By wpWave · 32,500 sales · 4.47/5 (1,800 ratings) · Updated 2025-02-16
Hide My WP by wpWave is a WordPress security plugin with over 32,500 sales and a 4.47/5 buyer rating, focused on obscuring WordPress fingerprints from attackers and automated scanners. At a one-time $28 license fee, it offers a low-cost layer of security hardening for site owners who want to reduce their exposure without a steep technical overhead.
Hide My WP is a WordPress security utility developed by wpWave that tackles a specific, well-documented vulnerability: the fact that WordPress broadcasts its own identity. Out of the box, WordPress leaves visible signals — in source code, HTTP headers, file paths, and URL patterns — that tell any passing bot, scanner, or attacker exactly what CMS they're dealing with. That knowledge makes automated exploitation significantly easier.
Hide My WP addresses this by systematically stripping, renaming, or masking those signals. It is designed for a wide range of site owners: freelancers hardening client sites, small business owners who want meaningful security without hiring a developer, and agencies looking for a repeatable layer of protection they can deploy across many installs. It is not a firewall or a full security suite — it works best alongside, not instead of, tools like a WAF or a dedicated malware scanner.
The core feature of the plugin is the ability to rename or hide the standard WordPress paths that attackers rely on. This includes the wp-admin login URL, the wp-content and wp-includes directories, plugin and theme folder names, and common query strings. By remapping these, the plugin makes automated vulnerability scans far less effective, since they typically probe known WordPress-specific URLs and file structures.
Beyond URL changes, Hide My WP removes meta generator tags, REST API endpoint exposure, RSD links, and other HTML-level fingerprints that reveal the underlying CMS. This is particularly useful for agencies that want to present a clean, CMS-agnostic front end to the public — or simply reduce the signal-to-noise ratio for bots probing the site.
The plugin includes a basic intrusion detection system (IDS) that logs and alerts on suspicious activity, such as repeated probing of hidden URLs or known attack patterns. While this does not replace a dedicated security monitoring service, it gives site owners visibility into probing attempts that might otherwise go unnoticed.
One legitimate concern with any plugin that rewrites URLs and paths is plugin compatibility. wpWave includes a safe mode to help recover access if a setting causes a conflict, which is a practical safeguard that reduces the risk of accidentally locking yourself out of your own admin area — a real failure mode with aggressive security plugins.
With 32,500+ sales across a diverse WordPress user base, Hide My WP has been tested against a wide variety of themes, page builders, and plugin stacks. The market scale itself is evidence of reasonably mature compatibility handling, though edge cases with complex configurations still arise.
At $28 as a one-time license, Hide My WP is priced accessibly for both individual site owners and small agencies. There is no recurring subscription cost for the base license, which is a genuine differentiator in a market where many security tools have moved to annual billing models. Buyers should verify on the marketplace whether the license includes extended support or whether continued updates beyond the initial support period require renewal — this is a common trade-off with one-time-priced plugins on theme marketplaces.
For the price point, the feature set is strong. Competing WordPress security plugins at similar or higher price points often bundle many features that overlap with other tools you may already have. Hide My WP's focused approach means you're paying for a specific, well-defined capability rather than a bloated suite.
A buyer rating of 4.47 out of 5 from 1,800 reviews is a credible signal. At that review volume, the score is statistically stable and not easily skewed by a handful of outliers. It suggests the plugin delivers reliably on its stated promises for the majority of users. The total sales figure of over 32,500 places it among the more widely adopted WordPress security utilities in the marketplace — a meaningful indicator of longevity and continued relevance.
The last author update in February 2025 is worth noting. WordPress evolves quickly, and security plugins in particular require regular maintenance to stay effective and compatible. Buyers should confirm before purchasing whether further updates are planned and whether the plugin has been tested against the current WordPress major version. A gap of a year or more without updates would be a concern in this category.
Hide My WP is a security-through-obscurity layer, and buyers need to understand its scope honestly. It does not scan for malware, patch vulnerabilities, enforce strong passwords, or provide a web application firewall. Site owners who need a comprehensive all-in-one security solution should pair this plugin with — or potentially replace it with — tools specifically designed for those functions.
Additionally, developers running highly customized WordPress installations with non-standard directory structures or complex multisite setups may encounter compatibility friction. The plugin also requires a moderate comfort level with WordPress administration to configure correctly; less technical users may find some settings confusing without consulting documentation.
Hide My WP is a well-established, affordably priced utility that does one important job effectively: making your WordPress install harder to detect and exploit through automated scanning. It's an ideal first-layer security addition for freelancers, small businesses, and agencies who already have a broader security stack in place. Buyers who expect it to function as a complete security solution will be disappointed — but those who understand its scope will find strong value at the $28 price point.