Quick look: HideMyWp changes the URLs (“Change WordPress permalinks” and the URLs for plugins and administrative pages). Whoop-tee-doo.

Hackers getting in from server-level security breaches don’t use a URL, they are already inside the security system.

Hackers from bad plugins know the internal location they are run from (a necessary PHP function), and easily get the location of all other plugins, with a single database query; they’re already inside the security system.

HideMyWP thinks that’s “good security”. The site says, “This means you can install unsafe plugins without worry about security.” — they are lying or incompetent. An unsafe plugin can change the content of your post/pages/comments, ruin your database, install malware, collect your user names and passwords, send out emails, etc.

The “Better WP Security” plugin has a “Hide WordPress Backend” feature, as a tiny part of the security they provide, and consider it optional.

I refuse to install unknown “security” plugins like HideMyWp.

Below is what the free check from a good site checking and malware removal company found about their site:

Ah, they have /wp-login.php?hide_my_wp=1234 instead of /wp-login.php, they have /wp-admin/, themes in /template/main.css, some kind of program modules in
/modules/0f6a208e/shortcodes.php, Ooooh I know where jQuery is /lib/js/jquery/jquery.js, and their media goes in /file/2010/08/test-image-landscape.jpg. That’s plenty for hackers to start probing.

  1. Web Server Details
  2. Scan for: http://wpwave.com
  3. Hostname: wpwave.com
  4. IP address: 192.241.141.239
  5.  
  6. System Details:
  7. Running on: Apache/2.2.22
  8. System info: (Ubuntu)
  9. Powered by: PHP/5.4.6-1ubuntu1.3
  10.  
  11. List of Links Found
  12. http://hide-my-wp.wpwave.com/
  13. http://hide-my-wp.wpwave.com/page/blog
  14. http://hide-my-wp.wpwave.com/page/front-page
  15. http://hide-my-wp.wpwave.com/page/about
  16. http://hide-my-wp.wpwave.com/page/about/clearing-floats
  17. http://hide-my-wp.wpwave.com/page/about/page-with-comments-disabled
  18. http://hide-my-wp.wpwave.com/page/about/page-with-comments
  19. http://hide-my-wp.wpwave.com/page/level-1
  20. http://hide-my-wp.wpwave.com/page/level-1/level-2
  21. http://hide-my-wp.wpwave.com/page/level-1/level-2a
  22. http://hide-my-wp.wpwave.com/page/level-1/level-2b
  23. http://hide-my-wp.wpwave.com/page/level-1/level-2/level-3
  24. http://hide-my-wp.wpwave.com/page/level-1/level-2/level-3a
  25. http://hide-my-wp.wpwave.com/page/level-1/level-2/level-3b
  26. http://hide-my-wp.wpwave.com/page/lorem-ipsum
  27. http://hide-my-wp.wpwave.com/page/page-a
  28. http://hide-my-wp.wpwave.com/page/page-b
  29. http://hide-my-wp.wpwave.com/page/page-c
  30. http://hide-my-wp.wpwave.com/wp-login.php
  31. http://hide-my-wp.wpwave.com/wp-login.php?hide_my_wp=1234
  32. http://hide-my-wp.wpwave.com/wp-admin/
  33. http://hide-my-wp.wpwave.com/template/main.css
  34. http://hide-my-wp.wpwave.com/modules/0f6a208e/shortcodes.css
  35. http://hide-my-wp.wpwave.com/modules/0f6a208e/shortcodes.php
  36. http://hide-my-wp.wpwave.com/lib/js/jquery/jquery.js
  37. http://hide-my-wp.wpwave.com/file/2010/08/test-image-landscape.jpg
  38. http://hide-my-wp.wpwave.com/ajax.php
  39. http://hide-my-wp.wpwave.com/?article_id=1
  40. http://hide-my-wp.wpwave.com/?user=1
  41. http://hide-my-wp.wpwave.com/?find=hide
  42. http://hide-my-wp.wpwave.com/?p=1
  43. http://hide-my-wp.wpwave.com/?author=1
  44. http://hide-my-wp.wpwave.com/?s=hide
  45. http://hide-my-wp.wpwave.com/admin
  46. http://hide-my-wp.wpwave.com/author/admin
  47. http://hide-my-wp.wpwave.com/index.xml
  48. http://hide-my-wp.wpwave.com/cat/aciform/index.xml
  49. http://hide-my-wp.wpwave.com/feed
  50. http://hide-my-wp.wpwave.com/readme.html
  51. http://hide-my-wp.wpwave.com/license.txt
  52. http://hide-my-wp.wpwave.com/2012/09/
  53. http://hide-my-wp.wpwave.com/?m=201209
  54. http://hide-my-wp.wpwave.com/page/nobody-can-ever-know-you-use-wordpress/attachment/04_import_export
  55. http://hide-my-wp.wpwave.com/page/nobody-can-ever-know-you-use-wordpress/attachment/03_general-2
  56. http://hide-my-wp.wpwave.com/page/nobody-can-ever-know-you-use-wordpress/attachment/02_permalink
  57. http://hide-my-wp.wpwave.com/uncategorized/hello-world
  58. http://hide-my-wp.wpwave.com/cat-a/readability-test
  59. http://hide-my-wp.wpwave.com/aciform/layout-test
  60. http://hide-my-wp.wpwave.com/uncategorized/images-test
  61. http://hide-my-wp.wpwave.com/uncategorized/post-format-test-gallery
  62. http://hide-my-wp.wpwave.com/uncategorized/comment-test
  63. http://hide-my-wp.wpwave.com/2012/09
  64. http://hide-my-wp.wpwave.com/2008/09
  65. http://hide-my-wp.wpwave.com/2008/06
  66. http://hide-my-wp.wpwave.com/2008/05
  67. http://hide-my-wp.wpwave.com/2008/04
  68. http://hide-my-wp.wpwave.com/2008/03
  69. http://hide-my-wp.wpwave.com/cat/aciform
  70. http://hide-my-wp.wpwave.com/cat/antiquarianism
  71. http://hide-my-wp.wpwave.com/cat/arrangement
  72. http://hide-my-wp.wpwave.com/cat/asmodeus
  73. http://hide-my-wp.wpwave.com/cat/broder
  74. http://hide-my-wp.wpwave.com/cat/buying
  75. http://hide-my-wp.wpwave.com/cat/cat-a
  76. http://hide-my-wp.wpwave.com/cat/cat-b
  77. http://hide-my-wp.wpwave.com/cat/cat-c
  78. http://hide-my-wp.wpwave.com/cat/championship
  79. http://hide-my-wp.wpwave.com/cat/chastening
  80. http://hide-my-wp.wpwave.com/cat/clerkship
  81. http://hide-my-wp.wpwave.com/cat/disinclination
  82. http://hide-my-wp.wpwave.com/cat/disinfection
  83. http://hide-my-wp.wpwave.com/cat/dispatch
  84. http://hide-my-wp.wpwave.com/cat/echappee
  85. http://hide-my-wp.wpwave.com/cat/enphagy
  86. http://hide-my-wp.wpwave.com/cat/equipollent
  87. http://hide-my-wp.wpwave.com/cat/fatuity
  88. http://hide-my-wp.wpwave.com/cat/gaberlunzie
  89. http://hide-my-wp.wpwave.com/cat/illtempered
  90. http://hide-my-wp.wpwave.com/cat/insubordination
  91. http://hide-my-wp.wpwave.com/cat/lender
  92. http://hide-my-wp.wpwave.com/cat/monosyllable
  93. http://hide-my-wp.wpwave.com/cat/packthread
  94. http://hide-my-wp.wpwave.com/cat/palter
  95. http://hide-my-wp.wpwave.com/cat/papilionaceous
  96. http://hide-my-wp.wpwave.com/cat/personable
  97. http://hide-my-wp.wpwave.com/cat/propylaeum
  98. http://hide-my-wp.wpwave.com/cat/pustule
  99. http://hide-my-wp.wpwave.com/cat/quartern
  100. http://hide-my-wp.wpwave.com/cat/scholarship
  101. http://hide-my-wp.wpwave.com/cat/selfconvicted
  102. http://hide-my-wp.wpwave.com/cat/showshoe
  103. http://hide-my-wp.wpwave.com/cat/sloyd
  104. http://hide-my-wp.wpwave.com/cat/aciform/sub
  105. http://hide-my-wp.wpwave.com/cat/sublunary
  106. http://hide-my-wp.wpwave.com/cat/tamtam
  107. http://hide-my-wp.wpwave.com/cat/uncategorized
  108. http://hide-my-wp.wpwave.com/cat/weakhearted
  109. http://hide-my-wp.wpwave.com/cat/ween
  110. http://hide-my-wp.wpwave.com/cat/wellhead
  111. http://hide-my-wp.wpwave.com/cat/wellintentioned
  112. http://hide-my-wp.wpwave.com/cat/whetstone
  113. http://hide-my-wp.wpwave.com/cat/years
  114.  
  115. List of scripts included
  116. http://hide-my-wp.wpwave.com/template/js/html5.js
  117. http://hide-my-wp.wpwave.com/lib/js/jquery/jquery.js
  118. http://hide-my-wp.wpwave.com/lib/js/jquery/jquery-migrate.min.js
  119. http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.core.min.js
  120. http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.widget.min.js
  121. http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.accordion.min.js
  122. http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.tabs.min.js
  123. http://hide-my-wp.wpwave.com/modules/0f6a208e/js/zilla-shortcodes-lib.js
  124. http://hide-my-wp.wpwave.com/template/js/navigation.js
  125. http://w.sharethis.com/button/buttons.js
  126. http://s.sharethis.com/loader.js

Pin It on Pinterest

Share This