Whatever reason may be, in some cases people prefer to hide the fact that they are using WordPress as platform for their site.
WordPress is easily to love. It has many advantages like huge community, it’s powerful, flexible, free and you can create beautiful sites for all kind of businesses. It is not just blogging platform.
But with those advantages come security problems. Maybe you even don’t want others to know that your online business is based on WordPress.
WordPress is constantly updated and doesn’t have poor security but it is still vulnerable like any other platform.
Because of its popularity, it is target of constant attacks. WordPress sites are targeted more by hackers, bots and spammers which try to take advantage of new security bugs found in plugins, themes and WordPress itself.
This is very common for any popular software or product.
Sometimes people try hide the fact that they’re running WordPress because they’re afraid other people will see that and think they’re “unprofessional” or cheap.
Many say don’t even try to hide the fact your site is powered by WordPress as there are hundreds other ways to not only find out the fact that you’re using WordPress, but also find out the exact version number.
Regardless of any plugins or hacks changing or hiding the “generator” meta tag, the readme file and other precautions.
It is like in real life. If someone wants to do you harm, he will find the way.
If someone wants to hack your site, and he knows what he is doing, he will find a way. But for other wannabe hackers, or average people maybe it is not bad to hide some WordPress facts.
At least to stop some spammers or hide the fact your business is based on WordPress (you don’t have to be ashamed of WordPress. It is most used CMS platforms for websites around world).
By obscuring your WordPress installation, you protect your site from brute force and mass hacking attempts, where large numbers of URLs are scanned in search for WP installations to attack.
Hide The Fact You Are Using WordPress
There are numerous plugins and services which can help in security of your WordPress site.
If security is really your goal, you should always be updating to the latest version themes, plugins and WordPress itself.
But here is plugin that can co-work with your already installed security plugins to make site bulletproof.
It is called Hide My WP. It works well as a general security plugin, and will hide the fact that you’re using WordPress by changing your permalinks without making changes to the actual locations of your files.
The objective of this plugin is to give your website an extra layer of security:
- Automated softwares and bots won’t be able to target your WordPress installation
- Spammers wont be able to go to yoursite.com/wp-login.php or yoursite.com/wp-admin/ and start guessing your admin password. Also no spam registrations
- Visitors won’t be able to trace your WordPress theme easily or WordPress version
Hide My WP controls access to PHP files. It protects your site from SQL-Injection and XSS attacks caused by direct access to PHP files.
Hackers, spammers and bots with Hide My WP can’t recognize (or access to) WordPress.
Hide My WP doesn’t change any file or folder as everything stays in its default location.
Hide My WP Review
After installing and activating Hide My WP plugin, you can start configuring. Go to Settings > Hide My WP. The first thing you’ll be asked to do is enter your purchase code.
Click the “Get it” link and copy and paste your purchase code to get things started.
It has few settings divided in “Start”,”General Settings” and “Permalinks and URLs” tab.
If you have Bulletproof security plugin activated on your site, you will get message: “You use BulletProof security plugin. To make it work correctly you need to configure Hide My WP manually. Click on “Manual Configuration” in Start tab. (If you did that ignore this message).”
It is nothing to be concern off. You will just need to manually add rules created by Hide My WP in .htacces using BulletProof.
In Start tab section you can choose one of pre-made settings schemes or if you’ve used this plugin on another WordPress install, you’d can import or export settings. Other fields are self-explanatory.
Hide My WP Settings
Under the General Settings tab things start to get interesting. Here you can:
- choose 404 page template
- assign trusted user roles
- replace old URL’s
- hide wp-login.php
- hide wp-admin
- choose to have an email sent to the admin whenever a 404 page is hit
- choose to hide meta data
- and many other options and settings
NOTE: If you tick option to use Spy Notify, email will be sent to site admin whenever someone visits 404 page (trying to find your admin or login.php). That can cause receiving many emails and thus filling up your inbox.
You can see just a little portion of emails which I started to receive. It is better to leave it unchecked.
General settings are for basic WordPress hiding. You can’t go wrong much when setting options here.
It will help hide some WordPress facts and stop brute force attacks as well as spammer registrations.
If that is enough for you then you can stop setting Hide My WP and save changes. If you want more, go to Permalinks and URLs tab.
Under the Permalinks and URLs tab you will be able to change different link structures and pathways. If you really want to hide the fact you are using WordPress, this is the part that needs to be done.
NOTE: Warning, settings here can mess up the site. All seen settings in images are just examples and don’t reflect my settings.
After finishing save your settings. If using BulletProof Security Plugin then be sure to manually add changes.
Hide My WP Features
- Ability to hide both page and area
- Spy notifications feature – if someone tries to access 404 page
- Ability to remove auto generated feed from header
- Ability to clean automatic classes added by WordPress
- Ability to disallow direct access to php files (except the ones in wp-admin)
- Minification of code
- Ability to replace/remove a piece of text in finally rendered code
- Ability to customise post, page and search queries (/?p=1 can be changed to /?page=1)
- Ability to change pagination URL
- Ability to disable Archives
- Ability to completely disable queries for taxonomies, comments and attachments
Hide My WP vs Swift Security
Swift Security is another WordPress plugin intended for removing traces that website/blog uses WordPress as its platform.
- Swift Security
- Free Version
- Export/Import Options
- Trusted User Roles
- Hide Login Page
- Hide Admin
- Spy Notify
- Remove Meta
- Remove Version
- Hide Other Files
- Compress Page
- Hide PHP Files
- Replace in HTML
- Replace URLs
- Change Theme Paths
- Change Plugin Paths
- Change WordPress queries
- Change upload URL, wp-includes folder, AJAX URL
- Disable WordPress archives, categories, tags, pages, posts, etc
- Anti-Brute Force
- Multisite Compatibility
- Compatibility With Cache Plugins
- Login IP Filter
- Scheduled Code Scans
- Automatically Quarantines Files
- WooCommerce Compatibility
- Child Themes Support
- Nginx Support
- Hide My WP
Other WordPress Security Measures
Hiding WordPress by obscuring a few permalinks and files can be a good security measure. But it’s not your only option, and it shouldn’t be the only action you take to protect your site.
There are some basic WordPress security tips you can easily follow to keep your site more safe from hackers, without hiding WordPress:
- Always use strong passwords.
- Always keep your WordPress core updated to the latest version.
- Keep all your themes and plugins updated, delete inactive themes and plugins, and stop using any themes and plugins that are no longer being updated.
- Consider protecting your login page from brute force attacks by requiring CAPTCHA and/or 2 factor authentication.
- Consider installing security plugin like iThemes Security or Bullet Proof Security.
If your website’s already been hacked you may want to check guide by Nathan B. Weller to find out how to fix it – What to Do When Your WordPress Website Has Been Hacked.
Hide The Fact You Are Using WordPress Final Words
Hide My WP is easy to install and to configure. All settings and options are nicely explained so you always know what are you doing and what option does what.
I’d say it’s a great investment. For anyone using WordPress to make money or run a business online, $23 for better security is a bargain.
I’d definitely recommend picking this plugin up if you’re looking to be as secure as possible or want to hide the fact of using WordPress no matter what.
Just know, Hide My WP will hide the fact you are using WordPress on your site. But there are many ways someone can still discover what is behind the hood by digging deeper.
Some settings could break site. I personally broke my CSS styles but after unticking option to change theme path everything was working again.
Also it might have conflicts with some plugins too. Author says it works great with any security plugin.
With more than 12,000 purchases and rating of 4.5/5 on Codecanyon this plugin is surely nice add-on to any WordPress site.
Plugin is actively supported and updated. Many new features have been added from the time this post was first written. For detailed info and what is new check sales page of Hide My WP on Codecanyon.
Now over to you. What steps do you take in order to protect your WordPress website? Let me know in comments below!
Hide My WP
- Spy notifications feature
- Affordable price
- Ability to disallow direct access
- Minification of code
- Ability to set custom URLs for static files
- Disable queries for taxonomies, comments and attachments
- Clean automatic classes
- Some settings can break site