Best Security Plugin For WordPress 2021 - Hide My WP Ghost Walkthrough Review - AppSumo LTD

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this tutorial we're going to secure our wordpress site using the hide my wp ghost plugin by squirly we're going to go through securing a site from a to z using this plugin in this tutorial if you have any questions or comments please leave them down below i try to answer the best i can my name is bjorn arpas in wp learning lab where we help you get better at wordpress and earn more for yourself your customers and for your business if you haven't done so yet click subscribe ring the bell so you don't miss any future videos now let's get started hi my wp ghost by squirly is currently on appsumo for a lifetime deal you can check out the deal using the link down below the single is probably more than enough for most people i always lean towards the unlimited with the white label because you know maybe one day i'll make some kind of service or agency or do this for clients as well but i never actually do that anyway the the single is probably more than enough so if the absolute deal is still live while you're watching this video get the lifetime deal because that's the best value if the lifetime deal is not available anymore by the time you watch this video this is their website you can get it here as well on the pricing page you can see what the pricing is and this is yearly to get the 10 site license is 2.99 per year or it's 59 lifetime over on appsumo so it's a huge cost savings in value and i also saw this link right here want a lifetime deal contact us so it looks like they're willing to play ball on lifetime deals even after the appsumo deal is done but likely the price would be way way higher there's also a free version of the plugin you can see a feature list right down here we're going to go through a lot of these features in this video and it compares the free to the pro if you want the free plugin you can just download it here or get it from the wordpress repository if you end up purchasing the plugin head over into the account which looks something like this or it might look like this they're both the same place click on orders and licenses click on download plugin once it's downloaded we can then upload it to our website let's quickly go through the feature list so you can see what this plugin does and this is predicated on the idea that most hackers get into your website through some form of brute force and often attacker bots that are pre-programmed with the default locations for wordpress things if you've used wordpress for a while you know that if you go to your domain name dot com forward slash wp admin or forward slash wp it takes you to the login page but if you move that then the hacker is going to have trouble finding your login page similarly a folder that exists on pretty much every wordpress site is yourdomainname.com forward slash wp admin which is the admin area or forward slash wp-includes or forward slash wp-content all these things are default these are not changed by 99.9 percent of the wordpress sites that are out there and so these bots are programmed and hackers know to look for these default paths so that they can more easily find vulnerabilities on your site what this plugin allows you to do is hide those make custom paths for all of those so in these hacker bots and hackers they won't be able to find those specific locations on your site and they'll move on to the next one because there's always low hanging fruit so that's basically what this top portion does here let's go right down to here changes paths and urls for all these very common areas that are common among all wordpress sites it will also hide html comments you also have an option inside of wordpress not allow html in the comments as well and html can be used to inject code into your site sometimes if there are specific vulnerabilities present on your site usually introduced by plugins that are out of date you can hide wp versions and versions of the plugins with the pro version you can hide the author id you can hide plugin names and theme names you can have custom theme style names custom api paths disable rest api access this is more developer type stuff it's also for the pro version so that's overhead don't worry about it it just does good things for hiding stuff from hackers hide wordpress common paths and common files firewall against script injection disable directory browsing all important things i have separate videos for most of this on the channel doing this stuff manually but this plugin does pretty much all those things as a plug-in and just being point and click and no code which is super easy you can have custom login redirects and log out redirects you can hide the admin for logged in users you can disable xml rpc access this is a common vector for brute force attacks you can disable embedded scripts you can disable debug on the front end there's an option say wp config file or you can turn debug on so you can troubleshoot errors this will make us doesn't show up on the front end there's also a spelling mistake right there but i've made plenty of spelling mistakes so i can't judge you can prevent brute force for the google recaptcha you can whitelist and blacklist ips you can backup and restore using this plugin there's cache and speed optimization euro mapping cdn url support and premium support in the pro version so this plug-in does a whole heck of a lot so the site we're going to use this on as wp-speedify.com and before we install the plug-in let's just run the theme detector over here you can use this one or whatever other one you like to use let's see what it finds then we'll see if hide my wp ghost can hide these things from the theme detector so found our theme wp astra and it found three plugins there are more plugins installed on this site but only found three for whatever reason contact form seven elementor free elementor pro found out that's hosted on siteground and that's the end this is their blog information down here so we'll keep this open and we'll run this again later and see how much of this will be hidden and we're also going to visit the front end of this website and view the page source and we'll keep this open for later as well in here we can see all the urls the plugin says it can hide for example this one right here wp-content forward slash plugins forward slash elementor this can be changed apparently using this plugin so if it changes this then it's changed the default path of a very common wordpress folder and so a bot or a hacker would have a harder time getting into your site and in here there's also a tag in the head section called generator right here which is a meta tag that lists that we're using wordpress and that's version 5.8.1 it also shows in here woocommerce 5.6.0 this is valuable information if a hacker or hacker bot comes in here they scan your site and they see you're using 5.7 and 5.7 is going to have security vulnerabilities that are published and publicly accessible because whenever there's a wordpress update or any plugin update the security vulnerabilities that were patched are detailed in the release notes and so if they can detect an older version of something they know which security vulnerabilities likely exist on your site then they're going to try attacking those so it's important to hide this kind of information and so we'll see if this disappears and we're going to compare our source code before and after the plug is installed so let's install the plugin let's go into the dashboard go to plugins and add new go to upload plugin let's drag and drop that into place right there click on install now if you can't do that fancy trick which embarrassingly i only learned recently you click on choose file and you can find the file on your hard drive and open it that way click on install now when you're ready if you're installing this on a live site you might want to back up your site first just in case something goes wrong it's rare these days but in case something does go wrong you want to have a backup there is a tutorial in the description down below to help you back up your site if you need help with that click on activate plugin once it's installed and now we have our plugin installed there's a new menu item over here hide my wp it's going to require a license code which is in our account over here let's copy and paste that it's here and where we download the plugin under orders licenses it's right over here as well paste that right in there and click on activate now it's going to run a full security check on the site and then once that's done that was done pretty quick so it shows here our psycs security is weak some of the main hacking doors are still available so let's see if we can fix those things in the last 30 days we have some stats here currently zero because we just installed it brute force ips blocked email alerts sent those will be sent to you notifying you of problems and down here we have an urgent list of things to do it wants us to change our login url wants us to switch on brute force protection wants us to hide common wordpress files wants us to disable xml rpc access you may or may not want to do that one because if you use the mobile app for wordpress the one on your phone or your your tablet or if you publish via email which is very uncommon but if you do publish via email you'll know if you do that or not that requires xml rpc to work so if you disable that the mobile app and publishing via email are not going to work and wants us to hide the rsd endpoint wants us to hide our author id and we'll go ahead and do those things in a minute but first i want to run a full security check so i want a full list of all the things that are wrong that was pretty quick 27 passed 12 failed and here they are reiterating we made a good decision 30 000 websites are hacked every day over 30 percent of them are made in wordpress another spelling mistake just saying i make them all the time i'm not judging i'm just saying i found one so here we have a green check mark for all the stuff we passed we have outdated plugins like i always say maybe not always but i do say regularly keep your plugins up to date that's the number one way hackers get into sites is security vulnerabilities and outdated plugins and themes so plugins outdated theme outdated and here it wants us to move our login path wants us to make our config file not writeable wants us to hide common wordpress files icon wordpress files again disable file allow edit disable xml rpc disable rsd we knew that already it doesn't like that our mysql database has all permissions granted it just wants the subset that wordpress needs we can click here to fix that one and it wants the author id to be hidden as well and if you're finding this tutorial helpful click the like button because that helps this video show up for more people on youtube so we can spread the knowledge and help more people with this information so make sure you click like if you like this video and you might be thinking how do i do all this i got this is that's nice that they want us to update plugins that one's pretty easy we'll do that in just a minute update themes is pretty easy but how do i make a custom url or turn on brute force or how do i chmod our wp-config file luckily you click on info and it will tell you how to do it or you can watch this video and i'll show you how as well and you can also for a lot of these click on fix on the right hand side and before we can click on fix it we have to turn on safe mode or ghost mode to get to the settings where you turn those on open the change paths page as control click or command click to open a new tab and here we have levels of security currently deactivated we can go to safe mode what that's going to do is change all of these things it's going to change our login path from this to this i'm going to change our core contents path from this to this and so each of these is going to be changed from what is the default the one that hackers and scanners know off by heart and it's going to change it to something else and it's important to note that these are not physically changed on your server as they point out right here this is changed in your htaccess file so when your server loads your website instead of looking for this file it's going to be looking for this location because it knows that because you tell it that in the htaccess file the htaccess file is a hidden file that's not publicly visible unless of course your server's somehow vulnerable let's assume it's not it's not publicly visible so a hacker can't get in there and see what the new location is they could possibly guess the new location but they can't actually see what it is and you might be saying to yourself and rightly so if this plug-in is purchasable by anybody which it is it's even a lifetime deal right now and all we do is have the plugin choose these for us and click on continue then the hacker knows what the new ones are and you're totally right that's why you can have custom ones as well so before we get to the custom ones i'm just going to show you the safe mode and the ghost mode in the safe mode we have one two three four five six seven eight different paths that are changed and in the ghost mode we have one two three four five six seven eight nine ten that are changed and they're changed to slightly different things as you can see here if you do end up turning these on remember this new location to log into your site you will now have to go to ghost dash login or ghost dash admin or if you safe mode you'll have to go to forward slash new login all one word that's not going to be publicly visible so if you don't remember the url of the login page you're not going to get back into your site so make sure that if you change the url that you write it down i'm going to choose ghost mode i'm going to click on continue you can choose here a cms to simulate what this means is instead of your site appearing as a wordpress site to scanners and hacker tools it can show as either no cms drupal 7 8 or 9 joomla 1.5 or joomla 3. it auto selected drupal 9. i'll just stick with that one and then we click on save here's also some important resources for more information and these topics click on these and have a read through once we click on save those urls will be changed now the urls are changed and now we test it to make sure it actually worked here's the steps we have to do run the front end login test by clicking that button make sure you follow the server config instructions before moving forward okay if you're able to log in you set the new paths correctly great do not log out of this browser the big one right here do not log out of that until you're confident the login page is working so you can log in again that's very important if you can't configure hide my wp ghost switch to deactivate mode and contact us so let's try this and fingers crossed that it worked let's click on front end login test i don't know what my password is let's do that there we go log in cross your fingers it logged in so it appears to have worked oh look our website security is strong now that was easy let's close that because it appears to have worked and we didn't have any server config instructions so i think we'll just say yes it's working also in red here it notifies you your new url to log in as this so remember what that is and what's hilarious is in case you can't log in or in case you don't remember that one remember this one instead and this one seems a lot harder than that one anyway make note of those two urls put them into some kind of file on your hard drive to make sure you have them click on yes it's working at least i'm going to in this case and there we have it let's go back to our previous tab let's start the scan again and see what's changed we now have 33 passed and six failed and we're at strong no longer it weak let's scroll down we still have our plugins to update and theme wp config is writable custom paths so let's fix these other things let's update our plugins and themes i'm going to open that in tab as well i'm kind of a tab junkie way too many tabs open select all these and update if you're on a live site make sure you back up your site first before you willy-nilly update a whole bunch of plugins just because you never know it's rare something happens but you never know click on apply to update when you're ready i'll just pause this video as these updates run sometimes they take a few minutes especially especially woocommerce tends to be a monster and it's not so there we go elementor pro did not update to the latest version could that be because we changed some of the paths i don't know let's refresh it's no longer wanting to be updated not sure keep an eye on that let's update our themes i've got a bunch of themes on here i don't need i can delete those update astra this usually takes a few seconds there we go let's close this tab let's come back here let's scan it again only a four failed we're getting close we're getting close to knocking all these off our checklist wp config we want to mod this to be 600 or 640. so let's log into our hosting account you can also do that via ftp if you're more comfortable there here we are in siteground for this site let's click on site over here and then file manager public underscore html finder wp access or sorry wp config which is right here we see it's set to 644. so there's a column header here that's the permissions column also called chamod for some reason chmod i'm not sure what that's short for anyway 644 is one of the most lenient permissions out there not very restrictive that's why it wants us to change it so if you right click on that click on change permissions we want to have it down here be 0 600 or 0 640. let's see if we can just type those in here 600. yeah if you type it in it unchecks the ones that need to be unchecked and 640 does this so sometimes when you change the permissions here your site's going to go down so you want to change it to 600 that's the most restrictive the least amount of check marks you have here is the most restrictive permission so let's confirm that and let's see if that worked as in does the site still work let's just open this in a new tab see if it loads that still loads let's go to the front end of the website it appears to still load let's check incognito because maybe i'm looking at a cached version these aren't active buttons anyway so that's why that didn't work so that appears to work so we can keep it at 600. if that didn't work for you change this to 640 and if that doesn't work keep it at 644 and just ignore the plugins complaining about this in fact maybe you can just click this x to get rid of it do you want to ignore this task in the future yeah okay so you can click the x to ignore it in the future if for some reason you can't change it away from 644 the site breaks if you do but you don't want to see this error all the time just click on the x and remove it from our task list let's change the path to the readme file let's click on fix it and did it automatically for us it said to start the scan again to see that's fixed now we've failed three things elementary pro is still outdated let's look at that in a minute the readme file is accessible has been fixed and now it wants us to disable the plugin or theme editor this is another one where i have a separate tutorial on the channel to do this where you add this piece of code into wp config file or you can just click on fix it and the plugin will do it for you so if you trust the plugin to do it click on fix it if you don't then do it manually using my video it's in the card above and the description down below but if you backed up your site i think it's safe to click fix it and then restore if something goes wrong so i'm going to fix it i'm going to run the test again as i'm being told now we have two failed elementor pro update failed and plugins the emitter disabled and what this has done is it's removed the edit button under plugins and appearance of course they're gone now so we can't see what they actually are but if we go to a website that has not had those removed if you go to appearance hover over it you have a theme editor button here and under plugins there's a plugin editor you can click on these and you're going to get a warning saying stuff in here can't be undone so don't mess around in here click on i understand and we can edit any plugin the code the template files of the plugins choose the plugin you want from the drop-down you can edit any one you can edit all of your themes that means if somebody gets into your site with an admin password they can come in here and edit all those things too they could just copy and paste their nefarious code boom right there bam and it's in your site and you're done so that's what that option does it removes that editor makes it harder for a hacker or hacker bot to get anywhere in your website and this one right here my sql grant all permissions this one's tricky because some of the latest versions of phpmyadmin don't have what it's requesting so we scroll down here we see here an edit privileges button which is not present in the latest versions of phpmyadmin so if your host is using a latest version which siteground is this will not be there a workaround is you can create a new user for your website give them this set of privileges right here and add them to your database and then update your wp config file because changing the privileges for an existing user is only going to work on older versions of phpmyadmin not on the newest ones so we're going to ignore this check right here i'm going to click on x click on ok and now we are going to check out elementor pro and see what's going on with that let's go back over here elementor pro is not showing us an update here there we go click on update now and see what happens not updated for some reason didn't work the first time i don't know why so now if we head back to our plugin let's scan again and now we should be sitting pretty with one failed elementor pro let's start scan and that should be gone now 38 passed zero failure done all the security tasks and if you do all these things you are ahead of 99.9 99999 percent of websites out there and that's just one component i've had my wp let's take a quick look at what else we have going on let's go to change paths we saw part of this earlier already where we choose or chose ghost mode and remember i was complaining that we choose ghost mode these are predefined so hackers could buy this plugin and see what we're changing the paths to and then just input that into their bot or just commit that to memory or whatever but then they know where these paths are well it turns out there's more tabs over here click on any one of these tabs so we can change paths to these specific areas so if we don't like a ghost dash admin change this to whatever you want it'll be custom to you you can change it to complete gibberish stick out this colon put a dash in there just make sure that you remember what you put in here take screenshots or make note of whatever these urls are just in case you need them and down here it says some themes don't work with custom admin and ajax paths if there are errors switch back wp-admin and admin ajax.php you can also choose to hide wp admin or not high wp admin from not admin users or not hide the new admin path or not you can turn all those on or off however you want your login url paths you can set here ajax security you can set here if you don't know what these are don't worry about it just take screenshots of your settings and change them to whatever you want as long as you only use numbers letters underscores and dashes it should work if i put an exclamation in here yeah it doesn't show an error but you can't have these characters in a url so you want to stick the numbers letters underscores and dashes user security wp core security i want to disable directory browsing plugin security i want to hide all plugins you can also show advanced options and customize plugin names if you want so we can change the name of the plugin for elementor to um donkey wrestling and then contact form seven as you recall these are picking these ones because they showed up in the theme scanner here contact form seven and elementor now they're called donkey wrestling and elephant high jump you can customize all of them if you want just pick the plugin give it a new name click on save let's try to make a mental note remember these to see if those show up in our source code or in the plug-in scanner later because they'll be pretty funny theme security here we can change paths hide certain things you can show advanced options customize theme names just like we customize the plugin names api security these are all turned on except for the rest api access here it says update the settings on settings permalinks to refresh the paths after changing the rest api path i'm going to turn this on then i'm going to do what it says i'm going to go to settings permalinks and these settings are the way we want them so i'm just going to click on save changes and then save changes again just for good measure to reapply those settings as it asks us to then we go to firewall and headers here we can add security headers for cross-site scripting and code injection attacks xss is cross-site scripting and down at the very bottom they should probably put this at the top at the very bottom it says changing security headers may affect website functionality make sure you know what you're doing when changing these headers in other words just leave those as they are just come in here and look at it and say oh that's pretty i'm going to turn this on or off but don't change anything unless you know you're doing there's other options as well we can change or we can have a custom category path custom tags path this is when you go to view a category this is actually a big pain point for a lot of website builders creators if you view this category it says up here category music in the url we can change that path there are separate plugins that do that but we can just change it right here if we want to let's change it to cat and ta for tags in a unique path with more than four characters let's make it tagger now if we refresh the music category that page doesn't exist let's go to cat forward slash music and there we have it we have our new category path you want to be careful doing this on your live website because categories can be indexed in search engines and so if you just change this willy-nilly you don't redirect all your old category and tag urls to the new ones that can mean loss of traffic so make sure that if you change these you 301 redirect from the old path to the new path there's a 301 redirect tutorial in the card up above and the description down below if you need help with that and changing these is really just for vanity you don't have to change category and tag paths but it's it's fun to be able to but some people do want to there's plugins created specifically for that on the tweaks tab we have redirects so here we can protect the path wp-admin wp-login and have people who try to access those redirected to somewhere else it could be a page that we choose here or it can be an html error that you can choose here from the pre-supplied errors you can create a new page let's go to pages add new create a specific page and say something like you jerk you're not supposed to be on this page save it you can choose it from here and then those hidden paths will be redirected to that page and you'll call them out because they're not supposed to be there you can have login redirects and log out redirects this is not really a security thing but it's nice to have for people who log in you can choose specific user roles have different login redirects and log out redirects for each of them if you have that turned on i'm going to keep that turned off feed and sitemap the feed is the rss feed if you don't use the rsvs feed for anything and you know your users don't use it you can turn this off how do you know your users don't use it it's almost impossible there's tools like feedly where you go and you enter your url and then it'll just pull up your feed and all your most recent posts and that allows people to have one platform where they can pull in all the posts from all their favorite websites and they'll just show up there but you don't get any feedback on that unless you go to feedly and specifically look up your site to see how many people use it you don't know anybody's using it and there's also more tools other than feedly who do that and so hiding this may reduce viewership and it may not so so choose this wisely and the sitemap is not something necessarily want to hide because search engines use sitemaps so if you do end up hiding this you're going to want to create webmaster tools or google search console for every search engine and give them your specific sitemap url they'll try to find it using common ones like like this url right here but if you hide it or change it you want to make sure you notify them of what the real one is you can change the path the rss feed change path to the site map change the path to the robots.txt file if you don't know what that file is i made tutorial about it very recently in the card up above and the description down below it's important for seo and various other things i'm going to keep all these turned off these aren't really security things these are kind of more website preference type things there's no security vulnerability in your rss feed it's just a static feed of what's on your site the text and sometimes images so this area here is not too big of a deal change options make sure that the paths are changed for everybody and you also can change relative urls to absolute urls you can see an example of both of those here hide options you can hide the admin toolbar which is this black bar at the top if you turn that on you can hide various other things i know you can read you can read through these guys and hide the ones you want or don't want there's also disable options disable right click disable inspect element disable view source disable copy paste disable drag drop images disable debug on the front end if you want to disable any of those things just turn them on then click on save when you're done so this wasn't really a security tab this tweaks thing is more of a tweaks tab where it's more of a preference type of thing for a lot of those options let's go to mapping here we can hide our wordpress footprint important note your plugins and themes may use these classes and it will affect the design and functionality classes and ids are used in css in determining styling of your website so if we have for example wp-caption is a class or an id i'm not sure which that wordpress adds to your site and the theme might use that to style the caption so if you wanted to test whether this has any impact on your site you put the wordpress id or class here add in your new one and then you go and you add a picture to a wordpress page add a caption to the picture and then see if the design changes when you turn this on or not and each of these you can test in the same way down here is a list of the most common ones just click on it it'll add it in here you can give it a new name and this allows you to remove the wp dash which is a footprint for wordpress anybody who looks at a source code and sees wp dash they know that it's wordpress and so you can hide all those things in here you can change the url mapping and it's important to include only internal urls from front end source code after you activate safe mode or ghost mode which we have activated so you only do internal urls which means not links to other pages or posts on your site but pages to the resources that your site loads for example from this one to this one so you can customize very specifically how you want urls to display in the source code i recommend you add these one by one you go into your source code we haven't refreshed yet but this will be changed because all the settings are done so far but if there are still urls that you don't want to display the way they do you come in here you would copy them just copy this one paste it in there and you change it to whatever you want blah now the new euro will be that and you want to do these one by one you want to first identify what that does that specific thing and then change it and see if that specific thing breaks on the front end if it doesn't break you can keep it in here it's like i said do those one by one you can add a cdn url here if you have a cdn and under experimental you can optimize css and js files you can have text mapping for css and js files including their caches those are experimental so if you turn those on they have not been thoroughly tested so they might cause things to break on your site on the brute force tab we can activate brute force protection use brute force protection add woocommerce login protection we can have a math recaptcha google recaptcha version 2 google recapture version 3 and we can set all the settings down here you need to have an api key for both the google ones and this will limit how many times people can try logging into your site and failing so the math one for an example here five attempts are allowed once you've tried five times you're banned for this number of seconds and google recapture will be pretty much the same number of failed attempts banned duration and then if someone's banned they'll have their ips listed here as banned you can also add them manually if you wanted to the events log shows us recent events on the site we can activate the log for user events let's log user events user roles you can pick any one of these you want to log to make sure they're not doing anything bad on your site you log their activities basically so we could choose the editors let's assume the administrators are good actors they know what they're doing then we have a reports log here we can see their actions and details about the actions on the site security check we've seen this multiple times already backup restore allows you to backup your site and restore your site which is pretty handy under advanced we have a custom safe url parameter which works out to this url here so if you find you can't log into your site for whatever reason this is the place you go this is the safe url so you want to copy this into somewhere safe on your hard drive or write it down because when you can't log in you can always log in using this url here compatibility these options allow you to work on compatibility issues and email notifications you'll be sent emails when something happens on your site and that's really all the settings there are and it's taken a long time to get here let's go back into our dashboard here let's go to connected sites we should see our site here there it is there's connected the security monitor email notifications turned on view report let's see there's something on here there's no report run new test see what that does it does nothing at the moment events log shows that wordpress old paths are visible in the source code that's not great let's go check out the source code while we're talking about that there's our source code here let's go to our home page let's view the page source let's look for name equals generator so if you recall let's go to the the old version name equals generator we have wordpress 5.8.1 and woocommerce 5.6.0 that's before using hybrid wp ghost with the new plugin you recall we said drupal 9 as the content management system we wanted to display as which we currently do name generator is drupal 9 and that's it that's the only name generator on the site a lot of these urls here have wp-content in them because that's where plugins exist let's see if that's changed over here let's just look up wp dash content because i don't see it anywhere nope zero zero results for wp slash or dash content so that's good and here we have a brand new plugin called donkey wrestling hottest plugin to hit wordpress in a long time here's another one elephant high jump also instant classic that plugin now what i've noticed is on the left here it shows elementor dash icons dash css this is not great because everybody knows that elementor is a wordpress plugin so clearly we're using wordpress not drupal now if i copy this i want to see really quick if i can go back into mapping put that in here because it's a class let's call this streetcar and save i'm going to copy this i'm going to control f if this does what i wanted to this will now be changed to streetcar so let's refresh our source code and it is let's change the streetcar if i control f and search for it it's gone so that way we can hide all references to wordpress but like i said when i was showing in this page on the mapping here you want to do this one by one because if it changes the display of your website then you might want to reconsider changing that specific css class or id let's go over here let's run this again just open a new tab with that so we can compare the results not that there were many results to begin with it still shows us using astra shows us with no plugins plugins are all hidden why is astro still showing let's go to the source code let's go to forward slash themes so there's 21 stylesheet or sorry 21 references to astra various classes and ids but the theme folder is gone so these ids and classes will have to be changed manually the way we did right here to make astra completely hidden might only have to make it hidden for the style sheet references let's just see if we change this one change it to gone click on save now we'll see this id right here change to gone and now let's see if that's gone over here nope still detects astra but that's likely what it is it's one of these ids and classes it's using to determine astros being used and whenever you make changes like i just changed this id to gone you have to come out here and refresh your site and poke around and make sure everything still works because doing stuff like that breaks your site does changing ids and classes and url paths you can quickly take your site offline very quickly so you want to make sure you make these changes one at a time and take a look and i know it's a pain doing it one at a time but you'll be much happier if it's actually working and your site's still alive then you will be if your site crashes so if you want to get the lifetime deal for hiding my wp ghost go to appsumo 59 bucks will have you covered for 10 websites which is pretty awesome but if you want more go for more obviously whatever you think you need for your business and to get here please consider using the link in the description it is an affiliate link so i will get a small commission from appsumo if you do decide to purchase that helps me keep making these videos and if the appsumo deal is gone you can go directly to hide my wp ghost through the link in the description as well it's also an affiliate link and then you can buy it through here if the appsumo deal is gone by the time you watch this next up check out this playlist right here which is all about wordpress security so you want to secure your website even more beyond just using how my wp ghost check out that playlist if you haven't done so yet click subscribe bring the bell if you don't miss any future videos my name is bjorn pass in the wp learning lab until next time keep crushing it and i will see you in the next video

Info

Channel: WordPress Tutorials - WPLearningLab

Views: 3,473

Rating: undefined out of 5

Keywords: best security plugin for wordpress 2021, bjorn, hide my wp, hide my wp ghost, hide my wp ghost – security plugin, hide my wp review, ithemes security vs wordfence, protect your website from hackers, website security, wordpress plugins, wordpress security, wordpress security 2021, wordpress security audit, wordpress security best practices, wordpress security plugin, wordpress security plugins 2021, wordpress security tips, wordpress security tutorial, wp learning lab

Id: rfsqESK3G9w

Channel Id: undefined

Length: 41min 25sec (2485 seconds)

Published: Mon Oct 18 2021