How To

Hide My WP Ghost and Zapier

Everybody knows that Zapier is a great tool when you need to create automated tasks on your WordPress site or to trigger an action when you create new posts or pages

We recently tested Zapier to create new posts in WordPress while Hide My WP Ghost plugin is activated.

We noticed that Zapier needs the xml-rpc.php file to work properly and we switched off the option Hide My WP > Tweaks > Disable XML-RPC access. With this option off we were able to create and promote our posts on Social Media.

Having this option on it’s not safe for your website. Many brute force attacks are made through this URL. Sometimes you need to make compromises in order to prevent functionality issues.

[How To] Setup Hide My WP Ghost with Advanced Access Manager

The Advanced Access Manager is a great plugin which lets you customize the users rights when it comes to access the backend of your website.

It’s also a good security plugin which protects your personal information when you want to limit the access to developers who sometimes have to work on your live website.

We tested Hide My WP Ghost together with AAM plugin and we noticed that with small adjustments, the two plugins are working beautifully together.

AAM plugin recommends you to add some rewrite rules into the .htaccess file. All you need to do is to change the old WP path with the new Hide My WP Ghost path and that’s all:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png|svg|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|xlsx|psd)$
    RewriteCond %{REQUEST_URI} wp-content/uploads/(.*)$
    RewriteRule . /index.php?aam-media=1 [L]
</IfModule>

to

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png|svg|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|xlsx|psd)$
    RewriteCond %{REQUEST_URI} storage/(.*)$
    RewriteRule . /index.php?aam-media=1 [L]
</IfModule>

Where storage is the custom wp-content/uploads path you set in Hide My Wp Ghost. If you use another path for uploads, please replace wp-content/uploads with your custom path.

The Difference Between Safe Mode and Ghost Mode in Hide My WP

Hide My Wp Ghost brings a complex level of security through obscurity and protection against hackers’ bots.

A reason to change the common paths in WordPress is to be able to hide these paths and prevent script injections into your vulnerable plugins and themes.

Note! The paths will not be physically changed by the plugin so that all the previous settings will go back to normal in case you deactivate the plugin.

(more…)

[How To] Customize the WP-Content Directory in WordPress

Method #1 – Change wp-content with wp-config.php

This solution is simple, but it involves editing a core WordPress file.

First, access the root directory of your WordPress installation using the File Manager in your web hosting CPanel or using an sFTP client. Then find a file named wp-config.php and open the file to edit.

Then add the following line in the wp-config file at the beginning of the file:

define ('WP_CONTENT_DIR',__DIR__ .'/lib');
define('WP_CONTENT_URL','http://yourdomain.com/lib');
define( 'UPLOADS', 'lib/uploads' );

Where lib is the custom name for the wp-content directory. You can change it with any name you want.

custom wp-content directory

Now, you need to physically change the folder wp-content into lib using the File Manager and you will need to re-login to your website.

Note! Changing the /wp-content directory is very important in your way of keeping the hackers’ bots away from injecting scripts into plugins and themes. But this will not fully protect your website from hackers.

You also need to change all the plugins and themes names and restrict access to the old paths.

Method #2 – Use A Plugin

The easiest way to change both wp-content and wp-includes paths is to use the Hide My WP Ghost plugin.

Once installed, this plugin will allow you to easily change the default WordPress directories with any path name you like.

For example, your current wp-content path may look like this: http://yourdomain.com/wp-content/. You can customize it to http://yourdomain.com/lib using this plugin. Same with the other paths.

Note! Keep in mind that this plugin will not physically change the wp-content directory but it will use rewrites rules. You don’t have to move the plugins, themes, and uploads back to what it was if you deactivate the plugin.

You can change the /wp-content and /wp-includes directories from hackers even with the free version of Hide My WP Ghost plugin. In case you want to add extra security, you will need the Hide My WP Ghost plugin. This plugin comes with support in case you need any configuration help.

[How To] Hide WordPress Common Paths in CSS Files

It was a real challenge to hide paths in CSS files but we managed to find a solution that will not affect the load on the web page.

Since version 4.2, you can use Hide My WP Ghost together with Autoptimize plugin and the plugin will look into the /wp-content/cache directory and change all the common paths.

We’ve tested the plugin with Wp-Rocket, Elementor, W3 Total Cache, Autoptimize, WP Fastest Cache and all these plugins passed the tests successfully.

(more…)

[How To] Customize WordPress Uploads Directory

Method #1 – Change wp-content/uploads with wp-config.php

This solution is simple, but it involves editing a core WordPress file.

First, access the root directory of your WordPress installation using the File Manager in your web hosting CPanel or using an FTP client. Then find a file named wp-config.php and open the file to edit.

Then add the following line in the wp-config file:

define( ‘UPLOADS’, ‘wp-content/storage’ );

(more…)

[How To] Hide the Image Paths for Elementor, Divi, Thrive and Other Builders

Hide My WP Ghost works well with all the WordPress builders. Once you save the page, Hide My WP Ghost Plugin will know what to do to hide the on-page paths and change them with the new one.

Hide My WP Elementor
(more…)

Security Check Issues

Website Security Check Report

If WPPlugins founds any security issue, it means that your WordPress CMS is detected and hackers will find these breaches.

If you don’t act NOW, the hacker’s bots will get into your website sooner or later. If they do, they usually remove the website content entirely and steal your database information. The loss and recovery costs can be … oh well … you do the math.

Below you will find more details and solutions for each security breach we found:

(more…)

Hide My WP Codecanyon Alternative

Many people are asking if the plugin on Codecanyon is the same as ours.

I can say that the name is similar but the features and functionality are not.

Hide My WP Ghost is a plugin built for both experts and non-experts and we’ve tried to minimize interactions with the config files.

(more…)

What Hide My WP Ghost Can’t Do

We work hard to make Hide My WP Ghost plugin for keeping your website safe using security through obscurity and at the same time to have a fast loading website with good SEO results in Google search engine.

Most hackers are using bots who access the vulnerable plugins path and inject javascript or SQL to get valuable data from your website. We made sure that Hide My WP Ghost will protect you from these types of attacks.

(more…)

Hide My WP Ghost Compatible With Inmotion WordPress Hosting

Inmotion Hosting is a good hosting solution for your business and if you start an hosting plan with them you will love their services.

Inmotion is using a Cache Manager base on Nginx and it will automatically cache all static files like: CSS, Javascript and Image files.

To make Hide My WP Ghost work and redirect all the static files you need to follow these  steps:

(more…)

[How To] Hide WordPress From Builtwith

Even if WordPress is one of the safest content management system online, you cannot be completely sure that no one can hack your website if you are using WordPress. There are so many insecure plugins and themes that can be tracked by hackers around the world.

How To Hide WordPress From BuiltWith

Hide My WP Ghost is designed to ensure perfect protection against hackers around the world. Note that BuiltWith is a popular platform that provides hackers information about on which platform a particular website is running so that they can further plan their destructive activities.

Experts reveal that Hide My WP Ghost hides the website from https://builtwith.com if the users are setting the Ghost mode to Hide My WP Ghost plugin.

(more…)

The website frontend style is not loading in Ghost Mode

If you followed all the Hide My WP Ghost indications, probably it’s a .htaccess file issue.

Please check the .htaccess file and look for

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
(more…)

[How To] Hide WordPress From Wappalyzer

WordPress is one of the safest content management system online. Developers at this company keep on updating the security parameters to address potential vulnerabilities.

However; we cannot be completely sure that no one can track your data on this platform. There are so many insecure plugins and themes that can be tracked by hackers around the world.

(more…)

[How To] Setup Hide My WP Ghost on Nginx Server

Please follow this tutorial step by step to set up the Hide My WP Ghost for Nginx server:

  1. In your WordPress dashboard, go to Hide My WP > Permalinks
  2. Select the Safe Mode,  scroll down and customize the paths as you like
  3. Click the Save button to save the changes.
  4. You will see a message to include the configuration file into nginx.conf file.

If your server is a Linux server, the main path to the nginx.conf file is /etc/nginx/nginx.conf (or /etc/nginx/conf/nginx.conf if you’re using Arch Linux). If the server is a Windows server your nginx.conf file will be located at C:/nginx/conf/nginx.conf)

If your nginx doesn’t have sites-enabled option activated (check for sites-enabled subdirectory in the same directory with nginx.conf file), you will find the server configuration in nginx.conf file like in the below example:

server {
        server_name [your domain name];
        root [path to the website root];
        index index.php;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

}
(more…)

[How To] Hide All The Wodpress Files With Hide My Wp Ghost

What Hide My WordPress Ghost can do:

You can set the Ghost mode to hide all the main WordPress paths:

  • wp-content
  • wp-includes
  • wp-content/uploads
  • wp-content/plugins
  • wp-content/themes
  • wp-comments-post.php
  • author
  • wp-json
  • wp-login.php, wp-login, login
  • wp-admin
  • and all the plugins and themes names
  • show forbidden error for all the old paths and let only the new paths
  • custom URLs using the URL Mapping feature
(more…)

[How To] Set Hide My Wp Ghost For Bitnami Servers

#1 Bitnami Setup for Apache Servers

Step1: Install, Setup Hide My WP Ghost Plugin and click the Save button with the new paths.

Step2: Copy the rewrite rules from Hide My WP Ghost into Bitnamy config file

Bitnami uses “htaccess.conf” files by default instead of “.htaccess” files for security and performance reasons. You can find more info at https://docs.bitnami.com/general/apps/redmine/administration/use-htaccess/

(more…)