Improve WordPress site security by not letting people know you're using WordPress.

Bystab

For reasons of confidentiality and security, some users will consider the site used to hide the background, which requires a fee plug-in called "hide my wp", if you do not have the means to purchase, or do not want to use the plug-in, this article is for you. The method in this article is suitable for users with some hands-on ability. Here we will see how to hide WordPress step by step.

URL redirection

WordPress directory structure is the most characteristic, if not processed, others through the code at a glance can see that your site is using WordPress, we first need to do is to modify the WordPress directory structure. 

/**
 * URL redirection
 /*** /*** /*** /*** /*** /*** /***
 * Redirects.
 * /wp-content/themes/themename/assets/css/ to /assets/css/
 * /wp-content/themes/themename/assets/js/ to /assets/js/
 * /wp-content/themes/themename/assets/img/ to /assets/img/
 * /wp-content/plugins/ to /plugins/
 */
function nowp_add_rewrites($content) {
    global $wp_rewrite.
    $nowp_new_non_wp_rules = array(
        'assets/(. *)' => THEME_PATH . '/assets/$1',
        'plugins/(. *)' => RELATIVE_PLUGIN_PATH . '/$1'
    ).
    $wp_rewrite->non_wp_rules = array_merge($wp_rewrite->non_wp_rules, $nowp_new_non_wp_rules);
    return $content.
}

function nowp_clean_urls($content) {
    if (strpos($content, RELATIVE_PLUGIN_PATH) > 0) {
        return str_replace('/' . RELATIVE_PLUGIN_PATH, '/plugins', $content);
    } else {
        return str_replace('/' . THEME_PATH, '', $content);
    }
}

// Do not rewrite multisite and self-subjects
if ( !is_multisite() && !is_child_theme() ) {
    add_action('generate_rewrite_rules', 'nowp_add_rewrites');
    if ( !is_admin() ) {
        $tags = array(
            'plugins_url',
            'bloginfo', 'stylesheet_directory_directory', 'bloginfo'
            'stylesheet_directory_uri',
            'template_directory_uri', 'script_loader_src', 'script_loader_src'
            'script_loader_src',
            'style_loader_src'
        );
        add_filters($tags, 'nowp_clean_urls');
    }
}

The above code assumes that in your theme there are/assets/folder, if you are using an Apache server, WordPress will automatically rebuild the rewrite for you..htaccesfile, and if you're using Nginx, you'll also need to manually add rewrite rules to your hosting configuration file. 

location ~ ^/assets/(img|js|css|fonts)/(. *)$ {
  try_files $uri $uri/ /wp-content/themes/YOURTHEME/$1/$2;
}
location ~ ^/plugins/(. *)$ {
  try_files $uri $uri/ /wp-content/plugins/$1; }
}

The above rule hardcodes the /wp-content/ directory, if you change the WP_CONTENT_URL or WP_CONTENT_DIR constant in the theme, there may be a conflict, make sure that the wp-content directory in the above code is correct and you will be fine.

Using relative links

All places are using absolute links is also a major feature of WordPress, in fact, this is not necessary, we through the following code can be modified to absolute links become relative links. 

/**
 * 修改绝对链接为相对链接
 *
 * 提取自Roots主题
 */
function nowp_root_relative_url($input) {
    preg_match('|https?://([^/]+)(/.*)|i', $input, $matches);

    if (isset($matches[1]) && isset($matches[2]) && $matches[1] === $_SERVER['SERVER_NAME']) {
        return wp_make_link_relative($input);
    } else {
        return $input;
    }
}
function nowp_enable_root_relative_urls() {
    return !( is_admin() || in_array($GLOBALS['pagenow'], array('wp-login.php', 'wp-register.php')) );
}
$root_rel_filters = array(
    'bloginfo_url',
    'the_permalink',
    'wp_list_pages',
    'wp_list_categories',
    'the_content_more_link',
    'the_tags',
    'get_pagenum_link',
    'get_comment_link',
    'month_link',
    'day_link',
    'year_link',
    'tag_link',
    'the_author_posts_link',
    'script_loader_src',
    'style_loader_src'
);
add_filters($root_rel_filters, 'nowp_root_relative_url');

Clean up useless code in HTML Head

WordPress in the added a lot of code we usually do not use, which not only increases the spam code, the backend system of the site is also exposed to the full, the good thing is that we can easily clean up these codes, add the above code to the theme of the functions.php file can be. 

/**
 * 清理wp_head()
 *
 * 移除不需要的 <link>'s
 * Remove inline CSS used by Recent Comments widget
 * Remove inline CSS used by posts with galleries
 * Remove self-closing tag and change ''s to "'s on rel_canonical()
 */
function nowp_head_cleanup() {
    // Remove junk from head
    remove_action('wp_head', 'rsd_link');
    remove_action('wp_head', 'wp_generator');
    remove_action('wp_head', 'feed_links', 2);
    remove_action('wp_head', 'index_rel_link');
    remove_action('wp_head', 'wlwmanifest_link');
    remove_action('wp_head', 'feed_links_extra', 3);
    remove_action('wp_head', 'start_post_rel_link', 10, 0);
    remove_action('wp_head', 'parent_post_rel_link', 10, 0);
    remove_action('wp_head', 'adjacent_posts_rel_link', 10, 0);
    remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
    remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);
    remove_action('wp_head', 'feed_links', 2);
    remove_action('wp_head', 'feed_links_extra', 3);

    global $wp_widget_factory;
    remove_action('wp_head', array($wp_widget_factory->widgets['WP_Widget_Recent_Comments'], 'recent_comments_style'));

    if (!class_exists('WPSEO_Frontend')) {
        remove_action('wp_head', 'rel_canonical');
        add_action('wp_head', 'nowp_rel_canonical');
    }
}
function nowp_rel_canonical() {
    global $wp_the_query;

    if (!is_singular()) {
        return;
    }

    if (!$id = $wp_the_query->get_queried_object_id()) {
        return;
    }

    $link = get_permalink($id);
    echo "\t<link rel=\"canonical\" href=\"$link\">\n";
}
add_action('init', 'nowp_head_cleanup');

/**
 * Remove the WordPress version
 */
add_filter('the_generator', '__return_false');

/**
 * Clean up language_attributes() used in <html> tag
 *
 * Change lang="en-US" to lang="en"
 * Remove dir="ltr"
 */
function nowp_language_attributes() {
    $attributes = array();
    $output = '';

    if (function_exists('is_rtl')) {
        if (is_rtl() == 'rtl') {
            $attributes[] = 'dir="rtl"';
        }
    }

    $lang = get_bloginfo('language');

    if ($lang && $lang !== 'en-US') {
        $attributes[] = "lang=\"$lang\"";
    } else {
        $attributes[] = 'lang="en"';
    }

    $output = implode(' ', $attributes);
    $output = apply_filters('nowp_language_attributes', $output);

    return $output;
}
add_filter('language_attributes', 'nowp_language_attributes');

successfully accomplished (project or goal)

This will hide most of the WordPress information and greatly improve the quality of the WordPress Security, although the master can still be seen by some means, but it is still much better than doing nothing.

Related Posts

0 Comments

    1. Well, this one was indeed moved directly from the original site, and I found it useful, so I turned it over and bookmarked it. As a matter of fact, there are some other articles on this site that are also translated from other articles abroad.

      Reply

      1. He didn't mean that there was a problem with moving it over, you moved it over, and then translated it, even though it didn't specify the address where it was moved to, but there's no excuse for that.

        What he's saying is that there's something wrong with your carry code.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *