Hide My WP is a WordPress security plugin, capable of multiple security features such as Hiding WordPress, Stopping Bots & Blocking Attacks against your WordPress website.
This article is a detailed review of this plugin with specific use cases. Let’s first create a disposable WordPress website using InstaWP.
Installation
Upload the plugin to the WordPress admin panel & Activate the plugin.
Setup
This plugin makes it easy to set up using the startup wizard-based interface. Simply choose your “security appetite”, in most cases go for the default – Medium Privacy Settings and click Select Setting.
The next step will ask you for the purchase code which you obtain from the codecanyon “Downloads” page.
Dashboard
Right off the bat, you will see some important security vitals for your WordPress website.
For example, you can check how many Intrusion attempts have been blocked, how many bots have been blocked by the Trust Network.
Over a period of time, this vital data will start showing real IP addresses.
You may also see some missing fixes from your settings like this, make sure to enable Permalinks for Hide My WP to work. You can also enable the “Full Hide” option
Hiding WordPress: Is this website using WordPress?
Let’s see if Hide My WP can really hide WordPress or not.
Test #1 – Mention of WordPress in Source code
Most of the time, people simply right-click in the source code and search for “wordpress” or just the “wp” keyword. As you can see, 0 counts of WordPress were found.
✅ Check Passed
Test #2 – Checking Headers
Few smart ones know the trick to find out WordPress using advanced methods – by checking web servers’ response headers. To do this, open Chrome Developers Tools and open the Network tab, refresh your website.
✅ Check Passed
Test #3 – Block wp-login.php or wp-admin pages.
Let’s try to open the common WP pages which everyone knows. As you can see in the screenshot, the login page simply returns a 404 (not found). This will help your block brute force attacks.
✅ Check Passed
Test #4 – Use an online theme detector like wappalyzer or builtwith.com
Popular theme detectors can not only tell which software are you using, they can show which plugins or themes you are using. Let’s see if our test site can pass this test.
✅ Check Passed
Test #5 – What theme is that?
Many online tools provide a way to find out which theme and plugin your site you are using:
Blocking Hacking Attempts: Intrusion Detection
Hide My WP comes with bundled Intrusion Detection & Block system. When you enable this option, it automatically blocks attacks like SQL Injection, Cross Site Scripting (XSS), Path Traversal, File Injection, PHP Injection, and more.
Lets do a sample attack on our test site and see what happens:
When an attack is blocked, it’s shown in the Intrusion logs. You may notice the IP Address and Country being shown in the logs. Also, you can do a 1-click Ban for the particular IP address!
Block Bots: Using Trust Network
If your Hide My WP is configured to participate in Trust Network, meaning attacks on your WP site will be reported to our central database. This database then is synced with all WP running Hide My WP plugins. Neat?
As you can see, our instance is already participating and using the IP address from Trust Network to block nasty bots brute-forcing your website.
Conclusion
We have covered just a tiny bit of what Hide My WP can do. Apart from these 3 main features, it can also do:
- Block Country Codes
- Hide Popular plugins like Elementor, WooCommerce, etc.
- Disable XMLRPC
- Replace Text in Source Code
- Disable Directory Listing
- Rename all plugins
- Rename almost anything (feeds, posts, page, category, etc).
Hide My WP is available on Codecanyon with 4.5+ ratings from over 30,000 happy customers.
