It has been observed that many versions of WordPress websites are not only outdated but also plugins are not as secured as in the latest versions and these websites can be hacked easily with simple automated tools. The best way is to resolve this problem is updating and maintaining the security of your WordPress based websites on continuous basis.
There are lots of vulnerabilities in self hosted WordPress, It means that all of the content stored in your wp-content directory might expose to attackers and hackers. WordPress developers provide some changes that you can secure your website, but still need to make it more secure by having extra WordPress Plugins or by modification in core files, for example you can rename your wp-content directory, which is usually the biggest step (it’s the first thing that I look for), as you can give it a name as “media” or “assets.” The next problem, which has not been solved yet, and mentioned by Graeme Boy in his article “How to Hide that You Use WordPress” , is how to change the “wp-includes” directory. We are also looking for any solution for this. There is way about how to Protect WordPress.
According to Graeme Boy, provide snippet how to change the wp-content directory and make changes in wp-config.php file just before wp-setting.php include line as follow:
define ( 'WP_CONTENT_FOLDERNAME', 'media' ); define ( 'WP_CONTENT_DIR', ABSPATH . WP_CONTENT_FOLDERNAME ); define ( 'WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/' ); define ( 'WP_CONTENT_URL', WP_SITEURL . WP_CONTENT_FOLDERNAME );
Then, simply rename your directory from wp-content to “media”
To give an extra security to your WordPress based website, you can use following WordPress Plugins.
WordPress Plugins to Protect Your WP based Website
I will provide some recommendations for WordPress Plugins so you can hide your WordPress Installation to make it more secure.
Hide My WP – No one can know you use WordPress!
Hide My WP control access to PHP files. It protects your site from almost 90% of SQL-Injection and XSS attacks caused by direct access to PHP files. This means you can install unsafe plugins without worry about security. You know hackers, spammers and bots all love WordPress, too with Hide My WP they can’t recognize (or access to) WordPress and simply ignore you!
Guaven FP – Protect WP-Admin, Hide WP & Theme Name
Each day your WordPress website meets hundreds(may be thousands) wp-admin attacks from bots all over the world.(You can make sure about this with log monitoring in your web hosting) They try randomly find your login details and get admin access. Without any configuration, with one single click WP Guaven FP prevents your websites from all of those attacks. And this is only one of 9 features of WP Guaven FP.
WP Guaven Feature Pack is a WordPress plugin that promises unique source code and more secure WordPress site . Made for all and easy to use.
Following are the main features that differentiate Guaven FP:
Hides /wp-admin and /wp-login.php from all visitors and only you can have an access.
Can block wp-admin access even for logged in subscriber users
Removes all WordPress marks from the source code (such as wp, wp-content, wp-admin, wp-includes)
Furnishes your WordPress source code with an absolutely different appearance, as if it is not even developed on a WordPress site.
Removes adminbar as well as the WordPress Meta tags, whereas also can change default jQuery, and customizes wp-login page.
Attention: Guaven FP doesn’t make any change in WordPress Database, WordPress options, or in wp-includes,wp-admin folders,.htaccess file. (Only 7th and 8th features of the plugin needs to make some changes in wp-content folder before enabling, but they are optional features, you choose to use or not to use them) So it is absolutely safe to use. For example if you disable the plugin, old state of your website returns back without any error.
WP Security Manager
- Block malicious IPs automatically & manually.
- Prevent from keylogging with virtual keyboard.
- Hide wp admin and change wp login url.
- Protect from brute-force login attack.
- Supervise login activities. Screenshot
- Alert via email with login attacks. Screenshot
- Detect admin and change username.Screenshot
- Change the ID on the user with ID 1.
Hidden WP Admin
This plugin allows you to hide the WordPress admin, login and signup pages from all users except those with a specific capability. Unauthorized users will be redirected via a 301 redirect to your site’s homepage or a URL that you specify in the settings.
Modal Log In for WordPress
Modal Log-in for WordPress provides you with a beautiful alternative log-in for your WordPress powered website based on the popular Twitter Boostrap, a front-end toolkit for developing web applications.
Reference and Resources:
Don’t Hide the Fact That You’re Using WordPress
How to Hide that You Use WordPress
10 Steps to Securing Your WordPress Installation
Why you should hide the fact that you are using wordpress?