This Plugin provides many options to secure and hide your WordPress website. It is important to understand what each option does, so the results should be checked on front side to ensure no incompatibility / conflict is taking place. Be aware that not every option may be necessarily to be used as certain functionalities may not be available in specific themes and certain plugins. For detailed explanations upon all see Plugin Options Explained
The plugin menu is structured into three main sections:
- Rewrite
- General / Html
- Admin
Rewrite
This section includes functions to control almost everything related to URL’s. Parent Theme / Child Theme, Individual Plugins, Default WordPress folders structure, Uploads, XML-RPC, JSON REST, all default url’s can be changed to something else, disguising the WordPress identity which actually is very easy to be identified without the application of this plugin. This plugin makes structure reading and identification through html code almost impossible as it simply does not match anymore with anything commonly used. The majority of WordPress identifying / theme detectors will fail to find anything regarding WordPress, not being able to see the CMS of a site at all.
General / Html
Html structure output can be maintained from this section area. Different tags replacements or removals are controlled through these options. Meta tags like WordPress generator, wlwmanifest, feed_links, adjacent post links, canonical links, emoji, oembed, headers, Html classes and Id’s cleanup etc. At this point, taking advanced of those settings, WordPress becomes virtually impossible to be detected. Even for large sites with complex structure and functionality, detection of WordPress fails since no tracks of it are being found anymore.
Admin
This section includes two powerful options, a default WordPress wp-login.php and admin slug change. This is the place through which the login/admin aspects of your site can be managed. Default urls can be set as default theme 404 errors (Not Found type) so it will not give any hint on a potential WordPress instalment. End-user is being shown a default 404 error page, suggesting that the link does not exist at all. Changing default login / admin slugs brings huge improvement over site security. One of the most important things is to eliminate the brute force login attempt which is pretty common for almost all sites. Hackers/hack boots always search WordPress sites and try to guess and jump into them by exploiting weak logins. Since the default login / admin link is not available anymore, they will not know where to try. Besides the security aspect, the overall site speed also increases. Just imagine a hack boot trying out thousands of logins attempts in an hour, dramatically reducing the server processing power, thus translating in a much slower page load response for regular users.