At present, security is one of the top concerns for almost all the WordPress users. Actually, the development team of WordPress has already done a lot to help you avoid the potential vulnerabilities effectively. For instance, these developers constantly update and patch this tool and ensure the regular new release to fix the loopholes. However, the fact is that once you decide to use this CMS to set up your website and to control your blog posts, your site can become the main target for the hackers. This is all because of the large user base of WordPress. Also, many WordPress users fail to take enough security measurements so as to give hackers the hacking chances.
In fact, we have already introduced a lot of tips that can prevent your WordPress powered website from being hacked. This time, we’d like to introduce another way – hide the WordPress features of your site. You can check the following contents to learn how to hide WordPress for better security.
What Does It Mean By Hiding WordPress
Firstly, you might be confused about what we mean by hiding WordPress. Actually, this security method means that you can hide and obscure the fact that you use WordPress to set up and to maintain your site. This way, hackers and some robots can hardly identify your CMS.
Frankly speaking, this practice results in a huge improvement over your website security. As no one knows that your site is a WordPress based one, hackers are likely to pick it out from their hacking list.
How to Hide WordPress using the WP Hide Plugin
When talking about the effective hiding of WordPress, we firstly would like to recommend the WP Hide plugin. This plugin utilizes some smart techniques to completely hide the WordPress core files, plugin and theme paths, admin path and many more. Note that there is no need to change any files on your server with this plugin.
To remove all the WordPress fingerprints using this plugin, you can directly click the WP Hide button upon the installation. Now, you can find three configurable options – Rewrite, General and Admin. Let’s discuss them one by one.
From the rewrite settings part, you can easily change the default paths for some critical website components. For instance, the regular path of your website template is “/wp-content/themes/”. If hackers find this path from your website source code, they can make sure that you are a WordPress user. In this case, you’d better change this theme path to anything you want, such as “my_template”.
Likewise, you can also hide WordPress features by changing some other default paths. Check the details as following.
- Change the default name of theme style file from “style.css” to some others.
- Remove the meta data and the description header from the style file.
- Change the default wp-include path and block the files within it from being accessible.
- Change the default wp-content path and block it for users who are not logged-in.
- Change the plugin path of “wp-content/plugins” and block all the plugin files.
- Change the default path for all the media files and block these files from being accessible.
- Change and block the default XML-RPC path of xmlrpc.php.
- Block the key root files such as the license.txt, readme.html, wp-activate.php and many more.
From this part, you can remove some typical WordPress features from being found by hackers. For instance, you can remove the auto-generated meta for feed_links and rsd_link, remove the profile and canonical links, disable all the emoji and the TinyMC emoji features, hide the number of your current WordPress version, remove the x-pingback header, hide the ID for the menu items and many more.
If hackers enter the link of “www.domain.com/admin” or” www.domain/wp-login.php”, and can check the admin login page, it means your website is WordPress powered. In this case, you need to hide this feature by mapping the new wp-login.php and creating the new admin URL.
An Alternative Option for Hiding WordPress
If you have enough budgets, you can also consider the Hide My WP plugin. This is another amazing security tool to hide the WordPress features entirely. However, instead of using it for free, you should pay the license fee of $23.
There are two main functions this plugin can achieve – hide the WordPress login features and change the default permalink settings, paths or URLs.
Hide Admin Features
You can achieve the hiding goal from the General Settings page of this tool. Here, you can hide the default login page and the wp-admin folder. Also, you can add the new address for admin using the admin login key with the full customization by you.
Hide Permalink Settings and URLs
From this part, you can add and activate the new theme path, new wp-includes path, new style path, new plugin path and many more. All of these settings can remove the obvious WordPress features effectively.