前言介紹
- 這款 WordPress 外掛「WP Hide & Security Enhancer」是 2015-12-08 上架。
- 目前有 60000 個安裝啟用數。
- 上一次更新是 2025-04-28,距離現在已有 4 天。
- 外掛最低要求 WordPress 4.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.4 以上。
- 有 274 人給過評分。
- 論壇上目前有 3 個提問,問題解答率 33%
外掛協作開發者
外掛標籤
login | wp-hide | security | wordpress hide | Security Headers |
內容簡介
WP-Hide 推出了最簡單的方法,完全隱藏 WordPress 核心文件、登錄頁面、佈景主題和外掛程式的路徑,使其不會顯示在前端,這是 Site Security 的一個巨大改進,因為沒有人會知道您是否正在運行 WordPress。它還提供了一種簡單的方法,通過刪除所有 WordPress 指紋來清理 HTML。
無文件和目錄更改!
任何地方都不會更改任何文件和目錄。一切都是虛擬進行處理。插件代碼使用 URL 重寫技術和 WordPress 過濾器來應用所有內部功能和功能。所有操作都是自動完成的,不需要用戶介入。
真正隱藏 WordPress 核心文件和外掛程式
該插件不僅允許您更改 WordPress 的默認 URL,而且還隱藏/阻止此類默認。其他類似的插件只是更改密碼,但是默認設置仍然可訪問,顯然透露了 WordPress 作為 CMS。
您可以將默認的 WordPress 登錄 URL 從 wp-admin 和 wp-login.php 更改為完全隨意的東西。沒有人會知道在哪裡嘗試猜測登錄並入侵您的站點。它變得完全看不到。
完整的插件文檔可在WordPress Hide and Security Enhancer Documentation中找到
測試 WordPress 主題和外掛程式檢測器服務/站點時,任何設置更改可能不會立即反映在其報告中,因為它們使用緩存。因此,您可能需要稍後再次檢查,或嘗試不同的內部 URL。主頁 URL 的使用並不強制。
作為最好的內容管理系統,廣泛使用的 WordPress 容易受到各種黑客攻擊的影響,包括暴力破解、SQL 注入、XSS、XSRF 等等。儘管 WordPress 核心是由一個由專業的愛好者維護的非常安全的代碼,但額外的插件和佈景主題使其成為每個網站的脆弱點。在許多情況下,這些是由未能遵循最佳編程實踐或根本沒有擁有創建安全插件的經驗的拍賣開發人員創建的。
統計數據顯示,每天都會發現新漏洞,其中很多影響數十萬 WordPress 網站。
超過 99.9% 的入侵 WordPress 網站是自動恶意脚本的目标,它们搜索特定的 WordPress 指纹。此插件隱藏或替換這些踪跡,使黑客攻擊變得毫無用處。
它與自定義 WordPress 目錄結構(例如自定義外掛程式、佈景主題和上載文件夾)非常配合。
配置完成後,您需要清除服務器緩存數據和/或任何緩存插件(例如 W3 Cache),才能創建新的 html 數據。如果使用 CDN,這也應該清除緩存。
用法示例
主插件功能:
自定義管理 URL
阻止默認管理 URL
阻止任何直接文件夾訪問以完全隱藏結構
自定義 wp-login.php 文件名
阻止默認 wp-login.php
阻止默認 wp-signup.php
阻止 XML-RPC API
創建新的 XML-RPC 路徑
調整主題 URL
創建新的子佈景主題 URL
更改主題樣式文件名
清除任何主題樣式文件的標題
自定義 wp-include
阻止默認 wp-include 路徑
阻止默認 wp-content
自定義外掛程式 URL
更改個別外掛程式 URL
阻止默認外掛程式路徑
創建新的上載 URL
阻止默認上載 URL
刪除 WordPress 版本
阻止 Meta 生成器
禁用表情符號和所需的 JavaScript 代碼
原文外掛簡介
Effortlessly conceal your WordPress site from detection! With over 99.99% of hacks targeting specific plugin and theme vulnerabilities, this plugin significantly boosts site security by making it invisible to hackers’ web scanners.
By removing all traces of WordPress, including themes and plugins, potential exploits are rendered harmless. This method ensures that your site is safe without affecting SEO; in fact, it can enhance certain SEO aspects when used strategically.
WP-Hide has launched the easiest way to completely hide your WordPress core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.
No file and directory change!
No file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.
Real hide of WordPress core files and plugins
The plugin not only allows you to change default URLs of you WordPress, but it also hides/blocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.
You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.
Full plugin documentation available at WordPress Hide and Security Enhancer Documentation
When testing with WordPress theme and plugins detector services/sites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.
Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.
Statistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.
Over 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking bots attacks useless.
It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.
Once configured, you need to clear server cache data and/or any cache plugins (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.
Sample usage
Main plugin functionality:
Customizes Admin URL
Blocks default admin URL
Blocks any direct folder access to completely hide the structure
Customize wp-login.php filename
2FA – Two-factor Authentication
2FA – Two-factor Authentication – Email Verification Code
2FA – Two-factor Authentication – Authenticator App
2FA – Two-factor Authentication – Recovery Codes
Google Captcha
Blocks default wp-login.php
Blocks default wp-signup.php
Blocks XML-RPC API
Creates New XML-RPC paths
Adjusts theme URL
Creates New child Theme URL
Changes theme style file name
Cleans any headers for theme style file
Customizes wp-include
Blocks default wp-include paths
Blocks default wp-content
Customizes plugins URL
Changes Individual plugin URL
Blocks default plugins paths
Creates New upload URL
Blocks default upload URL
Removes WordPress version
Blocks Meta Generator
Disables the emoji and required javascript code
Removes pingback tag
Removes wlwmanifest Meta
Removes rsd_link Meta
Removes wpemoji
Minifies Html, Css, JavaScript
Security Headers
and many more.
No other plugin functionality will be blocked or interfered in any way by WP-Hide
This plugin allows to change the default Admin URL from wp-login.php and wp-admin to something else. All original links turn the default theme to “404 Not Found” page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.
Important: Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to“404 error” page for all blocked URL functionalities, without revealing the link existence at all.
Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com/wp-content/plugins/woocommerce/ into domain.com/ecommerce/cdn/ or anything customized.
Plugin Sections
**Hide -> Scan
Exhaustive system security examination with analysis and improvements guidance and fixes
Hide -> Rewrite > Theme
New Theme Path – Changes default theme path
New Style File Path – Changes default style file name and path
Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file
Child – New Theme Path – Changes default child theme path
Child – New Style File Path – Changes child theme style-sheet file path and name
Child – Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file
Hide -> Rewrite > WP includes
New Include Path – Changes default wp-include path/URL
Block wp-include URL – Blocks default wp-include URL
Hide -> Rewrite > WP content
New Content Path – Change default wp-content path/URL
Block wp-content URL – Blocks the default content URL
Hide -> Rewrite > Plugins
New Plugin Path – Changes default wp-content/plugins path/URL
Block plugin URL – Blocks default wp-content/plugins URL
New path / URL for Every Active Plugin
Customize path and name for any active plugins
Hide -> Rewrite > Uploads
New Upload Path – Changes default media files path/URL
Block upload URL – Blocks default media files URL
Hide -> Rewrite > Comments
New wp-comments-post.php Path
Block wp-comments-post.php
Hide -> Rewrite > Author
New Author Path
Block default path
Hide -> Rewrite > Search
New Search Path
Block default path
Hide -> Rewrite > XML-RPC
New XML-RPC Path – Changes default XML-RPC path / URL
Block default xmlrpc.php – Blocks default XML-RPC URL
Disable XML-RPC authentication – Filters whether XML-RPC methods require authentication
Remove pingback – Removes pingback link tag from theme
Hide -> Rewrite > JSON REST
Clean the REST API response
Disable JSON REST V1 service – Disables an API service for WordPress which is active by default
Disable JSON REST V2 service – Disables an API service for WordPress which is active by default
Block any JSON REST calls – Any call for JSON REST API service will be blocked
Disable output the REST API link tag into page header
Disable JSON REST WP RSD endpoint from XML-RPC responses
Disable Sends a Link header for the REST API
Hide -> Rewrite > Root Files
Block license.txt – Blocks access to license.txt root file
Block readme.html – Blocks access to readme.html root file
Block wp-activate.php – Blocks access to wp-activate.php file
Block wp-cron.php – Blocks outside access to wp-cron.php file
Block wp-signup.php – Blocks default wp-signup.php file
Block other wp-*.php files – Blocks other wp-.php files within WordPress Root
Hide -> Rewrite > URL Slash
URL’s add Slash – Add a slash to any links without it. This disguisesthe existence of a file, folder or a wrong URL, which will all be slashed.
Hide -> General / Html > Meta
Remove WordPress Generator Meta
Remove Other Generator Meta
Remove Shortlink Meta
Remove DNS Prefetch
Remove Resource Hints
Remove wlwmanifest Meta
Remove feed_links Meta
Disable output the REST API link tag into page header
Remove rsd_link Meta
Remove adjacent_posts_rel Meta
Remove profile link
Remove canonical link
Hide -> General / Block Detectors
Block Detectors
Hide -> General / Emulate CMS
Emulate CMS
Hide -> General / Html > Admin Bar
Remove WordPress Admin Bar for specified urser roles
Hide -> General / Feed
Remove feed|rdf|rss|rss2|atom links
Hide -> General / Robots.txt
Disable admin URL within Robots.txt
Hide -> General / Html > Emoji
Disable Emoji
Disable TinyMC Emoji
Hide -> General / Html > Styles
Remove Version
Remove ID from link tags
Hide -> General / Html > Scripts
Remove Version
Hide -> General / Html > Oembed
Remove Oembed
Hide -> General / Html > Headers
Remove Link Header
Remove X-Powered-By Header
Remove Server Header
Remove X-Pingback Header
Hide -> General / Html > HTML
Remove HTML Comments
Minify Html, CSS, JavaScript
Remove general classes from body tag
Remove ID from Menu items
Remove class from Menu items
Remove general classes from post
Remove general classes from images
Hide -> General / Html > User Interactions
Disable Mouse right click
Disable Text Selection
Disable Copy
Disable Cut
Disable Paste
Disable Print
Disable Print Screen
Disable Developer Tools
Disable View Source
Disable Drag / Drop
Hide -> Admin > wp-login.php
New wp-login.php – Maps a new wp-login.php instead of the default one
Block default wp-login.php – Blocks default wp-login.php file from being accessible
Customize the default login page Logo image
Hide -> Admin > Admin URL
New Admin URL – Creates a new admin URL instead of the default ”/wp-admin”. This also applies for admin-ajax.php calls
Disable customized Admin Url redirect to the Login page
Block default Admin Url – Blocks default admin URL and files from being accessible
Security -> 2FA
Enable 2FA
Enable the 2FA for specific roles
Enforce User to Configure 2FA
Primary option for Two-Factor
Disable 2FA when using Temporary Login
Security -> 2FA Email
Activate 2FA Email
Security -> 2FA Auth App
Activate Authenticator app (TOTP)
Security -> 2FA Recovery Codes
Activate 2FA Recovery Codes
Security -> Captcha
Google Captcha V2
Google Captcha V3
CloudFlare Turnstile ( PRO )
Settings -> CDN
CDN Url – Sets-up CDN if applied. Some providers replace site assets with custom URLs.
Security -> Headers
HTTP Response Headers are a powerful tool to Harden Your Website Security.
* Cross-Origin-Embedder-Policy (COEP)
* Cross-Origin-Opener-Policy (COOP)
* Cross-Origin-Resource-Policy (CORP)
* Referrer-Policy
* X-Content-Type-Options
* X-Download-Options
* X-Frame-Options (XFO)
* X-Permitted-Cross-Domain-Policies
* X-XSS-Protection
This free version works with Apache and IIS server types. For all server types, check with WP Hide PRO
This is a basic version that can hide everything for basic sites, example https://demo.wp-hide.com/. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.
Anything wrong with this plugin on your site? Just use the forum or get in touch with us at Contact and we’ll check it out.
A website example can be found at https://demo.wp-hide.com/ or our website WP Hide and Security Enhancer
Plugin homepage at WordPress Hide and Security Enhancer
This plugin is developed by Nsp-Code
Localization
Please help and translate this plugin to your language at https://translate.wordpress.org/projects/wp-plugins/wp-hide-security-enhancer
You are kindly asked to promote this plugin if it comes up to your expectations via an article on your site or any other place. If you liked this code/WP-Hide or if it helped with your project, why not leave a 5 star review on this board.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WP Hide & Security Enhancer」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0 | 1.1 | 1.2 | 1.4 | 1.6 | 1.8 | 2.1 | 2.4 | 2.5 | 2.6 | 1.0.3 | 1.0.4 | 1.1.2 | 1.1.7 | 1.2.2 | 1.2.6 | 1.2.9 | 1.3.1 | 1.3.3 | 1.3.4 | 1.3.5 | 1.3.6 | 1.3.7 | 1.3.8 | 1.3.9 | 1.4.1 | 1.4.2 | 1.4.3 | 1.4.4 | 1.4.5 | 1.4.7 | 1.4.9 | 1.5.2 | 1.5.3 | 1.5.4 | 1.5.5 | 1.5.6 | 1.5.7 | 1.5.8 | 1.5.9 | 1.6.1 | 1.6.2 | 1.6.3 | 1.6.4 | 1.7.1 | 1.7.3 | 1.7.4 | 1.7.6 | 1.7.8 | 1.7.9 | 1.8.1 | 1.8.3 | 1.8.5 | 1.8.6 | 1.8.8 | 1.9.1 | 1.9.3 | 1.9.5 | 1.9.7 | 1.9.9 | 2.0.4 | 2.0.6 | 2.1.1 | 2.1.5 | 2.1.8 | 2.2.1 | 2.2.3 | 2.2.4 | 2.2.9 | 2.3.1 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8 | 2.3.9 | 2.4.1 | 2.4.2 | 2.4.4 | 2.4.7 | 2.5.1 | 2.5.2 | 2.5.4 | 2.5.6 | 2.5.8 | 2.6.1 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | trunk | 1.3.3.1 | 1.3.3.2 | 1.3.5.1 | 1.3.6.2 | 1.3.6.3 | 1.3.8.1 | 1.3.9.1 | 1.3.9.2 | 1.4.4.1 | 1.4.4.2 | 1.4.4.4 | 1.4.5.1 | 1.4.5.6 | 1.4.6.5 | 1.4.6.6 | 1.4.7.4 | 1.4.7.6 | 1.4.8.2 | 1.4.9.1 | 1.5.1.2 | 1.5.2.1 | 1.5.2.2 | 1.5.3.1 | 1.5.4.1 | 1.5.4.2 | 1.5.5.4 | 1.5.5.5 | 1.5.5.6 | 1.5.5.7 | 1.5.5.9 | 1.5.6.2 | 1.5.6.3 | 1.5.6.7 | 1.5.6.8 | 1.5.6.9 | 1.5.8.2 | 1.5.9.3 | 1.5.9.4 | 1.5.9.5 | 1.5.9.9 | 1.6.0.4 | 1.6.0.5 | 1.6.0.6 | 1.6.0.8 | 1.6.0.9 | 1.6.1.1 | 1.6.1.3 | 1.6.2.3 | 1.6.2.4 | 1.6.3.1 | 1.6.3.2 | 1.6.3.3 | 1.6.3.4 | 1.6.3.6 | 1.6.3.7 | 1.6.3.8 | 1.6.3.9 | 1.7.8.1 | 1.7.9.2 | 2.3.8.1 | 2.3.8.2 | 1.6.0.9.1 | 1.6.2.0.1 | 1.6.2.0.2 | 1.6.2.0.3 | 1.6.2.0.4 |
延伸相關外掛(你可能也想知道)
HTTP Headers 》HTTP Headers 外掛可以控制網站回應的 HTTP Headers。, HTTP Headers 支援的 Headers 包括:, , Access-Control-Allow-Origin, Access-Control-Allow-Credent...。
Content Security Policy Manager 》Content Security Policy Manager 是一個 WordPress 外掛,允許您輕鬆配置網站內容安全政策標頭。您可以為管理介面、已登入使用者的前端和常規訪客的前端設定...。
Security Headers 》安全標頭是網路應用程式使用的指令,用來設定安全防禦機制。, 為何安全標頭很重要?, 在審核網站時,常常會忘記檢查安全標頭。, 雖然有人可能會主張網站安全...。
Security Header Generator 》這個外掛程式會產生適當的安全性 HTTP 回應標頭,嘗試產生合法的內容安全策略(Content Security Policy),並在設定的情況下設置瀏覽器權限。。
HTTP Security Header 》總結:安全標頭對保護您的WordPress網站免受常見攻擊至關重要,包括跨網站指令碼(XSS)、點擊劫持、內容嗅探和證書透明度問題。安全標頭外掛提供了一個簡單...。
CSP-ANTS&ST 》為了讓你的網站完全安全,你必須避免在你的內容安全政策標頭中使用 ‘unsafe-eval’ 和 ‘unsafe-inline’。, 這個外掛會在 script/styl...。
Small WP Security – SP SWS 》Small WP Security 是一個 WordPress 外掛,提供您網站的基本安全保護。, 功能:, 元標籤和連結:, – 移除 RSD 連結 (EditURI 連結),, – 移除 WL...。
Improve Website Security 》總結: WordPress 安全對於保護您的網站免受駭客和惡意攻擊至關重要。這款外掛通過提供多項功能來增強您的WordPress安全性,包括添加安全標頭、更改登入錯誤訊...。
Strict Security Headers 》總結:, Strict Security Headers 是一個簡單且輕量級的 WordPress 外掛程式,通過實施現代安全標頭來增強你的 WordPress 網站的安全性。只需啟用該外掛程式...。
Essentials by Digital Creatings 》總結:Essentials by Digital Creatings 是一個輕量而強大的 WordPress 外掛,旨在提高安全性、優化性能,並增強電子郵件功能。這個外掛提供了基本的安全功能...。
FlashSpeed 》FlashSpeed 旨在為您的 WordPress 和 WooCommerce 網站加速,因為它可以刪除未使用的資源,並允許您微調 WordPress 的加載方式。, 因此,您可以減少所需的資...。
Unified – Email Log, Email Queue, Page cache and more 》- Unified外掛旨在提供幾乎所有網站都使用或應該使用的標準功能,如頁面緩存、清潔回應、自定義SMTP和優良的安全性。, - 我們的目標是使功能簡單易用,具有高...。