Latest FAQ

Can I hide my WordPress site until it is ready?

Yes, you can hide the website until it’s ready in two ways:

1. The easy way to hide your WordPress website while you’re in development is to check the option “Discourage search engines from indexing this site” from Settings > Reading

2. Another way is to install a free maintenance plugin like https://wordpress.org/plugins/wp-maintenance-mode/

wp maintenance plugin

The plugin will let you customize the website but it will be hidden for the users and Search Engines. This is how the visitors will see the frontend:

One advantage to use the maintenance plugin is that you can collect emails until you finish the website and already have users for Email Marketing when you start your business.

Increase Your Website Security

Don’t forget to install a security plugin before making the website public.


Download Hide My WP

How can we hide plugins from WordPress detectors?

To hide the CMS from Theme detectors is not so easy to do. You need to change all WordPress common paths in source-code, hide the paths, links to WordPress.org, restrict access to WordPress files, and more.

If you have a WordPress site and you want to hide the fact that you’re using a WordPress CMS, install Hide My WP Ghost plugin and configure it to hide and protect your website in the same time.

Here are some useful articles you must follow to hide your website from Theme detectors:

https://hidemywpghost.com/how-to-hide-from-wordpress-theme-detectors/

https://hidemywpghost.com/hide-my-wp-how-to-install-the-plugin/

How do I change admin-ajax in WordPress?

All the ajax calls in the frontend are made by the default URL /wp-admin/admin-ajax.php. This URL is also used by hackers to upload viruses and scripts on your website.

Changing the wp-admin/admin-ajax.php URL is mandatory for protecting the WordPress site from hackers.

To easily change the admin-ajax.php path you can use Hide My WP Ghost plugin. After adding a new ajax URL, the default admin-ajax.php URL will be hidden from hackers.

How to change admin-ajax in WordPress

  1. To change the admin-ajax.php path, go to Hide My WP > Permalinks > Custom Ajax URL
  2. To hide the wp-admin path from ajax calls, switch on Hide My WP > Permalinks > Hide wp-admin from ajax URL 

Why you must have Hide My WP Ghost: https://hidemywpghost.com/hide-my-wp-why-you-must-have-it/

How do I rename a wp-content folder?

You can change wp-content folder manually or using a WordPress plugin.

  1. You can manually change the folder wp-content into lib (or a different name) using the File Manager on your server and you will need to re-login to your website.
  2. You can use Hide My WP Ghost plugin to change the wp-content path and all the common WordPress paths to protect your website from hackers.

You can find details about both ways here:
https://hidemywpghost.com/how-to-customize-wp-content-directory-in-wordpress/

Download Hide My WP Ghost Lite

Hide My WP Ghost Lite is a WordPress Security plugin. Change and Hide WordPress common paths and URLs to increases your WP Security against hacker’s bots.


Download

How do I change the default login page in WordPress?

WordPress wp-loginwp-login.php, and login paths are the first ones a hacker bot will access for Brute Force attacks. Changing these paths and hiding them is mandatory when you have a WordPress CMS.

To do this with Hide My WP Ghost, just change the name for the wp-login with your custom name in Hide My WP > Permalinks > Custom login URL.

change wordpress login path

Paths are not physically changed

Hide My WP Ghost will not physically change the paths on your server. It uses rewrite rules to prevent any functionality errors.

Download Hide My WP Ghost Lite

Hide My WP Ghost Lite is a WordPress Security plugin. Change and Hide WordPress common paths and URLs to increases your WP Security against hacker’s bots.


Download

Can I change WP admin to something else?

The most important path in WordPress is the wp-admin and the only way to protect this path is by changing its name and hiding it from hacker bots.

To do this with Hide My WP Ghost, just change the name for the wp-admin with your custom name in 
Hide My WP > Permalinks > Custom admin URL.

change wordpress admin path

Paths are not physically changed

Hide My WP Ghost will not physically change the paths on your server. It uses rewrite rules to prevent any functionality errors.

Download Hide My WP Ghost Lite

Hide My WP Ghost Lite is a WordPress Security plugin. Change and Hide WordPress common paths and URLs to increases your WP Security against hacker’s bots.


Download

Is Hide My WP Ghost Hiding The wp-admin On Nginx Servers?

Yes, you can customize and hide wp-admin path on Nginx server. Just follow the setup instruction.

Please read more details about How to configure Hide My WP Ghost for Nginx servers

Note! To change and hide the wp-admin path on Nginx Servers you need to have shell access to be able to reload the Nginx server.

How Do I Know If My Website Is Hidden With Hide My WP Ghost?

Make sure you follow the setup instructions:
https://hidemywpghost.com/hide-my-wp-how-to-install-the-plugin/

You can then use external WordPress detectors to verify if you are 100% hidden:

wordpress vulnerability detector

http://whatwpthemeisthat.com/
http://www.wpthemedetector.com/
https://whatcms.org/
https://wpplugins.tips/wordpress-vulnerability-detector/

If the WordPress Detectors still find your website please contact us and we will check if there are some theme incompatibilities.

If I'm logged in my website I can access the wp-admin, is that safe?

The wp-admin path can only be accessed if you are logged in as admin. It’s not visible to visitors or hacker bots.

The Ghost version is hiding all the plugins and themes paths and the WordPress common paths from hackers.

Even if plugins like Woocommerce are adding class names in HTML and WP detectors are identifying these classes in order to tell you that you are using WordPress, the hacker bots are using Brute Force and Script Injection to break the plugins on vulnerable paths even if your website is not built in WordPress.

Having the common paths hidden with Hide My WP Ghost will protect your site against hackers attacks. Also, activate the Brute Force protection from Hide My WP Ghost to prevent the Brute Force attacks.

Having the wp-admin path visible when you’re logged to your website will prevent your website from crashing if you deactivate the plugin or if another plugin uses the old admin path in the backend.

Should You Disable XML-RPC on WordPress?

XML-RPC on WordPress is actually an API or “application program interface“. It gives developers who make mobile apps, desktop apps, and other services the ability to talk to your WordPress site. The XML-RPC API that WordPress provides gives developers a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.

These include:

  • Publish a post
  • Edit a post
  • Delete a post.
  • Upload a new file (e.g. an image for a post)
  • Get a list of comments
  • Edit comments

For a full list of the WordPress API functions available to developers via XML-RPC, take a look at this page on the WordPress codex.

If you disable the XML-RPC service on WordPress, you lose the ability for any application to use this API to talk to WordPress.

Let’s use an example to illustrate: You have an app on your iPhone that lets you moderate WordPress comments. Someone advises you to disable XML-RPC. Your iPhone app suddenly stops working because it can no longer communicate with your website using the API you just disabled.

There are two common attacks on XML-RPC:

  • DDoS via XML-RPC pingbacks.
  • Brute force attacks via XML-RPC.

If you still want to disable XML-RPC, you can switch on this option in Hide My WP Ghost.