Have you ever talked to someone who recommended you hide that your site is running on WordPress? It was somewhat jarring the first time I was recommended this, because well, what’s the point? Am I going to have to go through hours of work just so people don’t know I’m using WordPress?
Should I be embarrassed that I use WordPress?
The questions start rolling in, and the topic is rather controversial, so I wanted to put together a guide on the arguments for and against hiding WordPress, along with the best tools to do so if you decide on covering up the WP name.
Hiding that your site is running on the WordPress platform is a divisive topic, in that it many folks are strongly against it, while others argue that it has some solid benefits. Below we will discuss the different arguments for and against hiding WordPress, but right now I want to cover why the “pro-hiding” folks are even talking about this in the first place.
It all comes down to two primary reasons: One, people want to secure their WordPress sites a little more, and some people think that WordPress is seen as an unprofessional or “cheap-o” platform.
I’ll give you my opinion on both of these reasons for hiding your use of WordPress.
Security is the big issue here, and although you should always implement other security measures, the idea is that you can prevent bots and the occasional direct attack (from someone who probably doesn’t know much about hacking) by simply hiding that you use WordPress. Some valid arguments are floating around the internet, but for now, just know that the main goal in hiding WordPress is to protect your sites.
For the second point (on WordPress being a cheap platform,) this is a terrible reason to consider hiding your WordPress usage, because although WordPress is an opensource platform, it’s still the most used and respected content management system out there.
Konstantin Kovshenin compiles the most valid arguments from around the web in terms of why it’s not a good idea to hide that your site is running on WordPress. Once again, people in the industry are always debating as to which is the best route, but here is a roundup of the primary points that Konstantin makes:
On the other end of the spectrum we have those who argue that it can’t hurt hiding your WordPress version. I would completely agree with Konstantin’s argument that there’s no reason at all to hide WordPress due the fact that you think it’s a poor platform. Some web designers may remove some of the more visible “Built on WordPress” statements, but this is merely for white label branding.
Let’s take a look at some of the more valid arguments for hiding WordPress.
Keep in mind that you can never completely hide that your website is running on WordPress. So, in a sense, going through this process is not an all-in-one security solution. For example, hiding your version number just adds another step for the hackers. In my opinion, I’d rather add that extra step, but cunning hackers can find other ways to get around that anyways.
Experts also argue that hiding WordPress use can lead to laxness in security. In short, many webmasters may think that their sites are completely secure by hiding that they use WordPress. This is a huge no-no, and it adds to the strength of the “anti-hiding” group argument.
After all of that, is it still worth it to hide your WordPress usage?
The answer to this is unclear. You can make your own decision, but your choice really depends on how you plan on responding. If you hide your WordPress usage, are you going to forget about all of the other needed security measures? In that case, just leave your site the way it is and look into more reliable ways to protect your site.
However, if you keep your themes and plugins up to date, utilize security plugins and backup tools, I don’t see any problem with hiding the fact that your website runs on WordPress for an additional security measure. I will say, however, if your primary motive is because you think WordPress is cheap or not respected, that’s a poor reason, and simply untrue.
The best solution is to use the Hide My WP premium plugin to completely get rid of most traces that WordPress is being used for your website.
What does the plugin do for your site?
For a more technical method on hiding your WordPress URL rewrites, using relative links and cleaning up the head, check out Kevin Leary’s post where you really dive deep into your files and mess around with code.
Seeing as how our primary goal is to protect our websites from hackers, you’re best bet is to implement some of the following tools and tasks, regardless of whether or not you decide to hide that your site is running WordPress.
That’s it! I know this is a little confusing, but I trust you to make your own judgement. Hopefully this guide helped clarify the situation a little bit and show you the proper ways to hide your use of WordPress if needed.
Now it’s your turn. Let us know in the comments section if you have any thoughts on hiding that your site is running on WordPress.
Trying to figure out how to start an online course so that you can share…
Considering using LearnDash to create online course content with WordPress? LearnDash is a popular WordPress…
WordPress XML files see a lot of use for me as a content creator, and…
If you’re looking for a way to deliver an online course, complete with all the…
Search Engine Optimization (SEO) is crucial for any website that wants to maximize its traffic…
Kinsta is a notable brand in the WordPress hosting space. The standout aspect of the…
View Comments
Good clarity about WordPress powered websites. Even, the iThemes security too is wonderful. I recommend to all those who prefer WP. Thanks to you!
Let me respond:
When it comes to agencies, YES wordpress is the 'cheap' option rather than a custom CMS that the customer THINKS they are paying for.
As for Konstantin Kovshenin's comments:
1. The attackers don’t really care about which version of WordPress you’r running.
But giving them a version makes it quicker, and not giving them access to the admin directory at all by changing it reduces the attack surface considerably (90%)
2. The hackers don’t even care about the fact that you’re using WordPress at all, because they just send blind POST requests to your wp-login.php file.
Wrong, if you're hiding wordpress, you change the admin path, so wp-login.php doesn't exist in the normal directory structure (standard wp security practice these days anyway)
3. You’re better off using a strong password and always keeping your plugins and themes up to date.
Hackers don't need a password to get into your site, they get in through bugs in the core (mostly) and plugins (extra).
He also talks about how some people think WordPress is a cheap platform, so they hide it. His argument is that WordPress is the best in the business, so if you own a Ferrari, why not show it off? I completely agree.
If you own a Ferarri 'kit'... it's not close to the best CMS out there (not nearly), but it's used that way for smaller sites. Wordpress is free, therefore implied 'cheap'. one of the downsides of being free open source. It's not a ferarri, it's a 2 litre pretending to be a ferrari... it's close to ux best practice, but still a way off. When my mum can use it without a manual, then it's a ferarri... people use it because it's free, and there's so many plugins because it's incomplete (by a longshot) - it's like buying a mac vs pc - pc comes with everything you need to use it immediately, with mac you need dongles, then software to make it work and you spend $200+ on extras before you start... wordpress is the same.
Also captcha doesn't stop brute force attacks. There are many ways around them which is why the web industry is moving AWAY from them completely - even recaptcha is moving away from traditional captcha.
Move to 2 factor auth if you want dencent security. Either way you wordpress will always be a security risk. I'd recommend not storing any personal details in it.
Another good idea is to limit access to the WP login via the .htaccess file by an IP range.
Can this procces affect seo quality of a website?