Taken from the NodeHost community, posted by Weesearts before shutdown

In this step-by-step tutorial, I'll teach you how to enhance the security of your WordPress site by hiding WordPress directories and back-end pages from the standard user. This will make it almost impossible for a user to tell you're using WordPress, even when he/she is viewing your site's code (do note that most templates will disclose the wp engine in the header tags still).

Step 1

Search for and Download the "WP Hide & Security Enhancer" Plugin on your WordPress site. You can do this by navigating to "Plugins > Add New" or by downloading it here: https://wordpress.org/plugins/wp-hide-security-enhancer/

Step 2

Activate the plugin and navigate to the WP Hide panel on the admin menu.

Step 3

In the "Rewrite" section of the plugin, modify the settings in each tab to your liking. I recommend selecting "Yes" on everything but URL Slash, and renaming all paths. When renaming a path, try to stay close to the original name. I recommend naming each one the same as the original, just with the "wp-" part removed.

Step 4

Further your security by visiting and changing the settings in the "General / HTML" and "Admin" sections. This plugin does a decent job of explaining things, so it shouldn't be too difficult deicing what settings are right for you.


By hiding or renaming admin pages, NodeHost no longer automatically blacklists IP's trying to break and enter your account. If someone tries to login unsuccessfully many times in a row, NodeHost will blacklist their IP from all servers. This won't be enabled by NodeHost if you change the login path settings in the "Admin" area.

Also, selecting "Yes" to anything under "Rewrite > JSON REST" will cause contact forms to not be sent.
Was this article helpful?
Thank you!