How to Hide WordPress Site

So how would you prevent your WordPress site from being. Take after our guide on the best way to secure your WordPress site.

Power SSL Usage

To secure against information being captured utilize SSL associations with get to the administrator territory of the blog. Compelling WordPress to utilize SSL is conceivable however not all facilitating administrations enable you to utilize SSL. Once you’ve watched that your Web server can deal with SSL, essentially open your wp-config.phpfile (situated at the foundation of your WordPress establishment), and glue the accompanying: hide my wordpress 

define(‘FORCE_SSL_ADMIN’, genuine);

Use.htaccess to ensure the wp-config File

The wp-config.php is a standout amongst the most imperative records on your blog. This record contains the greater part of the data required to get to your valuable database: username, secret key, server name et cetera. Ensuring the wp-config.php record is basic.

The .htaccess record is situated at the root your WordPress establishment. Open it up, and glue the accompanying code ALWAYS CREATE A BACKUP OF THIS FILE BEFORE EDITING:

<files wp-config.php>

arrange allow,deny

deny from all


How the code functions

.htaccess records are capable and outstanding amongst other apparatuses to counteract undesirable access to your documents. In this code, we have essentially made a decide that keeps any entrance to the wp-admin.php record, along these lines guaranteeing that no malicious bots can get to it.

Shield Your WordPress Blog from Script Injections

Masterman Enterprises dependably secures GET and POST asks for, yet now and again this isn’t sufficient. You ought to likewise ensure your blog against content infusions and any endeavor to alter the PHP GLOBALS and _REQUESTvariables.

The code beneath pieces content infusions and any endeavors to adjust the PHP GLOBALS and _REQUEST factors. Glue it in your .htaccess record ALWAYS CREATE A BACKUP OF THIS FILE BEFORE EDITING.

Choices +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

What the code above is checking whether the demand contains a <script> and whether it has endeavored to change the estimation of the PHP GLOBALS or _REQUEST factors. On the off chance that any of these conditions are met, the demand is blocked and a 403 blunder is come back to the customer’s program.

Cover up login page blunder criticism

Evacuate your blunder input to prevent anybody from testing potential logins.

It couldn’t be any more obvious, regularly when you attempt to login and foul something up, WordPress demonstrates a sentence or two either clarifying that your username or your watchword is mistaken. While this is useful for you and your site’s individuals, it’s likewise useful for anybody attempting to do awful things to your site.