In order to hide your WordPress from Theme Detectors, you will need to activate some extra features in Hide My WP Ghost.
These features don’t affect the website’s security. However, the Theme Detectors will also check some WordPress signals like:
If you have visitors that try to access the protected (changed and hidden) WordPress common paths (such as: /wp-admin and /wp-login) you can use the Redirect Hidden Paths feature to redirect those visitors to another page whenever they reach those WordPress common paths.
So, for example, if someone tries to access your /wp-admin once you’ve used Hide My WP Ghost to protect that path, that visitor will instantly be redirect to another page.
The default option for this is: the Front Page.
But you can also use the Drop Down you see pictured below to select the page where you want visitors or hackers who try to access your protected paths to be redirected to.
To customize the redirect, just select the page you want to use for the redirect from Hide My WP > Tweaks > Redirects > Redirect Hidden Paths
If you’re NOT satisfied with the options included in the drop-down, you can always create a NEW Page in your site and come back to to this section of Hide My WP Ghost and choose that page as the redirect.
You can also tell Hide My WP Ghost to trigger an HTML Error when a visitor tries to access your protected path (404 HTML error or 403 HTML error – again, you choose this from the drop-down).
OR you can redirect those trying to access your protected paths to a 404 Page by selecting the option 404 page from the drop-down.
For logged users (users who can log in and log out of your website such as Authors, Editors and Administrators), you can use the Do Login and Logout Redirects option, which we will cover in the next section of this tutorial.
Since Hide My WP Ghost version 5.0.13, you have the option to set the login and logout redirects based on user role.
With this option, authors, editors and administrators can be redirected on login to the right page.
To customize the redirects, go to Hide My WP > Tweaks > Redirect > Do Login & Logout Redirects.
Here, you can customize the Login Redirect URL as well as the Logout Redirect URL (you can enter whatever URL you want, it can even be an an external URL, which means you can redirect users to a page on a different site).
Note that the settings you make in the User Role panel trump the settings in the Default panel (the User Role redirect has higher priority than the Default redirect URL). Use these options with caution.
Make sure that the redirect URLs exist on your website. Don’t use URLs that lead to 404 Page not found.
The User Role redirect URL has higher priority than the Default redirect URL.
You can use relative or absolute URLs for redirects. We recommend using relative URLs to prevent any error in case the website domain is changed.
Most of the themes work fine with the paths changed while the user is logged in, but there are some that need the WordPress common paths unchanged.
We recommend activating this option so that site customers, for example, can’t see the common paths while logged in to their accounts.
To activate this feature, switch on Hide My WP > Tweaks > Change Options > Change Paths for Logged Users
With this option, Hide My WP Ghost will change paths in cached files. This feature is useful when the website has a cache plugin installed. Once the website is loaded in the frontend, the cache plugin will add all the CSS Styles, JS, and HTML content into the cache directory.
Hide My WP Ghost automatically runs a background process that checks the cache directory for unchanged paths and changes them (this process is done every minute).
This feature will not affect the loading speed and works with all WordPress cache plugins.
To change the paths in cached files, switch on Hide My WP > Tweaks > Change Paths In Cached Files (sidebar)
To see the changes, please check the page as a visitor (incognito mode or with a different browser) and wait one minute after the cache is created for Hide My WP Ghost to change all the paths from the cached files.
Having all the WordPress common paths changed with custom ones will avoid having any relative URLs pointing to the old paths. We recommend using this feature to change all the HTML URLs into absolute URLs.
To change relative to absolute URLs, switch on Hide My WP > Tweaks > Change Options > Change Relative URLs to Absolute URLs
When this option is tuned on, Hide My WP Ghost will hide the /feed and /sitemap.xml link Tags from the frontend.
To hide Feed and Sitemap Link Tags, switch on Hide My WP > Tweaks > Feed & Sitemap > Hide Feed and Sitemap Link Tags
This option allows you to change all the images paths with custom ones in your site’s RSS feed (the RSS feed can be accessed at: https://your site’s name/feed/).
To change paths in RSS feed, switch on Hide My WP > Tweaks > Feed & Sitemap > Change Paths in RSS Feed
For better Search Engine Optimization, we recommend using this feature to change all the images paths with custom ones in sitemap.xml.
Also, Hide My WP Ghost will remove all the Sitemap style added by SEO plugins like Yoast SEO, Squirrly SEO, Google Sitemap XML, that reveal the plugin’s author. The sitemap will be shown as required by Google and other search engines.
To change the image URLs in sitemap.xml, switch on Hide My WP > Tweaks > Feed & Sitemap > Change Paths in Sitemaps XML
This option will remove any trail to WordPress common paths that show that you’re using WordPress as your Content Management System (CMS).
Robots.txt will have the minimum requirements for Google Search Engine to index the website and not affect rankings.
To activate the Robots.txt security, switch on Hide My WP > Tweaks > Feed & Sitemap > Hide Paths in Robots.txt
With this feature, Hide My WP Ghost allows you to hide the WordPress Admin Toolbar for logged users while in frontend.
This feature is useful, for example, if you have a website that is an e-commerce or a profile site; in which case the admin toolbar should NOT show while the customer is logged in.
Because the admin toolbar uses admin classes, it’s better to use this feature to hide the WordPress CMS from users who are logged in.
To hide the admin toolbar, switch on Hide My WP > Tweaks > Hide Options > Hide Admin Toolbar
You can also select the user roles for whom to hide the Admin Toolbar. From the drop down menu you see above, select the User Roles for whom you DON’T want the Admin Toolbar to be visible.
By default, Hide My WP Ghost will hide the Admin Toolbar for Subscribers and Customers (when the Hide Admin Toolbar option is turned ON).
However, you can use the drop-down menu to select, add, and remove User Roles as you need. (multiple User Roles can be selected)
Note that if you activate the Hide Admin Toolbar option, you must have at least one USER ROLE selected. If you don’t select a user role, the plugin will use the default option.
It’s important to hide the version info from all plugins, themes, and WordPress core in order to hide from Theme Detectors. By activating this option, Hide My WP Ghost will hide all information regarding versions from the end of any Image, CSS and JavaScript files.
For every new website, WordPress adds a Generator META in the header with its signature. Many other plugins do the same, so the choice is to completely remove Generator META from the header.
This feature also:
To activate this feature, switch on Hide My WP > Tweaks > Hide Options > Hide Version from Images, CSS and JS in WordPress
By activating this option, Hide My WP Ghost will hide the IDs from all <links>, <style>, and <scripts> META Tags.
To activate this feature, switch on Hide My WP > Tweaks > Hide Options > Hide IDs from META Tags
By activating this option, Hide My WP Ghost will hide the Hide the WordPress Generator META tags.
To activate this feature, switch on Hide My WP > Tweaks > Hide Options > Hide WordPress Generator META Tags
By activating this option, Hide My WP Ghost will hide the DNS Prefetch that points to WordPress.
To activate this feature, switch on Hide My WP > Tweaks > Hide Options > Hide WordPress DNS Prefetch META Tags
WordPress adds comments not only into the site’s source-code but also into plugins and themes. Most Theme Detectors will read the comments from HTML to identify the plugins and versions.
Removing the HTML comments is also a must if you want to hide your WordPress website from detectors.
To remove the HTML comments, switch on Hide My WP > Tweaks > Hide Options > Hide HTML Comments
Emojis are little icons used to express ideas or emotions. If you don’t use them in your website, you do NOT need to load them.
Another reason to disable Emojicons is for speed optimization. You are likely to notice a significant improvement in your page loading times when these libraries are NOT loaded.
To disable Emojicons, switch on Hide My WP > Tweaks > Hide Options > Hide Emojicons
oEmbed allows users to embed YouTube videos, tweets, and many other resources on their sites simply by pasting a URL, which WordPress then automatically converts into an embed (also provides a live preview inside the visual editor). Most of the themes already include this option, so you don’t need to load these scripts anymore.
Another reason to disable oEmbed scripts is for speed optimization. You will notice a significant improvement in your page loading times when these libraries are NOT loaded.
To disable Embed scripts, switch on Hide My WP > Tweaks > Hide Option > Hide Embed scripts
If you don’t use Windows Live Writer, then this code is completely useless to you and should be removed, as this tells the whole world you’re using WordPress as your CMS.
To disable WLW (Windows Live Writer) Manifest scripts, switch on Hide My WP > Tweaks > Hide Options > Disable WLW Manifest scripts
To reach the Disable options available in Hide My WP Ghost, navigate to Hide My WP > Tweaks > Disable Options. Here you will find the following options:
^^ If visitors on your site will try to perform one of these actions after you’ve activated the corresponding feature in Hide My WP Ghost, they will see a message letting them know that the action they wanted to perform is not possible on your website.
For example, say you’ve activated the Disable Right-Click option using Hide My WP Ghost. If a site visitor will try to click right on one of your pages, they will see the following message by default: Right click is disabled!
But you can also choose to customize the message that appears (as shown in the image below).
There is one more option you can activate in the Disable Options section of Hide My WP Ghost, namely: Disable DB Debug in Frontend.
It’s not safe to have Database Debug turned on in frontend. Make sure you don’t use Database debug on live websites.
To disable DB Debug, switch on Hide My WP > Tweaks > Disable Options > Disable DB Debug in Frontend
Run a website security check and make sure that the WordPress Debug and Database Debug options are turned off in frontend.
To run a security check, go to Hide My WP > Security Check