WordPress websites are susceptible to a wide range of attacks including SQL injections, brute-force attacks, and unauthorized logins. Security plugins such as WordFence and iThemes Security can improve the security of your website by addressing common security issues such as changing the administrator account from admin.
I came across another security plugin recently entitled Hide My WP that tackles hackers in a different manner.
The plugin was developed because most hackers and bots know where to find important WordPress files and pages. A bot that is designed to target WordPress websites will therefore attack any website with WordPress files, and pass by those that do not.
Just as hacking software takes advantage of the fact that all WordPress websites are structured in the same way, Hide My WP takes advantage of the fact that software can only target your website if it knows your website structure. It does this by removing all evidence that your website is powered by WordPress. This makes it very difficult for hackers to infiltrate your website.
Let us take a closer look at how Hide My WP can protect your website from malicious attacks.
Like all good WordPress plugins that have many configuration options, Hide My WP features import and export functionality. Debug reports are also available for developers.
What sets Hide My WP apart is the ability to import pre-made setting schemes. You can choose from medium privacy (more compatibility), medium privacy (quick), and high privacy (less compatibility). Choosing one of these setting schemes will add the data to the import box and change the way the plugin is set up. This is a fantastic feature that will save you a lot of time setting up the plugin.
While the preset setting schemes are useful, it should only take you five to fifteen minutes to go through the two main setting pages and configure Hide My WP for your website.
A number of settings are available at the top of the general settings page, including an option to use one of your pages for 404 errors and hiding your wp-login.php page using a new unique URL. Your admin area can also be hidden to user groups that you have not marked as trusted.
Hide My WP lets you hide many things so that software cannot detect that your website is powered by WordPress. For example, you can hide WordPress details that are added to feeds, the version of WordPress you are using, and important folders such as /wp-includes/ and /wp-content/.
The plugin has some additional features such as minification and an option to replace words and URL’s from your outputted HTML file.
Permalinks & Url Settings
The permalinks and URL settings page is where you customize how your files, folders, and pages, are hidden. You can rename your plugin folder, stylesheet, wp-includes folder, and uploads folder.
The wp_comments_post.php can also be renamed. This stops hackers from persistently spamming you with spam comments.
The base and query part of your URLs for author and feed pages can also be modified. Alternatively, you can completely disable them from public view.
The same modifications can be applied to posts, pages, categories and tags. This helps make it even more difficult for software to detect that your website is powered by WordPress.
Search can also be modified or disabled. Other options include the ability to disable archives and custom post types.
Be aware that disabling many features of your website may hurt the user experience. For example, removing category archives means that visitors cannot search through posts from a particular category. However if you choose to disable search, you can always replace the default WordPress search functionality with Google search.
Hide My WP allows you to completely change the public structure of important core files and pages, theme files, and plugin files.
Due to the nature of security plugins, it is difficult to check whether they are effective or not. After all, a website that is not attacked does not guarantee that its security measures are working. Though there is no doubt that the measures that Hide My WP takes to hide important areas of your website will make it more difficult for hackers and bots to attack your website.
The Hide my WP WordPress plugin is available on CodeCanyon for $23. The plugin has not been updated since November 2013, however the developer does seem to be actively providing support for the plugin.
Visit the Hide My WP information page for a complete list of its features 🙂