I really think you are onto something highly unique with this plugin. For a few years now, I?ve been wishing someone could develop something that can help protect files, folder names, etc and you have clearly worked very hard to do just that. Keep up the great work! I look forward to seeing what else you come up with! * 5 Stars! *
As a veteran of a thousand psychic wars? this is fabulous and is most useful! Good on Ya! for making this one! I wish you many sales as they are well deserved. For privacy? what man can pay a price as that? Privacy is key If one wants to take it? Molon Labe.
Keep up the work as we are in need of your talent. Thank you
YES!! I saw this earlier today but just couldn?t resist to put off buying it. And I must say this plugin works just as described.
I love it! And I gave the official 3rd rating so now you have 5 STARS… Thanks.
The magic starts now… But before it, stick in your mind we don’t change any file or folder and everything is in its default location! we just control access to it and this guarantees maximum compatibility for the plugin.
Hide or change wp-admin and all of its files (for untrusted users)
Change WordPress theme directory, remove theme Info from stylesheet, replace default WP classes and finally minify it!
Change plugins directory and hash plugins name
Change upload URL, wp-includes folder, AJAX URL, etc.
Change WordPress queries URL:
Change author permalink (or disable it!)
Change or disable feeds
Hide all other WordPress files!
Disable WordPress archives, categories, tags, pages, posts, etc
5.5.7 – 09/13/2018
- Added: Improvements for detection for Yoast and WooCommerce - Added: Hides Rest API on enabling Auto Configuration, improves detection - Fixed: Minor Bugs
5.5.6 – 02/26/2018
- Added: Support to hide WP Rocket plugin - Added: Instant reset link to deactivate HMWP in case of lockouts
5.5.5 – 10/27/2017
- Fixed: WordPress Social Login Path Issue - Improved: WooCommerce Wapanalyzer Support - Fixed: Browser cache setting can be configured - Added: Support for our new plugin - Scan My WP (WordPress Security Scanner)
5.5.4 – 09/11/2017
- Fixed: wp-login.php not being hidden
5.5.3 – 08/31/2017
- New (and Most Wanted): Change wp-login to something else (like login or login.php). - Improvement: Hiding Gravity Forms from wapplyzer (using auto config system). - Fixed: Important bug in blocking IPs of several different countries. - Minor changes in code and file structure.
5.5.2 – 04/07/2017 (May require manual update due to auto update conflict)
- New: Counter for Trust Network to show number of blocked dangerous requests - Fixed: Auto Update conflict bug with other plugin - Improved: Update libraries to improve PHP 7 compatibility
5.5.1 – 12/19/2016
- Fixed: A small typo avoid hide wp-admin to work correctly
5.5 – 12/16/2016
- NEW: Auto Plugin Configuration! It hides (common) parts of WooCommerce and JetPack (Experimental) - NEW: Change URL or completely disable REST API i.e. wp-json (Probably one of the only plugin works in WP 4.7) - NEW: Internal JS and CSS fields: A smart technique to hide internal code from source code - NEW: Hide OEmbed assets - NEW: Security check for security keys - IMPROVEMENT: Better performance for automatic assets - IMPROVEMENT: Support for new Minify module of W3 Total Cache - IMPROVEMENT: Guide for Nginx configuration - IMPROVEMENT: PHP 7.1 and 7.0 compatibility - IMPROVEMENT: WP 4.7 compatibility - FIX: Several bugs when permalink is off - FIX: Full Hide mode working correctly with Nginx - FIX: Problem in saving HTML fields (IDS Firewall) - FIX: A small syntax error in configuration files - FIX: A bug in Antispam system - FIX: Annoying message for purchase code - FIX: Error message in checking array fields (Trust Network)
5.1 – 04/21/2016
- New: Minify and clean up stylesheets in child themes - New: Added ban IP link to intrusion table (Thanks to turner2f) - New: Ability to disable WP emojies (still works in modern browsers) - New: New IP to country providers - Fixed: A breaking bug with full hide feature - Fixed: Auto update problem - Fixed: A white screen death error which occur in long pages - Fixed: Removing WP Super Cache header parameter - Fixed: A small security bug related to cookies - Improved: Change IP details provider (Thanks to turner2f) - Improved: Trust IP and Firewall tabs were merged for a simpler UI - Improved: WP 4.5 compatibility - Other minor improvements
5.01 – 11/27/2015
- Fixed an error in old PHP servers (5.3) Note: WP recommends PHP 5.6 or more
5.0 – 11/27/2015
- NEW: Introducing Trust Network which blocks common dangerous patterns and IPs without even enabling IDS - NEW: Completely rewritten New Admin Path to make it clearer to configure - NEW: Ban countries, IPs or IP ranges from admin page - NEW: Country flags plus a link to details were added to intrusion log table. - IMPROVEMENT: Better Hiding WP from CMS finder tools - IMPROVEMENT: Compatibility test with PHP 7 (RC) - FIX: An important bug which cause problem to find super admin - FIX: Double slashes(//) in multisite subdomains - FIX: Syntax problem in Windows (IIS) servers - FIX: Problem with displaying messages - FIX: Issue with importing specific kind of settings - FIX: Unsaved checkboxes in settings page - FIX: Fatal error in IDS files - ...and other minor improvements
4.54 – 08/12/2015
- New: Hiding default WP robot - Fixed: Security bug in IDS log page - Improved: Limit access to cookie to HTTP only - Improved: Compatibility test with WordPress 4.3 RC
4.53 – 08/02/2015Note: If you configured HMWP manually (multi-site, Nginx, etc.) It’s require to do it again after updating)
- Improved: New hash function to make it almost impossible to guess plugin names - Fixed: Firewall is now the first loaded plugin - Fixed: A bug in anti-spam system - Fixed: important security bug in displaying IDS log - Improved: Internal web server queries are not guessable now
4.52 – 07/28/2015
- Fixed: an important security bug - Fixed: a php warning error - Improved: Firewall run sooner to act faster - Improved: Avoid direct access to PHP files now works with double extension files - Improved: provided IP is more reliable now
4.51 (and 4.51.1) – 07/10/2015
- Improved: Replace rules limitation has been increased to 30 - Improved: Better cover for wordpress - Fixed: 500 error in old versions of Apache - Fixed: A bug which prevents replace rules to be restored by undo button - Fixed: Fatal error in older PHP versions - Several small but helpful bug fixes (4.51.1)
4.5 – 06/20/2015
- New full hide feature to improve undetectability of WP and themes - New CDN path tools which makes it easy to setup CDN - New path for wp-content (useful for some plugins which located in wp-content like cache plugins) - Improved Simplification of UI - Improved: IDS for anti-XSS attacks - Improved: Antispam checks - Improved: Replacement tools to make it easy for everyone - Improved: IDS system for slightly faster responses - Fixed: Reply email bug in Contact form 7 - Fixed: Loading issue of HMWP_MS.CSS - Fixed: WP-Rocket Minify incompatibility
4.03 – 02/14/2015
- New Option to replace new URLs in AJAX responses - BUG FIX: Inserting media with safe HTML minify enabled
4.02 – 02/06/2015
- Bug Fix: wp-signup.php was hided - Bug Fix: WP IDS rules were updated - Bug Fix: Make New admin path work in Multisite - Bug Fix: Purchase code remains after importing new settings - Bug Fix: New admin path for Nginx webserver - Improvement: IDS alert email is reformatted - Improvement: More readable info for IDS log
4.01 – 11/12/2014
- Compatibility with Hyper Cache, WP-Rocket - General improvement for auto update - A bug fix related to displaying message
4.00 – 11/06/2014
- NEW: Introducing IDS (Intrusion Detection System) with customized rules for WP - NEW: Auto plugin update (require valid purchase code) - NEW: Finally official support for IIS (Windows servers!) - NEW: Undo previous settings whenever you want! - NEW: Light settings scheme was added - NEW: Ability to use backslash in Replace in HTML - IMPROVEMENT: Full compatibility for gantry-based themes - IMPROVEMENT: Options mapper was written - IMPROVEMENT: Automatic compatibility test has been added to guide users - FIX a bug caused by author base default value - FIX year numbers bug (for upload directory)
3.0 – 07/02/2014
- NEW: Ability to rename wp-admin! - NEW: Simple and sweet anti-spam - NEW: Disable directory listing for plugins and themes and WP - WP 1.9 compatibility plus UI adjustment - Deactivating HMWP now store saved settings - API filter added to resetting to defatults - wp-cron.php and upgrade.php added to whitelist - Fixed a bug in page preview - Fixed feed and canonical URL issue - Fixed multisite table prefix - Fixed bug in notification message when login address has changed - Fixed multiple messages in settings page - Fixed problem with minify plugins that cause 400 error - Fixed base address problem in configuration of some multisite installs - Fixed a bug in register URL - Fixed a notice message
2.2 – 11/20/2013
-Bug Fix: Now entering Purchase Code will remove annoying warning messages -Bug Fix: Compatibility with /subdirectory/subdirectory/(..) network-enabled installs -Improvement: WordPress 3.7 compatibility -Improvement: Canonical URLs is now enabled by default (plus for settings schemes) -Improvement: Several colorful messages added to reduce support queries -Bug Fix: Buddypress pages bug (in some conditions) -Bug Fix: Fix /wp-login.php/ URL -Bug Fix: Remove a notice warning in generating debug report
2.1 & 2.11 09/21/2013
- Bug Fix: A problem in replacing new URLs (2.11) - New Feature: Login parameter 'hide_my_wp' is now changeable! - Improvement: W3 Total Cache Minify module works now! (Read FAQ) - Improvement: Better blocking of CMS finder tools - Improvement: W3TC credit text will be removed automatically (for untrusted users) - Improvement: Presstrends code added - Bug Fix: Log out problem in some environments - Bug Fix: Warning message appeared in some environments - Bug Fix: A number of fixes in helper class
2.01 – 08/11/2013
- Bug Fix: Added Replace in HTML back - Bug Fix: Correct a warning message
2.0 – 08/10/2013
- Improvement: Full WordPress 3.6 compatibility - Feature: Replace, rename or hide any file or folder - Feature: Simple page compression added - Feature: Block access of CMS finders tools to pages (beta) - Improvement: Change order of header info to hide WP better - Improvement: Add xmlrpc.php to excerpt list by default - Improvement: Cached CSS age extended to 3 days - Improvement: Better description and messages for easier configuration - Bug Fix: Scheduling problem for plugins like Backup Buddy was fixed - Bug Fix: Preview button problem in new post page was fixed - Bug Fix: Problem in full SSL websites was fixed - Bug Fix: Notice message appear in update settings was fixed - Minor changes
v1.81 & 1.82 – 06/10/2013
- Bug fix: A bug caused problem with new upload path in subdomain installs - Bug fix: Removed unnecessary success messages for reset defaults, import, etc. - Bug fix: Removed an unnecessary warning message. (1.81) - Bug fix: Correct miss-spelled labels
v1.8 – 06/08/2013
- Feature: Ability to choose manual configuration to use customized htaccess - Improvement: Better quick fix guide - Bug Fix: External uploaded WordPress images now works correctly - Bug Fix: CSRF flaw detected by Julio (boiteaweb.fr) - Bug Fix: Trim Replace in HTML field - Bug Fix: Better replace for WooCommerce plugins - Minor changes
v1.7 – 05/06/2013
- Feature: Ability to replace JS URLs for different entities (e.g. \ /wp-content\ /themes) - Improvement: BulletProof Security plugin compatibility - Improvement: Ability to replace codes with '=' sign using [equal] tag - Bug Fix: Child themes bug fix - Bug Fix: A bug in exporting Replace in HTML content - Bug Fix: A bug in exporting values with double slashes - Minor changes in UI
v1.6 – 04/20/2013
- Feature: Ability to rename all plugins (useful for plugins located in premium themes) - Improvement: New and better settings scheme - Improvement: Added quick fix guide to Start tab - Files: Update file structure to work with new Codecanyon changes - Bug Fix: ob_start bug fix for better compatibility - Bug Fix: Search widget bug - Bug Fix: Hide login, admin, etc. shortcuts - Bug Fix: Replace all AJAX URLs - Bug Fix: Fix a bug in Nginx rewrite rules in sub-folder installs - Documentation: Added documentation for Nginx and multisite configuration - Minor changes
v1.5 – 04/04/2013
- Performance: Up to 3 times faster with new partial replace mode! - Feature: Nginx and Multi-site support. - Feature: Child themes support - Feature: Two different minify options for HTML and CSS - Feature: Better compatibility with two additional options for PHP files access - Feature: Option to hide _wpnonce and theme screenshot - Improvement: Better support for sub-directory installs - Improvement: More compatibility for class clean up options - Bug Fix: Style path bug - Bug Fix: Fixed login URL problem and better compatibility with login-related plugins - Minor bug fixes
Please signup in our NEWSLETTER to receive important news related to HMWP.
Hello. Now I'm receiving the intrussions alerts to the main general email of the page, the one added at "Email sender address" field on "Hide My WP General Setting", which is the same as the WP main email at general settings. But I don't want these alerts to be sent to this email cause it's the customer one and I think they should come to my own, the webmaster, the one added to my admin user, which is different. Is it possible? Thanks!
Hi, right now email can only be sent to the administrator (WP main email). However, you can stop receiving these alert emails by setting "Notify threshold" option to 0 in HMWP IDS Firewall tab.
Ok, I will. My only doubt is if I don't receive these alerts, does it mean I'm less protected? I mean, will the plugin protect automatically the website in case of an attack even if I don't see the alert soon and block the IP manually?
Yes, the IDS will block any malicious request coming to your site. You can check the IDS log from Dashboard >> Intrusions
Ok, noted. Thanks!
Hi, I had used the plug earlier and it was making some sections like the wp customize sections not to open. I disabled it and everything was working fine until today when activated it. I can't navigate to any section in the admin area, I have gone to the Cpanel to disable the plugin but I need your help to have it working. I want to hide the theme, plugins and the fact that am using Wp in general.
Hi, can you please generate debug report from HMWP start tab and post it in the support forum (http://support.wpwave.com/) as private reply.
Hi, I have installed the plugin and activate but whenever go to the url mywebsiteaddress/wp-login.php?hide_my_wp=1234 i always get the no page found. As a result, I have removed the plugin and try again so many time. Thanks in advance for your help and support.
Hi, please generate debug report from HMWP start tab and post it in our support forum (http://support.wpwave.com/) as private reply.
Hi, Why it not hide wp of words in view source though i do settings.
Hi, please generate debug report from HMWP start tab and post it in the support forum (support.wpwave.com) as private reply.
Hi, I once installed your plug-in and removed it, but when I re-install it, it blocks me out of my own site (HMWP IDS issue). How can I access my site and use your plug-in?
Hi, did you enter your country code in "Blocked countries code" list in IDS firewall tab? Please post the issue details in the support forum support.wpwave.com so that we can look into it further.
Okay, will put through the forum, I can't access my site if I activate plug-in.
Hello, After install this application, my website transaction emails are not working, also some plugins still not hide. Please have a look the url : https://www.unikainfocom.in Please help. Thanks
Hi, please generate debug report from HMWP start tab and post it in the support forum (http://support.wpwave.com/) as private reply. Thanks!
Hi. How to backup mysite before use this plugin. I have some concern.
Are you using cPanel?
No. Just run in local machine
Hi, there are several plugins available for backup - http://www.wpbeginner.com/plugins/7-best-wordpress-backup-plugins-compared-pros-and-cons/
That seems to be pretty cool! Congrats!
I didn't test it yet. But as I'm an old MU programmer I think most of features should work correctly.
oh!! i just see the details, thnx!
you don't support user role "Shop Manager" of woocommerce? also check this http://support.wpwave.com/forums/topic/some-problem-with-plugin-in-fresh-wp-mu-subdomain-setup
what about user role “Shop Manager” of woocommerce?
It should work like other roles. Please provide details as a private post and I'll take a look.
I answered to the forum post.
Bought this since I was having someone in Thailand hitting my site every two hours and attempting to hack the "admin" account that does not exist. Now they will not even be able to find the login page. It's a nice addition to another login security plugin that I bought on this site. It's shame we have to do so much to protect our web properties.
Thanks richcoy for your purchase! Happy to hear it helps you. Unfortunately this is the nature of popular platforms. But usually you can protect yourself with some additional effort! Good Luck :)
I confirm that this plugin is working like a charm. Also for multipurpose templates.
Thanks mentor for both purchase and comment!
Not too happy, ended up disabling the plugin, I'm not saying its a bad plugin I guess for many it works... but too many errors for me. I sent you a message like you said yesterday, but didn't hear from you. If compressing page it just kills all the jQuery I have in my page so I'm not able to use that feature. Also If using with "Theme my login" and enabling the hide wp-login resulted in outputting the secret code (eg. /login/?hide_my_wp=mysecretcode) into the URL even for other users, when clicking on that login page, and it just gives me the 404 error page so users can't login from frontend. I tested that using another browser which i haven't used to login into my site and it was also outputting the secret code when clicking on the login page. Also my posts started giving me 404 errors no matter what i did, not sure if it has something to do with using %post_id% as permalinks, but it didn't work for me. Another thing I notice was that the page load was really slow. My site without the plugin and without minifying was snappy, so with the plugin it takes long to load a page. At one time i had to change a setting because i got an error twice saying, too many redirects.
Sorry indalab about that. I checked your site a few hours after your message and even found the problem and added it to my list to fix in next version. Because HTML compress is not main purpose of the plugin and you also said your CSS problem was solved I assumed it as a low-priority message and then I totally forget it and I'm sorry.
Even if you don't like to use this plugin anymore I really appreciate your help to find bugs of my plugin.
YES!! I saw this earlier today but just couldn't resist to put off buying it. And I must say this plugin works just as described. I love it! And I gave the official 3rd rating so now you have 5 STARS PressPrime :) Thanks.
Thanks Noah for your purchase! :) I I appreciate your rating!
- Hi there, this plugin is great, but it seems to use alot of CPU! What can I do to reduce it? Also, does this plugin work well with child themes? Thanks
Just use caching. If you haven't a cache plugin please disable HTML/CSS compression (minify). Child themes are not supported in current version but I just added it to new release.
The beta version 1.5 is ready .
I hope I can release final version till Tuesday or Wednesday! :-)
New in v1.5:
This version has been sent to some of beta testers but some others didn't send me a message (from my profile) so I haven't their emails and can't send it.
If you purchased the plugin and interested in testing this version please send me a message from my profile (until next 24 hours). New buyers are also welcome to take a look at this version ;-)
@ icadesign when i setup New Theme path it workt in Chrome.
Hey its not working for me. I have followed the instructions and changed permissions but none of the file names get renamed and it crashes the css and doesnt display any images. Ive tested it on the same theme on another site and it worked perfectly. What could be the issue?
Hey i need your help asap...this is the 3rd time im trying to contact you Lloyd
Looks like you have a great idea and a great start here.
I would really like to maybe purchase this soon
I am glad I read all the comments first though.
From your FAQ:
I still can see wp-login.php and hide_my_wp=1234 (admin key) in source code. Why?
Well, this is our logic: If you link to those URLs and allow others to see ‘wp’-login.php and they know you use WordPress so there is no problem if they see your admin key, too. Admin key is not a Password. It just allows us to hide WordPress. You hided wp-login.php and link it in your site. Now, how users can login without admin key? Do you want to redirect them to a not found page?
Of course not, but don’t worry you still have a good option to change login address to something better: Theme My Login it’s free and works beside Hide My WP: http://www.wordpress.org/extend/plugins/theme-my-login
Use above link to download it!
Could you please explain more about your mean? Why this defeats the purpose of the plugin? If the issue is Theme My Login: Please note it released under GPL so I could simply copy/paste its code to my plugin. Why I didn't? because it make the plugin more complex, harder to maintenance and confusing for clients. You can easily use it when you learn enough about HMWP. If you worry about security. There's no problem, too. Every one can make its own login URL by that plugin and the old URL will remain protected by HMWP. Let me know if I didn't understand you.
Hi!! After activation plugin there were problems with the menu, drop down menus missing :(
the problem was resolved :)
There's an option for it: Check Replace \/ URLs (located in Permalink tab). If you still have problem provide the URL.
still problem http://www.gearshout.net/