Skip to contentSkip to main navigation Skip to footer

Developers

How to Add Files to “Hide WordPress Common Files”

Understanding the Goal

You want to hide additional common WordPress files, specifically wp-cron.php, using the Hide My WP Ghost plugin. This is accomplished by adding a filter to modify the list of files to be hidden.


Adding the Filter in WordPress

You need to add a filter to either the functions.php file of your active theme or the wp-config.php file. This filter will modify the hidden files list.

Option A: Editing functions.php

  1. Navigate to your WordPress admin dashboard.
  2. Go to Appearance > Theme File Editor.
  3. Select the functions.php file from the right-hand side menu.
  4. Add the following code at the end of the functions.php file
add_filter('hmwp_hide_commonfiles_files', function($files){
  $files[] = 'wp-cron.php';
  return $files;
});

Option B: Editing wp-config.php

  1. Access your WordPress site’s root directory via FTP or your hosting control panel’s file manager.
  2. Open the wp-config.php file for editing.
  3. Add the following code at the end of the wp-config.php file
add_filter('hmwp_hide_commonfiles_files', function($files){
  $files[] = 'wp-cron.php';
  return $files;
});

Adding Multiple Files

If you want to hide additional files such as wp-trackback.php and xmlrpc.php, you can modify the code as follows:

add_filter('hmwp_hide_commonfiles_files', function($files){
    $files[] = 'wp-cron.php';
    $files[] = 'wp-trackback.php';
    $files[] = 'xmlrpc.php';
    return $files;
});

Hiding the File in Hide My WP Ghost

After adding the filter, you need to select the file and save the settings in the Hide My WP Ghost to apply the changes.

  1. Navigate to the Hide My WP > Change Paths > WP Core Security > Hide WordPress Common Files.
  2. Select the file from the list, in our case is wp-cron.php file
  3. Click the Save Settings button to ensure the file is hidden.

Note! For Nginx server, you need to restart the Nginx service after saving the settings in Hide My WP Ghost plugin.


Important

  • Avoid Breaking Functionality: Be careful not to hide files that are essential for WordPress functionality. For instance, hiding xmlrpc.php can prevent remote publishing and applications that use XML-RPC from functioning correctly.
  • Testing: After adding the filter, thoroughly test your website to ensure it continues to function as expected. Check for any broken features or errors.

By following this tutorial, you can easily extend the functionality of the Hide My WP Ghost plugin to hide additional files, increasing your WordPress site’s security.

Always test your changes and avoid hiding critical WordPress files to maintain the site’s functionality.

How To Change or Remove Login Logo Link

WordPress, by default, displays its logo on the login page, and this logo links to the official WordPress website. However, you might want to customize this link to redirect to your website’s homepage or another specific page. This tutorial will guide you through the process of changing the link on the login page logo using hooks. We’ll also cover how to change the alt text of the logo to display your site’s name.


1. Accessing the Theme’s Functions File

First, you need to access your theme’s functions.php file. This file allows you to add custom PHP code to your theme.

Via WordPress Admin Dashboard:

  • Navigate to Appearance > Theme Editor.
  • In the Theme Files list on the right, find and click on functions.php.

Via FTP or File Manager:

  • Use an FTP client or your web host’s file manager to navigate to wp-content/themes/your-theme/.
  • Open the functions.php file for editing.

To change the link of the login page logo from WordPress.org to your site’s homepage, you need to use the login_headerurl filter. Add the following code to your functions.php file:

// Changing the logo link from wordpress.org to your site
function mb_login_url() {
    return home_url();
}

add_filter('login_headerurl', 'mb_login_url');

Or, if you want to remove the link:

add_filter('login_headerurl', '__return_false');

Explanation:

  • mb_login_url: This function returns the URL of your site’s homepage using the home_url() function.
  • add_filter('login_headerurl', 'mb_login_url'): This line applies the mb_login_url function to the login_headerurl filter, changing the logo link.

3. Changing the Logo Alt Text

Next, to change the alt text of the login page logo to display your site’s name, use the login_headertitle filter. Add the following code to your functions.php file:

// Changing the alt text on the logo to show your site name
function mb_login_title() {
    return get_option('blogname');
}

add_filter('login_headertitle', 'mb_login_title');

Explanation:

  • mb_login_title: This function returns the site name by retrieving the blogname option from your site’s settings.
  • add_filter('login_headertitle', 'mb_login_title'): This line applies the mb_login_title function to the login_headertitle filter, changing the alt text of the logo.

4. Save Changes

After adding the above code to your functions.php file, save the changes. If you are using the Theme Editor, click the Update File button. If you are using an FTP client or file manager, upload the modified functions.php file back to your server.


5. Verify Changes

To ensure that the changes have been applied correctly:

  1. Log out of your WordPress admin dashboard.
  2. Navigate to your login page (typically found at yourdomain.com/wp-login.php).
  3. Verify that the logo now links to your homepage and that the alt text displays your site’s name.

Additional Tips

  • Custom Login Page Plugins: Consider using a custom login page plugin for more extensive customizations. Plugins like “LoginPress” offer a user-friendly interface for modifying the login page.

How To Customize hmwp_logged_in_admin & hmwp_logged_in_login

customize hmwp_logged_in cookie

To customize the cookie name with Hide My WP Ghost, it’s quite simple.

Just follow these steps:

  1. Open the wp-config.php file in your WordPress installation.
  1. Locate the line that mentions WP_DEBUG.
  2. Directly after this line, add the following code:
   define('HMWP_LOGGED_IN_COOKIE', 'my_logged_in_');

Here, ‘my_logged_in_’ is the prefix you desire for that cookie. You can replace it with any prefix you prefer.

  1. Save the wp-config.php file after making this change.
  2. Once saved, refresh the settings in Hide My WP Ghost and empty the session cookies to ensure that the changes take effect.

By following these steps, you can easily customize the cookie name according to your preference.

How to Disable Hide My WP Ghost on Specific Pages

First, install and activated the Hide My WP Ghost plugin. Then, follow these solutions:


Using Settings:

  1. Access Hide My WP Ghost Settings:
    • From the left-hand sidebar, go to Hide My WP > Change Paths > Whitelist Options.
  2. Add the URLs of the Specific Pages:
    • Enter the slug or relative URL of the pages where you want to disable Hide My WP Ghost.
      (e.g., if you wish to exclude “sample-page”, you would add “/sample-page/”).
    • Click ‘Save Settings’ once done.

That’s the general method to exclude specific pages from being affected by Hide My WP Ghost. However, if you want more flexibility and control, you can use the add_filter function in your theme’s functions.php file or a custom plugin.


Using add_filter to Disable Hide My WP Ghost:

  1. Access Your Theme’s functions.php File:
    • From your WordPress Dashboard, navigate to Appearance > Theme Editor.
    • Find and click on the functions.php file in the right-hand column.
  2. Add the Custom Filter:
    • At the end of the file, paste the following code:

function disable_hmwp_on_specific_pages($process) {
    // Check if we're viewing a specific page by its slug
    if (is_page('your-page-slug')) {
        return false;
    }

    return $process;
}

add_filter('hmwp_process_init', 'disable_hmwp_on_specific_pages');
  1. Modify the Code:
    • Replace 'your-page-slug' with the slug of the page where you want to disable Hide My WP Ghost.
    • If you have multiple pages, you can add additional conditions.
  2. Save Changes:
    • Click ‘Update File’ to save the changes you’ve made to functions.php.

With that, Hide My WP Ghost should be disabled on the specific pages you’ve chosen.

Remember to always back up your website before making any code changes, and test your site afterward to ensure everything works as expected.

How to Customize Right Click Disable for Specific Pages

One of Hide My WP Ghost features is the ability to disable right-clicking on the frontend to prevent users from easily copying your content. However, you might want to selectively enable right-click on specific URLs. In this tutorial, we’ll show you how to customize the right-click disable feature in Hide My WP Ghost using the provided code snippet.

Before you can customize the right-click disable feature, you’ll need to access your WordPress files. You can do this via FTP or through your hosting control panel. Once you have access, locate either your theme’s functions.php file or the wp-config.php file, depending on where you want to add the customization.


Step-by-Step Guide:

Step 1: First, you need to activate Disable Right Click from Hide My WP > Tweaks > Disable Options

Step 2: Choose whether you want to add the code to your theme’s functions.php file or the wp-config.php file. Use a code editor to open the file for editing. Insert the following code:

/**
 * Deactivate disable right click on specific URLs
 * array $urls List of URLs where the right click should be active
 */
add_filter('hmwp_option_hmwp_disable_click', function($active){

    if(isset($_SERVER['REQUEST_URI'])) {

        $urls = array(
            home_url(), //home page
            home_url('hello-world'),
            home_url('sample-page'),
        );

        $path = rtrim($_SERVER['REQUEST_URI'], '/') . '/';
        $paths = array_map(function ($url){
            return trailingslashit(parse_url($url, PHP_URL_PATH));
        }, $urls);

        //don't activate on Home Page
        if (in_array($path, $paths)) {
            $active = false;
        }
    }

    return $active;
});

Step 3: Customize the URLs

In the code snippet, you can see an array called $urls. This array contains the URLs where you want to either enable or disable right-click. By default, the code allows right-click on the home page, ‘hello-world’, and ‘sample-page’.

You can customize this array by adding or removing URLs that match your specific requirements. Just make sure to follow the same format as the provided URLs.

Step 5: Save Your Changes

After adding the code and customizing the URLs, save the changes to the file.

Step 6: Check the Result

Now, visit the URLs you’ve customized in your browser and test the right-click functionality. It should be enabled or disabled based on your configuration.

Conclusion:

By following this tutorial and adding the provided code to your chosen file, you can selectively enable or disable right-click functionality on specific URLs, enhancing the user experience while maintaining security.

You can do the same for these HMWP hooks:

hmwp_option_hmwp_disable_inspect <- Disable Inspect Element

hmwp_option_hmwp_disable_source <- Disable View Source

hmwp_option_hmwp_disable_copy_paste <- Disable Copy Paste

hmwp_option_hmwp_disable_drag_drop <- Disable Drag-Drop Images

How to Add a Custom Config File for Nginx Servers

Hide My WP Ghost allows you to change the default configuration file/path when the website root path is not writable.

Prerequisites:

  • Access to your server’s Nginx configuration.

Step 1: Create a Custom Configuration File

  1. Connect to your server using SSH or your preferred method.
  2. Navigate to your WordPress root directory, typically located at /path_to_root/wp-content/.
  3. Create a new file named hidemywp_custom.conf inside the wp-content directory using the following command:
   touch /path_to_root/wp-content/hidemywp_custom.conf

Step 2: Modify Nginx Configuration

  1. Open your Nginx server configuration file using a text editor. The location of this file may vary depending on your system setup. Commonly, it’s located at /etc/nginx/nginx.conf or in a directory like /etc/nginx/sites-available/.
  2. Inside the server block of your Nginx configuration, add the following line:
   server {
       # Other existing configurations...

       include /path_to_root/wp-content/hidemywp_custom.conf;

       # Other existing configurations...
   }

path_to_root

Change path_to_root with the actual path to website root (WordPress instalation folder).

Step 3: Edit wp-config.php

  1. Access your WordPress installation folder on the server.
  2. Locate the wp-config.php file and open it in a text editor.
  3. Add the following code snippet at the end of the file, or after WP_DEBUG definition:
   add_filter('hmwp_config_file', function(){
       return ABSPATH . 'wp-content/hidemywp_custom.conf';
   });

Step 4: Save Hide My WP Ghost Settings

  1. Log in to your WordPress dashboard.
  2. Navigate to Hide My WP > Custom Paths
  3. Click the “Save Changes” button to save the new custom config path.

Step 5: Restart Nginx

  1. To apply the changes and load the new config path into memory, restart Nginx using the following command:
   sudo service nginx restart

Congratulations! You have successfully added a custom config path in Hide My WP Ghost for Nginx servers. This custom path enhances the security of your WordPress website by moving the configuration file to a different location, making it harder for potential attackers to locate it.

Please note that whenever you make changes to the custom config path, you must restart Nginx to ensure the modifications take effect.

Disable Hide My WP Ghost for User Roles

Our plugin is designed to provide users with the highest level of security and customization. One unique feature of our plugin is the ability to whitelist specific IP addresses, which allows users to grant access to certain users while blocking others.

This can be particularly useful for businesses or organizations that want to grant access to employees or trusted partners while blocking access to unauthorized users.

If you want to disable the plugin for logged users with specific roles, you can add this code in the functions.php file of the theme:

add_action('template_redirect','hidePathsByUserRole');

function hidePathsByUserRole(){

    if (function_exists('wp_get_current_user')) {
        $user = wp_get_current_user();
        $allowed_roles = array(
            'administrator',
            'editor', 
            'author'
        );

        if( isset($user->roles) && is_array($user->roles) && array_intersect($allowed_roles, $user->roles ) ) {
            add_filter('hmwp_process_paths', '__return_false');
            add_filter('hmwp_process_buffer', '__return_false');
            add_filter('hmwp_process_hide_disable', '__return_false');
            add_filter('hmwp_process_find_replace', '__return_false');
        }
    }
}

The code will disable Hide My WP Ghost for administrators, editors and authors. You can add new roles or remove roles from the code.

Redirect Logged Users to Admin Dashboard

If you are using a custom login path for your WordPress website and want to automatically redirect logged users to the admin dashboard, you can use a hook code.

Here is how you can do it:

  1. Open the wp-config.php file or your theme’s functions.php file.
  2. Add the following hook code at the end of the file:
add_action('hmwp_login_init',function(){
   global $current_user;
   if (isset($current_user->ID)){
      wp_redirect(admin_url());
      exit;
    }
});

Save the changes and upload the file to your server.

Once you have added the hook code, any logged-in user accessing the custom login path will be automatically redirected to the admin dashboard. This can be a useful feature for your users and can save them time and effort.


Using a WordPress Plugin

Alternatively, if you are using the Hide My WP Ghost plugin, you can use the built-in option to redirect logged users to the admin dashboard. Here is how you can do it:

  1. Install and activate the Hide My WP Ghost plugin on your WordPress website.
  2. Go to Hide My WP > Tweaks in the WordPress dashboard menu.
  3. Click on the “Redirects” tab.
  4. Check the box next to “Redirect Logged Users to Dashboard”.
  5. Save the changes.

Once you have activated the option, any logged-in user accessing the custom login path will be automatically redirected to the admin dashboard.

That’s it! You have now learned how to redirect logged users to the admin dashboard when using a custom login path on your WordPress website.

Remove DNS-Prefetch WordPress

What is DNS-Prefetch ?

DNS prefetching is an attempt to resolve domain names before a user tries to follow a link. This is done using the computer’s normal DNS resolution mechanism.

The main reason for rel=dns-prefetch to exist is to speed up the way web pages load when they are using different domains for page resources. This process is often called “DNS prefetching“.

The WordPress link looks like this:

  <link rel='dns-prefetch' href='//s.w.org' /> 

Remove DNS-Prefetch from WordPress site

To remove the DNS-Prefetch link from WordPress wp_head hook is not very hard.

You can add the following code to your functions.php to remove DNS-Prefetch link from your header:

add_action( 'init', 'remove_dns_prefetch' ); 
function  remove_dns_prefetch () {      
   remove_action( 'wp_head', 'wp_resource_hints', 2, 99 ); 
} 

Hide WordPress From Hackers

If you are looking to hide the WordPress CMS from hacker bots download the Hide My WP Ghost plugin. The plugin hides the DNS Prefetch link, Comments, Generator Tag and more.

Learn More