRO will process the data and apply the imported configuration to the target site.

Post-Import Adjustments

While the Import / Export process ensures that most settings are transferred accurately, further fine-tuning is often required. This is because configurations are tied to the structure, plugins, and theme of the original site, which may differ on the target site.

  1. Review Plugins and Themes:
    Ensure that the target site uses compatible plugins and themes. If any referenced components are missing, the configuration may not function as expected.
  2. Test Functionality:
    After importing the settings, thoroughly test the site to confirm that all functionalities are working correctly. Pay special attention to custom URLs, hidden paths, and rewritten elements.
  3. Update Specific Settings:
    Adjust any site-specific parameters, such as custom URLs that reference the original domain.

Benefits of Using Import / Export

The Import / Export feature offers several advantages:

  1. Time-Saving: Avoid the need to manually reconfigure settings when setting up a new site.
  2. Consistency: Ensure that multiple websites adhere to the same security and performance standards.
  3. Backup Capability: Maintain a copy of your WP Hide PRO configuration as a safeguard against accidental changes or data loss.
  4. Ease of Use: The intuitive interface requires no technical expertise, making it accessible to all users.

Best Practices

  • Keep Backups Secure: Store your exported configuration text in a secure location to prevent unauthorized access.
  • Validate Imported Settings: After importing, review the settings to confirm they align with the target site’s structure and requirements.
  • Use for Migration Only: Avoid using the feature for unrelated or vastly different sites, as the configurations may cause compatibility issues.

 

The Import / Export feature in WP Hide PRO is a powerful tool for website administrators and developers. It simplifies the process of migrating configurations, ensuring efficiency and consistency across WordPress installations. By following the steps outlined above and adhering to best practices, you can leverage this feature to enhance your workflow and site management.

General / Html – Scripts

Last updated: January 13, 2025 No Comments

This section provides a way to control aspects of the front-side scripts loaded using the HTML script tag. An example of such a link:

<script type='text/javascript' id='jquery-framework' src='https://-domain-name-/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script>

Remove Version

The option method helps to remove the JavaScript version number which is being appended at the end of every script file. Generally, the version number is plain information upon the used JavaScript code. Keeping version numbers for scripts, grant additional information to hackers who try to identify specific JavaScript code and versions known as being vulnerable.

Activating the option, per the above example the new tag becomes:

<script type='text/javascript' id='jquery-framework' src='https://-domain-name-/wp-includes/js/jquery/jquery.js'></script>

Remove ID from script tag

This removes the id property inside the script tags. Most of the JavaScript assets IDs, include references to WordPress and used plugins, like wp- qxshop-js erc.

Activating the option, the tag becomes:

<script type='text/javascript' src='https://-domain-name-/wp-includes/js/jquery/jquery.js'></script>

PostProcessing – Html/Css/JS Replacements

Last updated: January 7, 2025 No Comments

This functionality is available for PRO version.

The module implements a post-processing engine, which allows arbitrary words to be replaced with custom ones. This works for all site data such as HTML, CSS, and JavaScript assets. The visual interface is self-explanatory and consists of a Replaced Word and a Replacement Word. This is easy to understand for non-technical persons and does not require any code modifications or debug knowledge.

This is a great way to white-label any plugins or active code on a site, by replacing the specific words (classes, tags, JavaScript variables etc), examples can be found at How to white label Elementor also Hide your Avada Theme, Avada Builder and Fusion core this makes the plugins totally unrecognizable for anonymous users.

For Cascading Style Sheet and JavaScript assets, the processed data is cached into static files and used on the next calls to speed up the site loading. This also increases the overall PageSpeed and YSlow Score which goes to better positioning on search engine rank.

This module also works great with any cache plugins to provide a robust page loading speed.

For the Replacement words, it is recommended random words to avoid conflicts with existing data. Also, avoid using minus sign ( subtraction ) within the replacement, to avoid JavaScript errors for the variables. You can use dashed instead.

2FA – Recovery Codes

January 3, 2025 No Comments

The Recovery Codes option for Two-Factor Authentication (2FA) provides a secure and reliable backup method to ensure access to your dashboard under any circumstances. When enabled, the system generates 10 unique, one-time-use recovery codes that can be used to authenticate your login if your primary 2FA method, such as email verification or an authenticator app, is unavailable.

Each recovery code is designed for single use only, adding an extra layer of security to protect against unauthorized access. These codes are particularly useful in scenarios where your primary 2FA device is lost, damaged, or temporarily inaccessible. By having recovery codes on hand, you can confidently regain access to your account without compromising its security.

It is essential to store your recovery codes in a safe and secure location. Options include using an encrypted password manager or physically securing the codes in a locked drawer or safe. Avoid storing them in easily accessible digital formats like unprotected text files, as this could expose them to unauthorized users.

While recovery codes are primarily intended as a backup solution, they can also serve as your primary 2FA method if needed. This flexibility makes them an invaluable part of a robust account security strategy.

With the Recovery Codes option, you can ensure uninterrupted access to your account while maintaining the highest standards of security. By enabling this feature, you add an extra layer of reliability and peace of mind to your 2FA setup.

2FA – Authenticator App

Last updated: January 3, 2025 No Comments

Strengthen users account security with the Authenticator App (TOTP) option for Two-Factor Authentication (2FA). This method leverages time-based one-time passcodes (TOTP), which are generated dynamically and provide an extra layer of protection against unauthorized access.

Setting up 2FA with an authenticator app is straightforward. During configuration, users scan a QR code provided by the system using their chosen app. The app will then generate a unique, time-sensitive code that must be entered into the ‘Verification Code’ field to complete the setup. This seamless process ensures user account is protected by a method that is both secure and easy to use.

Popular authenticator apps supported by this feature include:

  • Google Authenticator
  • Microsoft Authenticator
  • FreeOTP
  • Duo Mobile
  • Authy
  • LastPass Authenticator

These applications are readily available for download on Android and iOS devices, making it convenient for users to authenticate logins from their smartphones. Each app generates codes offline, meaning no internet connection is required once the setup is complete, further enhancing reliability and security.

The TOTP-based approach ensures that only individuals with access to the linked app on their device can successfully log in, even if a password is compromised. It is an excellent option for users seeking an advanced yet user-friendly method to secure their accounts.

By enabling the Authenticator App option for 2FA, you can safeguard your website and user accounts with modern, robust protection that aligns with industry best practices.

2FA – Email

Last updated: January 3, 2025 No Comments

The email-based Two-Factor Authentication (2FA) option offers a seamless and secure way to protect your account. When enabled, this method sends a unique, time-sensitive authentication code directly to the user’s registered email address each time they log in. This code acts as the second layer of verification, ensuring that only individuals with access to the associated email can successfully log in.

Upon reaching the 2FA step during login, users will be prompted to check their email for the authentication code. This code must be entered promptly to verify their identity and complete the login process. The email-based approach is especially beneficial for users who prefer not to use third-party apps, making it an accessible and reliable option for enhanced security.

To ensure the best experience and minimize potential delivery issues, it is highly recommended to configure an SMTP (Simple Mail Transfer Protocol) plugin on your website. An SMTP plugin works by securely routing authentication messages through a reliable email server, improving delivery rates and reducing the likelihood of 2FA codes being flagged as spam or landing in junk folders.

By integrating the email option with an SMTP plugin, you can provide users with a dependable and user-friendly Two-Factor Authentication experience. This not only enhances account security but also fosters user trust, knowing their sensitive login information is protected by multiple layers of verification. Whether for personal blogs or business websites, the 2FA email option is a straightforward yet effective way to safeguard accounts.

wp-hide/ignore_ob_start_callback

Last updated: November 25, 2024 No Comments

Name: wp-hide/ignore_ob_start_callback
Type: Filter
Arguments:

  • (bool) $status – Determines whether the output buffering should be ignored.
    • TRUE: Output buffering is ignored, and plugin features are disabled.
    • FALSE: Output buffering is enabled, and plugin features remain active.
  • (string) $buffer – The current output buffer content. This can be used to inspect or determine if changes should apply.

The wp-hide/ignore_ob_start_callback filter is a WordPress filter hook provided by the WP Hide plugin. It allows developers to disable the plugin’s output buffering and processing features on specific pages or conditions.

This can be particularly useful in scenarios where the plugin’s functionality might interfere with certain dynamic behaviors or custom implementations on specific pages, such as AJAX actions, admin pages, or specific post types.

Continue reading

Scroll to top