=== Hide Wp-Admin and Wp-Login - WP Security ===
Contributors: johndarrel
Tags: hide admin,hide login,hide admin url,hide login url,wp-admin,wp-login,hide login page,rename login,rename login url,hack,attack
Requires at least: 4.0
Tested up to: 4.9
Stable tag: trunk
Donate link: https://hidemywp.co/wordpress

Hide Wp-Admin and Wp-Login will change and hide the WordPress admin, WordPress login and the common paths to increases your WP security against hackers and spammers.

== Description ==

Hide Wp-Admin and Wp-Login will change and hide the WordPress admin, WordPress login and the common paths to increases your WP security against hackers and spammers.

[youtube https://www.youtube.com/watch?v=gwRKHQTNkh0]

**Hide Wp-Admin and Wp-Login** is a **WP Security plugin**. You can change and hide WordPress common paths including wp-admin and wp-login.php URLs to increases your WP Security against hacker's bots.

Protect your WordPress website by hiding the fact that you are using WordPress. The best way to secure your website is through obscurity. The hacker's bots will not be able to insert scripts and to do brute force attacks on your authentification paths anymore.  Change the common WordPress paths like wp-content, wp-includes, uploads, comments and authors.

Also hide the WordPress version and plugin version from your website's source code with just one click. You can also hide the admin toolbar for subscribers and don't let them know that you have a WordPress website.

Hide WP URLs plugin comes with a Security Check option so you will know if you have any security breach and how to fix it immediately.

Please help us **translate the plugin in your language**:
<a href="https://translate.wordpress.org/projects/wp-plugins/hide-wp-urls">https://translate.wordpress.org/projects/wp-plugins/hide-wp-urls</a>

Thank you all for your trust, support and positive reviews!

> <strong>Hide Admin and Login Security Features:</strong>
>
> *   <strong>Hide WordPress wp-admin</strong> URL and redirect it to 404 page or a custom page
> *   <strong>Hide WordPress wp-login.php</strong> and redirect it to 404 page or a custom page
> *   <strong>Change the wp-admin and wp-login</strong> URLs
> *   <strong>Change lost password</strong> URL
> *   <strong>Change register</strong> URL
> *   <strong>Change logout</strong> URL
> *   <strong>Change admin-ajax</strong> URL
> *   <strong>Change wp-content</strong> URL
> *   <strong>Change wp-includes</strong> URL
> *   <strong>Change comments</strong> URL
> *   <strong>Change author</strong> URL
> *   <strong>Change plugins</strong> URL
> *   <strong>Change themes</strong> URL
> *   <strong>Change category</strong> URL
> *   <strong>Change tags</strong> URL
> *   <strong>Hide WordPress HTML comments</strong>
> *   <strong>Hide Version and WordPress Tags</strong>
> *   <strong>Brute Force</strong> with Math Captcha
> *   <strong>Backup and Restore</strong> settings
> *   <strong>Fix relative URLs</strong>
> *   <strong>Remove custom text</strong> from HTML code
> *   <strong>Cache CSS, JS and Images</strong> to optimize the loading speed
> *   <strong>Weekly security check and reports</strong>
>

Compatible with: <strong>WP Multisite, Apache, Litespeed, Nginx and IIS</strong>.

Plugins Compatibility updates: <strong>W3 Total Cache, WP Super Cache, WP Fastest Cache, Cache Enabler, CDN Enabler,
WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress, All In One SEO, Yoast SEO, Squirrly SEO,
WP-Rocket, Minify HTML, iThemes Security, Sucuri Security, Back-Up WordPress, Elementor Page Builder,
Weglot Translate, AddToAny Share Btn</strong>

Hosting Compatibility checked: <strong>WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus,
Payperhost, Fastcomet, Dreamhost</strong>


To **hide all the common WordPress paths** you need the Hide My WP Ghost version. Check all the Ghost security features below.

The admin URL is the most common path that hackers use to break your WordPress site.

Being able to cover up the common paths is critical, because you get to keep intruders away from sensitive website data.

This is crucial because it will provide you with a great experience and really good results in the long term.

It will surely be worth it, since hiding the common paths will make hacking a lot harder as well.

If you don't protect yourself, sooner or later you will end up having a hacked website.


**This is a free version of the plugin so you can use it for all your blogs without any restrictions.**

No theme or other plugins functionality will be blocked; everything will function the same.

Note: The plugin requires custom permalinks. Make sure you have it activated at Settings > Permalinks

<hr />

> <strong>Hide My WP Ghost security features:</strong>
>
> *   Hide WordPress wp-admin URL
> *   Hide WordPress wp-login.php
> *   Custom wp-admin and wp-login URLs
> *   Custom lost password URL
> *   Custom register URL
> *   Custom activate URL
> *   Custom logout URL
> *   Custom wp-includes path
> *   Custom wp-content path
> *   Custom wp-json API path
> *   Custom plugins name
> *   Custom themes name
> *   Custom themes style name
> *   Custom plugins path
> *   Custom uploads path
> *   Custom authors path
> *   Custom comment URL
> *   Custom category path
> *   Custom tags path
>
> *   Hide plugins name
> *   Hide themes name
> *   Hide style IDs and META IDs
> *   Hide author by ID URL
> *   Hide WordPress common paths like: wp-content, wp-includes, /plugins, /themes,upgrade.php
> *   Hide WordPress common files like: upgrade.php, install.php, activate.php, wp-config.php, etc.
> *   Hide RSD (Really Simple Directory) header
> *   Disable directory browsing
> *   Add Firewall against SQL/Script injection
>
> *   Hide wp-image and wp-post classes
> *   Hide Emojicons if you don't use them
> *   Disable XML-PRC access
> *   Disable Rest API access
> *   Disable Embed scripts
> *   Disable DB-Debug in Frontend
> *   Disable WLW Manifest scripts
>
> *   Brute Force Protection with Math Captcha
> *   Brute Force Protection with Google reCaptcha
> *   Custom attempts, timeout, message
> *   Manage Blacklist and Whitelist IPs
>
> *   Log user activity
> *   Set security alerts by email if users login from different IPs
> *   Set security alerts by email on Brute Force attacks
> *   Set security alerts by email if users delete articles
> *   Set security alerts by email if users delete articles
> *   Security Check with over 30 check points
>
> *   Support for WP Multisite
> *   Support for Nginx
> *   Support for IIS
> *   Support for LiteSpeed
> *   Support for Apache
> *   Support for Bitnami Servers
>
> *   Recommended by Wp Rocket plugin
>     https://goo.gl/VTPYWV
>
> <strong>Protection against: </strong>
>
> * Brute Force Attacks,
> * SQL Injection Attacks
> * Cross Site Scripting (XSS)
> * and more
>
> See all the <strong>Ghost features</strong>:
> <a href="https://hidemywp.co/wordpress">https://hidemywp.co/wordpress</a>
>
> Hide My WP <strong>Knowledge Base</strong>:
> <a href="https://hidemywp.co/knowledge-base/">https://hidemywp.co/knowledge-base/</a>

Once you use the Hide My WP Ghost plugin you will get custom upload paths, author paths, plugin paths and so on.

You will also have the ability to remove unwanted classes, hide content, disable scripts and so on.

Hide My WP Ghost does an exceptional job at helping you get support for WP Multisite, for Bitnami Servers, Apache, LiteSpeed, Nginx, IIS, WP Rocket Plugin and many others.

It is worth it, so you may want to check it out.


Also, just because you want to add a WordPress Security plugin that hides the common paths, doesn't mean the plugin has to be slow.

Hide my WP Ghost Lite is very fast, and it won't impact your website in any negative way.

On the contrary, it will hide the common paths, deliver all the WordPress Security features above and much more while also keeping the site faster at all times!

Note! This is not the Hide My Wp Nulled version of the Hide My Wp Codecanyon plugin.

<strong>Spanish Description:</strong>

Ocultar Mi WP - Plugin de seguridad para WordPress
Hide My WP Ghost Lite es un Plugin de seguridad de WordPress. Usted puede cambiar y ocultar las rutas y URLs comunes de WordPress para aumentar su seguridad de WP contra los hackers.
Proteja su sitio web de WordPress ocultando las rutas de autenticación como wp-admin y wp-login y cambie sus rutas comunes de WordPress como wp-content, wp-inclides, uploads y más.

> <strong>Ocultar wp-admin de WordPress</strong> URL y redirigir a la página 404 o a una página personalizada
> <strong>Ocultar wp-login.php de WordPress</strong> y redirigir a la página 404 o a una página personalizada
> <strong>Cambiar el wp-admin y wp-login</strong>URLs
> <strong>Cambiar la contraseña olvidada</strong>URL
> <strong>Cambiar el registro</strong> URL
> <strong>Cambiar la sesión</strong> URL
> <strong>Cambiar admin-ajax</strong> URL
> <strong>Cambiar wp-content</strong> URL
> <strong>Cambiar wp-includes</strong> URL
> <strong>Cambiar los comentarios</strong> URL
> <strong>Cambiar el autor</strong> URL
> <strong>Cambiar Plugins</strong> URL
> <strong>Cambiar de tema</strong> URL
> <strong>Cambiar de categoría</strong> URL
> <strong>Cambiar Tags</strong> URL
> <strong>Ocultar comentarios HTML de WordPress</strong>
> <strong>Ocultar Version y Tags de WordPress</strong>
> <strong>Brute Force</strong> con Math Captcha
> <strong>Copia de seguridad y Restauración</strong> configuración
> <strong>Corregir URLs relativas</strong>
> <strong>Eliminar texto personalizado</strong> de código HTML
> <strong>Cache CSS, JS e Imágenes</strong> para optimizar la velocidad de carga
> <strong>Informes y Comprobaciones de seguridad semanales</strong>
Compatible con: <strong>WP Multisitio, Apache, Litespeed, Ngnix y IIS</strong>.

== Installation ==
1. Log In as an Admin on your WordPress blog.
2. In the menu displayed on the left, there is a "Plugins" tab. Click it.
3. Now click "Add New".
4. There, you have the "Upload Plugin" button.
5. Upload the hide-wp-urls.zip file.
6. After the upload it's finished, click Activate Plugin.
7. Connect the plugin using your email to get a free access token
8. Set the plugin in Lite Mode and click Save
9. Enjoy!

[youtube https://youtu.be/zhvRGHMjKic]

> Hide My WP <strong>Knowledge Base</strong>:
> <a href="https://hidemywp.co/knowledge-base/">https://hidemywp.co/knowledge-base/</a>


== Screenshots ==
1. Choose the desired level of WordPress Security for your site
2. Change the URLs wp-admin and wp-login.php to different URLs. This is a very important WordPress Security step.
3. Choose to hide the wp-admin and wp-login.php to increase the WordPress Security and hackers will get 404 errors
4. Login to your site with the new Hide My WP login URL
5. You'll be redirected to the new Hide My WP admin URL
6. Activate the Brute Force Protection with Math reCaptcha
7. Add custom paths for wp-content, wp-includes, plugins, themes and more
8. Run a security check for your website and see all the vulnerabilities

== Upgrade Notice ==
Since version 1.1.022 if you hide the admin path you will not be able to access the admin path as a visitor. You need to go to the login path.

== Changelog ==
= 3.0.01 (29 Dec 2018) =
* Update - WordPress Security Updates for WP 5.2
* Fix - Loading the theme style for Nginx serves when the rules can't be set
* Fix - Compatibility with the last version of WP-Rocket
* Fix - Compatibility with Avada theme
* Fix - When defining the UPLOADS constant in wp-config.php

= 3.0.00 (08 Dec 2018) =
* Update - WordPress Security Updates for WP 5.0
* Update - Hide WP URLs is compatible with WordPress 5.0

= 2.0.11 (04 Dec 2018) =
* Fix - Warning: call_user_func_array() expects parameter 1 to be a valid callback, function 'return false;'
* Fix - Woocommerce frontpage login
* Fix - Multiple subfolders install issue
* Fix - Replacing the paths in javascript and styles
* Fix - Optimizing the rewrite rules when going in safe mode

= 2.0.10 (28 Nov 2018) =
* Fix - Font loading problem while in safe mode rewrite
* Fix - Prevent removing the Woocommerce rules on setting save proccess
* Fix - Broken URLs when the paths are similar and can create confusion
* Fix - Prevent adding short paths and braking the website frontend

= 2.0.09 (20 Oct 2018) =
* Update - Compatible with Gutenberg 3.9
* Fix - Corrected the Tools loading
* Fix - Add decoded trail slash on plugin rewrites
* Fix - Compatibility with WP Fastest Cache
* Fix - Add decoded trail slash on plugin rewrites

= 2.0.07 (9 Oct 2018) =
* Fix - Memory check error when the memory is over 1G
* Fix - Htaccess error when the plugin has spaces in the name

= 2.0.05 (1 Oct 2018) =
* Update - WordPress Security Check List
* Fix - Minor bugs

= 2.0.04 (19 Sept 2018) =
* Update - Firewall filter
* Update - WordPress Security Check
* Update - Compatible with Short Pixel plugin
* Update - Compatible with Gutenberg 3.8
* Update - Compatible with WP Super Cache 1.6
* Update - Compatible with All In One WP Security & Firewall 4.3
* Update - Compatible with iThemes Security 7.1
* Update - Compatible with Beaver Builder 2.1
* Update - Compatible with Elementor Editor 2.2
* Update - Compatible with Thrive Architect 2
* Update - Compatible with Woocommerce 3.4
* Fix - Compatibility with WP-Rocket
* Fix - Compatibility with Autoptimize
* Fix - Rewrite paths when moving from Lite mode to Default in Apache, Nginx and IIS
* Fix - Restore settings didn't save the config rewrites

= 2.0.03 (15 Sept 2018) =
* Update - Compatibility with WP Super Cache CDN
* Update - Cookie Test for WP Multisite
* Update - Security updates for compatible plugins
* Hide WP Admin is compatible with WP 4.9.8

= 2.0.02 (25 Aug 2018) =
* Update - Minor Bugs fix
* Fix - Autoptimize cache fix

= 2.0.01 (10 Aug 2018) =
* Update - New Settings design
* Update - Works with WP Multisite
* Update - Works with Apache, Nginx, IIS and Litespeed
* Update - Firewall Against Script Injection
* Update - Customize the Hide My Wp safe link
* Update - Security Check and options to fix the issues
* Update - Install and Activate recommended plugins

== Changelog ==
= 1.1.015 =
* Hide WP Admin is compatible with WP 4.9.4

= 1.1.014 =
* Compatible with more WP Themes
* Wordpress Security Updates for 2018
* Hide WP Admin and Login is compatible with WP 4.9.2

= 1.1.013 =
* Hide WP Admin and Login is compatible with WP 4.9.1

= 1.1.012 =
* Hide WP Admin and Login is compatible with WP 4.9
* Compatible with more WP Themes and Plugins

= 1.1.011 =
* Hide WP Admin and Login works with WP 4.8

= 1.1.010 =
* Fixed Too few arguments to function HMW_Models_Rewrite::site_url(), 1 passed in /home3/removedforprivacy/public_html/wp-includes/class-wp-hook.php
* Hide WP Admin and Login works with WP 4.7.5

= 1.1.009 =
* Hide WP Admin and Login works with WP 4.7.4
* Updated the Wordpress Security

= 1.1.007 =
* Hide WP Admin and Login works with WP 4.7.3
* Removed the Premium Tab from Menu
* Prevent changing the paths if another plugin already changed the admin URL
* Fixed wp-admin redirect to login in some cases
* Fixed small bugs

= 1.1.006 =
* Hide WP Admin and Login works with WP 4.7.2
* Fixed login params

= 1.1.005 =
* Hide WP Admin and Login works with WP 4.7
* Fixed https ajax in HTTP frontend
* Settings are not lost after plugin or theme activation

= 1.1.004 =
* Fixed https ajax in HTTP frontend
* Settings are not lost after plugin or theme activation
* Updated the Wordpress Security
* Seguridad de wordpress

= 1.1.003 =
* Fix redirect if the 404 page doesn't exists

= 1.1.002 =
* Hide WP Admin and Login works with Wordpress 4.6
* Add Useful Notifications

Security
WordPress Security
hide wp-admin
hide wp-login
hide admin path
hide login path
hide wp theme

== Frequently Asked Questions ==
= Does this plugin work on WP Multisite? =

Yes, the plugin works on WP Multisite and you will configure it for the entire network.

The plugin also works with Apache, Nginx, IIS and LiteSpeed servers

= I forgot the custom login and admin URLs. What now? =

Don't panic.

You can still access your site with the secure parameter
http://domainname/wp-login.php?hmw_disable=[your_code]

= Locked out of my site!  I set the plugin, and after I logged out I couldn't get back in =

Rename the plugin directory /wp-content/plugins/hide-my-wp so that the plugins won't hide the wp-login.php path anymore

Login using http://domainname/wp-login.php and activate the plugin again.

Make sure you remember the secure parameter and it will be much easier.

= Will this plugin work if I don't have custom permalinks on my site? =

No. You need to have custom permalinks set to 'on' in Settings > Permalinks.

You will get a notification in the Settings page if something is not setup right.


= What do I need to do before I deactivate the plugin? =

It's better to switch to Default Mode in Settings > Hide my wp.

If you don't, the plugin will automatically change your site back to the safe URLs and it will tell you what to do if you don't have write permission for the config files

_______________________________________________________________________

= Is this Plugin free of charge? =

Yes. The Lite features of Hide My WP plugin will always be free.

We will include all the required WordPress Security updates.

To unlock all the features, please visit: <a href="https://wpplugins.tips/wordpress">https://wpplugins.tips/wordpress</a>


= Is this plugin enough to protect my website from all hackers? =

The Free version of Hide My WP hides the wp-admin and wp-login as described but will not protect you from all hacker attacks.


Hide My WP Ghost hides all the common paths and patterns used but bots to detect that you are using WordPress.

We also recommend you to install Premium Themes and Plugins and not just any WordPress plugin because the free plugins are usually made by beginners and they don't have security knowledge.