Hide That Your Site Is Using WordPress: Here's How

Authored By: James LePage
Published On: November 16, 2020

Affiliate Disclosure: Some links on this website are affiliate links. We make commissions for purchases made through those links.

We only recommend items/tools that we've personally used and like.

Full Disclosure | FTC Statement

amazon elementor E book

In this article we’re going to discuss the steps to take to hide the fact that your website is using WordPress. WordPress is an incredibly popular CMS, and There are various reasons to hide That your website is using it as it’s back bone: The main reason being security.

Because of the popularity of WordPress, it’s a major target for hackers. If somebody is able to figure out an exploit, they can break into around 30% of websites online. Because of that, a security method that many people use is known as obscurity. If you can obscure the fact that you are using WordPress, the automated Bots that are deployed to scan and hack vulnerable websites will simply pass over your website.

Before we get into this article, it is important to note that while you can remove the most obvious signs of WordPress from your website, this is a hard coded CMS that relies on specific classes, PHP functions, JavaScript, and more. If somebody manually goes onto your website and seriously wants to figure out what is using, chances are they can determine that it’s on WordPress even if you obscure that fact. However, obscurity will prevent against brute force attacks, bots, and other things programmed for the vanilla version of WordPress, which is why this is an effective font line security measure.

This answer varies between WordPress versions, plugin installations, and the themes that you’re using, but there are several universal things that you can use to obscure the fact that your website is using WordPress.

Universal Steps to take to hide that you’re using WordPress

The most impactful thing that you can do is hide the common paths from the public. Common paths include WP login, XMLRPC, and others. Here’s a quick checklist of what you should keep in mind (from Hide My WP):

  • Hide WordPress /wp-admin
  • Hide WordPress /wp-login.php
  • Hide WordPress /wp-login/
  • Hide WordPress /login URL
  • Hide Admin-Ajax.php
  • Change Lost Password URL
  • Register, activate, logout
  • wp-json API 
  • WP-content
  • WP-includes
  • All plugins and themes
  • Comments, Cats, Uploads
  • Classes
  • Remove readme
  • Gutenberg
  • WLW Manifest scripts
  • DB-Debug in Frontend
  • Rest API access

Now that we have identified the paths that we actually want to hide, here’s how to go ahead and do that. Of course, you could hardcode these out manually, but this would take a ton of time and be overwritten every time a new version of WordPress was installed. Instead, the smart choice is a plugin. And, luckily there’s a plugin designed specifically for security by obscurification called Hide My WP Ghost.

If you’re serious about hiding the fact that your website is using WordPress, this is the single best solution on the market. You’ll need to opt for the pro version to completely hide the fact that you’re using WordPress, but there’s also a well featured light version available from the WordPress repository. For the rest of this tutorial, we’re going to be talking about the paid version because it offers the most features and is fairly affordable even for small websites.

Hide My WP Ghost hides all of those listed paths, as well as additional ones, by using redirects. Because of that, this isn’t rewritten every time WordPress is updated, and it can effectively change all plugins, themes, and traces of WordPress on both the front end and the backend.

It has specific compatibility for some of the most popular plugins out there, like elementary, word fence security, lightspeed cash, and more. It is also comparable with most major hosting, and most versions of WordPress. It even works with WP multi site.

The main feature here is that it will cover up all of the hardcoded admin URLs, like the login, back end WP admin, and more. As we stated, these basic features are included in the light version of the plugin, but the pro version of the plugin completely changes all paths related to WordPress by using redirects, hides plugin names, team names, style IDs, and more, changes all common path, as a firewall, how is the DNS prefetch WordPress link, changes all URLs by mapping them to different locations, disables Rest API and XMLRPC access and more. 

Hide My WordPress Ghost Plugin - WP Plugins Tips

It also has built-in brute force protection by using the Google reCaptcha, incorporates the blacklist and white list, logs all user activity, and has integration for all different server types. It’s also recommended by the WP rocket plugin, and protects against pretty much every major method of hacking the WordPress contact management system that has been figured out so far.

Major hacks Hide My WP Pro Protects against:

  • Brute Force Attacks,
  • SQL Injection Attacks
  • Script Injection Attacks
  • Cross Site Scripting (XSS)
  • and more

If you’re looking to hide the fact that your website is using WordPress as it’s underlying content management system, for security, public perception, or something else, it’s important to identify everything that makes it easy to figure out the website is running WordPress. 

Once you know all of the paths, DNS calls, styles, and more, you can opt to manually change them or use a plugin like Hide My WP Ghost to do that automatically. Of course, we always recommend the plugin because it’s easy to use, relatively cheap, and won’t get over it and every time WordPress is updated. Once you know all of the paths, DNS calls, styles, and more, you can opt to manually change them or use a plugin like Hide My WP Ghost to do that automatically. Of course, we always recommend the plugin because it’s easy to use, relatively cheap, and won’t get over it and every time WordPress is updated.

Join our list

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
James LePage is the founder of Isotropic Design, a digital agency that builds WordPress websites. I read, write and design constantly!

Social Share

Crafting Stunning Digital Appearances & Assets Out Of New York.
Get In Touch
Syracuse, NY | Charlotte, NC | New York, NY
© 2020 Isotropic, LLC
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram