Hide your website identity from any attack such as
XSS , XSRF , SQL Injection , brute-force, etc.

Protect your WordPress website from malware and hackers

Hide my wp

Current version:

Release date:

Last update:

Min WP v:

Min. PHP v:

Multisite support:






coming soon

Hide my wp

About plugin

You, as a WordPress user, work with the most secure content management system. However, no CMS is 100% protected. Hackers acquire an advanced knowledge and enhance their skills as fast as developers patch vulnerabilities. 

Hidemywp is a simple, flexible and well-supported plugin. Instead of protecting the website from constant bots & hackers’ attacks, as other security plugins do, this one hides all traces of using WordPress on the website.

There are many ways of hacking the website: bruteforce attacks, WordPress plugins & themes vulnerabilities, unsafe server settings, etc.

Each day a lot of bots sort passwords and search for your website vulnerabilities. Such bots are created for hacking WordPress websites. And what if bots can’t identify your website as a WordPress-based? In this case, they’ll be searching for vulnerabilities somewhere else, leaving your website behind.

Hide my wp

How it works?

We use the best practices of hiding all WordPress traces in your website. Our plugin does not rename your website files or directories; it simply replaces their addresses in the generated HTML-pages. The plugin then uses your server configuration to create rules for both redirecting users from the old URLs to the new ones and blocking access to old URLs.

As hackers are not able to find traces of using WordPress on your site, they can’t insert any malware code nor use specific security breaches. This will keep your website absolutely safe and clean. Prevention is better than cure!

How it can help me?

Alexatop rating showed that 70% of 40, 000 tested WordPress websites were vulnerable for hack attacks. These figures were based on the well-knows vulnerabilities.

Testing results:

  1. 74 different versions of WP were identified.
  1. 769 websites or 1.82% were based on the outdated WP version 2.0.
  1. Only 7,814 websites or 55% were updated to the latest WP version.
  1. 13,304 websites or 95% were still running on the vulnerable WP version!

WordPress is a secure website management system, which means that if any new vulnerability occurs, developers fix it right away and release an update. Unfortunately, that is not enough for 100% protection. There are also third-party themes & plugins that may have various vulnerabilities in different versions. Besides, some plugins are simply bad coded and appear to be a potential threat to the website security.


Of course, you can monitor all the latest WP and plugin updates, but even the newest versions may have vulnerabilities.

The easiest way of solving security problems is to hide any plugins/themes/WP related info. If hackers or bots can’t find the necessary info, it will be really hard for them to hack your website.

Plugin screenshots

Plugin has a beautiful and user-friendly interface with intuitive tooltips for each option and category.

Check for yourself!

No WordPress detectors can see any detail about Our Site, no plugins info, no theme specifications, no WordPress at all!!

Awesome Integration

Серверы Apache (добавляют дополнительную информацию о безопасности htaccessScripting (XSS)) и Nginx для поддоменов и подкаталогов мультисайтов WordPress

Plugin features

The main feature of the plugin is hiding all traces of WordPress from hackers and bots. Plus there are several features helping to improve your website performance.

Replaces arbitrary texts

Some texts in the HTML source code can be replaced with custom data. It can be used for any HTML-data, such as internal texts, attributes (classes) and tags.

Blocks access to service files

Denies access to log, .txt, .html, .htm files. For example, plugin blocks access to readme.txt, readme.html, php_errors.log files. You can also exclude some file types.

Cleans up HTML code

Removes HTML-components generated by plugins or themes; removes wp-image-x, format-x, page-template-x classes generated automatically for body, posts, images, etc.

Changes the entry point in Ajax requests

admin-ajax.php is the entry point for all ajax-requests. This feature can change the entry point address for the ajax-requests and block access to old address.

Disables unwanted features

Plugin can disable emoji, initial scripts & styles, version in URLs, attribute IDs, meta tags, wlwmanifest, feed_links, rsd_link, adjacent_posts_rel, profile links, canonical links.


Plugin can disable or block default URL for JSON REST V1 and V2 API. It can also remove links to REST API from the header.

Blocks access to php files

Plugin blocks direct access to any php files except the ones that can be generated through the URL request, for example.

Controls over XML-RPC API

Plugin fully controls API XML-RPC by changing and blocking the xml-rpc.php default path, disabling XML-RPC verification and removing pingback.

Removes headers from server responses

Plugin removes response headers, incl. X-Powered-By and X-Pingback meta data.

Blocks/rewrites default paths

Plugin prevents anyone from accessing general WordPress directories through the old URLs. It also replaces old links to such directories with the custom ones.

Does not rename directories and files!

Plugin dynamically replaces the content of generated pages and redirects on the server level. So if you disable the plugin, its effect will be lost.

Hides login page

Malicious bots are constantly attempting to sort your login-password pair – this is called a bruteforce attack. Such attacks consumes a lot of resources, which drastically slows your website and increases response time. Our plugin replaces your login page URL, so the bots see 404 error.

You can purchase this plugin in the Clearfy Business package

The Clearfy Business package grants access to all our premium components and plugins.