I recommend uninstalling this plugin immediately and replacing it with a safer alternative. All signs indicate that it is no longer maintained by its developer: the domain wpwave.com is currently offline (it may have expired or changed ownership), and the plugin depends on the subdomain api.wpwave.com to function.

This represents a serious security risk, since if the domain falls into the hands of a third party, they could potentially inject remote code into any sites still using the plugin.

Additionally, I noticed a negative impact on site performance, likely because the plugin keeps trying to connect to an endpoint that no longer responds, causing slower load times.

As an alternative, you can install a free and reliable plugin from the official WordPress repository:

https://wordpress.org/plugins/hide-my-wp/

I am currently using this free plugin on all my sites, and so far it has been stable, without affecting performance or relying on external services.

Hello, I am interested in buying this security plugin in bulk. Would it be capable of hiding the following:

1. wp-content

2. wp-includes/js

3. index

4. inline JavaScript IDs

My main reason for getting this plugin is that I don’t want anyone to be able to tell what website platform I’m using through Inspect > Sources. I also don’t want anyone to know what plugins, uploaded photos, or theme I’m using. Please let me know if these features are available. Thank you.

So, is the consensus that this plugin is dead? It’s been tripping all my other security plugins to say there’s vulnerabilities…

is this plugin dead, no new update from years

Hide My WP <= 6.2.12 – Reflected Cross-Site Scripting. The Hide My WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Still Not fixed in 6.2.12 after 12 days. When will it be fixed? https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hide_my_wp/hide-my-wp-6212-reflected-cross-site-scripting

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hide_my_wp/hide-my-wp-6212-reflected-cross-site-scripting

Hi. I created an account on your support forum, but there’s no ticketing and the forum looks years old, and the link to the new location is a dead link, so I’ll ask here.

I’m finally getting around to setting this up and have some questions:

1) I activated Permalinks Auto Configuration (Hide My WP > Settings > Permalinks > Auto Configuration), and then one of my plugins (BasePress) lost the CSS styling. How can I fix this and still use Permalinks Auto Configuration?

2) I tested some urls, and then asked Gemini the results, and it said: We are seeing two key security endpoints remain accessible while Hide My WP is active:

The REST API user enumeration endpoint (/wp-json/wp/v2/users/1) is not being blocked/cloaked.

The XML-RPC file (/xmlrpc.php) remains active and is not blocked/disabled.

So my question is: Which specific settings in the plugin are designed to block these two files, and what steps should we take to ensure they return a 404 or 403 error?

3) In my source code, I can see the wp-login.php page to login is still available to hackers by looking in the source code, I can see the extra parameter that is placed at the end of the url. That doesn’t seem secure at all.

4) I see this warning in the admin panel:

- Your full hide is disable, Wapplyzer will detect you are using WordPress. - Trust network is disabled, we can not fetch dangerous IPS.

What do I need to do to fix that?

5) Can I see the blocked IPs based on the countries? Like a map?

Thanks.

How do I reset my license?

I’m currently using your plugin Hide My WP together with another plugin called Fluent Community (a forum and membership plugin). I really like both and would love to keep using them together.

However, I’ve discovered a conflict: when Hide My WP is active, the 2FA verification email that Fluent Community normally sends to new members is not being delivered.

Here’s what happens:

A new user registers on the forum and is supposed to receive a verification code (2FA) by email.

When Hide My WP is active, the email never arrives.

When I deactivate Hide My WP, everything works perfectly — the 2FA email is sent and received immediately.

I tested this multiple times (logging out, registering as a new user, etc.) and confirmed that the issue is directly caused by Hide My WP.

Could you please advise how to allow Fluent Community to send these verification emails while keeping Hide My WP active? Perhaps there is a URL or endpoint I can whitelist/exclude from Hide My WP’s protection, or a specific setting I can adjust.

I’d be very grateful for your guidance. Thank you very much for your time and support.

Best regards, ~G

can i change theme name to another one `?

Hey, I sent a message about my site being crashed. Can you help?

Hi, changing paths does work with Cloudflare CDN and without speed impact?

Hi, does the plugin work with an Nginx + Ubuntu server installed? I also have a theme that automatically writes to htaccess. And you don’t have to remove the variables that the theme removes for it to work.

I bought this plugin last week and when I am trying to setup it’s not working. I have contacted you through support email even then your team not able to solve the issue. My hosting provider told that we are using dedicated managed Wordpress plan it has inbuilt integration of security and cannot be changed. Mainly I need your security plugin is to hide my website from online theme and plugin detectors. Please find me a solution to hide my website from detectors.

Even afer making the htaccess file to writable there is issue in plugun setting. i have sent an email to support@wpwave.com with the issue details. please get back to me as soon as possible and solve the issue

when we are enabling the light or medium privacy settings out website is breaking down and not working. website also became very slow please check screenshot https://drive.google.com/file/d/16xPP2SS3bmFyU5AinRyf66mnu8KDUChZ/view?usp=sharing

Hello,

I’m experiencing an issue related to the Privacy Settings in your plugin.

When I enable Medium Privacy Settings, the template style breaks on mobile devices, as shown in the following screenshot: https://postimg.cc/HjVWpDPs

When I enable High Privacy Settings, the template style also breaks on the desktop version, as shown in this screenshot: https://postimg.cc/ZvBJjpyy

Please let me know how to fix this while still maintaining the desired privacy level.

Thank you for your support.

Can we use this plugin with another security plugin called “WP Guard – WordPress Security, Firewall & Anti-Spam ” ?

There is an issue where if you change uploads path it breaks the images on Elementor template screenshots that shows you a preview of what they look when you click templates on the Elementor editor page. There is a popup which shows all the templates built into Elementor, but the URLs to the images on Elementor’s site is being overwritten by my uploads rewrite rule. Any way to stop this? I don’t have auto-config enabled. I tried excluding Elementor URL in my htacess file, but it doesn’t work. I tried adding Elementor URL in the custom find and replace still didn’t work. The URLs load in an AJAX popup window I think not on page load. This is a huge problem as it means you cannot use Elementor’s premade templates for sections, elements, pages etc. since you cannot see the preview for each one.

You still use the white list IPs from the API of a stopped plugin, it had been closed as of October 25, 2021: https://wordpress.org/plugins/scan-my-wp/ Please update and rebuild this point. And today i got blocked out from Admin daschboard with Admin user role, there are still much work you could do to improve this plugin, please keep working on it, thank you.