MainWP + Hide My WP Ghost

Researching

Максим Миронов

about 1 year ago

Hide My WP Ghost work plugin tech support response:

"Seems that for your website, MainWP needs the wp-admin path unchanged.

We checked with different configurations and I could sync the MainWP Child and update the plugins and security only when the wp-admin was unchanged."

Can you make a setting in MainWP so that when adding a site there is a field where you can specify a different admin path? that MainWP worked if instead of wp-admin I specify a different path, for example site-name-admin. that is, the path to the plugins will not be the same

/wp-admin/plugins.php

and such

/13-admin/plugins.php

or any other path to the admin panel that I need. This is an important security feature that hides WordPress from users.

do you need to make an official request from Hide My WP Ghost tech support? or you will make compatibility without it.

I want MainWP to work well with Hide My WP Ghost, but now I have to disable the function that hides the admin area

Activity

Jos Klever

about 1 year ago

Hiding elements of the child sites like login or admin is called "security through obscurity". It's like hiding the door of your house because you don't trust your lock. It can cause all kinds of issues and doesn't make your sites more secure and give you a false sense of security. This (and other tips) are discussed in the video you can find on:

https://www.wordfence.com/blog/2020/08/10-wordpress-security-mistakes-you-might-be-making/

Максим Миронов

about 1 year ago

I do not use the wordfence plugin, it is not of high quality and very unreliable.


I use iThemes Security Pro + Hide My WP Ghost

and the authors of these plugins recommend hiding /wp-admin/.

I hid /wp-admin/ and everything works very well except MainWP. So I want to fix this.


We need MainWP to give us the ability to use the features of Hide My WP Ghost

Jos Klever

about 1 year ago

Let's agree to disagree about the quality of Wordfence, as I've used it successfully when iThemes wasn't able to protect a site (multiple times).

But you can still read the argumentation why "security through obscurity" is not a good idea. There are also other sites that explain it, if you don't trust the experts of Wordfence.

Of course it's up to the MainWP team if they want to implement this. Or you try to find a developer yourself (or maybe the Hide My WP Ghost developer(s)) to create a solution, because it's open source...

I'm only trying to educate you (and others who read this) about the right security measures.

Максим Миронов

about 1 year ago

I was asked by the Hide My WP Ghost plugin tech support to write to MainWP tech support to make the two plugins compatible as I am a Hide My WP Ghost + MainWP user.

Hide My WP Ghost technical support will provide assistance and assistance in these works if necessary

MainWP support asked me to create a post here and if people vote for it, then MainWP promised to make it compatible

1.04 Deipara Deipara

about 1 year ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

Jos Klever

about 1 year ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

@1.04 Deipara Deipara There are a lot of ways to detect if a website is build with WordPress. And hackers don't check it before they try to use vulnerabilities. You will also get attempts for Joomla or Drupal sites while your site is build with WordPress. And if a site has vulnerabilities, you should fix them not try to hide them. A good security plugin (like Wordfence Security) has a firewall that will block most attacks on existing (unpatched) vulnerabilities.

1.04 Deipara Deipara

about 1 year ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

@1.04 Deipara Deipara There are a lot of ways to detect if a website is build with WordPress. And hackers don't check it before they try to use vulnerabilities. You will also get attempts for Joomla or Drupal sites while your site is build with WordPress. And if a site has vulnerabilities, you should fix them not try to hide them. A good security plugin (like Wordfence Security) has a firewall that will block most attacks on existing (unpatched) vulnerabilities.

@Jos Klever you do not understand the essence of the matter. I already use the best iThemes Security Pro plugin. But you definitely need to hide the paths, since there are many problems that have not yet been solved by the WordPress community, but hackers already know about them. And the security plugin won't hurt you. Hackers know all WordPress bugs before they fix them, so it's very important to hide all file paths and admin paths. And the only way to hide paths is with the Hide My WP Ghost plugin, but it is not compatible with MainWP. Why are you writing about Wordfence Security here? If the issue is compatibility between Hide My WP Ghost and the MainWP security plugin and that's how everyone uses it, that's not the issue.

Максим Миронов

about 1 year ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

@1.04 Deipara Deipara There are a lot of ways to detect if a website is build with WordPress. And hackers don't check it before they try to use vulnerabilities. You will also get attempts for Joomla or Drupal sites while your site is build with WordPress. And if a site has vulnerabilities, you should fix them not try to hide them. A good security plugin (like Wordfence Security) has a firewall that will block most attacks on existing (unpatched) vulnerabilities.

@Jos Klever we are not discussing a security plugin, we are already working on iThemes Security Pro. We need to combine MainWP + Hide My WP Ghost. we don't ask you which security plugin we should use we are running iThemes Security Pro + Hide My WP Ghost and we need MainWP to understand the path (to files and admin) that we changed

Jos Klever

about 1 year ago

Again, let's agree to disagree. If you want to hide the paths, it's your choice. I just try to explain to others, that it's not a good security measure.
I'll let the MainWP team decide if they want to implement the changes that are needed for the compatibility.

1.04 Deipara Deipara

about 1 year ago

Again, let's agree to disagree. If you want to hide the paths, it's your choice. I just try to explain to others, that it's not a good security measure.
I'll let the MainWP team decide if they want to implement the changes that are needed for the compatibility.

@Jos Klever most do not agree with your opinion. With the help of parser programs, hackers automatically determine the paths that they can hack, if the program does not find such paths, then they will not waste time on this site, no security plugin will help you here, you need to hide the paths. understand security

2 hidden items

Brett C

11 months ago

+1 for MainWP and Hide My WP Ghost. We use multiple security measures, including firewalls with other tools. Hiding wp-admin helps on multiple levels, however also see that it seems to break MainWP, making things less secure, because my updates then do not happen. I remember seeing somewhere that they were compatible. If anyone has found a solution, please enlighten.

Максим Миронов

11 months ago

+1 for MainWP and Hide My WP Ghost. We use multiple security measures, including firewalls with other tools. Hiding wp-admin helps on multiple levels, however also see that it seems to break MainWP, making things less secure, because my updates then do not happen. I remember seeing somewhere that they were compatible. If anyone has found a solution, please enlighten.

@Brett C I had to deprecate the MainWP plugin as it doesn't allow you to hide wp-admin.

The authors of the MainWP plugin do not fix this problem for a long time, although you can make a setting in MainWP

giving their path my_admin-path=wp-admin, but they don't. I chose security and opted out of the MainWP plugin

Dennis Dornon

11 months ago

@Brett C @Максим Миронов @1.04 Deipara Deipara Over the last few days, we have tested every aspect of both the free and pro versions of WPHideMyGhost and have found that everything works as expected out of the box with no tweaks needed to the MainWP core.

Please open a ticket and let us know exactly what problems you are running into so we can try to recreate them.

Thanks

Brett C

11 months ago

@Brett C @Максим Миронов @1.04 Deipara Deipara Over the last few days, we have tested every aspect of both the free and pro versions of WPHideMyGhost and have found that everything works as expected out of the box with no tweaks needed to the MainWP core.

Please open a ticket and let us know exactly what problems you are running into so we can try to recreate them.

Thanks

@Dennis Dornon Much appreciated! Because I was testing with only one site, it was one that MainWP lost connection with. It's possible it was unrelated, however it just made sense that it blocked WPHideMyGhost. I'll post back with findings, as I continue to test with hopefully just a fluke. Thank you!

Максим Миронов

11 months ago

@Brett C @Максим Миронов @1.04 Deipara Deipara Over the last few days, we have tested every aspect of both the free and pro versions of WPHideMyGhost and have found that everything works as expected out of the box with no tweaks needed to the MainWP core.

Please open a ticket and let us know exactly what problems you are running into so we can try to recreate them.

Thanks

@Dennis Dornon Much appreciated! Because I was testing with only one site, it was one that MainWP lost connection with. It's possible it was unrelated, however it just made sense that it blocked WPHideMyGhost. I'll post back with findings, as I continue to test with hopefully just a fluke. Thank you!

@Brett C I recorded a video and created a ticket, where you can see that the Hide My WP Ghost plugin bundle, the Custom Admin Path function for mainwp, does not work. The site cannot connect. you can see it in the video

Dennis Dornon

11 months ago

@Максим Миронов We reviewed your video and have replied to your ticket but based on the video, it appears to have nothing to do with the HideMyWPGhost plugin. I believe the ticket response goes into other troubleshooting steps, and we'll be happy to keep helping you find the real issue there.

Максим Миронов

11 months ago

@Максим Миронов We reviewed your video and have replied to your ticket but based on the video, it appears to have nothing to do with the HideMyWPGhost plugin. I believe the ticket response goes into other troubleshooting steps, and we'll be happy to keep helping you find the real issue there.

@Dennis Dornon if you put wp-admin in the Custom Admin Path field,

then everything works fine! so I'm pretty sure MainWP can't connect because of the Hide My WP Ghost plugin.

We need to combine MainWP and Hide My WP Ghost with its Custom Admin Path setting that hides wp-admin.

Support for the Hide My WP Ghost plugin also pointed out to me this setting, which is why the connection in MainWP does not work

here are the contacts of Hide My WP Ghost support contact@hidemywpghost.com and here is their answer:

Dennis Dornon

11 months ago

@Максим Миронов I appreciate what their support may be telling you, but we are not experiencing that issue at all. So it's not an issue we can duplicate and not an issue we believe is caused by the HideMyGhost plugin. Please be sure to follow the troubleshooting steps our support gave you and continue to reply there. This board is not set up to properly handle support requests. 

Максим Миронов

11 months ago

@Максим Миронов I appreciate what their support may be telling you, but we are not experiencing that issue at all. So it's not an issue we can duplicate and not an issue we believe is caused by the HideMyGhost plugin. Please be sure to follow the troubleshooting steps our support gave you and continue to reply there. This board is not set up to properly handle support requests. 

@Dennis Dornon did you check it works on php 8.1 ? did you check it works in PHP FastCGI mode (Nginx + PHP-FPM) ? This problem is not only with me, everyone writes about it

Eric Caldwell

8 months ago

This isn't a MainWP problem to fix. What's needed is a better hosting company. I run a hosting company and we use mod_security and Imunify360 to protect websites. If we notice a client has installed a security plugin, we remove it. The reason is these security plugins aren't needed if your hosting company has an adequate level of security at the server instead of leaving it up to clients to install and maintain these plugins. Also, we're a LiteSpeed shop so you can get free LSCache running. Pros and cons to LSCache and others. If we see clients using weird caching plugins, we offer to replace it with LSCache.


Powered by Convas