Descripción
Level up your WordPress security with WP Ghost plugin!
WP Ghost (short for Hide My WP Ghost) is a comprehensive hack-prevention security solution for WordPress websites. It adds multiple layers of security to block hacker bots and prevent unauthorized access.
It works by changing and hiding common vulnerabilities, making it difficult for bots and hackers to exploit weak points in plugins, themes, and the WordPress core itself.
Join over 200,000 secured websites with WP Ghost. The plugin has blocked over 9 million brute force attempts and stopped over 140,000 monthly hacks.
Key features include powerful protection against:
- Ataques de fuerza bruta
- Ataques de inyección de SQL
- Script Injection Attacks
- Vulnerability Exploit
- Malware Injection
- XML-RPC attacks
- File Inclusion Exploits
- Directory Traversal Attacks
- Default WP Paths Exploits
- Cross-Site Scripting (XSS)
- Throttling of Access Attempts to Entry Points
- y más
Protect your site today! WP Ghost hides and secures all common paths, plugins and themes from hacker bots and spammers.
YouTube – Why You Must Have Hide My WP
WP Ghost is packed with over 50 security free features:
Change and Hide Paths:
- Ocultar el archivo wp-admin de WordPress, y mostrar un error 404 o una página personalizada
- Ocultar el archivo wp-login.php de WordPress, y mostrar un error 404 o una página personalizada
- Change the wp-admin and wp-login URLs
- Cambia la URL de contraseña perdida
- Cambia la URL de registro
- Cambia la URL de cierre de sesión
- Cambia la URL de activación
- Cambiar la URL de admin-ajax
- Cambiar la URL de wp-content
- Cambiar la URL de wp-includes
- Cabiar la URL de las subidas
- Cambiar la URL de los comentarios
- Cambiar la URL de autor
- Cambiar la URL de los plugins
- Cambiar el nombre de los plugins
- Cambiar la URL de los temas
- Cambiar el nombre de los temas
- Nombre del archivo “style.css” del tema personalizado
- Cambiar la URL de wp-jason en la API REST
- Cambiar la URL de categoría
Cambiar la URL de las etiquetas
Redirecciones personalizadas de acceso en el perfil de usuario
Personalizar las redirecciones de salida basadas en el perfil de usuario
Cambiar las URLs de relativas a absolutas
- Cambiar las URLs en las llamadas de ajax
- Cambiar las URLs para usuarios conectados
- Cambiar las URLs en los archivos de caché
- Cambiar las rutas en Sitemap.xml
- Cambiar las rutas en Robots.txt
Firewall:
- Two-factor Authentication By Code (2FA)
- Two-factor Authentication By Email (2FA)
- Cabecera de seguridad contra las inyecciones XSS y de código
- Cabecera de seguridad Strict-Transport-Security
- Cabecera de seguridad Content-Security-Policy
- Cabecera de seguridad X-XSS-Protection
- Cabecera de seguridad X-Content-Type-Options
- Cabecera de seguridad X-Frame-Options
- Cortafuegos contra inyecciones de Script y SQL
- Filtro de seguridad de 7G Firewall
- 8G Firewall Security Filter
- Block by IP Addresses
- Block by User Agents
- Block by Referrers
- Block by Hostnames
- Hide Website from Theme Detectors
Ocultar opciones:
- Ocultar la ruta /wp-admin
- Ocultar la ruta /wp-login
- Ocultar la ruta /login
- Ocultar la ruta de wp-json de la API REST
- Ocultar la barra de herramientas del administrador en el perfil del usuario
- Ocultar IDs de estilos y meta
- Ocultar los comentarios HTML de WordPress
- Ocultar la versión y las etiquetas de WordPress
- Ocultar el enlace de precarga de DNS de WordPress
- Ocultar la meta generator de WordPress
- Ocultar encabezado de RSD (Really Simple Directory)
- Ocultar los emotíconos si no los utilizas
Desactivar las opciones:
- Desactivar el acceso a la API REST
- Desactivar el acceso por XML-PRC
- Desactivar los scripts incrustadas
- Deshabilitar DB-Debug en Frontend
- Desactivar los scripts de WLW Manifest
- Desactivar Seleccionar todo – Ctrl+A (Windows y Linux), ⌘+A (macOS)
- Desactivar Copiar – Ctrl+C (Windows y Linux), ⌘+C (macOS)
- Desactivar Cortar – Ctrl+X (Windows y Linux), ⌘+X (macOS)
- Desactivar Pegar – Ctrl+V (Windows y Linux), ⌘+V (macOS)
- Desactivar Guardar – Ctrl+S (Windows y Linux), ⌘+S (macOS)
- Desactivar “Inspeccionar elemento/Herramienta de desarrollador” – Ctrl+Shift+C (Windows y Linux),⌥+⌘+C (macOS)
- Desactivar “Ver código fuente” – Ctrl+U (Windows y Linux), Alt+⌘+U (macOS)
- Desactivar el clic derecho
- Desactivar arrastrar y soltar
- Desactivar el arrastre de imágenes con el ratón
- Desactivar la selección de texto
- Desactivar la exploración del directorio
Asignación de texto y URLs:
- Cambiar las URLs usando la asignación de URL
- Cambiar las clases usando la asiganación de texto
- Cambia las URLs del CDN usando la asignación de CDN
- Cambia las rutas en los archivos de caché
- Cambiar las rutas en el enlace del feed
- Cambia las rutas en el Sitemap XML
- Cambia las rutas en el Robots.txt
Protección contra fuerza bruta:
- Protección de fuerza bruta con Math reCAPTCHA
- Protección contra fuerza bruta con Google reCaptcha V2
- Protección de fuerza bruta con Google reCAPTCHA V3
- Brute Force Protection on Login
- Brute Force Protection on Password Lost
- Brute Force Protection on Signup
- Brute Force Protection on Comment
- Brute Force Protection on Woocommerce Login
- Brute Force Protection shortcode [hmwp_bruteforce]
- Personalizar mensajes, tiempo de espera e intentos
- Gestionar listas negra y blanca de IPs
Extra Features:
- Magic Link Login Without Password
- Temporary Logins Without Password
- Corregir las URLs relativas
- Ajustes de copia de seguridad y restauración
- Cambiar las clases en el código fuente usando la asignación de texto
- Cambiar las URLs en el código fuente usando la asignación de URL
- Cachear CSS, JS e imágenes para optimizar la velocidad de carga
- Comprobaciones e informes de seguridad semanales
Integraciones:
- Compatibilidad con WP Multisitio
- Compatible con Nginx
- Compatible con IIS
- Compatible con LiteSpeed
- Compatible con Apache
- Es compatible con Siteground
- Compatible con WP Engine
- Es compatible con el alojamiento de AWS
- Compatible con el alojamiento Inmotion
- Compatible con el alojamiento de Hostgator
- Compatible con el alojamiento de Godaddy
- Compatible con Host1plus
- Compatible con Payperhost
- Compatible con Fastcomet
- Compatible con Dreamhost
- Copatible con Bitnami Apache
- Compatible con Bitnami Nginx
- Compatible con el alojamiento Google Cloud
- Compatible con el alojamiento Litespeed
- Support for Flywheels Local
- Compatible con el alojamiento Flywheels
- Es compatible con el alojamiento de Ploi
- Es compatible con el alojamiento de Namecheap
- Es compatible con el alojamiento de RunCloud
- Es compatible con el alojamiento de WPEngine
Es compatible con el alojamiento de CloudPanel
Recomendado por WP Rocket
- Recomendado por WPML
Premium Security Features (over 70):
- WordPress Hardening
- Hide WordPress Common Paths by Extension
- Hide WordPress Files like wp-config.php, wp-config-sample.php, wp-load.php, wp-settings.php, wp-blog-header.php, readme.html, readme.txt, install.php, license.txt, php.ini, hidemywp.conf, bb-config.php, error_log, debug.log
- Events/Actions Monitoring (Cloud Backup)
- Brute Force Monitoring (Cloud Backup)
- Geo Security
- Country Blocking
- Vulnerability Management
- Files Permission Fix
- Database Prefix Change
- SALT Keys Change
- Premium Support
- and more
Hide My WP Premium Feature
Compatible server types: WP Multisite, Apache, Litespeed, Nginx and Windows IIS.
Hosting Compatibility checked: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, CloudPanel, RunCloud
Actualizaciones de compatibilidad con plugins: Woocommerce, WPML, WPMUDEV, W3 Total Cache, Gravity, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache, SiteGround Optimizer, Nitropack,
Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress, Manage WP,
All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, Solid Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security,
Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer, y más
Compatibility Plugins List: Hide My WP Compatibility Plugins
Compatibility Theme List: Hide My WP Compatibility Themes
WP Ghost changes and hides WP common paths, admin & login paths, plugin paths, and theme paths, protecting your site from hacker bots.
Note! No files or directories are physically altered. All changes are implemented through server rewrite rules, ensuring no impact on SEO or loading speed.
The plugin works with other security plugins and adds a layer of security to your WordPress website against hacker bots.
Check the Demo Website source code:
https://demo.wpghost.com/
(the elementor is changed in files and classes)Check the Redirected URLs in Demo Website (all are redirected to Front Page):
https://demo.wpghost.com/wp-admin
https://demo.wpghost.com/wp-loginCheck the Hidden Common Paths in Demo Website (all show 404 Page Not Found):
https://demo.wpghost.com/wp-content
https://demo.wpghost.com/wp-content/plugins
https://demo.wpghost.com/wp-content/themes
Over 90,000 hacking attacks per minute strike WordPress sites and WordPress hosting around the world, hitting not only large corporate websites packed with sensitive data, but also sites belonging to small businesses, independent entrepreneurs, and individuals running personal blogs.
Security of WordPress sites typically tops the list of concerns for new and experienced website owners alike.
For owners of WordPress sites, statistics like that one raises particular worries about the security not just of individual WordPress sites, but of WordPress itself.
Is your website secure? Check your website with Free Website Security Check
Protect your WordPress website by hiding the authentication paths like wp-admin, wp-login.php, login, wp-signup.php, and change the common WordPress paths like wp-content, wp-includes, uploads, and more.
Ser capaz de proteger las rutas comunes es crítico, porque así conseguirás mantener a los bots hackers alejados de los datos sensibles de tu web.
Esto es crucial y te proporcionará una grata experiencia y resultados perfectos a largo plazo.
Seguro que valdrá la pena, no por mencionar que al ocultar las rutas comunes harás que sea más difícil atacarte.
Si no te proteges tu mismo, acabaras teniendo tarde o temprano una web hackeada.
Esta es una versión gratuita del plugin, por lo que puedes usarlo en todas tus webs sin ninguna restricción.
Secure your website in just minutes with the WP Ghost plugin. Protect your WordPress site against hacker bots and spammers!
Por favor, ayúdanos y traduce el plugin a tu idioma:
https://translate.wordpress.org/projects/wp-plugins/hide-my-wp
¡Gracias a todos por vuestra confianza, apoyo y reseñas positivas!
¡Importante! Esta no es una versión nulled del plugin de Codecanyon “Hide My Wp”.
¿Estás Listo para Proteger tu Sitio Web de Hackers con el Plugin de Seguridad más AMIGABLE CON EL USUARIO?
Capturas de pantalla
Instalación
Manually install the WP Ghost Lite plugin:
Step 1. Log In as an Administrator on your WordPress dashboard.
Step 2. In the WordPress menu, go to Plugins > Add New Plugin tab.
Step 3. Click on the Upload Plugin button from the top of the page.
Step 4. Click to browse and upload the hide-my-wp.zip file.
Step 5. After the upload, click the Activate Plugin button to activate the plugin.
Step 6. From the plugins list, click on the Settings link to go to plugin’s settings.
Step 7. Connect the plugin using your email address to get an instant free access token.
Step 8. Follow the setup guide from: https://wpghost.com/kb/install-wp-ghost-plugin/
Enjoy!
Install the WP Ghost Lite directly from the WordPress directory:
Step 1. Log In as an Administrator on your WordPress dashboard.
Step 2. In the WordPress menu, go to Plugins > Add New Plugin tab.
Step 3. Search for ‘WP Ghost’.
Step 4. After the plugin is shown, lick the Activate Plugin button to activate the plugin.
Step 5. From the plugins list, click on the Settings link to go to plugin’s settings.
Step 6. Connect the plugin using your email address to get an instant free access token.
Step 7. Follow the setup guide from: https://wpghost.com/kb/install-wp-ghost-plugin/
Enjoy!
FAQ
-
¿Funciona este plugin en WP Multisitio?
-
Si, el plugin funciona en WP Multisitio y lo podrás configurar en toda la red.
El plugin también funciona con los servidores Apache, NGINX, IIS y LiteSpeed
-
Is WP Ghost working on Nginx Server?
-
Si, el Plugin funciona en Nginx Server y serás guiado por los redireccionamientos y los ajustes de nginx.conf.
El plugin también funciona con los servidores Apache, IIS y LiteSpeed
-
El tema de mi web no está cargando correctamente después de cambiar las rutas. ¿Qué puedo hacer?
-
Este error parece más de los ajustes de las reglas de reescritura.
- Make sure you purge the cache if you have cache plugins after you save the WP Ghost settings.
- En caso de que los archivos “.htaccess” (para Apache), “nginx.conf” (para NGINX) o “web.config” (para IIS) no tengan permisos de escritura, tendrás que agregar los permisos de reescritura manualmente.
- Si tienes un servidor Nginx, asegúrate de recargar el Nginx después de guardar los ajustes.
- Si el tema todavía no se está cargando bien, contáctanos y podemos configurar el plugin para ti de forma gratuita.
You can find useful information here: https://wpghost.com/kb/
-
Olvidé las URLs de inicio de sesión y de administración personalizadas. ¿Y ahora qué?
-
No te asustes.
Todavía puedes acceder a tu sitio con la URL segura que descargaste cuando guardaste los ajustes
-
¡Bloqueado de mi propio sitio! He configurado el plugin y cuando me desconecté no pude volver a entrar
-
Renombra el directorio de plugins /wp-content/plugins/hide-my-wp para que los plugins no oculten más la ruta wp-login.php
Accede utilizando http://domainname/wp-login.php y vuelve a activar el plugin.
Asegúrate de recordar el parámetro seguro y será mucho más fácil.
-
Does WP Ghost work for the WordPress.com website?
-
Because of the Jetpack security in the WordPress.com website, WP Ghost can’t change the admin and login paths.
Si ya activaste Hide My WP en WordPress.com, elimina el directorio /wp-content/plugins/hide-my-wp para desactivar el plugin.
-
¿Funciona este plugin si no tengo enlaces permanentes personalizados en mi sitio?
-
No. Necesitas tener los enlaces permanentes personalizados establecidos en Ajustes > Enlaces permanentes.
Recibirás un aviso en la página de ajustes si algo no está bien configurado.
-
¿Qué hacer antes de desactivar el plugin?
-
Es mejor cambiar al modo predeterminado en Ajustes > Hide My WP.
Si no lo haces, el plugin cambiará automáticamente su sitio a las URL seguras y te dirá qué hacer en caso de que no tengas permiso de escritura para los archivos de configuración
-
¿Este plugin es gratuito?
-
Yes. The Lite features of the WP Ghost plugin will always be free.
Incluiremos todas las actualizaciones necesarias de seguridad para WordPress.
To unlock all the features, please visit: WP Ghost – Pricing Plan
-
¿Cómo configurar el plugin en el servidor Nginx?
-
Please follow this tutorial step by step to set up the WP Ghost for Nginx server:
Setup WP Ghost on Nginx Server
Configure WP Ghost On Nginx Web Server With Virtual Private ServerInstall WP Ghost on Kinsta Server
Install WP Ghost on RunCloud Server
Install WP Ghost on WPMUDEV Server
Install WP Ghost on Ploi.io Server
Install WP Ghost on Flywheel Server
Install WP Ghost on Amazon AWS Lightsail Server -
¿Cómo ocultar tu web a los detectores de temas de WordPRess?
-
Cambiar las rutas comunes de WordPress no garantiza que el CMS WordPress esté completamente oculto.
Las rutas antiguas todavía son accesibles y los hackers todavía pueden inyectar SQL y Javascript en plugins y temas vulnerables instalados.
Read more: How to Hide Your Site From WordPress Theme Detectors
-
¿El plugin es suficiente para proteger mi sitio web de todos los hackers?
-
The Free version of WP Ghost will not protect you from all hacker attacks. For extra security you need the premium version.
WP Ghost hides all the common paths and patterns used but bots to detect that you are using WordPress.
-
¿Cómo puedo cambiar las rutas de WP en el escritorio del administrador?
-
By default, WP Ghost changes the paths only in frontend.
No te recomendamos esto, pero si también quieres cambiar la ruta en el escritorio del administrador, agrega esta línea en el archivo wp-config.php.
define('HMW_ALWAYS_CHANGE_PATHS', true);
Save the settings in WP Ghost and the WordPress paths will be changed in admin backend area.
-
¿Por qué la nueva ruta del administrador está redirigida a la página de inicio?
-
By default, when you set WP Ghost plugin in Lite Mode, you can login only with the new login path.
Para activar la opción de acceder a la nueva ruta del administrador y ser redirigido a la nueva ruta de acceso, haz esto:
Switch OFF the option WP Ghost > Change Paths > Admin Security > Hide the New Admin Path
Una vez que desactives la opción y guardes los ajustes, cuando accedas a la nueva ruta del administrador, se te redirigirá la la nueva ruta de acceso.
Reseñas
Colaboradores & Desarrolladores
“WP Ghost (Hide My WP Ghost) – Security & Firewall” es software de código abierto. Las siguientes personas han contribuido a este plugin.
Colaboradores“WP Ghost (Hide My WP Ghost) – Security & Firewall” ha sido traducido en 4 idiomas. Gracias a los traductores por sus contribuciones.
Traduce “WP Ghost (Hide My WP Ghost) – Security & Firewall” a tu idioma.
¿Interesado en el desarrollo?
Revisa el código, echa un vistazo al repositorio SVN, o suscríbete al registro de desarrollo por RSS .
Historial de cambios
5.4.01 (06 Ian 2025)
- Update – Changed Hide My WP Ghost plugin name with short WP Ghost
- Update – WP Ghost comes with a new logo in 2025
- Update – More security on REST API for user listing when User Security is activated
- Update – Plugin Security and Firewall rules
5.3.02 (08 Nov 2024)
- Update – Compatibility with WP 6.7
- Update – Add Brute Force for comments form in Brute Force
- Update – Translations
- Fix – Issue when changing relative to absolute path in javascript
- Fix – Root domain regarding multisite with subdomains
- Fix – Compatibility with LiteSpeed CDN domains
- Fix – Use WordPress function for all parse url
- Fix – Activate firewall by default when Lite mode option is selected
- Fix – Compatibility with WP Rocket background CSS loader
- Fix – Flush changed to config file when some features are activated in Overview section
- Fix – Clear cache for Litespeed plugin when changing is made in the Mapping section
- Fix – Activate the Text Mapping in CSS and JS files option for hiding class names like elementor or woocommerce
5.3.01 (07 Oct 2024)
- Update – Added Hide My WP Advanced Pack in Plugins suggestion
- Update – Added Drupal 11 in CMS simulation
- Update – Set 404 Not Found error as default option for hidden paths
- Update – The files CSS and JS files from WP 6.6 when Clean Login is selected in Advanced > Compatibility
- Update – Added the option to pause the plugin for 5 minutes for testing purposes
- Update – Compatibility with WP Rocket Background CSS loader
- Update – Map Litespeed cache directory in URL Mapping
- Fix – Redirect to homepage the newadmin when user is not logged in
- Fix – Remove dynamic CSS and JS when Text Mapping is switched off
- Fix – Prevent changing wp-content and wp-includes paths in deep URL location and avoid 404 errors
5.3.00 (20 Sept 2024)
- Update – Added New Feature Magic Link Login Without Password in Hide My WP > Overview
- Update – Added New Feature Two-factor Authentication By Code (2FA) in Hide My WP > Overview
- Update – Added New Feature Two-factor Authentication By Email (2FA) in Hide My WP > Overview
- Update – Added New Feature Temporary Logins Without Password in Hide My WP > Overview
- Update – Compatibility with WP 6.6.2 & 8.3.11
- Update – Brute Force compatibility with UsersWP plugin
- Update – Cookie set on WP Multisite with subdomains
- Update – Brute Force shortcode to work with different login forms
- Update – Brute Force shortcode to work with Elementor login form
- Fix – Compatibility with Nitrocache
- Fix – Compatibility with Squirrly SEO
- Fix – Compatibility with Autoptimize
- Fix – Compatibility with Woocommerce
- Fix – Compatibility with Wordfence
- Fix – Security Check on admin url and login url
- Fix – Google reCaptcha on frontend popup to load google header if not already loaded
- Fix – Hide New Login Path to allow redirects from custom paths: lost password, signup and disconnect
- Fix – WP Multisite active plugins check to ignore inactive plugins
- Fix – Small bugs
5.2.04 (07 July 2024)
- Fix – Compatibility with WP 6.6
- Fix – Security * Update on wp-login.php and login.php
5.2.03 (04 July 2024)
- Update – Added the option to hide the new login path on redirects
- Update – Hide login.php path together with wp-login.php path from being redirect to the new login
- Update – File permissions check in Security Check to check htaccess and login paths
- Fix – Small bugs
5.2.02 (19 June 2024)
- Update – Added more path in Frontend Test to make sure the settings are okay before confirmation
- Update – Firewall message on blocking process when loading on WP initialization
- Update – Compatibility with Wordfence to prevent rewrite rules * Update on security scan
- Update – Language translation and typos fixed
- Update – Disable click and keys to work without jQuery
- Update – Added the option to immediately block a wrong username in Brute Force
- Update – Sub-option layouts
- Fix – Trim error in cookie when main domain cookie is set
- Fix – Filter words in 8G Firewall that might be used in article slugs
5.2.01 (04 June 2024)
- Update – Added Firewall blacklist by User Agent
- Update – Added Firewall blacklist by Referrer
- Update – Added Firewall blacklist by Hostname
- Update – Added the option to select the level of access for an IP address in whitelist
Removed – Mysql database permission check as WordPress 6.5 handles DB permissions more secure
Moved – Firewall section was moved to the main menu as includes more subsections - Fix – 8G Firewall compatibility with all page builder plugins
- Fix – preg_match warning on firewall.php when checking search engine bots
- Fix – Firewall saving process for Whitelist and Blacklist features
- Fix – Login access when member plugins are used for login process
5.1.03 (20 May 2024)
- Update – Compatibility with WP 6.5.3
- Update – Compatibility with WPEngine rules on wp-admin and wp-login.php
- Update – Add whitelist paths feature
- Update – Select the Whitelist level for IPs and Paths
- Fix – Prevent firewall to record all triggered filters as fail attempts
- Fix – Remove filter on robots when 8G firewall is active
- Fix – Frontend Login Check popup to prevent any redirect to admin panel in popup test
- Fix – Prevent redirect the wp-admin to new login when wp-admin path is hidden
- Fix – Prevent blocking login page on password protection page when the login path is set by another plugin
5.1.02 (30 Apr 2024)
- Update – Security Check verifies the firewall against SQL & Script injection and weak usernames
- Update – Font-sizes and layouts
- Update – Add support to MyList theme
- Update – 7g & 8G firewall to match more WP actions and compatibility with more plugins
5.1.01 (10 Apr 2024)
- Update – Added the 8G Firewall filter
- Update – Added the required header security for Apache and Nginx
- Update – Added the option to block the theme detectors
- Update – Added the option to block theme detectors crawlers by IP & agent
- Update – Added the option to simulate CMSs like Drupal & Joomla
- Update – Added the option on Apache to insert the firewall rules into .htaccess
- Fix – Load Firewall on all server types only in frontend to avoid functionality issues in backend
- Fix – Avoid loading recaptcha on Password reset link
- Fix – Screen 120dpi display layout
- Fix – Hide reCaptcha secret key in Settings
5.0.29 (19 Mar 2024)
- Update – Compatibility with WP 6.5
- Update – Compatibility with CloudPanel & Nginx servers
- Update – Compatibility with WordFence scanning
- Fix – Hide rest_route only for visitors to avoid errors with builders
5.0.28 (14 Feb 2024)
Compatibility with PHP 8.3 and WP 6.4.3
* Update – Compatibility with Hostinger
* Update – Compatibility with InstaWP
* Update – Compatibility with Solid Security Plugin (ex Solid Security)
* Update – Added the option to block the API call by rest_route param
* Update – Added new detectors in the option to block the Theme Detectors
* Update – Security Check for valid WP paths
* Fix – Don’t load shortcode recapcha for logged users
* Fix – Rewrite rules for the custom wp-login path on Cloud Panel and Nginx servers
* Fix – Issue on change paths when WP Multisite with Subcategories
* Fix – Hide rest_route param when Rest API directory is changed
* Fix – Multilanguage support plugins
* Fix – Small bugs & typos
5.0.27 (18 Oct 2023)
- Update – Compatibility with WP 6.4.1 & PHP 8.3
- Update – Option to create a random suffix number instead of the version number to prevent caching on static files in admin
- Fix – Default redirect URL in Tweaks > Redirects
- Actualización: Compatibilidad con MainWP Server-Client
- Actualización: Compatibilidad con el plugin WPML
- Update – Hide rest_route param when Rest API directory is changed
- Fix – URL query args sanitization when the rewrite rules are not added correctly in config file
- Fix – Specify the jQuery on Disable Click feature
- Actualización: Compatibilidad con Hostinger
- Actualización: Compatibilidad con InstaWP
- Update – Add shortcode on BruteForce [hmwp_bruteforce] for any login form
- Fix – Small Bugs
5.0.26 (28 Aug 2023)
- Fix – Brute Force Math Recaptcha security
- Fix – Compatibility with themes without Brute Force Math Recaptcha
5.0.25 (23 Aug 2023)
- Fix – Paths change in feed for logos and links
- Fix – Security Check report
- Fix – Improved security on login
- Fix – Typos & Bugs
5.0.24 (03 July 2023)
- Update – Frontend Test to check and show the not found links
- Update – Add compatibility with 2FA and Two-Factor plugins for two factor authentication
- Update – Add Compatibility with FlyingPress & WPFrontendAdmin
- Update – WP functions and notifications for PHP 8.2 compatibility
- Update – Add new key combinations in HMWP disable inspect element and view source
- Fix – Prevent login redirect when the prevent slowing website is activated
5.0.23 (29 May 2023)
- Update – Add the option to connect to the custom login path from Cloud
- Update – Compatibility with WP 6.2.2
- Fix – Typos and small bugs
5.0.22 (16 May 2023)
- Actualización: Agregada compatibilidad con servidores de Cloud Panel
- Update – Add compatibility for CMP Coming Soon & Maintenance Plugin by NiteoThemes plugin
- Update – Add the option to select the server type if it’s not detected by the server
- Update – Add the option to add the rules between the WordPress rewrite rules on Apache/Litespeed servers
- Actualización: Compatibilidad con Siteground
- Update – Compatibility with Avada when cache plugins are enabled
- Fix – Remove the rewrites from WordPress section when the plugin is deactivated
- Fix – User roles names display on Tweaks
- Fix – Combined the Plugin Loading Hook into one option
5.0.20 (03 May 2023)
- Update – File processing when the rules are not set correctly
- Update – Security headers default values
- Fix – Compatibilities with the last versions of other plugins
- Fix – Reduce resource usage on 404 pages
5.0.19 (23 Apr 2023)
- Update – Brute Force protection on lost password form
- Update – Brute Force protection on Woocommerce (login, signup, lost passowrd)
- Update – Compatibility with MemberPress plugin
- Fix – My account link on multisite option
- Fix – Settings to verify the array values on settings saving process
- Fix – Small Bugs
5.0.18 (03 Mar 2023)
- Update – Compatibility with WP 6.2
- Update – Compatibility with more plugins and themes
- Update – Security check when wp-content is customized
- Update – File handle for login, signup, logout
- Update – Compatibility with PHP 8.2
- Update – Remove the atom+xml meta from header
- Update – Remove the noredirect param if the redirect is fixed
- Update – Check the XML and TXT URI by REQUEST_URI to make sure the Sitemap and Robots URLs are identified
- Update – Check the rewrite rules on WordPress Automatic updates too
- Update – Add the option to disable HMWP Ghost custom paths for the whitelisted IPs
- Update – Save all section on backup restore
- Update – Add the option to remove the sitemap style as a separate option from changing the paths in Sitemap.
5.0.17 (19 Dec 2022)
- Update – Compatibility with WP 6.1
- Update – Remove the noredirect param if the redirect is fixed
- Update – Update the verification of the XML and TXT URI
- Update – Get the correct login URL when backend URL is different from frontend URL
- Update – Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs
- Fix – Allow self access to hidden paths to avoid cron errors on backup/migration plugins
- Fix – White screen on iphone > safari when disable inspect element option is on
- Fix – To remove the version from URL even if the ‘ver’ param doesn’t have any value
- Fix – Typo in Security Check
5.0.16 (21 Oct 2022)
- Update – Add the Brute Force protection on Register Form to prevent account spam
- Update – Add the Whitelabel IP option in Security Level and allow the Whitelabel IP addresses to pass login recaptcha and hidden URLs
- Update – Added the option to prioritize the loading of HMWP Ghost plugin for more compatibility with other plugins
- Update – Compatibility with LiteSpeed servers and last version of WordPress
- Update – Compatibility with Breakdance plugin
- Update – Compatibility with Nicepage Builder plugin
- Update – Compatibility with WP 6.0.2
- Fix – Allow self access to hidden paths to avoid cron errors on backup/migration plugins
- Fix – Remove the get_site_icon_url hook to avoid any issue on the login page with other themes
- Fix – Compatibility with ShortPixel webp extension when Feed Security is enabled
- Fix – Fixed the ltrim of null error on PHP 8.1 for site_url() path
5.0.15 (06 Sept 2022)
- Fix – URL Mapping for Nginx servers to prevent 404 pages
- Fix – PHP error in Security Check when the X-Powered-By header is not string
- Fix – Compatibility with Wp-Rocket last version
- Fix – Brute force math issue on woocommerce login when third party woocommerce logins
- Fix – Not to hide the image on login page when no custom image is set in Appearance > Customize > Site Logo
- Fix – Compatibility with ShortPixel webp extension when Feed Security is enabled
- Update – Compatibility with Nicepage Builder plugin
- Update – Compatibility with WP 6.0.2
5.0.14 (17 June 2022)
- Update – Compatibility with Coming Soon & Maintenance Mode PRO
- Update – Compatibility with WordPress 6.0
- Update – Add the option to automatically redirect to admin when access the login page and the user is logged
- Fix – Avoid showing 404 error on Litespeed WP Multisite when a new site is created
- Fix – Avoid showing 404 error on Litespeed WP Multisite when a new taxonomy is created
- Fix – Brute force math security when the math field is deleted
- Fixed the hidden URLs process
5.0.13 (03 May 2022)
- Update – Compatibility with WordPress 5.9.3
- Update – Compatibility with BackUpWordPress plugin
- Update – Compatibility with Themify theme
- Fix – Added the URI in the redirected URL
- Fix – Compatibility with LiteSpeed cache plugin
5.0.12 (08 Mar 2022)
- Update – Added compatibility with Backup Guard Plugin
- Update – Prevent affecting the cron processes on Wordfence & changing the paths during the cron process
- Update – Change the WP-Rocket cache files on all subsites for WP Multisite
- Update – Automatically add the CDN URL if WP_CONTENT_URL is set as a different domain
- Update – Compatibility with WordPress 5.9.1
- Fix – Change Paths for Logged Users issue
- Fix – Show the feature icon in the feature list
- Fix – Show all the rewrite paths for WpEngine with PHP >7.4
- Fix – Frontend test when the plugins paths are not changed
5.0.11 (22 Feb 2022)
- Update – Added 7G Firewall option in Hide My WP > Change Paths > Firewall & Headers > Firewall Against Script Injection
- Update – Fixed the menu hidden issue when other security plugins are active
- Update – Compatibility with Login/Signup Popup plugin when Brute Force Google reCaptcha is activated
- Update – Compatibility with Buy Me A Coffee plugin
- Fix – Library loading ID in HMWP Ghost
5.0.10 (17 Feb 2022)
- Update – Added new option in Login Security: Hide the language switcher option on the login page
- Update – Added the option to reset all settings to default
- Update – Added the Ctrl + Shift + C restriction when Inspect Element option is active
- Update – Added the features text for translation
- Update – Added Firewall & Headers option
- Update – Added the option to ignore the notifications and avoid repeating alerts
- Update – Added the option to disable Right-Click for logged users and user roles
- Update – Added the option to disable Inspect Element for logged users and user roles
- Update – Added the option to disable View Source for logged users and user roles
- Update – Added the option to disable Copy/Paste for logged users and user roles
- Update – Added the option to disable Drag/Drop for logged users and user roles
- Update – Add the option to hide the wp-admin path for non-admin users
- Update – Compatibility with Namecheap hosting
- Update – Compatibility with Ploi.io
- Update – Compatibility with WordPress 5.9
- Update – Compatibility with Coming Soon & Maintenance Mode PRO
- Update – Compatibility with Advanced Access Manager (AAM) plugin
- Update – Compatibility with WPS Hide Login
- Update – Compatibility with JobCareer theme
- Update – Compatibility with Wordfence Security Scan when the wp-admin is hidden
- Update – Compatibility with the Temporary Login Without Password plugin to work with the passwordless connection on custom admin
- Update – Compatibility with the LoginPress plugin to work with the passwordless connection on custom admin
- Update – Compatibility with WordPress Sitemap, Rank Math SEO, SEOPress, XML Sitemaps to hide the paths and style on Nginx servers
- Update – Compatibility with Nitropack
- Update – Compatibility with OptimizePress Dashboard
- Update – Compatibility with Bricks Builder
- Update – Compatibility with Zion Builder
- Update – Compatibility with MainWP
- Update – Compatibility with Limit Login Attempts Reloaded
- Update – Compatibility with Loginizer
- Update – Compatibility with Shield Security
- Update – Compatibility with iThemes Security
- Update – Compatibility with Smush plugin
- Update – Compatibility with Wordfence 2FA when reCaptcha is active
- Update – Added compatibility with JCH Optimize 3 plugin
- Update – Added compatibility with Oxygen 3.8 plugin
- Update – Added compatibility with WP Bakery plugin
- Update – Added compatibility with Bunny CDN plugin
- Update – Update compatibility with Manage WP plugin
- Update – Update compatibility with the Autoptimize plugin
- Update – Update compatibility with Breeze plugin
- Update – Update compatibility with Cache Enabler plugin
- Update – Update compatibility with CDN Enabler plugin
- Update – Update compatibility with Comet Cache plugin
- Update – Update compatibility with the Hummingbird plugin
- Update – Update compatibility with Hyper Cache plugin
- Update – Update compatibility with the Litespeed Cache plugin
- Update – Update compatibility with the Power Cache plugin
- Update – Update compatibility with the W3 Total Cache plugin
- Update – Update compatibility with WP Fastest Cache plugin
- Update – Update compatibility with the iThemes plugin
- Update – Added compatibility with Hummingbird Performance plugin
- Update – Advanced Text Mapping to work with Page Builders in admin
- Update – Changing the paths in sitemap.xml and robots.txt to work with all SEO plugins
- Update – Translate the plugin into more languages
- Update – Select the cache directory if there is a custom cache directory set in the cache plugin
- Update – Show the change in cache files option for more cache plugins
- Update – Removed the WordPress title tag from login/register pages
- Fix – Brute Force blocking Wordfence Cron Job
- Fix – Infinite loop when POST action on unknown paths
- Fix – Remove the login URL from the logo on the custom login page
- Fix – Set Filesystem to direct connection for file management
- Fix – Don’t show the rewrite alert messages if nothing was changed in HMWP
Security:
Two-Factor Authenticator Code
2FA Security
Temporary Login without password
WordPress Security Plugin
Ocultar Mi WP – Plugin de seguridad de WordPress
Ocultar meu WP – Segurança do WordPress
Cacher mon WordPress – Plugin de sécurité WordPress
Verstecken Sie mein WordPress – WordPress Sicherheits-Plugin
Hide My WP – WordPress Security Plugin
Hide WordPress
Security Plugin
Hide My WP free download
Hide wp-login URL