﻿===WP Ghost===

1. Install the Plugin

- Log In as an Administrator on your WordPress dashboard.
- In the WordPress menu, go to Plugins > Add New Plugin tab.
- Click on the Upload Plugin button from the top of the page.
- Click to browse and upload the hide-my-wp.zip file.
- After the upload, click the Activate Plugin button to activate the plugin.

2. Activate the plugin

- From the plugins list, click on the Settings link to go to plugin’s settings.
- Now enter the Activation Token from your account into the activation field.
- Click to activate and start the plugin setup.

3. Select Safe Mode or Ghost Mode

- Go to WP Ghost > Change Paths > Level of Security
- Choose between 2 levels of security: Safe Mode and Ghost Mode.
- Customize the paths as you like and click the Save button to apply changes.
- Follow the WP Ghost instructions based on your server configuration.

Enjoy WP Ghost!
John

== Changelog ==
= 8.1.02 =
* Update - Added the AI support in the plugin settings page
* Update - Remove the help icons for the plugin whitelabel option with custom domain
* Fixed - Prevent changing the login path in posts slug
* Fixed - Advanced Pack install domain not found error

= 8.1.01 =
* Update - Changed Hide My WP Ghost plugin name with short WP Ghost
* Update - WP Ghost comes with a new plugin logo in 2025
* Update - More security on REST API for user listing when User Security is activated
* Update - Plugin Security and Firewall rules

= 8.0.21 =
Update - Added gif and tiff to media redirect in Hide WP Common Paths
Update - Allow activating hmwp_manage_settings capability only for a user using Roles & Capabilities plugin
Fixed - Layout and improved functionality

= 8.0.20 =
Update - Compatibility with WP 6.7
Update - Compatibility with LiteSpeed Quic Cloud IP addresses automatically
Fixed - Litespeed cache plugin compatibility and set /cache/ls directory by default
Fixed - Whitelist website IP address on REST API disable to be able to be accessed by the installed plugins

= 8.0.19 =
Fixed - Compatibility with LiteSpeed when CDN is not set
Fixed - Change paths when www. prefix exists on the domain

= 8.0.17 =
Update - Compatibility with WP Rocket Background CSS loader
Update - Map Litespeed cache directory in URL Mapping
Fixed - Remove dynamic CSS and JS when Text Mapping is switched off
Fixed - Prevent changing wp-content and wp-includes paths in deep URL location and avoid 404 errors

= 8.0.16 =
Update - Layouts, Logo, colors
Update - Added Drupal 11 in CMS simulation
Update - Set 404 Not Found error as default option for hidden paths
Fixed - Compatibility with Wordfence Scan
Fixed - Changed deprecated PHP functions
Fixed - Warnings when domain schema is not identified for the current website
Fixed - Redirect to homepage the newadmin when user is not logged in

= 8.0.15 =
Update - Plugin layout
Fixed - Compatibility with WP 6.6.2
Fixed - Compatibility with Squirrly SEO buffer when other cache plugins are active
Fixed - Compatibility with Autoptimize minify

= 8.0.14 =
Update - Added the option to select all Countries in Geo Blocking
Update - Brute Force compatibility with UsersWP plugin
Fixed - Remove x_redirect_by header on redirect

= 8.0.13 =
Update - Added the option to disable Copy & Paste separately
Fixed - PHP Error on HMWP_Models_Files due to the not found class
Fixed - Layout, Typos, Small Bugs

= 8.0.12 =
Update - Compatibility with Wordfence

= 8.0.11 =
Update - Plugin security and compatibility with WP 6.6.1 & PHP 8.3
Update - Adding wp-admin path extensions into firewall when user is not logged in

= 8.0.10 =
Fixed - Google reCaptcha on frontend popup to load google header if not already loaded
Fixed - Hide New Login Path to allow redirects from custom paths: lost password, signup and disconnect
Fixed - WP Multisite active plugins check to ignore inactive plugins
Fixed - Small bugs

= 8.0.09 =
Update - Add security preset loading options in Hide My WP > Restore
Fixed - Library integrity on the update process
Fixed - Cookie domain on WP multisite to redirect to new login path when changing sites from the network
Fixed - Brute Force shortcode to work with different login forms

= 8.0.07 =
Fixed - Compatibility with WP 6.6
Fixed - Security update on wp-login.php and login.php

= 8.0.06 =
Update - Added the option to immediately block a wrong username in Brute Force
Update - Sub-option layouts
Fixed - File Permission check to receive the correct permissions when is set stronger than required
Fixed - Hide login.php URL when hide default login path
Fixed - Small bugs

= 8.0.05 =
Update - Added more path in Frontend Test to make sure the settings are okay before confirmation
Fixed - Compatibility with Wordfence to not remove the rules from htaccess
Fixed - Filter words in 8G Firewall that might be used in article slugs
Fixed - Trim error in cookie when main domain cookie is set
Fixed - Login header hooks to not remove custom login themes

= 8.0.03 =
Fixed - isPluginActive check error when is_plugin_active is not yet declared
Fixed - Disable clicks and keys to work without jQuery
Fixed - Remove the ghost filter from 8G Firewall

= 8.0.02 =
Fixed - Show error messages in Temporary login when a user already exists
Fixed - Temporary users to work on WP Multisite > Subsites

= 8.0.01 =
Fixed - Login security when Elementor login form is created and Brute Force is active
Fixed - Login access when member plugins are used for login process
Fixed - Firewall warning on preg_match bot check in firewall.php

= 8.0.00 =
Update - Added Country Blocking & Geo Security feature
Update - Added Firewall blacklist by User Agent
Update - Added Firewall blacklist by Referrer
Update - Added Firewall blacklist by Hostname
Update - Added "Send magic link login" option in All Users user row actions on Hide My WP Advanced Pack plugin
Update - Added the option to select the level of access for an IP address in whitelist
Removed - Mysql database permission check as WordPress 6.5 handles DB permissions more secure
Moved - Firewall section was moved to the main menu as includes more subsections
Fixed - 8G Firewall compatibility with all page builder plugins

= 7.3.05 =
Update - Compatibility with WPEngine rules on wp-admin and wp-login.php
Update - New Feature added "Magic Login URL" on Hide My WP Advanced Pack plugin
Fixed - Prevent firewall to record all triggered filters as fail attempts
Fixed - Remove filter on robots when 8G firewall is active
Fixed - Frontend Login Check popup to prevent any redirect to admin panel in popup test
Fixed - Prevent redirect the wp-admin to new login when wp-admin path is hidden

= 7.3.04 =
Update - Search option in Hide My WP > Overview > Features
Update - Send Temporary Logins in Events log
Fixed - Don't show Temporary Logins & 2FA in main menu when deactivated

= 7.3.03 =
Update - 8G Firewall on User Agents filters
Update - Compatibility with WP 6.5.3
Update - Load the options when white label plugin is installed
Fix - Restore settings error on applying the paths
Fix - Prevent redirect the wp-admin to new login when wp-admin path is hidden

= 7.3.01 =
Update - Added translation in more languages like Arabic, Spanish, Finnish, French, Italian, Japanese, Dutch, Portuguese, Russian, Chinese
Fix - "wp_redirect" when function is not yet declared in brute force
Fix - "wp_get_current_user" error in events log when function is not yet declared

= 7.3.00 =
Update - Added the option to detect and fix all WP files and folders permissions in Security Check
Update - Added the option to fix wp_ database prefix in Security Check
Update - Added the option to fix admin username in Security Check
Update - Added the option to fix salt security keys in Security Check
Update - Layout and Fonts to integrate more with WordPress fonts
Update - 7G & 8G firewall compatibility to work with more WP plugins and themes

= 7.2.07 =
Update - Added the option on Apache to insert the firewall rules into .htaccess
Fixed - Screen 120dpi display layout
Fixed - Hide reCaptcha secret key in Settings

= 7.2.06 =
Update - Added the 8G Firewall filter
Update - Added the option to block the theme detectors
Update - Added the option to block theme detectors crawlers by IP & agent
Update - Added compatibility with Local by Flywheel
Update - Firewall loads during WP load process to work on all server types
Fixed - Load most firewall filters only in frontend to avoid compatibility issues with analytics plugins in admin dashboard
Fixed - Avoid loading recaptcha on Password reset link
Fixed - Avoid blocking ajax calls on non-admin users when the Hide wp-admin from non-admin users is activated

= 7.2.05 =
Update - Added the option ot manage/cancel the plan on Hide My WP Cloud
Fixed - Custom login path issues on Nginx servers
Fixed - Issues when the rules are not added correctly in config file and need to be handled by HMWP
Fixed - Don't change the admin path when ajax path is not changed to avoid ajax errors

= 7.2.04 =
Compatibility with WP 6.5
Update - Compatibility with CloudPanel & Nginx servers
Fixed - Warning in Nginx for $cond variable

= 7.2.03 =
Compatibility with PHP 8.3 and WP 6.4.3
Update - Compatibility with Hostinger
Update - Compatibility with InstaWP
Update - Compatibility with Solid Security Plugin (ex iThemes Security)
Update - Added the option to block the API call by rest_route param
Update - Added new detectors in the option to block the Theme Detectors
Update - Security Check for valid WP paths
Fixed - Don't load shortcode recapcha for logged users
Fixed - Rewrite rules for the custom  wp-login path on Cloud Panel and Nginx servers
Fixed - Issue on change paths when WP Multisite with Subcategories
Fixed - Hide rest_route param when Rest API directory is changed
Fixed - Multilanguage support plugins
Fixed - Small bugs & typos

= 7.2.02 =
* Update - Add shortcode on BruteForce [hmwp_bruteforce] for any login form
* Update - Add security schema on ssl websites when changing relative to absolute paths
* Update - Compatibility with WP 6.4.2 & PHP 8.3
* Fixed - Change the paths in cache files when WP Multisite with Subdirectories
* Fixed - Small bugs in rewrite rules

= 7.2.01 =
* Update - Compatibility with WP 6.4.1 & PHP 8.3
* Update - The Frontend Check to check the valid changed paths
* Update - The Security Check to check the plugins updated faster and work without error with Woocommerce update process
* Update - Compatibility with Solid Security Plugin (ex iThemes Security)
* Update - Hidden wp-admin and wp-login.php on file error due to config issue
* Update - Hide rest_route param when Rest API directory is changed
* Update - Add emulation for Drupal 10 and Joomla 5
* Fixed - Hide error when there are invalid characters in theme/plugins directory name
* Fixed - Small bugs

= 7.2.00 =
* Update - Added the 2FA feature with both Code Scan and Email Code
* Update - Added the option to add random number for static files to avoid caching when users are logged to the website
* Fixed - Added the option to pass the 2FA and Brute Force protection when using the Safe URL
* Fixed - Tweaks redirect for default path wasn't saved correctly
* Fixed - Small Bugs

= 7.1.17 =
* Fixed - File extension blocked on wp-includes when WP Common Paths are activated
* Fixed - Remove hidemywp from file download when the new paths are saved

= 7.1.16 =
* Update - Compatibility with WP 6.3.1
* Update - Compatibility with WPML plugin
* Update - Security on Brute Force for the login page
* Fixed - Small Bugs

= 7.1.15 =
* Update - Compatibility with WP 6.3
* Update - Security Check Report for debugging option when debug display is set to off
* Update - Security Check Report for the URLs and files to follow the redirect and check if 404 error

= 7.1.13 =
* Update - Compatibility with more 2FA plugins
* Update - Compatibility with ReallySimpleSSL

= 7.1.11 =
* Update - Json Response using WP functions
* Update - Check the website logo on Frontend Check with custom paths
* Fixed - Loading icon on settings backup
* Fixed - Small bugs

= 7.1.10 (26 May 2023) =
* Update - Compatibility with WP 6.2.2
* Fixed - Update checker to work with the latest WordPress version
* Fixed - Hide wp-login.php path for WP Engine server with PHP > 7.0

= 7.1.08 (26 May 2023) =
* Update - Added the user role "Other" for unknown user roles
* Update - Sync the new login with the Cloud to keep a record of the new login path and safe URL

= 7.1.07 (19 May 2023) =
* Update - Compatibility with WPEngine hosting
* Update - Compatibility with WP 6.2.1
* Fixed - Loading on defaut ajax and json paths when the paths are customized
* Fixed - Compatibility issues with Siteground when Ewww plugin is active
* Fixed - To change the Sitegroud cache on Multisite in the background

= 7.1.06 (15 May 2023) =
* Update - Compatibility with Siteground
* Update - Compatibility with Avada when cache plguins are enabled

= 7.1.05 (05 May 2023) =
* Update - Add compatibility for Cloud Panel servers
* Update - Add the option to select the server type if it's not detected by the server
* Fixed - Remove the rewrites from WordPress section when the plugin is deactivated
* Fixed - User roles names display on Tweaks

= 7.1.04 (03 May 2023) =
* Update - File processing when the rules are not set correctly
* Update - Security headers default values
* Fixed - Compatibilities with the last versions of other plugins
* Fixed - Reduce resource usage on 404 pages

= 7.1.02 (24 Apr 2023) =
* Update - Compatibility with other plugins
* Update - UI & UX to guide the user into the recommended settings
* Fixed - Increased plugins speed on compatibility check
* Fixed - Common paths extensions check in settings

= 7.0.15 (04 Apr 2023) =
* Update - Add the option to check the frontend and prevent broken layouts on settings save
* Update - Brute Force protection on lost password form
* Update - Compatibility with Memberpress plugin
* Fixed - My account link on multisite option

= 7.0.14 (23 Mar 2023) =
* Update - Compatibility with WP 6.2
* Update - Added the option to whitelist URLs
* Update - Added the sub-option to  show a white-screen on Inspect Element for desktop
* Update - Added the options to hook the whitelisted/blacklisted IPs
* Fixed - small bugs / typos / UI

= 7.0.13 (28 Feb 2023) =
* Update - Compatibility with PHP 8 on Security Check

= 7.0.12 (20 Feb 2023) =
* Compatibile with WP 6.2
* Fixed - Handle the physical custom paths for wp-content and uploads set by the site owner
* Fixed - Compatibility with more plugins and themes

= 7.0.11 (26 Ian 2023) =
* Update - Remove the atom+xml meta from header
* Update - Save all section on backup restore
* Update - Update the File broken handler
* Update - Login, Register, Logout handlers when the rules are not added correctly in the config file and prevent lockouts

= 7.0.10 (19 Dec 2022) =
* Update - Remove the noredirect param if the redirect is fixed
* Update - Check the XML and TXT URI by REQUEST_URI to make sure the Sitemap and Robots URLs are identified
* Update - Check the rewrite rules on WordPress Automatic updates too
* Update - Add the option to disable HMWP Ghost custom paths for the whitelisted IPs

= 7.0.05 (22 Nov 2022) =
* Update - Fix login path on different backend URL from home URL

= 7.0.04 (25 Oct 2022) =
* Update - Compatibility with WP 6.1
* Update - Add More security to XML RPC
* Update - Add GeoIP flag in Events log to see the IP country
* Update - Compatibility with LiteSpeed servers and last version of WordPress

= 7.0.03 (20 Oct 2022) =
* Update - Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs
* Fixed - Allow self access to hidden paths to avoid cron errors on backup/migration plugins
* Fixed - White screen on iphone > safari when disable inspect element option is on

= 7.0.02 (28 Sept 2022) =
* Update - Add the Brute Force protection on Register Form to prevent account spam
* Update - Added the option to prioritize the loading of HMWP Ghost plugin for more compatibility with other plugins
* Update - Compatibility with FlyingPress by adding the hook for fp_file_path on critical CSS remove process
* Fixed - Remove the get_site_icon_url hook to avoid any issue on the login page with other themes
* Fixed - Compatibility with ShortPixel webp extention when Feed Security is enabled
* Fixed - Fixed the ltrim of null error on PHP 8.1 for site_url() path
* Fixed - Disable Inspect Element on Mac for S + MAC combination and listen on Inspect Element window

= 7.0.01 (10 Sept 2022)=
* Update - Added Temporary Login feature
* Fixed - Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo
* Update - Compatibility with Nicepage Builder plugin
* Update - Compatibility with WP 6.0.2
