Wordpress plugin - Tutorial install wordpress plugin detector - WP Hide & Security Enhancer By Nsp Code
Description
The easy way to completely hide your WordPress core files, login page, theme and plugins paths from being show on front side. This is a huge improvement over Site Security, no one will know you actually run a WordPress. Provide a simple way to clean up html by removing all WordPress fingerprints.
No file and directory change!
No file and directory are being changed anywhere, everything is processed virtually! The plugin code use URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically, there’s no user intervention require at all.
Real hide of WordPress core files and plugins
The plugin not only allow to change default urls of you WordPress, but it hide/block defaults! Other similar plugins, just change the slugs, but the default are still accessible, obviously revealing WordPress as CMS
Change the default WordPress login urls from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. Totally invisible !!
Full plugin documentation available at WordPress Hide and Security Enhancer Documentation
When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So you may want to check again later, or try a different inner url, homepage url usage is not mandatory.
Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes makes the vulnerable spot of every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
Over 99,9% of hacked WordPress websites are target of automated malware scripts, who search for certain WordPress fingerprints. This plugin hide or replace those traces, making the hacking boots attacks useless.
Works fine with custom WordPress directory structures e.g. custom plugins, themes, uplaods folder.
Once configured, you need to clear server cache data and/or any cache plugins (e.g. W3 Cache), for a new html data to be created. If use CDN this should be cache clear as well.
Sample usage
Main plugin functionality:
- Custom Admin Url
- Block default admin Url
- Block any direct folder access to completely hide the structure
- Custom wp-login.php filename
- Block default wp-login.php
- Block default wp-signup.php
- Block XML-RPC API
- New XML-RPC path
- Adjustable theme url
- New child Theme url
- Change theme style file name
- Clean any headers for theme style file
- Custom wp-include
- Block default wp-include paths
- Block defalt wp-content
- Custom plugins urls
- Individual plugin url change
- Block default plugins paths
- New upload url
- Block default upload urls
- Remove wordpress version
- Meta Generator block
- Disble the emoji and required javascript code
- Remove pingback tag
- Remove wlwmanifest Meta
- Remove rsd_link Meta
- Remove wpemoji
- Minify Html, Css, JavaScript
and many more.
No other plugins functionality is being blocked or interfered in any way, everything will function the same
This plugin allow to change default Admin Url’s from wp-login.php and wp-admin to something else. All original links return default theme 404 Not Found page, like nothing exists there. Beside the huge security advantage, this save lots of server processing time by reducing php code and MySQL usage since brute-force attacks trigger wrong urls.
Important: Compared to all other similar plugins which mainly use redirects, this plugin return a default theme 404 error page for all block url functionality, so is not revealing at all the link existence.
Since version 1.2 Change individual plugin urls which make them unrecognizable, for example change default WooCommerce plugin urls and dependencies from domain.com/wp-content/plugins/woocommerce/ to domain.com/ecommerce/cdn/ or anything customized.
PLUGIN SECTIONS
Rewrite > Theme
- New Theme Path – Change default theme path
- New Style File Path – Change default style file name and path
- Remove description header from Style file – Replace any WordPress metadata informations (like theme name, version etc) from style file
- Child – New Theme Path – Change default child theme path
- Child – New Style File Path – Change child theme stylesheed file path and name
- Child – Remove description header from Style file – Replace any WordPress metadata informations (like theme name, version etc) from style file
Rewrite > WP includes
- New Includes Path – Change default wp-includes path / url
- Block wp-includes URL – Block default wp-includes url
Rewrite > WP content
- New Content Path – Change default wp-content path / url
- Block wp-content URL – Block default content url
Rewrite > Plugins
- New Plugins Path – Change default wp-content/plugins path / url
- Block plugins URL – Block default wp-content/plugins url
- New path / url for Every Active Plugin
- Custom path and name for any active plugins
Rewrite > Uploads
- New Uploads Path – Change default media files path / url
- Block uploads URL – Block default media files url
Rewrite > Comments
- New wp-comments-post.php Path
- Block wp-comments-post.php
Rewrite > Author
- New Author Path
- Block default path
Rewrite > Search
- New Search Path
- Block default path
Rewrite > XML-RPC
- New XML-RPC Path – Change default XML-RPC path / url
- Block default xmlrpc.php – Block default XML-RPC url
- Disable XML-RPC authentication – Filter whether XML-RPC methods requiring authentication
- Remove pingback – Remove pingback link tag from theme
Rewrite > JSON REST
- Disable JSON REST V1 service – Disable an API service for WordPress which is active by default.
- Disable JSON REST V2 service – Disable an API service for WordPress which is active by default.
- Block any JSON REST calls – Any call for JSON REST API service will be blocked.
- Disable output the REST API link tag into page header
- Disable JSON REST WP RSD endpoint from XML-RPC responses
- Disable Sends a Link header for the REST API
Rewrite > Root Files
- Block license.txt – Block access to license.txt root file
- Block readme.html – Block access to readme.html root file
- Block wp-activate.php – Block access to wp-activate.php file
- Block wp-cron.php – Block access to wp-cron.php file
- Block wp-signup.php – Block default wp-signup.php file
- Block other wp-.php files – Block other wp-.php files within WordPress Root
Rewrite > URL Slash
- URL’s add Slash – Add a slash to any links without. This disguise any existing for a file, folder or a wrong url, they all be all slashed.
General / Html > Meta
- Remove WordPress Generator Meta
- Remove Other Generator Meta
- Remove Shortlink Meta
- Remove DNS Prefetch
- Remove Resource Hints
- Remove wlwmanifest Meta
- Remove feed_links Meta
- Disable output the REST API link tag into page header
- Remove rsd_link Meta
- Remove adjacent_posts_rel Meta
- Remove profile link
- Remove canonical link
General / Html > Admin Bar
- Remove WordPress Admin Bar for specified urser roles
General / Feed
- Remove feed|rdf|rss|rss2|atom links
General / Robots.txt
- Disable admin url within Robots.txt
General / Html > Emoji
- Disable Emoji
- Disable TinyMC Emoji
General / Html > Styles
- Remove Version
- Remove ID from link tags
General / Html > Scripts
- Remove Version
General / Html > Oembed
- Remove Oembed
General / Html > Headers
- Remove Link Header
- Remove X-Powered-By Header
- Remove X-Pingback Header
General / Html > HTML
- Remove HTML Comments
- Minify Html, Css, JavaScript
- Disable right mouse click
- Remove general classes from body tag
- Remove ID from Menu items
- Remove class from Menu items
- Remove general classes from post
- Remove general classes from images
Admin > wp-login.php
- New wp-login.php – Map a new wp-login.php instead default
- Block default wp-login.php – Block default wp-login.php file from being accesible
Admin > Admin URL
- New Admin Url – Create a new admin url instead default /wp-admin. This also apply for admin-ajax.php calls
- Block default Admin Url – Block default admin url and files from being accesible
CDN
- CDN Url – Set-up CDN if apply, some providers replace site assets with custom urls.
This free version works with Apache and IIS server types.
Something is wrong with this plugin on your site? Just use the forum or get in touch with us at Contact and we’ll check it out.
A website example can be found at https://demo.wp-hide.com/ or our website WP Hide and Security Enhancer
Plugin homepage at WordPress Hide and Security Enhancer
This plugin is developed by Nsp-Code
LOCALIZATION
Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
Please help by promoting this plugin with an article on your site or any other place. If you liked this code or helped with your project, consider to leave a 5 star review on this board.
Screenshots
FAQ
Feel free to contact us at contact@wp-hide.com for fast support.
Absolute None!
No files and directories are being changed on your server, everything is processed virtually! The plugin code use URL rewrite techniques and WordPress filters to apply all internal functionality and features.There’s no requirements on php knowledge. All plugin features and functionality are applied automatically, controlled through a descriptive admin interface.
A demo instance can be found at https://demo.wp-hide.com/ or our own website WP Hide and Security Enhancer
If the server runs full-stack Nginx, the free plugin can’t generate the required format Nginx rewrite rules. It works with Apache, LiteSpeed, IIS, Nginx as a reverse proxy and compatible.
Everything works as before, no functionality is being broken. You can run updates at any time.
No, the plugin changes only assets links ( CSS, JavaScript, media files ) and not actual content URLs. There will be no negative impact from SEO perspective, whatsoever.
Yes, the plugin works with any cache plugin deployed on your site.
This free code can with Apache, IIS server types and any other set-up which rely on .htaccess usage.
For all other checks the PRO version at WP Hide PROThere are few things to consider when run on litespeed servers:
Ensure the liteserver actually process the .htaccess file where the rewrite data is being saved. Check with the following topic regarding this issue Post
If you use Litespeed Cache plugin, in the Optimization Settings area, disable the CSS / JS Minify
If your litespeed server requires to place the rewrite lines in a different file e.g. config file or interface, consider upgrading to PRO version which includes a Setup page where you can get the rewrite code WP Hide PRO.
As default, on Bitnami LAMP set-ups, the system will not process the .htaccess file, so none of the rewrites will work. You can change this behavior by updating the main config file located at /opt/bitnami/apps/APPNAME/conf/httpd-app.conf , update the line
More details can be found at Bitnami Default .Htaccess
