Detect if Your WordPress Website
has Security Flaws

Web Version
Plugin Version

Don’t just be another victim! Start scanning your website now!

Why is Your WordPress CMS Security Check Important

1 %

55.9% of vulnerabilities came from plugins.

1

Over 90,978 attacks happening per minute on both big and small WordPress sites

1 %

84% of all security vulnerabilities on the internet are the result of Cross-Site Scripting or XSS attacks.

Most of the casual bloggers start thinking about site security only after they get into first problems and majority of websites get hacked from entirely preventable issues, like not keeping things updated or using insecure passwords.

 The majority of hacking attempts are made by bots, and you may be able to prevent hacker bots attacks by hiding your WordPress paths: wp-content, wp-include, plugins, themes, etc.

Just by changing the main paths, you may be able to protect your website against things like brute-force attacks, SQL-injection, and requests to your PHP files.

The test includes checking for updated plugins, themes and different files and functions which are known to hold security breaches.

Web Version vs Plugin Version
WordPress Security Check

What we will check

  • wp-login path
  • wp-admin path
  • wp-content/plugins
  • wp-content/themes
  • wp_config.php file is writable
  • license.txt files
  • readme.html files
  • wp-config file
  • XML-RPC access
  • WordPress Prefetch https://s.w.org
  • REST API discovery
  • Powered by WordPress
  • PHP Version
  • Mysql Version
  • WordPress Version
  • Backend under SSL
  • WP Debug Mode
  • DB Debug Mode
  • Script Debug Mode
  • Display_errors PHP directive
  • User 'admin' as Administrator
  • Spammers can easily signup
  • Outdated Plugins
  • Not Updated Plugins
  • Version Incompatible Plugins
  • Outdated Themes
  • Database Prefix
  • Salts and Security Keys valid
  • WordPress dDatabase Password
  • MySql Grant All Permissions
  • install.php file are accessible
  • upgrade.php file are accessible
  • Author URL by ID access

Web Version

Check it Now

Plugin Version

Install it Now FREE

Detect any breach and weakness in your website using Hide My WordPress Ghost Plugin

Why Should You Use Hide My WordPress Ghost Plugin
to Detect Security Issues

  • It's free
  • Perform more than 30 security tests to your website
  • Scan your website for XSS and SQL Injection vulnerabilities
  • It will advice you on how to fix the detected security
  • Start the security check with just one click
  • Fix many security breaches with just one click
  • The website speed will not be affected
  • Over 50k websites are using it and love it
  • Bonus! Help you Hide your WordPress website from hackers
  • Bonus! Help you protect your website from brute force attacks
When was the last time when you verified your website vulnerability_
Verify Your Website Security

Don’t let hackers crush your website!

What happens if
wp-login page is visible

wp-login page is certainly one of the most vulnerable pages on your website.

If this path is visible means that an authentication path is visible and hackers can perform brute force login attempts.

A successful brute force attack can give hackers access to your admin area. An unsuccessful one can slow down your website or crush your server. 

There are many strategies for dealing with this problem. The simplest one is to hide WordPress login page.

Check if wp-login is visible on your website

What happens if
WordPress XML-RPC is visible

XML-RPC is an API that allows anyone to interact with your WordPress website.

XML-RPC is also a way to manage your site without having to login manually via the wp-login page.

Why hackers try to access your WordPress website using xmlrpc.php file?

Instead of 100 login attempts, the hackers could reduce their login attempts to 10 or less and still try 100 or even thousands of passwords to each request. 

XML-RPC service is always at high risk for WordPress websites. For your safety, you should disable this service.

By disabling xml-rpc you can protect your website from DDoS attacks, brute force attacks, malicious pingback response .

Check if xml-rpc is vulnerable on your website

Why WordPress Security is Important for Your Business

Previous
Next

Is WordPress CMS Vulnerable?​

WordPress is one of the most popular CMS (Content Management System) options on the Internet these days.

Around 33% of websites are made with WordPress.

Even if WordPress is known for being a secure CMS, sometimes hackers do find vulnerabilities. Most site owners don’t know that the biggest risk comes from the installed plugins and themes. You obviously need to be careful with them, as plugin vulnerabilities represented 55.9% of the known entry points reported by respondents.

One way to protect your website is to hide the WordPress common paths.

What’s usually meant by “hiding WordPress” is that you’re attempting to obscure the fact that your site runs on WordPress from any person or bot that attempts to identify the CMS.

By hiding WordPress, you don’t physically change the paths of the CMS. Basically, the known paths from WordPress are virtually renamed and this will protect the real ones.

Download Free Plugin

Don’t let hackers crush your site!

5 MAJOR BENEFITS OF USING HIDE MY WORDPRESS GHOST PLUGIN

The Most User Friendly WordPress Security Plugin​

WordPress
Security Check

Identify your potential WordPress security Breaches. Tests include checking for updates, plugins, theme and different files and functions which are known to hold security holes.

WordPress
Activity Log

Monitor everything that is done on your site. You will know what's happening on your site anytime and anywhere. You can set it to send alert emails for one or more user actions.

Brute Force Attack Protection

A successful brute force attack can give hackers access to your admin area. An unsuccessful one can slow down your website or crush your server.

Hide WordPress Common Paths

Hide the fact that you are using WordPress. Don't let hackers know that you use a WordPress CMS. The majority of hacking attempts are made by bots, and you may be able to prevent hacker bots by hiding your WordPress paths.

WordPress
Tweaks

Most of the casual bloggers start thinking about site security only after they get into first problems and majority of websites get hacked from entirely preventable issues, like not keeping things updated or using insecure passwords.

Join over 50k websites that are using and loving
"Enjoyed it. Very innovative plugin that helps with security. You can’t beat that for a free plugin. Would like to see more areas that need to be hidden or prevent hackers from accessing. Keep up the good work!"
@k318wilcoxa
@k318wilcoxa
"It’s working perfectly and I’m glad there are still some good developers that are on WordPress that actually care about their plugins.It’s got a lot of options to it and perfect for a security plugin and really simple to use. "
@destructiveburn
@destructiveburn
"Easy installation, easy to configure, worked like charm with Woocommerce login and registration and with OneAll Social Login. Hid and renamed wp-admin and wp-login."
@AlineMendes
@AlineMendes

Don't let hackers crush your site!

Download Free Plugin