Following the final huge assaults focusing on WordPress websites the place we’ve seen a minimum of 90,000 web sites attacked throughout April 2013, it’s unthinkable at the moment to go away your WP with no minimal of safety…
I can’t speak on this submit in regards to the important precautions akin to renaming the admin, defending its information, and so forth., for this half I counsel you to learn the article 11 Safety Suggestions for WordPress.
Amongst sure options and varied “safety” plugins, I had opted for Login Ninja permitting to harden / management the login of my WordPress and to routinely ban insistent IPs;)
It is a good resolution however alas, the robots and applications are increasingly more quite a few and enormous customers of bandwidth.
This resolution subsequently now not suited me so I searched and located a plugin that gives a distinct angle… As a substitute of locking, it camouflages/hides the truth that we use a WordPress and it makes a giant distinction!
Cover My WP controls entry to PHP information, it protects your web site from 95% of SQL injections and XSS assaults. Hackers, spammers and bots can’t acknowledge your WordPress and actually ignore you!
No adjustments to information or folders, all stay of their default location! It’s merely a matter of controlling entry to it, which ensures most compatibility of the plugin.
Nobody ought to know that you’re utilizing WordPress
The precept could be very easy, in case you have no idea that I take advantage of a WordPress web site then you’ll not attempt to hack a WordPress!
HideMyWP hides your delicate information:
Change WordPress theme listing:
Change plugins listing and hash plugins identify
- /modules/0f6a208e/shortcodes.css (au lieu de: / wp-content/plugins/zilla-shortcodes/shortcodes.css)
- /modules/0f6a208e/shortcodes.php – 404 Not discovered! (deny entry)
Change obtain url, wp-includes folder, AJAX url, and so forth…
- mysite.com/myfiles/panorama.jpg (as an alternative of: …/wp-content/uploads/panorama.jpg)
- monsite.com / mylibs / js / jquery / jquery.js (au lieu de: … / wp-includes/js/jquery/jquery.js)
- monsite.com / ajax.php (au lieu de: … / wp-admin/admin-ajax.php)
Decide if the positioning is a WordPress:
And somewhat extra…
- Change any phrase in your output HTML file
- Notifies you when somebody is redirected to your WordPress web site (with customer particulars, person IP, referrer and even nickname!)
- Compress output html and take away feedback in supply code
- Take away WordPress META data and RSS feed
- Change default WordPress e mail sender tackle
- Customized or theme 404 web page
- Take away pointless menu courses
- Clear up physique courses
- and so forth…
Incessantly Requested Questions… Legit…
Does it bodily change my WordPress folders and information?
No, every little thing stays in its default location, HideMyWP simply controls entry. This ensures most compatibility.
I conceal each wp-login and wp-admin, however I can nonetheless see them. Why ?
As a result of you’re a logged in administrator! Sign off and check out once more. Remember to save lots of the brand new login tackle someplace.
I am unable to log in, what ought to I do now?
When hiding wp-login.php you have to add your Admin key phrase to login. Tackle: ?. eg yoursite.com/wp-login.php hide_my_wp=1234 (1234 is the default key) If in case you have different issues simply use your FTP or a file supervisor and rename the plugin folder to one thing else (in wp-content/plugins), it is going to then disable the plugin.
Does it work with Nginx?
Since model 1.5 Cover My WP helps Nginx. You should have write entry to the Nginx configuration file. Please word utilizing multi-site on Nginx shouldn’t be but formally supported, however in case you can convert htaccess guidelines to Nginx you can also make it work.
What if I deactivate the plugin. Is every little thing again to the way it was earlier than?
Completely! Simply disable it from the admin panel and every little thing shall be again to the way it was earlier than. If you’re utilizing a cache plugin you might have to clear the cache. If the plugin was deleted or renamed by accident, go to Settings -> Permalinks and every little thing shall be again to regular!
Does this have an effect on my web site pace? (attributable to many redirects)
Cover My WP doesn’t use 30x redirects however largely as an alternative, the rewrite rule which is inner and subsequently has no bearing on pace. A pace hit can happen when you might have approach too many WordPress plugins. All choices are defined intimately and you’ll select between quick and/or appropriate choices.
Does it work in multi-sites and in community?
Since model 1.5 Cover My WP helps multi-site subdomains and subdirectories. It’s attainable for the positioning admin to make use of the community panel and configure the plugin for your entire community. You might want to write entry to replace htaccess file and themes to rename.
Why is my plugin settings web page totally different from official screenshots?
It is because you do not allow the WordPress permalink construction or your host does not assist rewrite URLs (particular htaccess.).
Does HideMyWP have an effect on my search engine marketing?
In the event you do not change the primary content material of the URLs (articles, classes, tags) no, there is no such thing as a search engine marketing drawback.
Notice that HideMyWordPress overrides the default settings of your WP permalinks for posts, classes, tags. So even with out this plugin in case you change these settings it is going to have an effect on your rating.
Okay so how does it work?
Primarily with URL rewriting and a few redirects by way of your .htaccess however not solely…
You’ll be able to in fact select the diploma of confidentiality with 3 predefined ranges: Extremely-confidential, Medium (quick) and Medium (appropriate).
Be sure you have entry to your htaccess file (if utilizing Apache) or configure your internet server manually (if utilizing Nginx or multi-site).
Cover My WP is bought round 15€, this premium plugin is a wonderful resolution and sadly there’s presently no equal in free or freemium model.
Watch out nonetheless, organising this plugin might be difficult for newbies and a few capabilities, particularly rewriting, can generally trigger issues. It is usually advisable to make a full backup of your WordPress earlier than putting in it.
Additionally word that if HideMyWordPress is sufficient to shield in opposition to Bots, it is not going to be sufficient in opposition to an knowledgeable hacker who completely desires to pressure your web site;)
This plugin was examined by Julio de Boite à Net, WordPress safety specialist and contained a safety flaw… The writer was contacted and corrected it on model 1.8 😉