Hide My WP – No one can know you use WordPress!

Update: Hide My WP 2.2 was released.

Since Hide My WP 1.5 it offically supports Multi-site, Nginx and child themes (not IIS currently).

Did you know:

• More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. In total, 8 million vulnerable plugins were downloaded. JUN 2013. [Source]
• 7 out of top 10 most popular e-commerce plugins are vulnerable to common Web attacks.
  This amounts to more than 1.7 million downloads of vulnerable e-commerce plugins. [Source]
• Hide My WP protects you from recent massive brute-force attacks on WordPress installations. This massive hacker attack could aim at the biggest, most aggressive botnet ever seen. [Source]

We all love WordPress, but in most cases we prefer to hide the fact that we are using a blogging platform for our entire business.
From other side every day a couple of new security bugs found in plugins, themes and WordPress itself. Are we safe? Can all plugin authors be notified timely about bugs? Are all of them responsible for security problems they generated? or can we update our plugins everyday?

Hide My WP created to help us. It not only boosts our security but it also allows us to have more beautiful URLs and permalinks!

Customers Feedback

YES!! I saw this earlier today but just couldn’t resist to put off buying it. And I must say this plugin works just as described.
I love it!
And I gave the official 3rd rating so now you have 5 STARS PressPrime Thanks.
– noahjnet

I really think you are onto something highly unique with this plugin.
For a few years now, I’ve been wishing someone could develop something that can help protect files, folder names, etc and you have clearly worked very hard to do just that.
Keep up the great work! I look forward to seeing what else you come up with!
* 5 Stars! *

– mrhocs

As a veteran of a thousand psychic wars… this is fabulous and is most useful! Good on Ya! for making this one! I wish you many sales as they are well deserved. For privacy… what man can pay a price as that? Privacy is key If one wants to take it… Molon Labe.

Keep up the work as we are in need of your talent. Thank you
– drmedia1

5 stars to u! My website has lots of plugins and I wasn’t believe your plugin will work with them but I was wrong. Super
– alexus13

Boost your security

Hide My WP control access to PHP files. It protects your site from almost 90% of SQL-Injection and XSS attacks caused by direct access to PHP files. This means you can install unsafe plugins without worry about security. You know hackers, spammers and bots all love WordPress, too with Hide My WP they can’t recognize (or access to) WordPress and simply ignore you!

Change WordPress permalinks

The magic starts now… But before it stick in your mind we don’t change any file or folder and everything is in its default location! we just control access to it and this guarantees maximum compatibility for the plugin.

Hide wp-login.php

• Try this: wpwave.com/wp-login.php
• Not found!? OK. Try this one: wpwave.com/wp-login.php?hide_my_wp=1234

Hide wp-admin and all of its files (for untrusted users)

• wpwave.com/wp-admin/ – Not found!

Change WordPress theme directory, remove theme Info from stylesheet, replace default WP classes and finally minify it!

• wpwave.com/template/main.css
  (Instead: …/wp-content/themes/twentytwelve/style.css)

Change plugins directory and hash plugins name

• wpwave.com/modules/0f6a208e/shortcodes.css (Instead: …/wp-content/plugins/zilla-shortcodes/shortcodes.css)
• wpwave.com/modules/0f6a208e/shortcodes.php – Not found! (Deny access)

Change upload URL, wp-includes folder, AJAX URL, etc.

• wpwave.com/file/test-image-landscape.jpg
  (Instead: …/wp-content/uploads/test-image-landscape.jpg)
• wpwave.com/lib/js/jquery/jquery.js (Instead: …/wp-includes/js/jquery/jquery.js)
• wpwave.com/ajax.php – Output 0 (Instead: …/wp-admin/admin-ajax.php)

Change WordPress queries URL:

• New URLs:
• wpwave.com/?article_id=1
• wpwave.com/?user=1
• wpwave.com/?find=hide
• Old, not working URLs:
• wpwave.com/?p=1 – Nothing happen!
• wpwave.com/?author=1 – Nothing happen!
• wpwave.com/?s=hide – Nothing happen!

Change author permalink (or disable it!)

• New: wpwave.com/admin or wpwave.com/profile/admin (Optional)
• Old: wpwave.com/author/admin – Not found!

Change or disable feeds

• New: wpwave.com/index.xml
• New: wpwave.com/cat/aciform/index.xml
• Old: wpwave.com/feed/ – Not found!
• Old: wpwave.com/cat/uncategorized/feed/ – Not found!

Hide all other WordPress files!

• wpwave.com/readme.html – Not found!
• wpwave.com/license.txt – Not found!

Disable WordPress archives, categories, tags, pages, posts, etc

• wpwave.com/2012/09/ – Not found!
• wpwave.com/?m=201209 – Nothing happen!

Continue reading there’s still more!

• Easily replace any words in your html output file!
• Notify you when someone is mousing about your WordPress site (included with visitor details like IP, user agent, referrer and even username!)
• Compress html output and remove comments in source code
• Remove WordPress meta Info from header and feeds
• Change default WordPress email sender
• Custom 404 page!
• Remove unnecessary menu classes
• Clean up body classes

Changelog

2.2 – 11/20/2013

-Bug Fix: Now entering Purchase Code will remove annoying warning messages
-Bug Fix: Compatibility with /subdirectory/subdirectory/(..) network-enabled installs 
-Improvement: WordPress 3.7 compatibility
-Improvement: Canonical URLs is now enabled by default (plus for settings schemes)
-Improvement: Several colorful messages added to reduce support queries
-Bug Fix: Buddypress pages bug (in some conditions)
-Bug Fix: Fix /wp-login.php/ URL
-Bug Fix: Remove a notice warning in generating debug report

2.1 & 2.11 09/21/2013

- Bug Fix: A problem in replacing new URLs (2.11) 
- New Feature: Login parameter 'hide_my_wp' is now changeable!
- Improvement: W3 Total Cache Minify module works now! (Read FAQ)
- Improvement: Better blocking of CMS finder tools
- Improvement: W3TC credit text will be removed automatically (for untrusted users)
- Improvement: Presstrends code added
- Bug Fix: Log out problem in some environments
- Bug Fix: Warning message appeared in some environments
- Bug Fix: A number of fixes in helper class

2.01 – 08/11/2013

- Bug Fix: Added Replace in HTML back 
- Bug Fix: Correct a warning message

2.0 – 08/10/2013

- Improvement: Full WordPress 3.6 compatibility
- Feature: Replace, rename or hide any file or folder
- Feature: Simple page compression added
- Feature: Block access of CMS finders tools to pages (beta)
- Improvement: Change order of header info to hide WP better
- Improvement: Add xmlrpc.php to excerpt list by default 
- Improvement: Cached CSS age extended to 3 days
- Improvement: Better description and messages for easier configuration
- Bug Fix: Scheduling problem for plugins like Backup Buddy was fixed
- Bug Fix: Preview button problem in new post page was fixed
- Bug Fix: Problem in full SSL websites was fixed 
- Bug Fix: Notice message appear in update settings was fixed
- Minor changes

v1.81 & 1.82 – 06/10/2013

- Bug fix: A bug caused problem with new upload path in subdomain installs
- Bug fix: Removed unnecessary success messages for reset defaults, import, etc.
- Bug fix: Removed an unnecessary warning message. (1.81)
- Bug fix: Correct miss-spelled labels

v1.8 – 06/08/2013

- Feature: Ability to choose manual configuration to use customized htaccess
- Improvement: Better quick fix guide
- Bug Fix: External uploaded WordPress images now works correctly
- Bug Fix: CSRF flaw detected by Julio (boiteaweb.fr)
- Bug Fix: Trim Replace in HTML field
- Bug Fix: Better replace for WooCommerce plugins
- Minor changes

v1.7 – 05/06/2013

- Feature: Ability to replace JS URLs for different entities (e.g. \ /wp-content\ /themes)
- Improvement: BulletProof Security plugin compatibility
- Improvement: Ability to replace codes with '=' sign using [equal] tag
- Bug Fix: Child themes bug fix 
- Bug Fix: A bug in exporting Replace in HTML content
- Bug Fix: A bug in exporting values with double slashes
- Minor changes in UI

v1.6 – 04/20/2013

- Feature: Ability to rename all plugins (useful for plugins located in premium themes)
- Improvement: New and better settings scheme
- Improvement: Added quick fix guide to Start tab
- Files: Update file structure to work with new Codecanyon changes
- Bug Fix: ob_start bug fix for better compatibility
- Bug Fix: Search widget bug
- Bug Fix: Hide login, admin, etc. shortcuts
- Bug Fix: Replace all AJAX URLs
- Bug Fix: Fix a bug in Nginx rewrite rules in sub-folder installs
- Documentation: Added documentation for Nginx and multisite configuration
- Minor changes

v1.5 – 04/04/2013

- Performance: Up to 3 times faster with new partial replace mode!
- Feature: Nginx and Multi-site support. 
- Feature: Child themes support
- Feature: Two different minify options for HTML and CSS
- Feature: Better compatibility with two additional options for PHP files access
- Feature: Option to hide _wpnonce and theme screenshot
- Improvement: Better support for sub-directory installs
- Improvement: More compatibility for class clean up options
- Bug Fix: Style path bug
- Bug Fix: Fixed login URL problem and better compatibility with login-related plugins
- Minor bug fixes