Researching
Jos Klever
2 years ago
Hiding elements of the child sites like login or admin is called "security through obscurity". It's like hiding the door of your house because you don't trust your lock. It can cause all kinds of issues and doesn't make your sites more secure and give you a false sense of security. This (and other tips) are discussed in the video you can find on:
https://www.wordfence.com/blog/2020/08/10-wordpress-security-mistakes-you-might-be-making/
Максим Миронов
2 years ago
I do not use the wordfence plugin, it is not of high quality and very unreliable.
I use iThemes Security Pro + Hide My WP Ghost
and the authors of these plugins recommend hiding /wp-admin/.
I hid /wp-admin/ and everything works very well except MainWP. So I want to fix this.
We need MainWP to give us the ability to use the features of Hide My WP Ghost
17 hidden items
Максим Миронов
2 years ago
@Максим Миронов I appreciate what their support may be telling you, but we are not experiencing that issue at all. So it's not an issue we can duplicate and not an issue we believe is caused by the HideMyGhost plugin. Please be sure to follow the troubleshooting steps our support gave you and continue to reply there. This board is not set up to properly handle support requests.
@Dennis Dornon did you check it works on php 8.1 ? did you check it works in PHP FastCGI mode (Nginx + PHP-FPM) ? This problem is not only with me, everyone writes about it
Eric Caldwell
last year
This isn't a MainWP problem to fix. What's needed is a better hosting company. I run a hosting company and we use mod_security and Imunify360 to protect websites. If we notice a client has installed a security plugin, we remove it. The reason is these security plugins aren't needed if your hosting company has an adequate level of security at the server instead of leaving it up to clients to install and maintain these plugins. Also, we're a LiteSpeed shop so you can get free LSCache running. Pros and cons to LSCache and others. If we see clients using weird caching plugins, we offer to replace it with LSCache.
Максим Миронов
2 years ago
Hide My WP Ghost work plugin tech support response:
"Seems that for your website, MainWP needs the wp-admin path unchanged.
We checked with different configurations and I could sync the MainWP Child and update the plugins and security only when the wp-admin was unchanged."
Can you make a setting in MainWP so that when adding a site there is a field where you can specify a different admin path? that MainWP worked if instead of wp-admin I specify a different path, for example site-name-admin. that is, the path to the plugins will not be the same
/wp-admin/plugins.php
and such
/13-admin/plugins.php
or any other path to the admin panel that I need. This is an important security feature that hides WordPress from users.
do you need to make an official request from Hide My WP Ghost tech support? or you will make compatibility without it.
I want MainWP to work well with Hide My WP Ghost, but now I have to disable the function that hides the admin area