Affiliate Disclosure: Some links on this website are affiliate links. We make commissions for purchases made through those links.
We only recommend items/tools that we've personally used and like.
In this article we’re going to discuss the steps to take to hide the fact that your website is using WordPress. WordPress is an incredibly popular CMS, and There are various reasons to hide That your website is using it as it’s back bone: The main reason being security.
Because of the popularity of WordPress, it’s a major target for hackers. If somebody is able to figure out an exploit, they can break into around 30% of websites online. Because of that, a security method that many people use is known as obscurity. If you can obscure the fact that you are using WordPress, the automated Bots that are deployed to scan and hack vulnerable websites will simply pass over your website.
This answer varies between WordPress versions, plugin installations, and the themes that you’re using, but there are several universal things that you can use to obscure the fact that your website is using WordPress.
The most impactful thing that you can do is hide the common paths from the public. Common paths include WP login, XMLRPC, and others. Here’s a quick checklist of what you should keep in mind (from Hide My WP):
Now that we have identified the paths that we actually want to hide, here’s how to go ahead and do that. Of course, you could hardcode these out manually, but this would take a ton of time and be overwritten every time a new version of WordPress was installed. Instead, the smart choice is a plugin. And, luckily there’s a plugin designed specifically for security by obscurification called Hide My WP Ghost.
If you’re serious about hiding the fact that your website is using WordPress, this is the single best solution on the market. You’ll need to opt for the pro version to completely hide the fact that you’re using WordPress, but there’s also a well featured light version available from the WordPress repository. For the rest of this tutorial, we’re going to be talking about the paid version because it offers the most features and is fairly affordable even for small websites.
Hide My WP Ghost hides all of those listed paths, as well as additional ones, by using redirects. Because of that, this isn’t rewritten every time WordPress is updated, and it can effectively change all plugins, themes, and traces of WordPress on both the front end and the backend.
It has specific compatibility for some of the most popular plugins out there, like elementary, word fence security, lightspeed cash, and more. It is also comparable with most major hosting, and most versions of WordPress. It even works with WP multi site.
The main feature here is that it will cover up all of the hardcoded admin URLs, like the login, back end WP admin, and more. As we stated, these basic features are included in the light version of the plugin, but the pro version of the plugin completely changes all paths related to WordPress by using redirects, hides plugin names, team names, style IDs, and more, changes all common path, as a firewall, how is the DNS prefetch WordPress link, changes all URLs by mapping them to different locations, disables Rest API and XMLRPC access and more.
It also has built-in brute force protection by using the Google reCaptcha, incorporates the blacklist and white list, logs all user activity, and has integration for all different server types. It’s also recommended by the WP rocket plugin, and protects against pretty much every major method of hacking the WordPress contact management system that has been figured out so far.
Major hacks Hide My WP Pro Protects against:
If you’re looking to hide the fact that your website is using WordPress as it’s underlying content management system, for security, public perception, or something else, it’s important to identify everything that makes it easy to figure out the website is running WordPress.
Once you know all of the paths, DNS calls, styles, and more, you can opt to manually change them or use a plugin like Hide My WP Ghost to do that automatically. Of course, we always recommend the plugin because it’s easy to use, relatively cheap, and won’t get over it and every time WordPress is updated. Once you know all of the paths, DNS calls, styles, and more, you can opt to manually change them or use a plugin like Hide My WP Ghost to do that automatically. Of course, we always recommend the plugin because it’s easy to use, relatively cheap, and won’t get over it and every time WordPress is updated.
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.