Quick look: HideMyWp changes the URLs (“Change WordPress permalinks” and the URLs for plugins and administrative pages). Whoop-tee-doo.

Hackers getting in from server-level security breaches don’t use a URL, they are already inside the security system.

Hackers from bad plugins know the internal location they are run from (a necessary PHP function), and easily get the location of all other plugins, with a single database query; they’re already inside the security system.

HideMyWP thinks that’s “good security”. The site says, “This means you can install unsafe plugins without worry about security.” — they are lying or incompetent. An unsafe plugin can change the content of your post/pages/comments, ruin your database, install malware, collect your user names and passwords, send out emails, etc.

The “Better WP Security” plugin has a “Hide WordPress Backend” feature, as a tiny part of the security they provide, and consider it optional.

I refuse to install unknown “security” plugins like HideMyWp.

Below is what the free check from a good site checking and malware removal company found about their site:

Ah, they have /wp-login.php?hide_my_wp=1234 instead of /wp-login.php, they have /wp-admin/, themes in /template/main.css, some kind of program modules in
/modules/0f6a208e/shortcodes.php, Ooooh I know where jQuery is /lib/js/jquery/jquery.js, and their media goes in /file/2010/08/test-image-landscape.jpg. That’s plenty for hackers to start probing.

Web Server Details
Scan for: http://wpwave.com
Hostname: wpwave.com
IP address: 192.241.141.239

System Details:
Running on: Apache/2.2.22
System info: (Ubuntu)
Powered by: PHP/5.4.6-1ubuntu1.3

List of Links Found
http://hide-my-wp.wpwave.com/
http://hide-my-wp.wpwave.com/page/blog
http://hide-my-wp.wpwave.com/page/front-page
http://hide-my-wp.wpwave.com/page/about
http://hide-my-wp.wpwave.com/page/about/clearing-floats
http://hide-my-wp.wpwave.com/page/about/page-with-comments-disabled
http://hide-my-wp.wpwave.com/page/about/page-with-comments
http://hide-my-wp.wpwave.com/page/level-1
http://hide-my-wp.wpwave.com/page/level-1/level-2
http://hide-my-wp.wpwave.com/page/level-1/level-2a
http://hide-my-wp.wpwave.com/page/level-1/level-2b
http://hide-my-wp.wpwave.com/page/level-1/level-2/level-3
http://hide-my-wp.wpwave.com/page/level-1/level-2/level-3a
http://hide-my-wp.wpwave.com/page/level-1/level-2/level-3b
http://hide-my-wp.wpwave.com/page/lorem-ipsum
http://hide-my-wp.wpwave.com/page/page-a
http://hide-my-wp.wpwave.com/page/page-b
http://hide-my-wp.wpwave.com/page/page-c
http://hide-my-wp.wpwave.com/wp-login.php
http://hide-my-wp.wpwave.com/wp-login.php?hide_my_wp=1234
http://hide-my-wp.wpwave.com/wp-admin/
http://hide-my-wp.wpwave.com/template/main.css
http://hide-my-wp.wpwave.com/modules/0f6a208e/shortcodes.css
http://hide-my-wp.wpwave.com/modules/0f6a208e/shortcodes.php
http://hide-my-wp.wpwave.com/lib/js/jquery/jquery.js
http://hide-my-wp.wpwave.com/file/2010/08/test-image-landscape.jpg
http://hide-my-wp.wpwave.com/ajax.php
http://hide-my-wp.wpwave.com/?article_id=1
http://hide-my-wp.wpwave.com/?user=1
http://hide-my-wp.wpwave.com/?find=hide
http://hide-my-wp.wpwave.com/?p=1
http://hide-my-wp.wpwave.com/?author=1
http://hide-my-wp.wpwave.com/?s=hide
http://hide-my-wp.wpwave.com/admin
http://hide-my-wp.wpwave.com/author/admin
http://hide-my-wp.wpwave.com/index.xml
http://hide-my-wp.wpwave.com/cat/aciform/index.xml
http://hide-my-wp.wpwave.com/feed
http://hide-my-wp.wpwave.com/readme.html
http://hide-my-wp.wpwave.com/license.txt
http://hide-my-wp.wpwave.com/2012/09/
http://hide-my-wp.wpwave.com/?m=201209
http://hide-my-wp.wpwave.com/page/nobody-can-ever-know-you-use-wordpress/attachment/04_import_export
http://hide-my-wp.wpwave.com/page/nobody-can-ever-know-you-use-wordpress/attachment/03_general-2
http://hide-my-wp.wpwave.com/page/nobody-can-ever-know-you-use-wordpress/attachment/02_permalink
http://hide-my-wp.wpwave.com/uncategorized/hello-world
http://hide-my-wp.wpwave.com/cat-a/readability-test
http://hide-my-wp.wpwave.com/aciform/layout-test
http://hide-my-wp.wpwave.com/uncategorized/images-test
http://hide-my-wp.wpwave.com/uncategorized/post-format-test-gallery
http://hide-my-wp.wpwave.com/uncategorized/comment-test
http://hide-my-wp.wpwave.com/2012/09
http://hide-my-wp.wpwave.com/2008/09
http://hide-my-wp.wpwave.com/2008/06
http://hide-my-wp.wpwave.com/2008/05
http://hide-my-wp.wpwave.com/2008/04
http://hide-my-wp.wpwave.com/2008/03
http://hide-my-wp.wpwave.com/cat/aciform
http://hide-my-wp.wpwave.com/cat/antiquarianism
http://hide-my-wp.wpwave.com/cat/arrangement
http://hide-my-wp.wpwave.com/cat/asmodeus
http://hide-my-wp.wpwave.com/cat/broder
http://hide-my-wp.wpwave.com/cat/buying
http://hide-my-wp.wpwave.com/cat/cat-a
http://hide-my-wp.wpwave.com/cat/cat-b
http://hide-my-wp.wpwave.com/cat/cat-c
http://hide-my-wp.wpwave.com/cat/championship
http://hide-my-wp.wpwave.com/cat/chastening
http://hide-my-wp.wpwave.com/cat/clerkship
http://hide-my-wp.wpwave.com/cat/disinclination
http://hide-my-wp.wpwave.com/cat/disinfection
http://hide-my-wp.wpwave.com/cat/dispatch
http://hide-my-wp.wpwave.com/cat/echappee
http://hide-my-wp.wpwave.com/cat/enphagy
http://hide-my-wp.wpwave.com/cat/equipollent
http://hide-my-wp.wpwave.com/cat/fatuity
http://hide-my-wp.wpwave.com/cat/gaberlunzie
http://hide-my-wp.wpwave.com/cat/illtempered
http://hide-my-wp.wpwave.com/cat/insubordination
http://hide-my-wp.wpwave.com/cat/lender
http://hide-my-wp.wpwave.com/cat/monosyllable
http://hide-my-wp.wpwave.com/cat/packthread
http://hide-my-wp.wpwave.com/cat/palter
http://hide-my-wp.wpwave.com/cat/papilionaceous
http://hide-my-wp.wpwave.com/cat/personable
http://hide-my-wp.wpwave.com/cat/propylaeum
http://hide-my-wp.wpwave.com/cat/pustule
http://hide-my-wp.wpwave.com/cat/quartern
http://hide-my-wp.wpwave.com/cat/scholarship
http://hide-my-wp.wpwave.com/cat/selfconvicted
http://hide-my-wp.wpwave.com/cat/showshoe
http://hide-my-wp.wpwave.com/cat/sloyd
http://hide-my-wp.wpwave.com/cat/aciform/sub
http://hide-my-wp.wpwave.com/cat/sublunary
http://hide-my-wp.wpwave.com/cat/tamtam
http://hide-my-wp.wpwave.com/cat/uncategorized
http://hide-my-wp.wpwave.com/cat/weakhearted
http://hide-my-wp.wpwave.com/cat/ween
http://hide-my-wp.wpwave.com/cat/wellhead
http://hide-my-wp.wpwave.com/cat/wellintentioned
http://hide-my-wp.wpwave.com/cat/whetstone
http://hide-my-wp.wpwave.com/cat/years

List of scripts included
http://hide-my-wp.wpwave.com/template/js/html5.js
http://hide-my-wp.wpwave.com/lib/js/jquery/jquery.js
http://hide-my-wp.wpwave.com/lib/js/jquery/jquery-migrate.min.js
http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.core.min.js
http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.widget.min.js
http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.accordion.min.js
http://hide-my-wp.wpwave.com/lib/js/jquery/ui/jquery.ui.tabs.min.js
http://hide-my-wp.wpwave.com/modules/0f6a208e/js/zilla-shortcodes-lib.js
http://hide-my-wp.wpwave.com/template/js/navigation.js
http://w.sharethis.com/button/buttons.js
http://s.sharethis.com/loader.js

Pin It on Pinterest

Share This