Hide My WP Ghost – Security & Firewall

July 18, 2024

Hide My WP Ghost – Security & Firewall Plugin

Hide WP paths, wp-login, wp-admin and more. Security against Brute Force attacks, SQL/Script Injections. 7G & 8G firewalls against most bot attacks.

Level up your WordPress security with Hide My WP Ghost plugin!

Hide My WP Ghost is your ultimate WordPress security solution. With powerful, easy-to-use features, it boosts your site’s security without altering any directories or files.

Join over 100,000 secured websites with Hide My WP Ghost. The plugin has blocked over 9 million brute force attempts and stopped 140,000 monthly hacks.

Key features include powerful protection against Scripts and SQL Injections, Brute Force attacks, XML-RPC attacks, XSS, and more.

Hide My WP Ghost changes and hides WP common paths, admin & login paths, plugin paths, and theme paths, protecting your site from hacker bots.

Note: No files or directories are physically altered. All changes are implemented through server rewrite rules, ensuring no impact on SEO or loading speed.

Protect your site today! Hide My WP Ghost hides all common paths from hackers, shielding all your plugins and themes effectively.


YouTube – Why You Must Have Hide My WP

Check the Demo Website source code:
https://demo.wpplugins.tips/
(the elementor is changed in files and classes using the PRO version)

Check the Redirected URLs in Demo Website (all are redirected to Front Page):
https://demo.wpplugins.tips/wp-admin
https://demo.wpplugins.tips/wp-login

Check the Hidden Common Paths in Demo Website (all show 404 Page Not Found):
https://demo.wpplugins.tips/wp-content
https://demo.wpplugins.tips/wp-content/plugins
https://demo.wpplugins.tips/wp-content/themes

The plugin works with other security plugins like Wordfence, iThemes Security, Sucuri and adds a layer of security to your WordPress website against hacker bots.

Hide My WP Ghost is compatible with all server types, hosting services, and also supports WP Multisite.

Over 90,000 hacking attacks per minute strike WordPress sites and WordPress hosting around the world, hitting not only large corporate websites packed with sensitive data, but also sites belonging to small businesses, independent entrepreneurs, and individuals running personal blogs.

Security of WordPress sites typically tops the list of concerns for new and experienced website owners alike.

For owners of WordPress sites, statistics like that one raises particular worries about the security not just of individual WordPress sites, but of WordPress itself.

Is your website secure? Check your website with Free Website Security Check

Protect your WordPress website by hiding the authentication paths like wp-admin, wp-login.php, and wp-login, and change the common WordPress paths like wp-content, wp-includes, uploads, and more.

Hide My WP Ghost is packed with awesome security features:

Hide My WP Ghost (over 40 FREE Security Features):

  • Hide WordPress wp-admin, and show 404 error or a custom page
  • Hide WordPress wp-login.php, and show 404 error or a custom page
  • Change the wp-admin and wp-login URLs
  • Change lost password URL
  • Change register URL
  • Change logout URL
  • Change activation URL
  • Change admin-ajax URL
  • Change wp-content URL
  • Change wp-includes URL
  • Change uploads URL
  • Change comments URL
  • Change author URL
  • Change plugins URL
  • Change plugins name
  • Change themes URL
  • Change themes name
  • Custom themes style.css name
  • Change REST API wp-json URL
  • Change category URL
  • Change tags URL

  • Custom login redirects based on user role

  • Custom logout redirects based on user role

  • Change URLs from Relative to Absolute

  • Change URLs in Ajax calls
  • Change URLs for Logged Users
  • Change URLs in Cache Files
  • Change paths in Sitemap.xml
  • Change paths in Robots.txt

Hide Options:

  • Security Headers against XSS & Code Injections
  • Security Header Strict-Transport-Security
  • Security Header Content-Security-Policy
  • Security Header X-XSS-Protection
  • Security Header X-Content-Type-Options
  • Security Header X-Frame-Options
  • Firewall against Script Injections and SQL Injection
  • 7G Firewall Security Filter
  • 8G Firewall Security Filter
  • Block by IP Addresses
  • Block by User Agents
  • Block by Referrers
  • Block by Hostnames

Hide Options:

  • Hide /wp-admin path
  • Hide /wp-login path
  • Hide /login path
  • Hide REST API wp-json path
  • Hide Admin Toolbar based on user role
  • Hide style IDs and META IDs
  • Hide WordPress HTML comments
  • Hide Version and WordPress Tags
  • Hide DNS Prefetch WordPress link
  • Hide WordPress Generator Meta
  • Hide RSD (Really Simple Directory) header
  • Hide Emoticons if you don’t use them

Disable Options:

  • Disable REST API access
  • Disable XML-RPC access
  • Disable Embed scripts
  • Disable DB-Debug in Frontend
  • Disable WLW Manifest scripts
  • Disable Select All – Ctrl+A (Windows and Linux), ⌘+A (macOS)
  • Disable Copy – Ctrl+C (Windows and Linux), ⌘+C (macOS)
  • Disable Cut – Ctrl+X (Windows and Linux), ⌘+X (macOS)
  • Disable Paste – Ctrl+V (Windows and Linux), ⌘+V (macOS)
  • Disable Save – Ctrl+S (Windows and Linux), ⌘+S (macOS)
  • Disable Inspect Element/Developer Tool – Ctrl+Shift+I (Windows and Linux), ⌘+⌥+I (macOS)
  • Disable View Source – Ctrl+U (Windows and Linux), ⌘+U (macOS)
  • Disable Right Click
  • Disable Drag-Drop
  • Disable Image Dragging by Mouse
  • Disable Text Selection
  • Disable Directory Browsing

Mapping Text and URLs:

  • Change URLs using URL Mapping
  • Change classes using Text Mapping
  • Change CDN URLs using CDN Mapping
  • Change paths in the cache files
  • Change paths in the Feed link
  • Change paths in the Sitemap XML
  • Change paths in the Robots.txt

Brute Force Protection:

  • Brute Force Protection with Math reCaptcha
  • Brute Force Protection with Google reCaptcha V2
  • Brute Force Protection with Google reCaptcha V3
  • Brute Force Protection on Password Lost
  • Brute Force Protection on Signup
  • Brute Force Protection on Woocommerce Login
  • Brute Force Protection shortcode [hmwp_bruteforce]
  • Custom attempts, timeout, message
  • Manage Blacklist and Whitelist IPs

Extra Features:

  • Fix relative URLs
  • Backup and Restore settings
  • Change classes on source code using Text Mapping
  • Change URLs on source code using URL Mapping
  • Cache CSS, JS, and Images to optimize the loading speed
  • Weekly security checks and reports

Integrations:

  • Support for WP Multisite
  • Support for Nginx
  • Support for IIS
  • Support for LiteSpeed
  • Support for Apache
  • Support for Siteground
  • Support for WP Engine
  • Support for AWS Hosting
  • Support for Inmotion Hosting
  • Support for Hostgator Hosting
  • Support for Godaddy Hosting
  • Support for Host1plus
  • Support for Payperhost
  • Support for Fastcomet
  • Support for Dreamhost
  • Support for Bitnami Apache
  • Support for Bitnami Nginx
  • Support for Google Cloud Hosting
  • Support for Litespeed Hosting
  • Support for Flywheels Local
  • Support for Flywheels Hosting
  • Support for Ploi Hosting
  • Support for Namecheap Hosting
  • Support for RunCloud Hosting
  • Support for WPEngine Hosting
  • Support for CloudPanel Hosting

  • Recommended by Wp Rocket

  • Recommended by WPML

See All FREE Security Features (over 40):
Hide My WP Free Features

See All Premium Security Features (over 70):
* All the Hide My WP Ghost Free Features
* Hide WordPress Common Paths by Extension
* Hide WordPress Files like wp-config.php, wp-config-sample.php, wp-load.php, wp-settings.php, wp-blog-header.php, readme.html, readme.txt, install.php, license.txt, php.ini, hidemywp.conf, bb-config.php, error_log, debug.log
* Cloud Events Monitoring
* Cloud Brute Force Monitoring
* Temporary Logins Without Password
* Magic Link Login Without Password
* Two-factor Authentication By Code (2FA)
* Two-factor Authentication By Email (2FA)
* Geo Security
* Country Blocking
* Security Fix
* and more
Hide My WP Premium Feature

Compatible with: WP Multisite, Apache, Litespeed, Nginx and IIS.

Plugins Compatibility updates: Woocommerce, WPML, WPMUDEV, W3 Total Cache, Gravity, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache, SiteGround Optimizer,
Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress, Manage WP,
All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, iThemes Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security,
Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer, and more

Compatibility Plugins List: Hide My WP Compatibility Plugins
Compatibility Theme List: Hide My WP Compatibility Themes

Hosting Compatibility checked: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, CloudPanel, RunCloud

Being able to protect the common paths is critical because you get to keep hacker bots away from sensitive website data.

This is crucial, and it will provide you with a great experience and perfect results in the long term.

It will surely be worth it, not to mention that hiding the common paths will make hacking a lot harder as well.

If you don’t protect yourself, you will end up having a hacked website sooner or later.

This is a free version of the plugin, so you can use it for all your websites without any restrictions.

Secure your website in just minutes with the Hide My WP Ghost plugin. Protect your WordPress site against hacker bots and spammers!

Please support us and translate the plugin in your language:
https://translate.wordpress.org/projects/wp-plugins/hide-my-wp

Thank you all for your trust, support, and positive reviews!

Important! This is not the Hide My WP Nulled version of the Hide My WP Codecanyon plugin.

Ready To Protect Your Website From Hackers With The Most USER-FRIENDLY WordPress Security Plugin?

Installation

Manually install the Hide My WP Ghost Lite plugin:
Step 1. Log In as an Administrator on your WordPress site.
Step 2. In the menu displayed on the left, there is a ‘Plugins’ tab. Click it.
Step 3. Now click ‘Add New’.
Step 4. There, you have the ‘Upload’ button. Click the ‘Upload’ button
Step 5. Upload the hide-my-wp.zip file.
Step 6. After the upload it’s finished, click Activate Plugin.
Step 7. Connect the plugin using your email to get a free access token
Step 8. Follow the setup guide from: https://hidemywpghost.com/article/how-to-install-hide-my-wp-ghost-lite/
Enjoy!

Install Hide My WP Ghost Lite directly from the WordPress directory:
Step 1. Log In as an Administrator on your WordPress site.
Step 2. In the menu displayed on the left, there is a ‘Plugins’ tab. Click it.
Step 3. Search for ‘Hide My WP’.
Step 4. After the plugin is shown, click Activate Hide My WP Ghost
Step 5. Connect the plugin using your email to get a free access token
Step 6. Follow the setup guide from: https://hidemywpghost.com/article/how-to-install-hide-my-wp-ghost-lite/
Enjoy!

Hide My WP Ghost Knowledge Base:

Screenshots

  1. Change wp-admin and wp-login.php paths and show 404 Error instead. This is a very important WordPress Security step.

    Change wp-admin and wp-login.php paths and show 404 Error instead. This is a very important WordPress Security step.

  2. Change all WordPress Common paths wp-content, wp-includes, uploads, plugins, themes, etc.

    Change all WordPress Common paths wp-content, wp-includes, uploads, plugins, themes, etc.

  3. Change Class names and ID names from the source code to hide WordPress default classes.

    Change Class names and ID names from the source code to hide WordPress default classes.

  4. Setup login and logout redirects based on the user role.

    Setup login and logout redirects based on the user role.

  5. Setup Brute Force Math protection on your custom login page.

    Setup Brute Force Math protection on your custom login page.

  6. Run Security Check to check over 35 security signals with detailed solutions.

    Run Security Check to check over 35 security signals with detailed solutions.

  7. Set custom plugins name and themes name to be able to hide the WordPress Common Paths

    Set custom plugins name and themes name to be able to hide the WordPress Common Paths

  8. Change the login path and protect your website from hacker bots

    Change the login path and protect your website from hacker bots

  9. Customize the wp-admin path while logged in as an administrator

    Customize the wp-admin path while logged in as an administrator

FAQ

Does this plugin work on WP Multisite?

Yes, the plugin works on WP Multisite and you will configure it for the entire network.

The plugin also works with Apache, Nginx, IIS, and LiteSpeed servers

Is Hide My WP Ghost working on Nginx Server?

Yes, the plugin works on Nginx Server and you will be guided for the redirects and nginx.conf settings.

The plugin also works with Apache, IIS, and LiteSpeed servers

My website theme is not loading correctly after I change the paths. What should I do?

This issue is most likely from setting the rewritten rules.

  1. Make sure you purge the cache if you have cache plugins after you save the Hide My WP Ghost settings.
  2. In case the .htaccess (for apache) or nginx.conf (for Nginx) or web. config (for IIS) is not writable you need to add the rewrites manually.
  3. If you have Nginx server make sure you reload the Nginx after you save the settings.
  4. If the theme is still not loading okay, contact us and we can set up the plugin for you for free.

You can find useful information here: https://hidemywpghost.com/knowledge-base/

I forgot the custom login and admin URLs. What now?

Don’t panic.

You can still access your site with the Safe URL that was downloaded when you saved the settings

Locked out of my site! I set the plugin, and after I logged out I couldn’t get back in

Rename the plugin directory /wp-content/plugins/hide-my-wp so that the plugins won’t hide the wp-login.php path anymore

Login using http://domainname/wp-login.php and activate the plugin again.

Make sure you remember the secure parameter and it will be much easier.

Does Hide My WP Ghost work for the WordPress.com website?

Because of the Jetpack security in the WordPress.com website, Hide My WP Ghost can’t change the admin and login paths.

If you already activated Hide My Wp on WordPress.com, remove the directory /wp-content/plugins/hide-my-wp to disable the plugin.

Will this plugin work if I don’t have custom permalinks on my site?

No. You need to have custom permalinks set to ‘on’ in Settings > Permalinks.

You will get a notification on the Settings page if something is not set upright.

What do I need to do before I deactivate the plugin?

It’s better to switch to Default Mode in Settings > Hide My WP.

If you don’t, the plugin will automatically change your site back to the safe URLs and it will tell you what to do if you don’t have write permission for the config files

Is this Plugin free of charge?

Yes. The Lite features of the Hide My WP Ghost plugin will always be free.

We will include all the required WordPress Security updates.

To unlock all the features, please visit: Hide My WP – Pricing Plan

How to set the plugin on the Nginx server?

Please follow this tutorial step by step to set up the Hide My WP Ghost for Nginx server:

Setup Hide My WP Ghost on Nginx Server
Configure Hide My Wp Ghost On Nginx Web Server With Virtual Private Server

Install Hide My WP on Kinsta Server
Install Hide My WP on RunCloud Server
Install Hide My WP on WPMUDEV Server
Install Hide My WP on Ploi.io Server
Install Hide My WP on Flywheel Server
Install Hide My WP on Amazon AWS Lightsail Server

How to Hide Your Site From WordPress Theme Detectors?

Changing the common WordPress paths will not guarantee that the WordPress CMS is completely hidden.

The old paths are still accessible and hackers are still able to inject SQL and Javascript into vulnerable installed plugins and themes.

Read more: How to Hide Your Site From WordPress Theme Detectors

Is this plugin enough to protect my website from all hackers?

The Free version of Hide My WP Ghost will not protect you from all hacker attacks. For extra security you need the premium version.

Hide My WP Ghost hides all the common paths and patterns used but bots to detect that you are using WordPress.

How Can I Change The WP Paths In Admin Dashboard?

By default, Hide My WP Ghost changes the paths only in frontend.

We don’t recommend this but if you want to change the path also in the admin dashboard, add this line in wp-config.php file

define('HMW_ALWAYS_CHANGE_PATHS', true); 

Save the settings in Hide My WP Ghost and the WordPress paths will be changed in admin backend area.

How To Remove The HMW Rewrite Rules From WP Definition In .htaccess?

By default, Hide My WP Ghost adds the rewrite rules in 2 places in .htaccess to avoid errors when other plugins are deleting the rules from .htaccess.

If you want to have the Hide My WP Ghost rewrite rules only inside the #BEGIN HMWP_RULES … #END HMWP_RULES add this line in the wp-config.php file.

define( 'HMW_RULES_IN_WP_RULES', false ); 

Save the settings in Hide My WP > Change Paths and the plugin will remove the rewrite rules from WordPress definition #BEGIN WordPress …. #END WordPress

Why The New Admin Path Is Redirected To Front Page?

By default, when you set Hide My WP Ghost plugin in Ghost Mode, you can login only with the new login path.

To activate the option to access the new admin path and to be redirected to the new login path, do this:

Switch OFF the option Hide My WP > Change Paths > Admin Security > Hide the New Admin Path

Once you switch off the option and save the settings, when you access the new admin path, it will redirect to the new login path.

Customize Paths in Hide My WP Ghost

Changelog

5.2.04 (07 July 2024)

Fixed – Compatibility with WP 6.6
Fixed – Security update on wp-login.php and login.php

5.2.03 (04 July 2024)

Update – Added the option to hide the new login path on redirects
Update – Hide login.php path together with wp-login.php path from being redirect to the new login
Update – File permissions check in Security Check to check htaccess and login paths
Fixed – Small bugs

5.2.02 (19 June 2024)

Update – Added more path in Frontend Test to make sure the settings are okay before confirmation
Update – Firewall message on blocking process when loading on WP initialization
Update – Compatibility with Wordfence to prevent rewrite rules update on security scan
Update – Language translation and typos fixed
Update – Disable click and keys to work without jQuery
Update – Added the option to immediately block a wrong username in Brute Force
Update – Sub-option layouts
Fixed – Trim error in cookie when main domain cookie is set
Fixed – Filter words in 8G Firewall that might be used in article slugs

5.2.01 (04 June 2024)

Update – Added Firewall blacklist by User Agent
Update – Added Firewall blacklist by Referrer
Update – Added Firewall blacklist by Hostname
Update – Added the option to select the level of access for an IP address in whitelist
Removed – Mysql database permission check as WordPress 6.5 handles DB permissions more secure
Moved – Firewall section was moved to the main menu as includes more subsections
Fixed – 8G Firewall compatibility with all page builder plugins
Fixed – preg_match warning on firewall.php when checking search engine bots
Fixed – Firewall saving process for Whitelist and Blacklist features
Fixed – Login access when member plugins are used for login process

5.1.03 (20 May 2024)

Update – Compatibility with WP 6.5.3
Update – Compatibility with WPEngine rules on wp-admin and wp-login.php
Update – Add whitelist paths feature
Update – Select the Whitelist level for IPs and Paths
Fixed – Prevent firewall to record all triggered filters as fail attempts
Fixed – Remove filter on robots when 8G firewall is active
Fixed – Frontend Login Check popup to prevent any redirect to admin panel in popup test
Fixed – Prevent redirect the wp-admin to new login when wp-admin path is hidden
Fixed – Prevent blocking login page on password protection page when the login path is set by another plugin

5.1.02 (30 Apr 2024)

Update – Security Check verifies the firewall against SQL & Script injection and weak usernames
Update – Font-sizes and layouts
Update – Add support to MyList theme
Update – 7g & 8G firewall to match more WP actions and compatibility with more plugins

5.1.01 (10 Apr 2024)

Update – Added the 8G Firewall filter
Update – Added the required header security for Apache and Nginx
Update – Added the option to block the theme detectors
Update – Added the option to block theme detectors crawlers by IP & agent
Update – Added the option to simulate CMSs like Drupal & Joomla
Update – Added the option on Apache to insert the firewall rules into .htaccess
Fixed – Load Firewall on all server types only in frontend to avoid functionality issues in backend
Fixed – Avoid loading recaptcha on Password reset link
Fixed – Screen 120dpi display layout
Fixed – Hide reCaptcha secret key in Settings

5.0.29 (19 Mar 2024)

Update – Compatibility with WP 6.5
Update – Compatibility with CloudPanel & Nginx servers
Update – Compatibility with WordFence scanning
Fixed – Hide rest_route only for visitors to avoid errors with builders

5.0.28 (14 Feb 2024)

Compatibility with PHP 8.3 and WP 6.4.3
Update – Compatibility with Hostinger
Update – Compatibility with InstaWP
Update – Compatibility with Solid Security Plugin (ex iThemes Security)
Update – Added the option to block the API call by rest_route param
Update – Added new detectors in the option to block the Theme Detectors
Update – Security Check for valid WP paths
Fixed – Don’t load shortcode recapcha for logged users
Fixed – Rewrite rules for the custom wp-login path on Cloud Panel and Nginx servers
Fixed – Issue on change paths when WP Multisite with Subcategories
Fixed – Hide rest_route param when Rest API directory is changed
Fixed – Multilanguage support plugins
Fixed – Small bugs & typos

5.0.27 (18 Oct 2023)

  • Update – Compatibility with WP 6.4.1 & PHP 8.3
  • Update – Option to create a random suffix number instead of the version number to prevent caching on static files in admin
  • Fixed – Default redirect URL in Tweaks > Redirects
  • Update – Compatibility with MainWP Server-Client
  • Update – Compatibility with WPML plugin
  • Update – Hide rest_route param when Rest API directory is changed
  • Fixed – URL query args sanitization when the rewrite rules are not added correctly in config file
  • Fixed – Specify the jQuery on Disable Click feature
  • Update – Compatibility with Hostinger
  • Update – Compatibility with InstaWP
  • Update – Add shortcode on BruteForce [hmwp_bruteforce] for any login form
  • Fixed – Small Bugs

5.0.26 (28 Aug 2023)

  • Fixed – Brute Force Math Recaptcha security
  • Fixed – Compatibility with themes without Brute Force Math Recaptcha

5.0.25 (23 Aug 2023)

  • Fixed – Paths change in feed for logos and links
  • Fixed – Security Check report
  • Fixed – Improved security on login
  • Fixed – Typos & Bugs

5.0.24 (03 July 2023)

  • Update – Frontend Test to check and show the not found links
  • Update – Add compatibility with 2FA and Two-Factor plugins for two factor authentication
  • Update – Add Compatibility with FlyingPress & WPFrontendAdmin
  • Update – WP functions and notifications for PHP 8.2 compatibility
  • Update – Add new key combinations in HMWP disable inspect element and view source
  • Fixed – Prevent login redirect when the prevent slowing website is activated

5.0.23 (29 May 2023)

  • Update – Add the option to connect to the custom login path from Cloud
  • Update – Compatibility with WP 6.2.2
  • Fixed – Typos and small bugs

5.0.22 (16 May 2023)

  • Update – Add compatibility for Cloud Panel servers
  • Update – Add compatibility for CMP Coming Soon & Maintenance Plugin by NiteoThemes plugin
  • Update – Add the option to select the server type if it’s not detected by the server
  • Update – Add the option to add the rules between the WordPress rewrite rules on Apache/Litespeed servers
  • Update – Compatibility with SiteGround
  • Update – Compatibility with Avada when cache plugins are enabled
  • Fixed – Remove the rewrites from WordPress section when the plugin is deactivated
  • Fixed – User roles names display on Tweaks
  • Fixed – Combined the Plugin Loading Hook into one option

5.0.20 (03 May 2023)

  • Update – File processing when the rules are not set correctly
  • Update – Security headers default values
  • Fixed – Compatibilities with the last versions of other plugins
  • Fixed – Reduce resource usage on 404 pages

5.0.19 (23 Apr 2023)

  • Update – Brute Force protection on lost password form
  • Update – Brute Force protection on Woocommerce (login, signup, lost passowrd)
  • Update – Compatibility with MemberPress plugin
  • Fixed – My account link on multisite option
  • Fixed – Settings to verify the array values on settings saving process
  • Fixed – Small Bugs

= 5.0.18 (03 Mar 2023)=
* Update – Compatibility with WP 6.2
* Update – Compatibility with more plugins and themes
* Update – Security check when wp-content is customized
* Update – File handle for login, signup, logout
* Update – Compatibility with PHP 8.2
* Update – Remove the atom+xml meta from header
* Update – Remove the noredirect param if the redirect is fixed
* Update – Check the XML and TXT URI by REQUEST_URI to make sure the Sitemap and Robots URLs are identified
* Update – Check the rewrite rules on WordPress Automatic updates too
* Update – Add the option to disable HMWP Ghost custom paths for the whitelisted IPs
* Update – Save all section on backup restore
* Update – Add the option to remove the sitemap style as a separate option from changing the paths in Sitemap.

= 5.0.17 (19 Dec 2022)=
* Update – Compatibility with WP 6.1
* Update – Remove the noredirect param if the redirect is fixed
* Update – Update the verification of the XML and TXT URI
* Update – Get the correct login URL when backend URL is different from frontend URL
* Update – Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs
* Fixed – Allow self access to hidden paths to avoid cron errors on backup/migration plugins
* Fixed – White screen on iphone > safari when disable inspect element option is on
* Fixed – To remove the version from URL even if the ‘ver’ param doesn’t have any value
* Fixed – Typo in Security Check

= 5.0.16 (21 Oct 2022)=
* Update – Add the Brute Force protection on Register Form to prevent account spam
* Update – Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs
* Update – Added the option to prioritize the loading of HMWP Ghost plugin for more compatibility with other plugins
* Update – Compatibility with LiteSpeed servers and last version of WordPress
* Update – Compatibility with Breakdance plugin
* Update – Compatibility with Nicepage Builder plugin
* Update – Compatibility with WP 6.0.2
* Fixed – Allow self access to hidden paths to avoid cron errors on backup/migration plugins
* Fixed – Remove the get_site_icon_url hook to avoid any issue on the login page with other themes
* Fixed – Compatibility with ShortPixel webp extension when Feed Security is enabled
* Fixed – Fixed the ltrim of null error on PHP 8.1 for site_url() path

= 5.0.15 (06 Sept 2022)=
* Fixed – URL Mapping for Nginx servers to prevent 404 pages
* Fixed – PHP error in Security Check when the X-Powered-By header is not string
* Fixed – Compatibility with Wp-Rocket last version
* Fixed – Brute force math issue on woocommerce login when third party woocommerce logins
* Fixed – Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo
* Fixed – Compatibility with ShortPixel webp extension when Feed Security is enabled
* Update – Compatibility with Nicepage Builder plugin
* Update – Compatibility with WP 6.0.2

= 5.0.14 (17 June 2022)=
* Update – Compatibility with Coming Soon & Maintenance Mode PRO
* Update – Compatibility with WordPress 6.0
* Update – Add the option to automatically redirect to admin when access the login page and the user is logged
* Fixed – Avoid showing 404 error on Litespeed WP Multisite when a new site is created
* Fixed – Avoid showing 404 error on Litespeed WP Multisite when a new taxonomy is created
* Fixed – Brute force math security when the math field is deleted
* Fixed the hidden URLs process

= 5.0.13 (03 May 2022)=
* Update – Compatibility with WordPress 5.9.3
* Update – Compatibility with BackUpWordPress plugin
* Update – Compatibility with Themify theme
* Fixed – Added the URI in the redirected URL
* Fixed – Compatibility with LiteSpeed cache plugin

= 5.0.12 (08 Mar 2022)=
* Update – Added compatibility with Backup Guard Plugin
* Update – Prevent affecting the cron processes on Wordfence & changing the paths during the cron process
* Update – Change the WP-Rocket cache files on all subsites for WP Multisite
* Update – Automatically add the CDN URL if WP_CONTENT_URL is set as a different domain
* Update – Compatibility with WordPress 5.9.1
* Fixed – Change Paths for Logged Users issue
* Fixed – Show the feature icon in the feature list
* Fixed – Show all the rewrite paths for WpEngine with PHP >7.4
* Fixed – Frontend test when the plugins paths are not changed

= 5.0.11 (22 Feb 2022)=
* Update – Added 7G Firewall option in Hide My WP > Change Paths > Firewall & Headers > Firewall Against Script Injection
* Update – Fixed the menu hidden issue when other security plugins are active
* Update – Compatibility with Login/Signup Popup plugin when Brute Force Google reCaptcha is activated
* Update – Compatibility with Buy Me A Coffee plugin
* Fixed – Library loading ID in HMWP Ghost

= 5.0.10 (17 Feb 2022)=
* Update – Added new option in Login Security: Hide the language switcher option on the login page
* Update – Added the option to reset all settings to default
* Update – Added the Ctrl + Shift + C restriction when Inspect Element option is active
* Update – Added the features text for translation
* Update – Added Firewall & Headers option
* Update – Added the option to ignore the notifications and avoid repeating alerts
* Update – Added the option to disable Right-Click for logged users and user roles
* Update – Added the option to disable Inspect Element for logged users and user roles
* Update – Added the option to disable View Source for logged users and user roles
* Update – Added the option to disable Copy/Paste for logged users and user roles
* Update – Added the option to disable Drag/Drop for logged users and user roles
* Update – Add the option to hide the wp-admin path for non-admin users
* Update – Compatibility with Namecheap hosting
* Update – Compatibility with Ploi.io
* Update – Compatibility with WordPress 5.9
* Update – Compatibility with Coming Soon & Maintenance Mode PRO
* Update – Compatibility with Advanced Access Manager (AAM) plugin
* Update – Compatibility with WPS Hide Login
* Update – Compatibility with JobCareer theme
* Update – Compatibility with Wordfence Security Scan when the wp-admin is hidden
* Update – Compatibility with the Temporary Login Without Password plugin to work with the passwordless connection on custom admin
* Update – Compatibility with the LoginPress plugin to work with the passwordless connection on custom admin
* Update – Compatibility with WordPress Sitemap, Rank Math SEO, SEOPress, XML Sitemaps to hide the paths and style on Nginx servers
* Update – Compatibility with Nitropack
* Update – Compatibility with OptimizePress Dashboard
* Update – Compatibility with Bricks Builder
* Update – Compatibility with Zion Builder
* Update – Compatibility with MainWP
* Update – Compatibility with Limit Login Attempts Reloaded
* Update – Compatibility with Loginizer
* Update – Compatibility with Shield Security
* Update – Compatibility with iThemes Security
* Update – Compatibility with Smush plugin
* Update – Compatibility with Wordfence 2FA when reCaptcha is active
* Update – Added compatibility with JCH Optimize 3 plugin
* Update – Added compatibility with Oxygen 3.8 plugin
* Update – Added compatibility with WP Bakery plugin
* Update – Added compatibility with Bunny CDN plugin
* Update – Update compatibility with Manage WP plugin
* Update – Update compatibility with the Autoptimize plugin
* Update – Update compatibility with Breeze plugin
* Update – Update compatibility with Cache Enabler plugin
* Update – Update compatibility with CDN Enabler plugin
* Update – Update compatibility with Comet Cache plugin
* Update – Update compatibility with the Hummingbird plugin
* Update – Update compatibility with Hyper Cache plugin
* Update – Update compatibility with the Litespeed Cache plugin
* Update – Update compatibility with the Power Cache plugin
* Update – Update compatibility with the W3 Total Cache plugin
* Update – Update compatibility with WP Fastest Cache plugin
* Update – Update compatibility with the iThemes plugin
* Update – Added compatibility with Hummingbird Performance plugin
* Update – Advanced Text Mapping to work with Page Builders in admin
* Update – Changing the paths in sitemap.xml and robots.txt to work with all SEO plugins
* Update – Translate the plugin into more languages
* Update – Select the cache directory if there is a custom cache directory set in the cache plugin
* Update – Show the change in cache files option for more cache plugins
* Update – Removed the WordPress title tag from login/register pages
* Fix – Brute Force blocking Wordfence Cron Job
* Fix – Infinite loop when POST action on unknown paths
* Fix – Remove the login URL from the logo on the custom login page
* Fix – Set Filesystem to direct connection for file management
* Fix – Don’t show the rewrite alert messages if nothing was changed in HMWP

= 4.1.11 (24 Ian 2022)=
* Update – Compatibility with WordPress 5.9
* Fix compatibility with other plugins

= 4.1.10 (24 Nov 2021)=
* Update – Compatibility with WordPress 5.8.2
* Update – Remove the style in Sitemap XML for Nginx Servers
* Update – Compatibility with Zion Builder
* Update – Compatibility with Bricks builder
* Fix – Don’t load the paths while in Theme Customization

= 4.1.09 (08 Sept 2021)=
* Update – Compatibility with WordPress 5.8
* Update – Website information https://hidemywpghost.com
* Update – Set website logo on login page when option Hide My WP > Advanced > Clean Login is set
* Update – Set change paths to work with different domain ports
* Update – Compatibility with MainWP
* Update – Compatibility with Limit Login Attempts Reloaded
* Update – Compatibility with Loginizer
* Update – Compatibility with Shield Security
* Update – Compatibility with iThemes Security
* Update – Added compatibility with JCH Optimize 3 plugin
* Update – Added compatibility with Oxygen 3.8 plugin
* Update – Added compatibility with WP Bakery plugin
* Update – Added compatibility with Bunny CDN plugin
* Update – Update compatibility with Manage WP plugin
* Update – Update compatibility with Autoptimize plugin
* Update – Update compatibility with Breeze plugin
* Update – Update compatibility with Cache Enabler plugin
* Update – Update compatibility with CDN Enabler plugin
* Update – Update compatibility with Comet Cache plugin
* Update – Update compatibility with Hummingbird plugin
* Update – Update compatibility with Hyper Cache plugin
* Update – Update compatibility with Litespeed Cache plugin
* Update – Update compatibility with Power Cache plugin
* Update – Update compatibility with W3 Total Cache plugin
* Update – Update compatibility with WP Fastest Cache plugin
* Update – Update compatibility with iThemes plugin
* Fix – Password strength error on custom login reset password
* Fix – Remove only the wordpress prefetch from source code and not other domains
* Fix – Plugin uninstall issue because of missing contact HMW_VERSION

= 4.1.08 (18 June 2021)=
* Fix – Update the jetPack tracking script
* Fix – Show plugin settings calling the plugin to hook correctly
* Fix – Warning: Constants may only evaluate scalar values in hide-my-wp/config/config.php on line 107
* Fix – Removed the memory limit verification
* Fix – Add a warning for memory under 64MB
* Fix – Fixed the <?PHP warning in Permalinks at the end of the file

= 4.1.07 (19 May 2021)=
* Update – Compatibility with WordPress 5.7.2
* Update – Added compatibility with Oxygen Builder
* Update – Added compatibility with Thrive Architect Builder
* Update – Added compatibility with Gravity

= 4.1.06 (26 April 2021)=
* Update – Added compatibility with builders Oxygen, Elementor, Thrive, Bricks
* Update – Added extra security in the backend
* Update – Added the option to prevent WordPress redirects and slow the website speed when the config rules are not loading
* Fix – Brute Force warning when blocks the IP in function get_blocked_ips
* Fix – Changed the form submission action read due to config.json file permission on some servers

4.1.05 (15 Feb 2021)

  • Update – Update Security for the last updates and WP requirements
  • Update – Optimize JS library from third-party plugins
  • Update – Let Hide My WP Settings load if the Permalink Structure is /?p=123
  • Update – Added 403 Error Code option for the wp-admin and wp-login.php redirects
  • Fixed – Compatibility with PHP 8.0 with deprecated functions
  • Fixed – Compatibility with the Flywheel hosting server and custom Nginx config location
  • Fixed – Hide My WP > Security Check UI
  • Fixed – Filesystem error when the library is not correctly loaded
  • Fixed – Change paths in Login page when Late Loading is active
  • Fixed – Change the WordPress login logo when Clean Login Page is active
  • Fixed – Compatibility with WordPress 5.7

4.1.04 (23 Ian 2021)

  • Update – Added compatibility for AppThemes Confirm Email
  • Update – Compatibility with PPress plugin on Login Page and Logout Page
  • Update – Compatibility with SiteGround Cache plugin
  • Update – Compatibility warning with W3 Total Cache Lazy Load
  • Update – Security Check to hide readme.html, license.txt, and other common files

4.1.03 (11 Dec 2020)

  • Update – The rules update on adding a new plugin or theme
  • Update – Added compatibility for AppThemes Confirm Email
  • Fixed – Rollback the settings when pressing the Abort button
  • Fixed – Fixed Backup/Restore rules flash
  • Fixed – Add the correct text direction for WPML while in Posts and Pages
  • Fixed – Compatibility with WordPress 5.6

4.1.02 (11 Oct 2020 )

  • Update – Compatibility with Manage WP plugin
  • Update – Added the option to disable the REST API wp-json in Hide My WP – Permalinks
  • Update – Add the plugin as Must Use plugin for better security and compatibility with other plugins
  • Update – Compatibility with Really Simple SSL plugin
  • Update – New UX for better understanding of the redirects in Hide My WP > Tweaks
  • Update – Compatibility with WPML when setting custom wp-admin and admin-ajax
  • Update – Compatibility with WPML when RTL languages are set in the dashboard
  • Update – Compatibility with bbPress plugin
  • Update – Compatibility with JetPack plugin
  • Update – Compatibility with Newspaper theme on XMLWPC.php access
  • Update – Added Compatibility with WP 5.5.3

4.1.01 (26 Oct 2020 )

  • Update – Extra caching in .htaccess when “Optimize CSS and JS Files” is activated
  • Update – Do not cache if already cached by WP-Rocket or WP Fastest Cache
  • Update – Added Login and Logout redirects for each user role
  • Update – New UX for better understanding of the redirects
  • Fix – 404 error on Nxing server when updating the settings

4.0.12 (01 Oct 2020 )

  • Update – Added compatibility with Pro Theme by Themeco
  • Update – Added compatibility with Smush PRO by WPMU DEV
  • Update – Added compatibility for WP Client plugin by WP-Client.com
  • Update – Header removals for theme detectors

4.0.11 (03 Sept 2020 )

  • Update – Remove version parameter from CSS and JS URLs containing the plus sign
  • Update – Added {rand} in Text Mapping to show random string on change
  • Update – Added {blank} in Text Mapping to show an empty string on change
  • Update – Compatibility with last version WP Fastest Cache plugin
  • Fix – Added a fix for noredirect param on infinite loops
  • Fix – Load the 404 not found files correctly

4.0.10 (31 Aug 2020 )

  • Fixed some errors caused by the last version
  • Fix – Saving options in Mapping, Tweaks, and Advanced when followed by Permalinks Changing abort

4.0.09 (27 Aug 2020 )

  • Update – Added the version hook to remove the versions from CSS and JS
  • Update – Load the login on WPEngine server with PHP7.4 when the login is set as /login
  • Update – Detect Flywheel server and add the rules accordingly
  • Update – Compatibility with IThemes Security on custom login

4.0.08 (13 Aug 2020 )

  • Update – WordPress Security Updates for WP 5.5
  • Update – Compatibility with WPML
  • Update – Compatibility with the last versions of the popular plugins

4.0.07 (06 Aug 2020 )

  • Update – Added the option to hide /login and /wp-login individually
  • Update – Added the option to redirect to a custom URL on logout
  • Small Bugs Fix

4.0.06 (09 July 2020 )

  • Update – Compatibility with WPEngine + PHP 7
  • Update – Compatibility with Absolutely Glamorous Custom Admin plugin
  • Update – Compatibility with Admin Menu Editor Pro plugin
  • Fix – Small CSS & Warning issues

4.0.05 (30 June 2020 )

  • Update – Compatibility with WPEngine with PHP 7.4
  • Update – Compatibility with the cache plugins (tested the latest versions)
  • Update – The Security Check report task
  • Update – Plugin security on Security Check
  • Update – The plugins list in Hide My WP
  • Fixed – Removed the map URL from bootstrap CSS and JS
  • Fixed – CSS in Hide My WP Settings

4.0.04 (16 June 2020 )

  • Update – Added HMW_RULES_IN_CONFIG and HMW_RULES_IN_WP_RULES to control the rules in the config file
  • HMW_RULES_IN_CONFIG will add the rules at the top of the config file (default true)
  • HMW_RULES_IN_WP_RULES will add the rules in the WordPress config area (default true)
  • Update – Change the rewrite hook to make sure the rules are added in the WordPress rewrites before flushing them
  • Update – Compatibility with IThemes Security plugin

4.0.03 (04 June 2020)

  • Update – RTL Support
  • Update – Brute Force Protection Filter
  • Update – Compatibility with more cache plugins like Hummingbird and Cachify
  • Update – Alert when the rewrites are not added correctly in the config file
  • Update – WordPress Security Updates for WP 5.4.1
  • Fixed – Small CSS fixes

4.0.02 (04 May 2020)

  • Fix – login redirect for nginx server
  • Fix – constant warning NONCE_KEY in confi.php
  • Update – Compatibility with WordFence

4.0.01 (29 April 2020)

  • Update – Show the Hide My WP menu only on Network if WP Multisite
  • Update – Prevent loading the style from wp-admin in the custom login page
  • Update – WPEngine 2020 rewrites compatibility
  • Update – Added option to hide only the IDs and Classes in Hide My WP > Text Mapping
  • Update – Added the option to remove the WordPress common paths in /robots.txt file
  • Update – Added the option to remove the WordPress common paths in /sitemap.xml
  • Update – Compatibility with the most popular plugins and WordPress 5.4.1
  • Fix – Show 404 files in case the rewrites are not working or Allowoverride is OFF
  • Fix – Detect correct HTTPS or HTTP schema for Login Preview and validation
  • Fix – Save the Hide My WP rewrites when other plugins are updating the config file to prevent rewrite errors

Security:
Two-Factor Authenticator Code
2FA Security
Temporary Login without password
WordPress Security Plugin
Ocultar Mi WP – Plugin de seguridad de WordPress
Ocultar meu WP – Segurança do WordPress
Cacher mon WordPress – Plugin de sécurité WordPress
Verstecken Sie mein WordPress – WordPress Sicherheits-Plugin
Hide My WP – WordPress Security Plugin
Hide WordPress
Security Plugin
Hide My WP free download
Hide wp-login URL

Details

  • Version: 5.2.04
  • Active installations: 100,000
  • WordPress Version: 4.6
  • Tested up to: 6.6.1
  • PHP Version: 7.0

Ratings


5 Stars
4 Stars
3 Stars
2 Stars
1 Stars