Do you have sites built with WordPress? Well, chances are you probably
already have a security plugin. That security plugin has a firewall, a malware scanner,
a brute force attack system. But it doesn't have some things. It doesn't hide the facts that you're
actually using WordPress. Now you're gonna ask yourself,
well, why do I care about that? If you check your security plugin
analytics right now, you're going to find out that you're
always trying to get hacked. Why is that? Because there's hacker bots that are
looking for WordPress sites. So how do we prove prevent
most of these attacks? Well, let's hide the fact
that we're using WordPress. There's a deal that's called hide. My WP goes, which does exactly that. It's going to complement your security plugin to hide the fact
that you're using WordPress. So let me show you what the deal is
about and how it actually works. So let's go jump over
to my desktop right now. All right. This is the deal that's going on right now and it starts off at $59
for the lifetime deal. So that means you pay once
and you can use it forever. And if you guys want to grab that deal,
that link will be in the description. Okay, let me show you what
this deal actually gets you. There's the first code slack that is
$59 and it gets you ten sites. I don't recommend it unless you
don't plan to go over ten sites. Okay, the plan I do recommend is the
double slack, which is unlimited sites. You can install it for yourself for your
clients and you just get unlimited sites. Now, there's the triple code
that enables white label. Now, if you don't need white label, if you don't need to hide the fact
that you're using this plugin for your clients, you're definitely good
with the double slack, so no need to waste a little bit of more
money because to grab the white label. So I recommend double code unless you need
white label, then jump two, three codes. Alright, now I mentioned in the beginning that you probably already
have a security plugin. In this case, this is one of my sites I
have Word fence installed, and if you're not using a security
plugin, please install one. It doesn't matter which one,
but just install one. Okay, so this is Word fence, and you're gonna find out that you're
always trying to get attacked from people, even if your site is not popular,
there's always hacker bots trying to hack you, and if they find a way,
they're gonna hack your site, they're gonna take it down
and you're gonna have a big problem. All right,
so go to your security plugin if you have one and you're gonna find out that you're
always getting hacked and that's the fact that they know that you're
using WordPress. So this is where WP hide goes comes in, right? It hides the fact that you're using
WordPress and you're going to prevent most of these hacks because they're not
gonna know that you're using WordPress. Okay, now this is a blank site. It's my test site. There's nothing installed but my theme. So I just installed this plugin.
All right. Which is Hide My WP Ghost.
Nothing's going on. It says my security is weak. I don't even have another security plugin, which I should, but this
is just a test site. Okay, like I mentioned before,
they do complement each other because security plugins are not meant to hide
the fact that you're using WordPress. That's not why they're built. Okay, so this is why it complements. So I'm getting some information here that I'm saying, hey, fix this stuff
because your site is very weak. So let's go in into the settings. All right, there's the overall setting
here from features, but we're gonna go into the main
settings over here in the menu. Alright, so first off,
the level of security is deactivated. We have the safe mode, which changes first of all,
the link that you're using to log in. So to log in to your site, you go to WP
login, WP admin and hacker bot know that. And even hackers who wants
to hack your site know that. So that's the first thing that we
have to work on is change that link. So if I click on safe mode, it's going
to change the path to all of these. So for example, my new
logins will be new login. Now heads up. You need to remember that you have
a new login link so you don't forget. Okay, and it changes other pets. Also for content includes uploads,
after and all of those. Okay to hide all those little weak points where the hacker bots will find
out that it's a WordPress site. I can activate it, but before I do, there's another option
which is ghost mode. Again, there's another type of change to path links, but we're
going to use the safe mode, right? We're not going to go overboard with this. It's going to update. Once I click save, go ahead and save it.
Okay. And now we have a new login site URL.
Okay. So it's this one right here.
New login. Let's go check it out. Ssl, open any Cognito mode. Let's go into the login site.
And there it is. Now, before what I used was WP admin. But guess what.
Now it takes me to the home page. It doesn't work anymore. And if I go to login not found app those two login page. So now we just hide the fact
what the login URL is. So that's one of the most important parts. Okay, and in case you can't
log in, use this safe URL. So you want to save this URL in a notepad
somewhere where you can have it. If you just forget what that link is, but you're going to get used to it once
you start using it and you can customize what that login is also
okay and we can use simulate CMS. So right now is simulating Drupal eight, but you could change
another one if you like. Okay, if we're good to go. Yes, it's working. We just tested it. So we have the new login site. Next thing is the admin security. So we can custom admin path.
We'd like. Okay, if you want to change this one, remember we tested it
and it's not working. If I want to use a custom one,
I can do so right here. I can hide WP admin. I can hide WP admin from non admin users,
which also I would say save. Alright, login security again,
we can change the login custom path. You saw that it was new login,
but if they're used to using something more common to you,
we'll use something else. Maybe you're using
log into my site and that's probably what you're used to on your other WordPress
sites or something like that. Well, you can customize your own. Let's keep it how it is. We can hide WP login. We tested it also it's hidden. Hide the login path. Custom lost password path. We can customize that custom register path custom logout path and we can customize
all these permalinks for that. So they don't find which links
you're using a security. Custom Ajax passive we like again, we can customize in high WP admin Ajax,
change the path to Ajax calls and every single one of these settings
has this little question Mark. If we click on it, it's going to give us details of what it's
for and what it's going to do. So it's pretty cool that they took
the time to actually do that because there are some of these things that you're
not going to know what it's form, right? Because I'm not dedicated
to hacking sites. I'm not even a white hat hacker. So some of these SaaS you'll have
to find out what they're for. Custom author path as
it's changed to writer. Alright, you can hide it. Wp core security again, we can hide
all of these he WordPress common pass. I would suggest yes. So we won't hide all of these. Make sure that everything is working fine and it's not interfering with your SEO
plugin that you might have because changing path and we can hide
all these type of files. Okay, hide word press common files that's enabled already disabled
directory browsing. Let's go ahead and enable it. Plugin security again. Custom plugin path instead
of saying plugins. Well, it's saying modules. So it's hiding everything that it might try to find and you can customize
this to whatever you like. So modules plugin so you don't forget what it's for, but it's just different to what
hacker bots are used to looking for. Hide all the plugins. Hide WordPress old plugin pass show advanced options to
customize plugin names. So right now I only have one plugin installed, but I can
customize what the name is. So if hacker bots are looking for specific plugins because they know
they have bowl never ties. Well, they're going to not know because
you're changing that name to it. Okay, let's go ahead and save it. Theme security again,
we can change the information for this custom theme path so it's changed to views
instead of you know what we could change it also aspect template
styles instead of themes. High themes name had WordPress old themes
pass pass custom theme style name. So it changed the design. Show advanced options custom theme names. So again, for example, I have installed
DB Astron cadence if I'm using DB. Well I don't want to have
them find what I'm using. Alright, so I'm using I don't know. Custom theme blah blah blah.
Right. So it's not going to say Div anymore. So the hacker bot won't find out it's using Div, so it's trying to see
where they might look for. So you don't find out
API Security custom WP JSON path. I really recommend that you check if it doesn't interfere with other plugins
because they might be using this high rest API URL Disable Rest API
axis Disable XML RPC axis. So you're good to go with all of these. You can go ahead and save them. Firewall and header security
changes that happen right here. Strict transport security content
security policy and all these options. Okay, you can have these checked out these little warnings because they might
interfere with other things. Remove unsafe headers, block them detector crawlers beta
firewall against script injection. You can save that other options. Custom category, path,
custom Tags and all those options. Now let's jump into the Tweaks category. I'm not saving because this
is just a test site tweaks. All right, redirect hidden
path to front page. So remember when they try to I tried to log into the site
with the old login path. It took me to the front page. But what if I want to change it to a four, four page or demo home or
whatever page you have. You can send them there. Do log in and log out. Redirect save that mapping. Oh, I have some tweaks over here. My bad going back to tweaks the feed and side map so you can hide
the side map links Tags. So this is the sitemap that it
comes with, but we can change it. Change the path to RSS feed so they don't know what the RSS feed
and they don't feed from it. Change path to sitemap XML again. Make sure that it's not interfering
with SEO plugins that your Google Web master does know what
the side path URL is. Hide the path in Robot TXT change options for past login users change
relative URL to absolute URLs hide options so you can hide the admin bar
hide version from images. Yeah, the CSS and JS and WordPress
hide the ID from made attacks. Hide WordPress DNS a lot
of options that are really useful. Himation hide embedded scripts. It's going to mapping. No, I'm still over here. Why do I want to get out of here?
Disable options. This one is really useful. I think this could be useful for most of us is for example,
if you want to disable right click from the website so they don't steal your
images so you don't copy and paste and all of that disable inspect elements disabled
view source disabled, copy paste. So you sell that that's disabled and they're gonna get a message
if they tried to do it. I mean it doesn't hide the fact it's probably Chrome extensions
will still work. That's my thought, but it's
good to have it disabled. Drag and drop images disabled
debug in front page. Alright, mapping. Let's go ahead and leave this here and we have more options again for text
mapping instead of WP caption. It's going to be only caption or unless you change it to something
custom that you might know. Wp custom. Change another one and map all
the type of links that you're using. Url mapping again, you can use your customized for example,
they give you an example. You can change this
to this or this to this. Alright, so custom URL
change one to another. Cedn. If you have other apps, you can then
then you can customize it here. Experimental auto ICSS and JS files,
text mapping and CSS heads up. I don't recommend that you tweak
this if you have a cache plugin. All right, so if you don't have a cache
plugin, then go ahead and use these for optimization, but make sure
they're not breaking your site. So go ahead and test it in incognito mode before you set this site to live
and just use it as it is. Now let's go into brute force. These are the brute force
options that it gives you. If you have a security plugin that is
working fine and it has brute force attack prevention system, then you
don't need to enable this. But if you're not using that,
then go ahead and enable it. So it removes the way for hackers to just
try to hack into your side by brute force. Okay, so you can do Max file
attempts so you can set it to 510. 20 whatever you want to set it. The band duration. How many seconds do you want to ban them? So that'll be the next time they'll
try to log in again for yourself. If you miss the login attempt for five times, you're gonna have to wait this
amount of seconds, so be aware of them unless you have
that link that they provide to login. Right lockout message whitelist IPS. So if you know what your IP is,
your teammate, your virtual assistant or whatever, add these IP here
and they won't get blocked. Okay, band IPS if you know that there's
a list of IPS that you need to ban we'll just list them here if you want to enable
Google Recapture V two or V three. This is available, but you will have to get the capture
information, the site key for these. Okay, it's super easy to do. There's several tutorials on doing this. I recommend that you
actually enable this right? You can see the event logs right here. We shouldn't have any events slack
because this is just a test site. So log users events and do you want to see
the logs for these type of user roles? You can enable that security checks. Let's go ahead and check that out. So here's a security check
of what's going on on your site. So what PHP version are
you using my SQL version? So we're at with all of these and we're
seeing some information here. For example, database prefix. Hey, it's using WP. There's a vulnerability there that hacker bot will find out that you're using
WordPress because it's using that. So go into info and customize it so
it doesn't start with WP underscore. Alright, security key updates. Here's a set the recommendations
and information to know what it's for. Right.
So you can do it. Some of these will have to fix it. So because I didn't enable these,
I'm doing a test sign but they tell you what is going on here and you can go ahead
and fix it and then start a scan again. All right. There's the plugins settings
right here that they recommend. These guys are the same ones from
SEO Squarely, which is really popular. Right. And there's other popular plugins
that they are recommending. Let's see if they're recommending
a security plugin here. Security security item security. So these are two security plugins
that they are recommending. Recon Wordfence works.
Fine. If you guys want to use that slack up and restore it, just backs up
the settings from this plugin. It's not a backup or
restore plugin completely. Alright, just backup
the settings from this. It might work if you already set the
settings here and you want to use it on another WordPress site that you install
this plugin that is pretty useful to save time and just punch in the settings
that you already have for me. Back up advance there's the advanced settings rollback
settings to custom safe URL parameter compatibility compared
with managed to be plugins late. Loading clean login page email
notifications if you want to get notified from changes with the change admin and log
in URL if it changes, you're gonna get an email application
which I think is pretty useful and then my account to jump in to Hide My WP Ghost
account which we're not gonna go there. But like I mentioned before, this plugin compliments
with your other security plugin. Now why do other security plugins don't
have these settings or they do have some but not as complete as this one because
like I mentioned before, they are not meant to hide using WordPress
they are just meant to provide security. They're providing firewall malware scanner
and a brute force attack prevention system and a few settings, but they're not meant
to hide the fact that using WordPress. So this one comes in handy to prevent most
of those brute force attacks by just hiding the fact that you're
using WordPress. So there you go. Like I mentioned before, it's a lifetime
deal that's going on right now. $118 is a sweet deal for unlimited sites. So if you guys want to grab it,
that link will be in the description. It's an affiliate link. If you buy some through that link,
it helps me out with a small Commission, but it won't cost you a single
set more what it already cost. It's going to cost you. But it helps me with a small Commission
to keep on making videos for you guys. I thank you all for watching.
My name is George. This is SaaS Master,
and I'll see you guys later.