Hide My WP Ghost is a WordPress Security plugin. It’s one of the best security through obscurity WordPress plugins.

It has over 60.000 secured websites, over 1,400,000 brute force attempts protection and over 5.000 login email alerts.

The plugin adds filters and security layers to prevent Scripts and SQL Injections, Brute Force attacks, XML-RPC attacks and more.

It changes and hides the common paths, plugins and themes paths offering the best protection against hacker bots attacks.


All Hide My WP Ghost Features


Follow our YouTube channel to see our How To videos for Hide My WP Ghost plugin.

https://www.youtube.com/channel/UC3kcRCh5D4wnzH-FgatqALw


Latest FAQ

How Can I Deactivate All Plugins At Once?

With FTP access or File Manager

  1. Rename /wp-content/plugins to /wp-content/plugins_temp
  2. Create the folder /wp-content/plugins

This way you will deactivate all the plugins without deleting them one by one from WordPress.

If you rename the folder /wp-content/plugins_temp back to /wp-content/plugins you will have all the plugins activated again.

Note! During this process, do not access the Plugins tab in WordPress to avoid detecting that the plugins are missing and deactivating them all.

Now, you can do even more:

Test Only One Plugin

If you want to test only a plugin, you can copy the plugin folder from /wp-content/plugins_temp in /wp-content/plugins folder after creating it.

  1. Rename /wp-content/plugins to /wp-content/plugins_temp
  2. Create the folder /wp-content/plugins
  3. Copy one plugin folder like /wp-content/plugins_temp/hide-my-wp to /wp-content/plugins/hide-my-wp

Now, after the test, remove the created folder and rename the temp folder back.

Do I Need to Hide WordPress From Detectors or Hackers?

This is a really good question a website owner should ask.

I will try to explain as simple as I can how some of the attacks happen and what is the best way to protect against them.

Human vs Robots
Hackers vs Bots

A human hacker loads software with tons of actions and URLs that are designed to find breaches on a specific CMS. From URL to URL on the internet, the software (bot) is loading all the actions and URLs without checking the website CMS first. Once the bot gets a signal that a breach was found, it will automatically inject the script/worm and the rest … well … is not bright.

As most of the attacks are made by bots and not by human hackers, there can be thousands of calls per minute for each website and the owner does’t even know about it.

Type of Actions and URLs

I will resume the actions and the URLs to the WordPress CMS to keep it simple.

As most of the plugins and themes owners are not familiar with the types of bot attacks, offer their work with small windows for hackers to find usernames and passwords, to upload files on the server, to inject scripts in files and the list can continue.

Path Traversal Example
Script Injection in Login Page

For websites like WordPress, most of the attacks contain paths to /wp-content/plugins/ and /wp-content/themes/, to the default /wp-login.php and /wp-admin.

As you can’t guarantee that all the plugins you have installed are secured or that an update can’t come with a breach, I can say that it’s a lottery and it’s a matter of time until a bot finds a breach.

Hide WordPress For Security

Here you can find how to protect your website using Hide My WP Ghost https://hidemywpghost.com/how-to-protect-my-wordpress-website/.

If you want to use Hide My WP Ghost for security and not just for hiding your website from theme detectors, then you don’t need to change the plugin’s classes in the source-code.

The best way is to change the WordPress CMS paths using the Hide My WP > Change Paths and hide the WordPress old/common paths from bots so that the attacks will be rejected. This way you don’t need to worry if a plugin is 100% secure or not and concentrate on growing your business.

source ukfast.co.uk

The good news about Hide My WP is that the plugin works well with other security plugins like Wordfence, iThemes Security, Sucuri who come to block more types of attacks and to monitor all files’ integrity.

Also works with other 2 Factor Authentication plugins that work on the login page if you have an e-commerce website or a website with members who need to login to your website.

Hide WordPress For Themes Detectors

As we explained in other articles, hiding the website from theme and CMS detectors is not going to make your website safer.

Hiding from CMS and theme detectors if useful if you don’t want your visitors to know that you have a WordPress website or you don’t want to have your website associated with WordPress for your company image.

Here you can find help for how to configure the Hide My WP Ghost plugin to hide your website from themes detectors:

https://hidemywpghost.com/how-to-hide-from-wordpress-theme-detectors/

https://hidemywpghost.com/difference-between-safe-mode-and-ghost-mode-in-hide-my-wp/

https://hidemywpghost.com/hide-wordpress-from-wappalyzer/

https://hidemywpghost.com/hide-wordpress-from-builtwith/

Does Using a "Hide my WP" Plugin Effect SEO?

Hiding the WordPress CMS shouldn’t affect the SEO from your website.

All the main URLs should remain unchanged. Only the media URLs are changed once you change the paths.

Through sitemap.xml Google is informed about the new paths and next time the Google will verify the website it will index the new media paths.

We have tested Hide My WP Ghost on many websites and we noticed even a slight improvement in the loading speed and great results in Google search engine, Bing and Yandex.

Is Hide My WP Login plugin making my site more secure?

Hiding your WordPress login page is a great way to secure your site from both targeted hacks and automated brute-force attacks.

Why you should care about hiding the login page?

The answer is: Brute-force attacks.

In a brute-force attack, hackers basically try to guess your username and password over and over until it breaks in.

They’re hoping that, with enough tries, they’ll find the magic combination. Now I think you’re seeing where hiding the login page comes into it… if you hide your login page, there’s nowhere for hackers to run their brute-force attack.

So protecting the login path from your website is really important.

A quick and simple way to do that is to use a plugin like Hide My WP Ghost

change wordpress login path

Once you install it, you can customize the wp-login and also hide the /wp-login and /wp-login.php path from your website.

The extra feature this plugin has is to protect your login page from Brute Force attacks in case you have the login option for your members on your page.

You can use Math Check protection or reCaptcha protection from Google. Both protections are fine and will block the hackers to a limited attempts of login.

You can download the plugin from here: Hide My WP Ghost

Is there a way to hide my WordPress site?

Hiding the WordPress site and CMS is a good idea when you want to protect your website from hacker bots attacks.

Usually, the bots try to inject scripts and SQL queries into the website no matter if they are WordPress or other type of CMS.
Most of the attacks are targeting the well known plugins with vulnerabilities which have a door to the WordPress core.

There are 2 ways to hide a WordPress site:

1. Manually through File Manager with a bit of PHP knowledge

To hide the WordPress Site you need to:

  • Hide all the WP headers like RDS, DNS Prefetch, Generator Meta
  • Hide all the WP comments and versions at the end of each file
  • Change and hide the WP common paths like wp-content, wp-includes, plugins, themes and cache directories
  • Hide the files readme.html, xml-rpc.php, install.php, wp-config.php and more
  • Hide classes from source code beginning with “wp-” (make sure the plugins are not using them)

2. Use a free WordPress plugin

A faster way to hide the WordPress site without coding, we recommend you to install the Hide My WP Ghost plugin

How to 'hide' the WordPress site?

Hiding the WordPress site and CMS is a good idea when you want to protect your website from hacker bots attacks.

Usually, the bots try to inject scripts and queries into the website no matter if they are WordPress or other type of CMS.
Most of the attacks are targeting the well known plugins with vulnerabilities which have a door to the WordPress core.

This should be the main reason you should hide the CMS.

To hide the WP CMS you need to:

  • Hide all the WP headers
  • Hide all the WP comments and versions
  • Change and hide the WP common paths like wp-content, wp-includes, plugins, themes and cache directories
  • Hide the files readme.html, xml-rpc.php, install.php, wp-config.php and more
  • Hide classes from source code beginning with “wp-” (make sure the plugins are not using them)

A faster way to hide the WordPress site without coding, we recommend you to install the Hide My WP Ghost plugin

Can I hide my WordPress site until it is ready?

Yes, you can hide the website until it’s ready in two ways:

1. The easy way to hide your WordPress website while you’re in development is to check the option “Discourage search engines from indexing this site” from Settings > Reading

2. Another way is to install a free maintenance plugin like https://wordpress.org/plugins/wp-maintenance-mode/

wp maintenance plugin

The plugin will let you customize the website but it will be hidden for the users and Search Engines. This is how the visitors will see the frontend:

One advantage to use the maintenance plugin is that you can collect emails until you finish the website and already have users for Email Marketing when you start your business.

Increase Your Website Security

Don’t forget to install a security plugin before making the website public.


Download Hide My WP

How can we hide plugins from WordPress detectors?

To hide the CMS from Theme detectors is not so easy to do. You need to change all WordPress common paths in source-code, hide the paths, links to WordPress.org, restrict access to WordPress files, and more.

If you have a WordPress site and you want to hide the fact that you’re using a WordPress CMS, install Hide My WP Ghost plugin and configure it to hide and protect your website in the same time.

Here are some useful articles you must follow to hide your website from Theme detectors:

https://hidemywpghost.com/how-to-hide-from-wordpress-theme-detectors/

https://hidemywpghost.com/hide-my-wp-how-to-install-the-plugin/

How do I change admin-ajax in WordPress?

All the ajax calls in the frontend are made by the default URL /wp-admin/admin-ajax.php. This URL is also used by hackers to upload viruses and scripts on your website.

Changing the wp-admin/admin-ajax.php URL is mandatory for protecting the WordPress site from hackers.

To easily change the admin-ajax.php path you can use Hide My WP Ghost plugin. After adding a new ajax URL, the default admin-ajax.php URL will be hidden from hackers.

How to change admin-ajax in WordPress

  1. To change the admin-ajax.php path, go to Hide My WP > Permalinks > Custom Ajax URL
  2. To hide the wp-admin path from ajax calls, switch on Hide My WP > Permalinks > Hide wp-admin from ajax URL 

Why you must have Hide My WP Ghost: https://hidemywpghost.com/hide-my-wp-why-you-must-have-it/

How do I rename a wp-content folder?

You can change wp-content folder manually or using a WordPress plugin.

  1. You can manually change the folder wp-content into lib (or a different name) using the File Manager on your server and you will need to re-login to your website.
  2. You can use Hide My WP Ghost plugin to change the wp-content path and all the common WordPress paths to protect your website from hackers.

You can find details about both ways here:
https://hidemywpghost.com/how-to-customize-wp-content-directory-in-wordpress/

Download Hide My WP Ghost Lite

Hide My WP Ghost Lite is a WordPress Security plugin. Change and Hide WordPress common paths and URLs to increases your WP Security against hacker’s bots.


Download

Latest KB Articles