Security is an important concern for WordPress users. We talk regularly about security, among other things, in alerts about themes and plugins and how to protect ourselves from hackers. But the word “security” is a simple point of view and there is no limit to the protection of our websites.
Majority of the users don’t think the same when they say “hide WordPress”. What do we usually mean by “hiding that we use WordPress”? The answer is simple, we try to hide the fact that our website works in WordPress, to all users and robots trying to identify our content management system (CMS).
Tip: Security plugins enhance the security aspects of WordPress websites, but there are other ways to harden them. Read more: Tips to Secure Your WordPress Website.
Does Hiding That You Use WordPress Improve Security?
Many of us may have asked, “how to hide my WordPress?”. The idea is not new, but there is a lot of controversy about hiding or not hiding that WordPress is powering your website.
The information concealment technique is known as obfuscation security. Many WordPress experts believe that this has no impact on the security of WordPress websites.
You are probably wondering, why?
According to the experts, there are hundreds of other ways to know that you are using WordPress, core version, and other aspects. The advanced users can find many websites that explain to them that you use WordPress by obfuscation hence it has no impact on the WordPress security.
You’re A Giant or Not, It Doesn’t Matter!
It should be noted that many small online ecommerce stores think that hackers will never attack them because their stores are too small to interest them. The reasoning is intuitive, but the truth is different. According to an article in Forbes Magazine, nearly 30,000 websites are hacked daily. Similarly, Sucuri issued Hacked Website Report 2017 that “analyzes over 34,000+ infected websites” and WordPress tops in that report with 83 percent.
Image Courtesy: Sucuri
Don’t you think it is an impressive number, an eye-opener?
In short, it doesn’t matter whether you are a whale (AliExpress, Amazon, eBay, Walmart) or a goldfish, you can be hooked or caught one day.
But, before we go any further, let’s list some of the basic things you can do to make your WordPress website more secure.
Basic Safety Rules to Secure WordPress
The first rule of securing your WordPress website is to use strong passwords. There is nothing like a strong password. If you don’t know how to generate a strong password, there are many random password generators available for free on the Internet.
Here is an example of a strong password:
The second rule is to make updates as soon as a new version is available. We have seen many WordPress website owners (including professional websites) who “superbly” ignore all updates: WordPress Core, plugin, and themes. This behavior is the door open to the problems since hackers only wait for that vulnerabilities to access your website without permission.
Why You Should Not Hide That You Use WordPress?
Many WordPress website owners are not convinced that using obfuscation to secure their websites is a good thing and that’s why we have mentioned few reasons at the beginning of this article.
Here are other reasons that may convince you not to use obfuscation to secure your WordPress website:
- Malicious robots don’t consider the version of WordPress.
- There are many ways to know that you are using WordPress.
- Any hacker able to access your website will eventually find information that you forgot to hide.
- If obfuscation was the solution, we would have no version of the products available on the market.
Still Not Convinced? Let’s Continue!
We understand that there are many situations that can lead to the use of obfuscation for security, but whatever the reason, we must go ahead and hide WordPress from hackers.
WordPress is a well-known content management system. More than 30% websites on the Internet use WordPress. Because of this popularity, hacking a WordPress website has become a goal of achievement for hackers.
Every year, thousands of WordPress websites are hacked. The reasons are many, such as vulnerable themes or plugins, simple passwords, etc.
Yet that WordPress is a secure platform?
Image Courtesy: Wordfence
If a hacker gains access to a WordPress website, he makes changes most of the time to hide his tracks and keep his access as administrator of a WordPress website:
- He creates a new account with administrator privileges
- He resets the password to make sure no other user can recover access
- He changes the role of existing accounts
- He modifies the content by injecting malicious code
- He creates redirects in .htaccess files
Hacking of WordPress Is Easy but Can Be Avoided
There are different plugins, free and paid, to secure WordPress website. The most popular are WordFence Security, BulletProof Security, and iThemes Security.
And if you could completely hide that you use WordPress for websites for even more protection?
If you have the budget and if your WordPress website is the hub of your business, it is recommended to strengthen the security of your website to ensure you are protected against targeted attacks.
The most popular plugins for you to remove powered by WordPress are Hide My WP, Swift Security, and WP Hide and Security Enhancer.
Hide My WP
Hide My WP works as a general security plugin and hides the fact that you use WordPress by changing your permalinks without making any changes to the actual locations of your files. The goal of this plugin is to give your WordPress website an extra layer of security:
- It allows changing the permalinks of the files (like wp-admin) to hide them from the collecting robots.
- Removes meta information (such as the version number) from your headers.
- Control access to your PHP files.
- Modify subdirectories of default vulnerable folders, such as wp-content.
- Hide files that can give information about your WordPress installation (like readme.html or license.txt).
- Warns you of security risks with the new “Intrusion Detection System” service.
- Access notifications to a 404 page.
Hide My WP is easy to install and configure. All settings and options are well explained so you always know what you are doing and what each feature works. It is a great investment for anyone using WordPress for blogging, ecommerce or a small business.
Swift Security Bundle
Swift Security puts a bulletproof vest on your WordPress website. This plugin, not content to remove powered by WordPress, also has a Firewall module and a module that scans the code to detect the malicious code.
It has many features such as:
- Filter IP addresses
- Anti Force Brute
- Notifications by email or Push
- Blocks spam comments
- Removes HTML comment code etc.
With Swift Security, you will make your WordPress website more secure. A big advantage of this plugin is that you don’t need any special technical knowledge.
WP Hide and Security Enhancer
WP Hide completely hides your WordPress core files along with login page, theme, and plugin from those who are visiting your website. Apart from changing the default URLs of your WordPress website, it also hides them!
Some awesome features of this plugin include:
- Block default plugins paths
- Block default upload URLs
- Block any direct folder access to completely hide the structure
- Adjustable theme URL
WP Hide is an effective plugin if you want to completely remove powered by WordPress from your WordPress website.
Did You Choose to Hide WordPress?
After reading this article, have you made the choice to hide your website uses WordPress or will you change anything? What steps did you take to hide your favorite CMS and how did it work for you? Share your points of view and experiences in the comments below!