Should You Hide That You Use WordPress? Find Out Why and How!
Security is an important concern for WordPress users. We talk regularly about security, among other things, in alerts about themes and plugins and how to protect ourselves from hackers. But the word “security” is a simple point of view and there is no limit to the protection of our websites.
Find Out Why and How!
- Does Hiding That You Use WordPress Improve Security?
- Security Is Crucial Regardless of Your Website’s Scope
- Basic Safety Rules to Secure WordPress
- Why You Should Not Hide That You Use WordPress?
- How Hacked WordPress Websites Are Compromised?
- How To Avoid Your WordPress Website From Getting Hacked?
- Did You Choose to Hide WordPress?
Majority of the users don’t think the same when they say “hide WordPress”. What do we usually mean by “hiding that we use WordPress”? The answer is simple, we try to hide the fact that our website works in WordPress, to all users and robots trying to identify our content management system (CMS).
Tip: Security plugins enhance the security aspects of WordPress websites, but there are other ways to harden them. Read more: Tips to Secure Your WordPress Website.
Does Hiding That You Use WordPress Improve Security?
Many of us may have asked, “how to hide my WordPress?”. The idea is not new, but there is a lot of controversy about hiding or not hiding that WordPress is powering your website.
The information concealment technique is known as obfuscation security. Many WordPress experts believe that this has no impact on the security of WordPress websites.
You are probably wondering, why?
According to the experts, there are hundreds of other ways to know that you are using WordPress, core version, and other aspects. The advanced users can find many websites that explain to them that you use WordPress by obfuscation hence it has no impact on the WordPress security.
You’re A Giant or Not, It Doesn’t Matter!
It should be noted that many small online ecommerce stores think that hackers will never attack them because their stores are too small to interest them. The reasoning is intuitive, but the truth is different. According to an article in Forbes Magazine, nearly 30,000 websites are hacked daily. Similarly, Sucuri issued Hacked Website Report 2017 that “analyzes over 34,000+ infected websites” and WordPress tops in that report with 83 percent.
Image Courtesy: Sucuri
Don’t you think it is an impressive number, an eye-opener?
In short, it doesn’t matter whether you are a whale (AliExpress, Amazon, eBay, Walmart) or a goldfish, you can be hooked or caught one day.
But, before we go any further, let’s list some of the basic things you can do to make your WordPress website more secure.
Basic Safety Rules to Secure WordPress
The first rule of securing your WordPress website is to use strong passwords. There is nothing like a strong password. If you don’t know how to generate a strong password, there are many random password generators available for free on the Internet.
Here is an example of a strong password:
The second rule is to make updates as soon as a new version is available. We have seen many WordPress website owners (including professional websites) who “superbly” ignore all updates: WordPress Core, plugin, and themes. This behavior is the door open to the problems since hackers only wait for that vulnerabilities to access your website without permission.
Why You Should Not Hide That You Use WordPress?
Many WordPress website owners are not convinced that using obfuscation to secure their websites is a good thing and that’s why we have mentioned few reasons at the beginning of this article.
Here are other reasons that may convince you not to use obfuscation to secure your WordPress website:
- Malicious robots don’t consider the version of WordPress.
- There are many ways to know that you are using WordPress.
- Any hacker able to access your website will eventually find information that you forgot to hide.
- If obfuscation was the solution, we would have no version of the products available on the market.
Still Not Convinced? Let’s Continue!
We understand that there are many situations that can lead to the use of obfuscation for security, but whatever the reason, we must go ahead and hide WordPress from hackers.
WordPress is a well-known content management system. More than 30% websites on the Internet use WordPress. Because of this popularity, hacking a WordPress website has become a goal of achievement for hackers.
Every year, thousands of WordPress websites are hacked. The reasons are many, such as vulnerable themes or plugins, simple passwords, etc.
Yet that WordPress is a secure platform?
Image Courtesy: Wordfence
If a hacker gains access to a WordPress website, he makes changes most of the time to hide his tracks and keep his access as administrator of a WordPress website:
- He creates a new account with administrator privileges
- He resets the password to make sure no other user can recover access
- He changes the role of existing accounts
- He modifies the content by injecting malicious code
- He creates redirects in .htaccess files
Hacking of WordPress Is Easy but Can Be Avoided
There are different plugins, free and paid, to secure WordPress website. The most popular are WordFence Security, BulletProof Security, and iThemes Security.
And if you could completely hide that you use WordPress for websites for even more protection?
If you have the budget and if your WordPress website is the hub of your business, it is recommended to strengthen the security of your website to ensure you are protected against targeted attacks.
The most popular plugins for you to remove powered by WordPress are Hide My WP, Swift Security, and WP Hide and Security Enhancer.
Hide My WP
Hide My WP works as a general security plugin and hides the fact that you use WordPress by changing your permalinks without making any changes to the actual locations of your files. The goal of this plugin is to give your WordPress website an extra layer of security:
- It allows changing the permalinks of the files (like wp-admin) to hide them from the collecting robots.
- Removes meta information (such as the version number) from your headers.
- Control access to your PHP files.
- Modify subdirectories of default vulnerable folders, such as wp-content.
- Hide files that can give information about your WordPress installation (like readme.html or license.txt).
- Warns you of security risks with the new “Intrusion Detection System” service.
- Access notifications to a 404 page.
Hide My WP is easy to install and configure. All settings and options are well explained so you always know what you are doing and what each feature works. It is a great investment for anyone using WordPress for blogging, ecommerce or a small business.
Swift Security Bundle
Swift Security puts a bulletproof vest on your WordPress website. This plugin, not content to remove powered by WordPress, also has a Firewall module and a module that scans the code to detect the malicious code.
It has many features such as:
- Filter IP addresses
- Anti Force Brute
- Notifications by email or Push
- Blocks spam comments
- Removes HTML comment code etc.
With Swift Security, you will make your WordPress website more secure. A big advantage of this plugin is that you don’t need any special technical knowledge.
WP Hide and Security Enhancer
WP Hide completely hides your WordPress core files along with login page, theme, and plugin from those who are visiting your website. Apart from changing the default URLs of your WordPress website, it also hides them!
Some awesome features of this plugin include:
- Block default plugins paths
- Block default upload URLs
- Block any direct folder access to completely hide the structure
- Adjustable theme URL
WP Hide is an effective plugin if you want to completely remove powered by WordPress from your WordPress website.
How to Remove “Powered by WordPress” Using a Plugin
For this article, I will use the free Remove “Powered by WordPress” plugin which you can download from the WordPress repository.
Once you install and activate the plugin, navigate to Appearance > Customize.
Click on Theme Options…
… and you will see a checkbox that lets you hide “Powered by WordPress” from your website. I hope this method answers your question on how to get rid of the default powered by WordPress message on your site.
The plugin works with all the default themes including:
Twenty Nineteen (widget area not implemented as it’s not suitable)
Did You Choose to Hide WordPress?
After reading this article, have you made the choice to hide your website uses WordPress or will you change anything? What steps did you take to hide your favorite CMS and how did it work for you? Share your points of view and experiences in the comments below!
Frequently Asked Questions
Q1. Can you remove the Powered by WordPress?
Sometimes the theme that you are using have the option to remove or change the footer giving you the ability to remove “Powered by WordPress” from the admin panel. Other than that, you can also edit the footer.php by opening this file and search for “Powered by”.
Q2. How do I change the copyright in WordPress?
Steps to change the footer text
Log in to WordPress admin panel
Navigate on Appearance
Select Theme Editor
Search for the text on the footer
Q3. Am I allowed to remove powered by WordPress?
It is a common misconception that WordPress websites must have powered by WordPress on their websites. This is far from the truth as every WordPress user has the right to remove this statement for various reasons as mentioned in the article above.
Subscribe to Get a FREE WordPress Ebook Right in Your Inbox
WPblog provides the complete guide to launch your WordPress website completely FREE!