Hide My WP Ghost, Securing and protecting WordPress
Hide My WP Ghost offers a different angle… Instead of locking, it camouflages/hides the fact that you are using WordPress and that makes a big difference!
It is unthinkable today to leave your WP without a minimum of protection… I won’t talk in this post about the most important precautions such as renaming the admin, protecting your folders.
Hide My WP Ghost plugin
Hide My WP Ghost controls access to PHP files, it protects your site from 95% of SQL injections and XSS attacks. Hackers, spammers and bots can’t recognize your WordPress and in fact, ignore you! No changing of files or folders, all stay in their default location! It’s just a matter of controlling access to them, which guarantees maximum plugin compatibility.
No one can know that you are using WordPress
The principle is very simple, if you don’t know that I use a WordPress site then you won’t try to hack a WordPress!
Hide My WP Ghost hides your sensitive files:
- mywebsite.com/wp-login.php
- mywebsite.com/wp-admin/
Change the WordPress themes directory:
- /wp-content/themes/twentytwelve/style.css
- /template/twentytwelve/style.css
Change the plugin directory and hash the plugin name
- /modules/0f6a208e/shortcodes.css (instead of: / wp-content/plugins/zilla-shortcodes/shortcodes.css)
- /modules/0f6a208e/shortcodes.php – 404 Not found! (deny access)
Change download url, wp-includes folder, AJAX url, etc…
- mywebsite.com / myfiles/ landscape.jpg (instead of: … / wp-content/uploads/landscape.jpg)
- mywebsite.com / mylibs / js / jquery / jquery.js (instead of: … / wp-includes/js/jquery/jquery.js)
- mywebsite.com / ajax.php (instead of: … / wp-admin/admin-ajax.php)
Determine if the site is a WordPress:
- Try detection via whatwpthemeisthat.com
And a little more…
- Replace any word in your output HTML file
- Warn you when someone is redirected to your WordPress site (with details of visitors, user IP, referrer and even nickname!)
- Compress the output html and remove comments in the source code
- Remove the WordPress META info and RSS feed
- Change the default WordPress email address
- Custom 404 page or theme
- Remove useless menu classes
- Clean up body classes
- etc…
Frequently Asked Questions…
Does it physically change my WordPress folders and files?
- No, everything stays in its default location, Hide My WP Ghost simply controls access to them. This ensures maximum compatibility.
I hide both wp-login and wp-admin, but I can still see them. Why?
- Because you are a logged in administrator! Log out and try again. Don’t forget to save the new login address somewhere.
I can’t log in, what should I do now?
- When you hide wp-login.php you need to add your Admin keyword to login. Address: ?. e.g. yoursite.com/wp-login.php hide_my_wp = 1234 (1234 is the default key) If you have other problems just use your FTP or a file manager and rename the plugin folder to something else (to wp-content/plugins), it will then disable the plugin
Does this work with Nginx?
- Since version 1.5 Hide My WP supports Nginx. You must have write access to the Nginx configuration file. Please note multi-site usage on Nginx is not yet officially supported, but if you can convert htaccess rules for Nginx you can make it work.
What if I disable the plugin. Does everything come back as before?
- Absolutely! Just deactivate it from the admin panel and everything will go back to the way it was. If you are using a cache plugin you may need to clear the cache. If the plugin was deleted or renamed accidentally, go to Settings -> Permalinks and everything will return to normal!
Does this affect the speed of my site? (because of the many redirects)
- Hide My WP does not use 30x redirects but mainly instead, the rewrite rule which is internal and therefore does not affect speed. An impact on speed can occur when you have too many WordPress plugins. All options are explained in detail and you can choose between fast and/or compatible options.
Does it work with multi-sites and networks?
- Since version 1.5 Hide My WP supports multi-site subdomains and subdirectories. It is possible for the site administrator to use the network panel and configure the plugin for the whole network. You have to write an access to update the htaccess file and the themes to rename.
Why my plugin settings page is different from the official screenshots?
- It’s because you don’t enable the WordPress permalink structure or your host doesn’t support rewrite URLs (htaccess specific.)
Does Hide My WP Ghost affect my SEO?
- If you only change the main content of the URLs (posts, categories, tags) no, there is no SEO problem.
Note that HideMyWordPress overrides the default settings of your WP permalinks for articles, categories, tags. So even without this plugin if you change these settings, it will affect your ranking.
So how does Hide My WP Ghost work?
Mainly with URL rewriting and some redirections via your .htaccess but not only… You can of course choose the degree of confidentiality with 3 predefined levels: Utra-confidential, Medium (fast) and Medium (compatible). Make sure you have access to your htaccess file (if you use Apache) or configure your web server manually (if you use Nginx or multi-site).
Conclusion
This premium plugin is an excellent solution and unfortunately there is no equivalent in free or freemium version.
Be careful though, setting up this plugin can be tricky for beginners and some functions, especially rewriting, can sometimes cause problems. It is also recommended to make a full backup of your WordPress before installing it.
Note also that if Hide My WP Ghost is sufficient to protect yourself from Bots, it will not be enough to face an expert hacker who absolutely wants to break into your site 😉
