MainWP + Hide My WP Ghost

Researching

Максим Миронов

2 months ago

Hide My WP Ghost work plugin tech support response:

"Seems that for your website, MainWP needs the wp-admin path unchanged.

We checked with different configurations and I could sync the MainWP Child and update the plugins and security only when the wp-admin was unchanged."

Can you make a setting in MainWP so that when adding a site there is a field where you can specify a different admin path? that MainWP worked if instead of wp-admin I specify a different path, for example site-name-admin. that is, the path to the plugins will not be the same

/wp-admin/plugins.php

and such

/13-admin/plugins.php

or any other path to the admin panel that I need. This is an important security feature that hides WordPress from users.

do you need to make an official request from Hide My WP Ghost tech support? or you will make compatibility without it.

I want MainWP to work well with Hide My WP Ghost, but now I have to disable the function that hides the admin area

Activity

Jos Klever

2 months ago

Hiding elements of the child sites like login or admin is called "security through obscurity". It's like hiding the door of your house because you don't trust your lock. It can cause all kinds of issues and doesn't make your sites more secure and give you a false sense of security. This (and other tips) are discussed in the video you can find on:

https://www.wordfence.com/blog/2020/08/10-wordpress-security-mistakes-you-might-be-making/

Максим Миронов

2 months ago

I do not use the wordfence plugin, it is not of high quality and very unreliable.


I use iThemes Security Pro + Hide My WP Ghost

and the authors of these plugins recommend hiding /wp-admin/.

I hid /wp-admin/ and everything works very well except MainWP. So I want to fix this.


We need MainWP to give us the ability to use the features of Hide My WP Ghost

Jos Klever

2 months ago

Let's agree to disagree about the quality of Wordfence, as I've used it successfully when iThemes wasn't able to protect a site (multiple times).

But you can still read the argumentation why "security through obscurity" is not a good idea. There are also other sites that explain it, if you don't trust the experts of Wordfence.

Of course it's up to the MainWP team if they want to implement this. Or you try to find a developer yourself (or maybe the Hide My WP Ghost developer(s)) to create a solution, because it's open source...

I'm only trying to educate you (and others who read this) about the right security measures.

Максим Миронов

2 months ago

I was asked by the Hide My WP Ghost plugin tech support to write to MainWP tech support to make the two plugins compatible as I am a Hide My WP Ghost + MainWP user.

Hide My WP Ghost technical support will provide assistance and assistance in these works if necessary

MainWP support asked me to create a post here and if people vote for it, then MainWP promised to make it compatible

1.04 Deipara Deipara

2 months ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

Jos Klever

2 months ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

@1.04 Deipara Deipara There are a lot of ways to detect if a website is build with WordPress. And hackers don't check it before they try to use vulnerabilities. You will also get attempts for Joomla or Drupal sites while your site is build with WordPress. And if a site has vulnerabilities, you should fix them not try to hide them. A good security plugin (like Wordfence Security) has a firewall that will block most attacks on existing (unpatched) vulnerabilities.

1.04 Deipara Deipara

2 months ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

@1.04 Deipara Deipara There are a lot of ways to detect if a website is build with WordPress. And hackers don't check it before they try to use vulnerabilities. You will also get attempts for Joomla or Drupal sites while your site is build with WordPress. And if a site has vulnerabilities, you should fix them not try to hide them. A good security plugin (like Wordfence Security) has a firewall that will block most attacks on existing (unpatched) vulnerabilities.

@Jos Klever you do not understand the essence of the matter. I already use the best iThemes Security Pro plugin. But you definitely need to hide the paths, since there are many problems that have not yet been solved by the WordPress community, but hackers already know about them. And the security plugin won't hurt you. Hackers know all WordPress bugs before they fix them, so it's very important to hide all file paths and admin paths. And the only way to hide paths is with the Hide My WP Ghost plugin, but it is not compatible with MainWP. Why are you writing about Wordfence Security here? If the issue is compatibility between Hide My WP Ghost and the MainWP security plugin and that's how everyone uses it, that's not the issue.

Максим Миронов

2 months ago

Yes, this is a very necessary feature that will secure the site. No one will know that the site is on WordPress, which means they will not know the vulnerabilities. Need to hide urgently wp-admin

@1.04 Deipara Deipara There are a lot of ways to detect if a website is build with WordPress. And hackers don't check it before they try to use vulnerabilities. You will also get attempts for Joomla or Drupal sites while your site is build with WordPress. And if a site has vulnerabilities, you should fix them not try to hide them. A good security plugin (like Wordfence Security) has a firewall that will block most attacks on existing (unpatched) vulnerabilities.

@Jos Klever we are not discussing a security plugin, we are already working on iThemes Security Pro. We need to combine MainWP + Hide My WP Ghost. we don't ask you which security plugin we should use we are running iThemes Security Pro + Hide My WP Ghost and we need MainWP to understand the path (to files and admin) that we changed

Jos Klever

2 months ago

Again, let's agree to disagree. If you want to hide the paths, it's your choice. I just try to explain to others, that it's not a good security measure.
I'll let the MainWP team decide if they want to implement the changes that are needed for the compatibility.

1.04 Deipara Deipara

2 months ago

Again, let's agree to disagree. If you want to hide the paths, it's your choice. I just try to explain to others, that it's not a good security measure.
I'll let the MainWP team decide if they want to implement the changes that are needed for the compatibility.

@Jos Klever most do not agree with your opinion. With the help of parser programs, hackers automatically determine the paths that they can hack, if the program does not find such paths, then they will not waste time on this site, no security plugin will help you here, you need to hide the paths. understand security

Dennis Dornon changed the status to Researching

about 1 month ago

Jay Vijay

about 1 month ago

Thanks @Dennis Dornon I am sure there are enough votes on this feature request.


Powered by Convas