Hide My WP? Missing?


#1

Hello

Does anyone know why ‘Hide My WP’ is no longer being sold on CodeCanyon? Was just about to go an buy it and could not find it. After searching google the old link is there but says ‘Item no longer available’

Cheers.


#2

Maybe this has something to do with it:
https://www.reddit.com/r/Wordpress/comments/3evhx5/hide_my_wp_stored_xss_vulnerability/


#3

maybe it is temporary offline?


#4

No. Unfortunately the original reddit removed, but the founder of the vulnerability explained that the firewall module is a backdoor. Anyone can get access to the site using the exploit. Here is an other thread https://www.reddit.com/r/Wordpress/comments/3evvbj/any_know_why_hide_my_wp_plugin_has_suddenly/


#5

what no? it’s online again.


#6

Yes, maybe they fixed the bug what affected the firewall. It was a security hole, anyone could get access to your wordpress site using that vulnerability.


#7

but the question is: has this plugin a backdoor build in by design/on purpose of has this plugin being misused due a bug?


#8

I have no idea but I will change hide my wp on all of my clients sites to the other hide wordpress plugin from here.


#9

btw its not the only reason of the switch, many theme detector can detect my clients site as wordpress with plugins and themes. For example wappalyzer, whatwpthemeisthat, http://wpthemedetector.co.uk/?site-url=http%3A%2F%2Fhide-my-wp.wpwave.com etc


#10

(duplicated post removed)


#11

which other plugin do you use now?

be aware of that there doesn’t exits any software that’s bug free or not hackable.right?


#12

Im using Swift Security bundle http://codecanyon.net/item/swift-security-bundle-hide-wordpress-firewall-code-scanner/10143693 I also saw the not bundle version (without firewall and scanner) on my client’s site. I think the bundle version worth the price. The support is more than good! I hope I helped to you.


#13

it looks like they find an other vulnerability because envato blocked the plugin again. As I said earlier its unacceptable from a security plugin and I don’t understand how can this happen here.


#14

This is ridiculous - down again. Now with so many users jumping ship - where is everyone going?


#15

Yes, its a joke… I disabled it on my clients websites and switched to the newest hide wordpress plugin…


#16

Thanks everyone, I am going ahead and buying it as it seems to be back online, and to be fair its a awesome plugin. :slight_smile:


#17

Really?:confused: It’s your choice but why do you use a vulnerable security plugin? I saw in the comments the plugin is still vulnerable and envato/author don’t care about this. I don’t know the author but it looks like he is far away from coding.


#18
rlnl87 said

Really?:confused: It’s your choice but why do you use a vulnerable security plugin? I saw in the comments the plugin is still vulnerable and envato/author don’t care about this. I don’t know the author but it looks like he is far away from coding.

Envato takes down the item if they find a vulnerability - which you saw happen twice. It cannot reappear on the market until said vulnerability is fixed by the author and confirmed by Envato.


#19

Hi guys,

I’m the man behind HMWM. I’m so sorry for any inconvenience,

Yes, it was fixed now. Actually that part of code was came from a famous open source project which we thought it was safe and reliable while it was not. We have double checked everything. Hopefully, it never happen again.

In case of theme detectors, let me explain more. We have tested our plugin with those tools MILLIONS of times until it correctly do what is should. The fact is most of buyers do not have time to configure it properly. We uses pre-made setting scheme to solve the problem but some configurations are plugin base and it’s not possible to configure it for all plugins. It’s also expected that some of configuration cause incompatibility in some environments. Another point is that detectors may change their code after each update. They may work base on special plugins which are out of our control.

These problems are common with all other competitors but why our sweet competitor Swift do a better job with wpthemedetector? Because it was created by the same author :wink: In fact, it’s just a marketing tool!

We can easily create similar thing within an hour! Should we? :evil:


#20

Your product is still vulnerable. Please check the comments on your item’s page.

I don’t know and I don’t care who did the wpthemedetector.co.uk and it really doesn’t matter. The fact is it can detect your sites as wp. IF THEY CAN DETECT YOUR SITE AS WORDPRESS SITE EVERY HACKER CAN DO THE SAME!! If you offer a solution to hide wordpress you have to create a product what works. I’m sorry to say that but Swift security is much better than your product. My clients used hmwp, but all of them switched to swift security after this fail.