Should You Hide That You Use WordPress? Find Out Why and How!

Should You Hide That You Use WordPress? Find Out Why and How!

Security is an important concern for WordPress users. We talk regularly about security, among other things, in alerts about themes and plugins and how to protect ourselves from hackers. But the word “security” is a simple point of view and there is no limit to the protection of our websites.

Majority of the users don’t think the same when they say “hide WordPress”. What do we usually mean by “hiding that we use WordPress”? The answer is simple, we try to hide the fact that our website works in WordPress, to all users and robots trying to identify our content management system (CMS).

Tip: Security plugins enhance the security aspects of WordPress websites, but there are other ways to harden them. Read more: Tips to Secure Your WordPress Website.

Does Hiding That You Use WordPress Improve Security?

Many of us may have asked, “how to hide my WordPress?”. The idea is not new, but there is a lot of controversy about hiding or not hiding that WordPress is powering your website.

The information concealment technique is known as obfuscation security. Many WordPress experts believe that this has no impact on the security of WordPress websites.

You are probably wondering, why?

According to the experts, there are hundreds of other ways to know that you are using WordPress, core version, and other aspects. The advanced users can find many websites that explain to them that you use WordPress by obfuscation hence it has no impact on the WordPress security.

You’re A Giant or Not, It Doesn’t Matter!

It should be noted that many small online ecommerce stores think that hackers will never attack them because their stores are too small to interest them. The reasoning is intuitive, but the truth is different. According to an article in Forbes Magazine, nearly 30,000 websites are hacked daily. Similarly, Sucuri issued Hacked Website Report 2017 that “analyzes over 34,000+ infected websites” and WordPress tops in that report with 83 percent.

Image Courtesy: Sucuri

Don’t you think it is an impressive number, an eye-opener?

In short, it doesn’t matter whether you are a whale (AliExpress, Amazon, eBay, Walmart) or a goldfish, you can be hooked or caught one day.

But, before we go any further, let’s list some of the basic things you can do to make your WordPress website more secure.

Basic Safety Rules to Secure WordPress

The first rule of securing your WordPress website is to use strong passwords. There is nothing like a strong password. If you don’t know how to generate a strong password, there are many random password generators available for free on the Internet.

Here is an example of a strong password:

3VMgzm<u@gdjduA

The second rule is to make updates as soon as a new version is available. We have seen many WordPress website owners (including professional websites) who “superbly” ignore all updates: WordPress Core, plugin, and themes. This behavior is the door open to the problems since hackers only wait for that vulnerabilities to access your website without permission.

The third rule is to use a security plugin such as iThemes Security, Wordfence, etc.

The fourth rule is to consider protecting your login page from brute force attacks by inserting a CAPTCHA and/or two-factor authentication.

Why You Should Not Hide That You Use WordPress?

Many WordPress website owners are not convinced that using obfuscation to secure their websites is a good thing and that’s why we have mentioned few reasons at the beginning of this article.

Here are other reasons that may convince you not to use obfuscation to secure your WordPress website:

  • Malicious robots don’t consider the version of WordPress.
  • There are many ways to know that you are using WordPress.
  • Any hacker able to access your website will eventually find information that you forgot to hide.
  • If obfuscation was the solution, we would have no version of the products available on the market.

Still Not Convinced? Let’s Continue!

We understand that there are many situations that can lead to the use of obfuscation for security, but whatever the reason, we must go ahead and hide WordPress from hackers.

WordPress is a well-known content management system. More than 30% websites on the Internet use WordPress. Because of this popularity, hacking a WordPress website has become a goal of achievement for hackers.

Every year, thousands of WordPress websites are hacked. The reasons are many, such as vulnerable themes or plugins, simple passwords, etc.

Yet that WordPress is a secure platform?

Image Courtesy: Wordfence

If a hacker gains access to a WordPress website, he makes changes most of the time to hide his tracks and keep his access as administrator of a WordPress website:

  • He creates a new account with administrator privileges
  • He resets the password to make sure no other user can recover access
  • He changes the role of existing accounts
  • He modifies the content by injecting malicious code
  • He creates redirects in .htaccess files

Hacking of WordPress Is Easy but Can Be Avoided

There are different plugins, free and paid, to secure WordPress website. The most popular are WordFence Security, BulletProof Security, and iThemes Security.

And if you could completely hide that you use WordPress for websites for even more protection?

If you have the budget and if your WordPress website is the hub of your business, it is recommended to strengthen the security of your website to ensure you are protected against targeted attacks.

The most popular plugins for you to remove powered by WordPress are Hide My WP, Swift Security, and WP Hide and Security Enhancer.

Hide My WP

Hide My WP works as a general security plugin and hides the fact that you use WordPress by changing your permalinks without making any changes to the actual locations of your files. The goal of this plugin is to give your WordPress website an extra layer of security:

  • It allows changing the permalinks of the files (like wp-admin) to hide them from the collecting robots.
  • Removes meta information (such as the version number) from your headers.
  • Control access to your PHP files.
  • Modify subdirectories of default vulnerable folders, such as wp-content.
  • Hide files that can give information about your WordPress installation (like readme.html or license.txt).
  • Warns you of security risks with the new “Intrusion Detection System” service.
  • Access notifications to a 404 page.
  • Setting custom URLs for static files (image, CSS, and JavaScript files) etc.

Hide My WP is easy to install and configure. All settings and options are well explained so you always know what you are doing and what each feature works. It is a great investment for anyone using WordPress for blogging, ecommerce or a small business.

Swift Security Bundle

Swift Security puts a bulletproof vest on your WordPress website. This plugin, not content to remove powered by WordPress, also has a Firewall module and a module that scans the code to detect the malicious code.

It has many features such as:

  • Minification of CSS/JavaScript code
  • Filter IP addresses
  • Anti Force Brute
  • Notifications by email or Push
  • Blocks spam comments
  • Removes HTML comment code etc.

With Swift Security, you will make your WordPress website more secure. A big advantage of this plugin is that you don’t need any special technical knowledge.

WP Hide and Security Enhancer

WP Hide completely hides your WordPress core files along with login page, theme, and plugin from those who are visiting your website. Apart from changing the default URLs of your WordPress website, it also hides them!

Some awesome features of this plugin include:

  • Block default plugins paths
  • Block default upload URLs
  • Block any direct folder access to completely hide the structure
  • Adjustable theme URL

WP Hide is an effective plugin if you want to completely remove powered by WordPress from your WordPress website.

Did You Choose to Hide WordPress?

After reading this article, have you made the choice to hide your website uses WordPress or will you change anything? What steps did you take to hide your favorite CMS and how did it work for you? Share your points of view and experiences in the comments below!

WPblog

WP Blog is dedicated to getting you up and running
in the field of Wp blog wizardry - No Wands Involved!