In this section, we will explain WordPress. For a powerful security maintenance plug-in, we first enter the official website of the plug-in. This plug-in is Hide My WP Ghost.

Hide WordPress file path:

This security protection plug-in has many powerful functions. For example, we see a description in the picture below. It can hide all traces of our WordPress.

1 Hide My WP Ghost Security Protection Plugin

It was very simple before we judged whether a site was built using WordPress. We only needed to check its source code. In the source code, we can see many paths, which are the addresses of our files. Then, There are directories for files similar to wp-content, wp-plugins, etc. in an address. Then, through this directory, we can quickly determine that this is built using the WordPress program.

Hide WordPress version information:

In addition, of course, we can also see the WordPress version and other specifications in the header, so there is no problem in letting others see our independent display using WordPress. The problem is that WordPress is an open-source program. , everyone can download it, so it isn’t easy to guarantee that some caring people will study this program. After studying it, he finally discovered that there may be some loopholes in it. This is one of the reasons why the WordPress program will continue to be updated. Reason.

Because more people are using it, there are also many people studying it, and the websites built using WordPress are not only used by us; for example, some well-known international websites, such as NASA (nasa.gov) in the United States, the White House Blogs (whitehouse.gov), etc. are all built using WordPress. The information on such a website is susceptible, so at this time, we need to protect our WordPress program in several ways. The first one is to Try to erase the traces of our wordpress as cleanly as possible so that others will not know what program we used to build it.

Hide wordpress default login address:

The standard WordPress login address is to add /wp-admin after the domain name. This allows you to enter our backend login panel directly.

2 Hide My WP Ghost Hide Backend Login Address

Of course, in addition to this address, we can also use /wp-login.php, the login panel that can enter our backend. After he enters our login panel, he may try to crack our account and password. This is also a hidden risk for our independent station, so we need to hide the login address of our administrator.

Redirect login address:

In addition, we can also modify it. If the address he enters is wrong, for example, he enters /wp-admin or /wp-login.php, we can directly redirect 301 to the homepage or other pages.

3 Hide My WP Ghost Link Address Redirection

Independent stationViolenceProtection:

Generally, when we log in to the backend of wordpress, you will find a problem. This problem is that you can enter your username and password without restriction here, but WordPress does not interfere too much. In this case, if some people Keep trying our account and password, it is possible to crack our account and password, so it is also a risk to our independent station; we need to restrict his login. For example, he logged in 3 5 times, and if he keeps making mistakes, then we will directly lock his account. The locking method restricts his IP from logging in, but he may have other methods. at least through this method, This reduces our risk of being hacked.

4 Hide My WP Ghost Violence Protection

IP list settings:

We can also set up some whitelists and blacklists, especially for cross-border friends. Many times, we don’t want domestic peers to open our site, so at this time, we can often enter the IPs of some peers into our site. Block it for IPs that are not consumed.

2FA two-step verification:

In addition, this plug-in also integrates two-step verification. When we usually log in to the WordPress backend, it only requires one password verification, so we can pass two-step verification. For example, you have to enter your password and your email address. Verification code, and then you can log in. If we integrate some of Google’s anti-robot tools, you can also achieve two-step verification.

5 Hide My WP Ghost Security Verification

Independent station security check:

Finally, there is this plug-in. It can also do some security checks on our site to prevent us from failing to do it. It can help us screen it, and then if anything needs to be modified, it will also suggest it. Some revised comments.

6 Hide My WP Ghost security check

Therefore, this plug-in integrates more than 60 security checks, covering some solutions to all the security issues we are worried about when building independent WordPress sites. So, we have prepared this plug-in for everyone. Its current version is 7.2, Now we will install and demonstrate how to use this plug-in.

Hide My WP GhostPlug-in installation

First, we enter our backend, find the plug-in, and install it. Then, we go directly to install the main program and click to open the installation.

7 Hide My WP Ghost plugin installation e1716212206532

After the plug-in is successfully installed, we can directly activate it. After the installation is successful, there will be a cache reminder above. We need to clear it, so we don’t need to worry about it here.

Hide My WP GhostFeatures:

After the installation is successful, at the bottom of our page, we can see there is a Hide my wp, which we click to open and enter the panel. First, we can see it above to remind us to turn on safe mode or ghost mode. Safe mode is actually our regular security protection. If it is ghost mode, its security protection will be higher, and the permissions will be higher.

8 Hide My WP Ghost Dashboard

Next, you can check the security of our entire site, and then he will tell you what has not been done.

In addition, all the core functions are included in this plug-in. For example, the first one is to hide our path. In addition, it is also compatible with caching plug-ins and plug-ins such as elementor so that two-step verification can hide our comments. Path, hide our commented files, including our map files, which can also be added to cdn. In addition, it can also monitor a log in our WordPress backend. You can see which pages users have visited and what modifications have been made.

So, this plug-in is relatively powerful. Let’s explain it to you one by one. First, we need to turn on its safe mode.

Hide My WP GhostSafe mode is on:

Here, we see that it has three modes. The first mode is our non-enabled mode, which does not enable our background login path, which is wp-login.php or wp-admin.

9 Hide My WP Ghost three security modes e1716212266375

The second security mode can hide our background paths, including our wp-content, such as file paths, core files, author paths, etc.

Hide My WP GhostPath test:

The third type is ghost mode, so its requirements will be higher, but under normal circumstances, we do not need such high permissions; we only need to use safe mode. So here we need to turn it on and then click to continue. Then you save it, and it will be opened directly for us.

10 Hide My WP Ghost mode test

Of course, we can also set it up. Now, let’s set it to safe mode first. So here, you must do a test first because it does not guarantee that the security plug-in is compatible with all themes, plug-ins, and your server. So we test it first. For our login, there will be a pop-up window here. We see that it can enter our login interface typically, and we can also log in to the backend, which means there is no problem with our backend.

Then we also need to check our front desk. He told us it was safe, so we must confirm that the plug-in is already working.

11 Hide My WP Ghost Frontend Test

After clicking, we have to wait for a while. It will download a file. Let’s save it. Then, this file will be the backend of your new login. It will change from the previous wp-admin to the new newlogin. Of course, this name is ours. It can be modified. In addition, he also set a safe address for us. If the above address fails, you can use the following address to log in directly.

12 Hide My WP Ghost new login address file e1716212351262

But under normal circumstances we can just save this file.

Because the login address of the backend generally needs to be set to an address we often use, which involves our modification. We will not modify it now. Let’s look at the front’s status first because what he modified just now is the login of our backend. Address, and also modified all our file addresses. Of course, this file address will not affect the actual access address of the files on our server. It is only in the foreground, in our original file, and others cannot see our address. , so let’s right-click to view our source file.

13 Hide My WP Ghost source file file path

After opening it, we can see that our paths here have changed. Previously, these paths all used wp-content. Now we see that it is a library with a file name like this. Then, through this file name, others will not. We know whether you are built using WordPress, so this is the first step in enabling our security protection. So here are some simple settings you can make for the content inside. You don’t need to worry about the content inside.

Backend login address name modification:

For example, we see the wp-admin here, and then we hide the wp-admin. There is also a button here. This button refers to the setting of the second step when we open it. That is, if others still use the large When wp-admin logs in, we just let it jump directly to the homepage, but we can’t log in. Let’s continue to look down. The next one is our login name. We can modify this name, for example We will use Xuejian here, then hide wp-login.php from it, and then save it.

14 Hide My WP Ghost modify login address

After saving, we can open it in incognito mode. For example, if we use regular wp-admin, we can no longer enter our backend. It will jump directly to our homepage, so here, we can only use the name we set, such as wpcheap, to enter the background and change our login address. We can hide the module above because we have changed it.

Ajax no refresh login path:

The next one is for Ajax. Ajax is a non-refresh login method, so some sites may be logged in from the front desk. If you click login on the front desk, a login window will pop up. In this case, it does not go through the background, so we need to hide this as well. Let’s check it here and save it.

15 Hide My WP Ghost ajax login modification

For our authors, for example, if our site enters the blog, the article’s author will have an author’s name. If we click to enter the author, it will also become a writer. , what we just set; of course, you can modify it.

Wordpress other file paths:

The other is the path of our wp-content. We turned it into the core. Of course, you can also change it to other names, including our wp-includes. You can also change it to other names. The following are our comments; we can default to other ones, and then we have changed the path of our plug-in to other ones. We can default to these, including our style.css. We also changed it to design.css, then normally our WordPress will have a default CSS file, which is style.css, which can be determined in style.css, the name used by our theme, including the version it uses. If you change it to design.css, he may not be able to see it, and he will not be able to search for style.css.

16 Hide My WP Ghost style file name modification e1716212463557

The other thing is the security of our API. Here, we can set it by default, including our firewall. For example, we hide this toolbar at the front desk if it is a general visitor. Of course, we can also have some other default settings. , including the address of our category directory and the address of our tag. Of course, we try not to modify these two because it involves our fixed link. The first function of this plug-in is to hide our background. You can also refer to other video tutorials to learn and hide our file path and other plug-in settings.