Secure your site by hiding exploitable WordPress traces ( plugins, themes, wp-content, wp-includes, wp-admin, login URL). Enhanced Security Headers.
Effortlessly conceal your WordPress site from detection! With over 99.99% of hacks targeting specific plugin and theme vulnerabilities, this plugin significantly boosts site security by making it invisible to hackers’ web scanners.
By removing all traces of WordPress, including themes and plugins, potential exploits are rendered harmless. This method ensures that your site is safe without affecting SEO; in fact, it can enhance certain SEO aspects when used strategically.
WP-Hide has launched the easiest way to completely hide your WordPress core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.
No file and directory change!
No file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.
Real hide of WordPress core files and plugins
The plugin not only allows you to change default URLs of you WordPress, but it also hides/blocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.
You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.
Full plugin documentation available at WordPress Hide and Security Enhancer Documentation
When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.
Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
Over 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking boots attacks useless.
It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.
Once configured, you need to clear server cache data and/or any cache plugins (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.
Sample usage
Main plugin functionality:
Minifies Html, Css, JavaScript
Security Headers
and many more.
No other plugin functionality will be blocked or interfered in any way by WP-Hide
This plugin allows to change the default Admin URL from wp-login.php and wp-admin to something else. All original links turn the default theme to “404 Not Found” page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.
Important: Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to“404 error” page for all blocked URL functionalities, without revealing the link existence at all.
Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com/wp-content/plugins/woocommerce/ into domain.com/ecommerce/cdn/ or anything customized.
**Hide -> Scan
Hide -> Rewrite > Theme
Hide -> Rewrite > WP includes
Hide -> Rewrite > WP content
Hide -> Rewrite > Plugins
Hide -> Rewrite > Uploads
Hide -> Rewrite > Comments
Hide -> Rewrite > Author
Hide -> Rewrite > Search
Hide -> Rewrite > XML-RPC
Hide -> Rewrite > JSON REST
Hide -> Rewrite > Root Files
Hide -> Rewrite > URL Slash
Hide -> General / Html > Meta
Hide -> General / Block Detectors
Hide -> General / Emulate CMS
Hide -> General / Html > Admin Bar
Hide -> General / Feed
Hide -> General / Robots.txt
Hide -> General / Html > Emoji
Hide -> General / Html > Styles
Hide -> General / Html > Scripts
Hide -> General / Html > Oembed
Hide -> General / Html > Headers
Hide -> General / Html > HTML
Hide -> General / Html > User Interactions
Hide -> Admin > wp-login.php
Hide -> Admin > Admin URL
Security -> Captcha
Settings -> CDN
Security -> Headers
HTTP Response Headers are a powerful tool to Harden Your Website Security.
* Cross-Origin-Embedder-Policy (COEP)
* Cross-Origin-Opener-Policy (COOP)
* Cross-Origin-Resource-Policy (CORP)
* Referrer-Policy
* X-Content-Type-Options
* X-Download-Options
* X-Frame-Options (XFO)
* X-Permitted-Cross-Domain-Policies
* X-XSS-Protection
This free version works with Apache and IIS server types. For all server types, check with WP Hide PRO
This is a basic version that can hide everything for basic sites, example https://demo.wp-hide.com/. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.
Anything wrong with this plugin on your site? Just use the forum or get in touch with us at Contact and we’ll check it out.
A website example can be found at https://demo.wp-hide.com/ or our website WP Hide and Security Enhancer
Plugin homepage at WordPress Hide and Security Enhancer
This plugin is developed by Nsp-Code
Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
You are kindly asked to promote this plugin if it comes up to your expectations via an article on your site or any other place. If you liked this code/WP-Hide or if it helped with your project, why not leave a 5 star review on this board.
/wp-content/plugins/wp-hide-security-enhancer
directory.Feel free to contact us at [email protected] for fast support.
Absolutely Nothing!
No files and directories will be changed on your server, since everything is processed virtually. The plugin code use URL rewrite techniques and WordPress filters to apply all internal functionalities and features.
There is no requirement for php knowledge. All plugin features and functionalities are applied automatically, controlled through a descriptive admin interface.
A demo instance can be found at https://demo.wp-hide.com/ or our own website WP Hide and Security Enhancer
If the server runs full-stack Nginx, the free plugin can’t generate the required format Nginx rewrite rules. It works with Apache, LiteSpeed, IIS, Nginx as a reverse proxy and compatible.
Everything works as before, no functionality is being broken. You can run updates at any time.
No, the plugin changes only asset links (CSS, JavaScript, media files),but not actual content URLs. There will be no negative impact from SEO perspective, whatsoever.
Yes, the plugin works with any cache plugin deployed on your site.
HTTP Response Headers are a powerful tool to Harden Your Website Security. The plugin provides an easy way to add Security Response Headers through a graphical interface. No additional codding and file editing is necessary.
This free code/WP-Hide can work with Apache, IIS server types and any other set-up which rely on .htaccess usage.
For all other cases, check the PRO version at WP Hide PRO
There are few things to consider when you run on litespeed servers:
Ensure the liteserveractually processes the .htaccess file, where the rewrite data is being saved. Check with the following topic regarding this issue Post
If you use Litespeed Cache plugin, in the Optimization Settings area, disable the CSS / JS Minify
If your litespeed server requires to place the rewrite lines in a different file,e.g. config file or interface, consider upgrading to PRO version which includes a Setup page where you can get the rewrite code WP Hide PRO.
As default, on Bitnami LAMP set-ups, the system will not process the .htaccess file, so none of the rewrites will work. You can change this behavior by updating the main config file located at /opt/bitnami/apps/APPNAME/conf/httpd-app.conf , update the line
AllowOverride None
to
AllowOverride All
Restart the Apache service through SSH
sudo /opt/bitnami/ctlscript.sh restart
More details can be found at Bitnami Default .Htaccess
You can still keep the configuration as it is using the WP Hide PRO, more details at Setup the plugin on Bitnami WordPress LAMP stack
I’m seeing this error “Unable to write custom rules to your .htaccess. Is this file writable”? What does it mean?
The error appears when the plugin is not able to write to .htaccess file located in your WordPress root directory. You can try the followings to make a fix:
Check if your .htaccess file is writable. This can be different from server to server, but usually require rw-rw-r– / 0664. Also ensure the file owner is the same group as php.
Sometimes the other codes wrongly use the flush_rules() which hijack the default filters for rewrite. Try to disable the other plugins and theme to figure out which ones produce the issue.
De-activate and RE-activate the plugin, apparently worked for some users.
Create a backup of .htaccess, then delete it from the server. Go to Settings > Permalinks > update once, this should create the file again on the WordPress root. If so, try to change any WP Hide options which will update the .htaccess content accordingly.
If you can’t find the recovery link or none of the above worked, delete the plugin from your wp-content/plugins directory. Then remove any lines in your .htaccess file between:
BEGIN WP Hide & Security Enhancer
..
END WP Hide & Security Enhancer
At this point, the site should run as before. If for some reason still not working, you missed something, please get in touch with us at [email protected] and we’ll fix it for you in no time!
The Recovery Link can be used to reset all plugin options and restore the site to the default state.
The link should be entered into the browser URL bar. After the operation is completed, a system message will show “The plugin options have been reset successfully”.
If the message does not show, there is a cache on your site that prevents the code to run. Locate your cache data, usually at /wp-content/cache/ and remove the files. Then re-load the recovery link.
Please get in touch with us and we’ll do our best to include it inthe next version.
See full list of changelogs at https://wp-hide.com/plugin-changelogs/