[All WPMU DEV Plugins and Services] Support features from Hide My WP Ghost plugin

I just loaded up the Hide My WP plugin, which masks common WP paths like wp-admin. It goes far beyond what's offered in Defender and Branda. https://hidemywpghost.com/

My first request is for WPMU DEV to look closely at this plugin, and incorporate many or all of its features. I usually don't like for plugins to get bloated with features that duplicate those of others. In this case, we're paying WPMU DEV for branding and security, and this other plugin has Pro features that I'd rather get from the vendor that I'm already paying.

Second, please note the changes that are possible with this plugin. If we can change the path for login, wp-admin, ajax, assets, etc, then Dev services might have a problem accessing our sites. That includes The Hub, Snapshot, and perhaps hosting features. It may include links back to a site which are inserted by plugins. Please install and run this Hide My WP plugin and then test Dev services and plugins to ensure there are no hard-coded links that will break. I don't want to go without managed backups because I have security that Dev can't navigate. How do you fix that? Get the WPMU Dev Dashboard plugin to send site-specific details to the Dev servers so that they can correctly reach back to the site.

Note also the security checks that can be done with that plugin, many of which are not included in Defender.

Note the feature that removes HTML Comments inserted by themes and plugins … is that done by Hummingbird?

What else can be learned from this other offering?

I know that trying to hide the nature of a WP site is naïve. With a simple scan of a home page a hacker can detect the nature of the environment and craft code to thwart this first level of defense. But most hackers are not that sophisticated. Script kiddies brute-force common attack vectors with the simplest of tools. If those tools don't work, they move on. Simple measures like this help to deter a specific class of intrusion, not all. And Some protection of these vectors (provided by Hide My WP Ghost) is better than the minimal protection in this specific area from the Dev offerings.

In the process of considering features that are inspired by this other fine plugin, please consider first adding their Pro features to Defender or Branda, rather than adding the free features first. We can already get the free features. We don't need Dev to duplicate those. I'm asking Dev to provide good features that we would need to purchase elsewhere.

Thanks.

  • Patrick Freitas
    • Staff

    Hi Tony G

    Hope you are doing well.

    Thank you for your Feedback

    I just loaded up the Hide My WP plugin, which masks common WP paths like wp-admin. It goes far beyond what’s offered in Defender and Branda

    The Defender will mask your wp-admin and wp-login too, under Defender > Advanced Tools > Mask Login Area , also you can set up the redirect when someone tries to access it. Of course, you already know this :slight_smile: but I had a look and can see it will hide more than just wp-admin and wp-content, would be nice to have this on Defender.

    Second, please note the changes that are possible with this plugin. If we can change the path for login, wp-admin, ajax, assets, etc, then Dev services might have a problem accessing our sites.

    This one is a really nice point, we do try to avoid this kind of changes, the possibility to conflict with services is really big, we do want a well-protected site, but we need to have it working well too.

    Note the feature that removes HTML Comments inserted by themes and plugins … is that done by Hummingbird?

    I’m afraid this isn’t handled by Hummingbird but sounds like a Branda feature!? :slight_smile:

    I know that trying to hide the nature of a WP site is naïve. With a simple scan of a home page a hacker can detect the nature of the environment and craft code to thwart this first level of defense. But most hackers are not that sophisticated. Script kiddies brute-force common attack vectors with the simplest of tools. If those tools don’t work, they move on. Simple measures like this help to deter a specific class of intrusion, not all. And Some protection of these vectors (provided by Hide My WP Ghost) is better than the minimal protection in this specific area from the Dev offerings.

    That’s actually true, the scripts look for normal paths, just like default wp_ prefix, changing some of those can increase the security, however, I passed all suggestions to our developers, I do believe some of the features are really nice and would be amazing to have on Defender or Branda plugin too. :slight_smile:

    Let us know if you have any other suggestion.

    Best Regards,

    Patrick Freitas

  • Patrick Freitas
    • Staff

    Hey Tony G

    An update on my reply.

    I made some tests on the Hide My WP plugin and don’t see any issue while working with our plugins, I already know some members use it and the support access works fine. I also checked for any reported problem and couldn’t see any.

    I passed your feedback to our developers for further discussion :slight_smile:

    Best Regards

    Patrick Freitas

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.