If WPPlugins found any security issue, it means that your WordPress CMS is detected and hackers will find these breaches.

If you don’t act now, the hacker’s bots will get into your website sooner or later. If they do, they usually remove the website entirely and steal your database information. The loss and recovery costs can be … oh well … you do the math.

Below you will find more details and solutions for each security breach we found:

A path is visible. Brute Force attack is imminent!

This means that we found an authentification path and could perform brute force login attempts.

The best solution is to hide the login and admin paths from visitors and set a different login path only for your access.
You can also activate the Brute Force protection using Google reCaptcha or Math Captcha.

Learn how you can do this with Hide My WP Ghost – Brute Force Protection

WordPress XMLRPC Brute Force exploit detected!

XML-RPC could open the site to various attacks and other issues. This feature is not used anymore because WordPress is now using API which is much safer.

The best solution is to restrict the access to the xmlrpc.php file through .htaccess or server config file if you are using other types of servers.

Learn how you can do this with Hide My WP Ghost – Hide WordPress Paths

WordPress path is still accessible!

This means that the WordPress common paths wp-content/plugins and wp-content/themes are still accessible. Knowing that most of the attacks are made on vulnerable plugins and themes, it’s crucial to hide them and don’t let hackers access the vulnerable files.

You can hide the common paths using .htaccess for Apache and LiteSpeed servers, nginx.conf for Nginx server, web.config for IIS server.

Note! To prevent from breaking your website, you need to change the common paths first.

Learn how you can do this with Hide My WP Ghost – HideWordPress Paths

WordPress readme.html is accessible!

Some of the root files like readme.html, license.txt, wp-config.php have information about your WordPress version, Database username and password, paths and server details.

These are the first files accessed by hackers bots and they can know all about your CMS and server without even entering your website.

It’s important to restrict the access to all these files and stop a lot of attacks and even unnecessary server traffic.

Learn how you can do this with Hide My WP Ghost – Hide WordPress Paths

WordPress old paths are visible in the source code!

This means that wp-content/plugins, wp-content/themes. /wp-admin and other common paths are visible in the source code of your website. Hackers bots will usually crawl your website to get information about your theme and plugins.

The best way is to customize the paths and even the plugins and theme names. This way you will stop most of the attacks over your plugins and theme. After you change the paths, you can hide the old paths for higher security.

Learn how you can do this with Hide My WP Ghost – Hide WordPress Paths

WordPress Prefetch https://s.w.org is visible!

This META is added by WordPress mostly for the emoji feature. But this META tells the hackers that you have a WordPress website and the bots will start more attacks to find breaches into your website.

It’s easy to hide this META by using a WordPress hook or from Hide My WP Ghost – WordPress Tweaks

WordPress https://api.w.org/ is visible!

api.w.org is used for WordPress REST API discovery. Mostly used by developers so it’s not needed in your source code. This link tells the hackers that you have a WordPress website and the bots will start more attacks to find breaches into your website.

It’s easy to hide this link by using a WordPress hook or from Hide My WP Ghost – WordPress Tweaks

WordPress “Powered by WordPress” is visible!

Well, if you tell them that you are using a WordPress CMS …  :). You can easily remove this text from your theme option. Usually, the basic mistakes are the ones who make us suffer the most.

 

______________________

These are the most common vulnerability issues a WordPress website has. If you are using Hide My WP Ghost plugin, please run a local Security Check and get a full report about your website.

Download Hide My WP Ghost