Q: Hi Team Squirrly, I’m interested in purchasing your plugin Hide My WP Ghost, but I have a few questions before making a decision: 1.
Does your plugin include any features to block DDoS attacks specifically on the home page or any other page/post? Alternatively, can you add this function in the near future upon request?
2. If I choose to change all the classes and rename file paths, will your plugin cause any issues or slow down my website?
3. Currently, I am using WP Cerber and Cloudflare for my website. Can Hide My WP Ghost replace WP Cerber?
Looking forward to your response.
Thank you!
Irina_Squirrly
May 15, 2024A: Hey there, Shadowleaf! Thank you so much for your interest in Hide My WP Ghost by Squirrly!
1. Server-side protection is great for stopping all sorts of DDoS and similar attacks.
Now, on the application side (WordPress) – its information is exposed.
People can easily find out you are using WordPress as your CMS and start to poke the common points of XSS entries, such as RSD, WP-JSON, and similar entry points.
They will also predict which vulnerable plugin paths you have, so they can try cross-scripting on those plugins.
So you should use Hide My WP Ghost to completely block out those easy-to-guess information (together with brute force and limit login attempts).
This way, your WP application side is protected without having the bloat on it.
And gain peace of mind knowing both Server and Application are well protected.
Your best security stack:
- Server Side: Protected and Hardened with Malware Detection, etc.
- Application side (WP): use Hide My WP Ghost to complete the story.
This can't be stopped using a plugin as the traffic is processed by the server and until it reaches the plugin filter, it already uses resources. We added in HMWP Ghost all the filters and firewalls that can be added to protect you from attacks.
2. There are a limited number of settings inside Hide My WP Ghost that can slow the site. These settings are NOT active by default. Plus, for the settings that can slow the site, we offer warnings, so that people will know that playing with those settings will have an impact on this. But that's only for those who want to use it hardcore for footprint removal, instead of using it for security.
Our documentation (Knowledge Base resources) also includes details about this.
3. We don't intend to replace the other security plugins out there. Our purpose is to add an extra layer of protection (not available in the others), in order to prevent hacking attempts.
Instead of focusing on fixing files that were already infected, we focus on hiding the paths that hacker bots use to gain access or inject scripts.
Hackers and hacker bots can't attack what they can't find, so this will automatically increase the level of protection of any WP site.
With Hide My WP Ghost, you prevent attacks from happening, by hiding vulnerabilities in themes, WP core and plugins.
I
This offers an extra layer of protection that you don't get from other plugins, because those focus on helping you while you are attacked and after you were attacked, by cleaning files, detecting malware, injections, etc.
With Hide My WP Ghost, you can avoid getting injections in the first place
Our plugin is compatible with WP Cerber Security. For more details, I encourage you to check out this resource: https://hidemywpghost.com/hide-my-wp-ghost-with-wp-cerber-security/
Shadowleaf
Verified purchaser
Hey Team Squirrly,
I have a couple more questions for you:
1. Is it possible to block a specific country that has attacked the website?
2. Can your plugin effectively block spam comments?
Looking forward to your response!
Best,
Riz
Great questions!
>> Is it possible to block a specific country that has attacked the website?
At the moment, you can only use Hide My WP Ghost to ban the IP addresses or the range of IP addresses that you never want to be able to access the login page.
For more details: https://hidemywpghost.com/kb/brute-force-attack-protection/#ban_ip_address
>> Can your plugin effectively block spam comments?
Hide My WP Ghost stops the automatic spamming on the WordPress common files. For comment spam: you can hide the wp comments.
However, note that hiding the file wp-comments-post.php will not stop the people who fill in the comment forms on your site and send you spam comments. To completely stop spam comments, we recommend also using a dedicated Anti-Spam plugin which has a spammer database list and is tailored to blocking unwanted comments.
Hope this helps!