Hide Your WordPress Site From Hackers
How Hide My WordPress Ghost can help you to change common paths and hide your URLs from hackers
Which Are The Most Attacked Paths?
The majority of password-guessing attacks will try to hit your WordPress wp-admin, wp-login, xmlrpc endpoints URL that accepts a user name and password. Also, it may attack the installed themes and plugins and other known vulnerable files.
Why is important to hide them?
Hackers are everywhere online and they are always ready to capture your company data and even sell it to the highest bidder
Hide My WordPress Ghost Can Help You Hide All These Paths and More
In the following, I’ll explain every step that you should take to have a secure website.
You’ll learn how to use Hide My WordPress Ghost to protect your website from hackers.
Hide & Customize wp-admin and wp-login URLs
A hacker needs to find your login page, if he or she intends to use a brute force attack on the login page to gain access.
Normally, to get to the login page all you have to do is go to /wp-admin or /wp-login.php. Most WordPress websites have the login entry point at http://yourwebsite.com/wp-login.php.
By hiding your login page you will protect your website. This way, the attacker can’t identify a potential point of entry.
A bot that can’t find your login page, can’t attempt to log in.
Similar to the wp-login.php page, there is the wp-admin directory which also needs to be protected.
Hide My WordPress Ghost Will Help You To
- Hide WordPress wp-admin URL and redirect hackers to 404 page or a custom page.
- Hide WordPress wp-login.php and redirect hackers to 404 page or a custom page.
- Change the wp-admin and wp-login URLs to custom names.
- Hide the admin-ajax URL.
Beside the huge security advantage, this saves lots of server processing time by reducing PHP and MySQL usage since brute force attacks trigger wrong URLs.
Customize & Hide WordPress Common Paths
By default, WordPress puts all your content (including images, plugins, themes, uploads and more) in a directory called “wp-content.”
This default folder name makes it easy for attackers to scan for files with security vulnerabilities on your WordPress installation because they know where the vulnerable files are located.
Renaming the “wp-content” folder can make it more difficult or even impossible for an attacker to find the vulnerable files, as scans of your site’s file system will not produce any results.
You also need to change any links containing /wp-content/, /themes/, and /plugins/ for better security.
Hide My WordPress Ghost Options
- Customize & Hide WP wp-includes path
- Customize & Hide WP wp-content path
- Customize & Hide WP plugin & theme paths
- Customize & Hide WP uploads path
- Customize WP authors path / Hide Author ID URL
- Customize WP comment URL
- Customize WP category & tags path
- Customize WP API Rest path
- Customize WP Lost Password URL
- Customize Register URL
- Customize Logout URL
- Customize Activation URL
- Customize Ajax URL
- Restrict user access to old common paths/directories
- Choose to redirect unwanted visitors to a custom page
Hide WordPress Common Files
Hide WordPress Common files:
- wp-config.php
- readme.html
- license.txt
- install.php
- update.php
- and more
Restrict access for unwanted visitors and trigger a “Page not found” error
Plugin and Theme Settings
Hide My WordPress Ghost Will Help You To
Change the WordPress theme directory, remove theme Info from stylesheets and replace default WP classes.
Change plugins directory and hash plugin names.
Set random plugin names.
Set random theme names.
Remove unwanted classes.
Remove ids from stylesheets and scrips metas.
Set custom style.css for your WordPress themes.
Other Security Settings
Firewall Against Script Injection
- Most WordPress installations are hosted on the popular Apache, Litespeed, Nginx and IIS web servers.
- A thorough set of rules can prevent many types of SQL Injection and URL hacks from being processed.
Disable Directory Browsing
- Don’t let hackers see any directory content.
Advanced Security Settings
Optimize CSS and JS files
- Cache CSS, JS and Images to increase the frontend loading speed
- Leverage browser caching
Notification Settings
- Send emails with the changed admin and login URLs
- Send security alerts and weekly website security stats
URL Mapping
- You can add a list of URLs that you want to change into new ones. It’s important to include only internal URLs from your frontend source code after you activate the plugin in Safe Mode or Ghost Mode.
Example:
from: https://yourdomain.com /assets/f9f4ca341/main.css
to: https://yourdomain.com/mystyle.css
You Can Choose From 2 Levels Of Security
There is no difference in features between Safe Mode and Ghost Mode, just in the predefined settings.
By default, Safe Mode does not modify the wp-admin and admin-ajax.php paths, it just hides them. Also, it doesn’t hide the common paths (wp-includes, wp-content, plugins, themes) and WP-JSON API calls.
Safe Mode has been created to eliminate many incompatibilities with custom themes and plugins that we have tested in recent years.
Safe Mode provides a good level of security, even if these settings are not enabled.
If you feel confident you can switch to Ghost Mode, since you can always go back to Safe Mode in one click.
Loving what you see?
I want to know more about Hide my WordPress Ghost
30 Days Money Back Guarantee. No Long-term Contracts
Best WordPress
Protection
Easy-to-use
No Coding
Other Plugins
Compatibility
Professional
Dedicated Support
Works
FAST
Copyright © WPPlugins