Generic filters
Exact matches only
Search in title
Search in content
Filter by Categories
PHP Script
Easy Digital Downloads
MainWP WordPress Manager
Ultimate Member
Themify Themes

WP Hide & Security Enhancer PRO v4.3.1

WP Hide & Security Enhancer Pro Nulled is a simple solution to keep your WordPress core files, login page, theme, and plugin directories hidden from view on the front end. This is a significant improvement over Site Security in that no one will know you’re running a WordPress site. Provide an easy method for eliminating all WordPress fingerprints from html.

There will be no changes to the files or directories!

There are no physical changes to any files or directories; everything is done digitally! All internal functionality and features are applied via URL rewriting methods and WordPress filters in the plugin code. Everything is done automatically, with no need for user participation.

WordPress core files and plugins are really hidden.

The plugin not only allows you to adjust your WordPress default urls, but it also allows you to hide/block defaults! Other comparable plugins just modify the slugs, but the defaults are still available, displaying WordPress as a content management system.

Change the default login urls for WordPress from wp-admin and wp-login.php to anything completely random. No one will ever figure out where to try to guess a password and gain access to your website. Totally undetectable!!

⭐Learn more about the best WordPress Security Plugins available today!


WP Hide Security Enhancer PRO demo
WP Hide Security Enhancer PRO Plugin

Features WP Hide & Security Enhancer PRO

  • There are no modifications to files or folders: On your server, no files or folders are modified; everything is done virtually! To apply all functionality and features, the plugin algorithm use URL rewriting methods and WordPress filters.
  • Compatible with all other plugins and themes: Code that is well-designed and compatible with all themes and plugins. The site will continue to function normally after the plugin is active.
  • Compatible with WordPress MultiSite: PRO FEATURE: MultiSite environment support. It may be configured to function per site (specific settings for each network site) or worldwide ( superadmin settings )
  • Personalized login URL: Boots attempting to brute force all sites receive hits on the login page. Due to the large number of tries, this necessitates a significant increase in processing CPU power, resulting in a significant drop in site performance and response time. Boots will only visit a cached 404 error page if the default login URL is blocked, therefore no resource is needed.
  • Any host / server can use it: Different hosting server configurations based on Linux and Windows operating systems have been tested and are 100% compatible.
  • Compatible with Nginx: PRO FEATURE: LEMP stack and full Nginx support. Included is an advanced rewrite query engine that provides the most efficient and light rewriting data.
  • Rewrite deployment (automated / manual): PRO FEATURE: Apache and IIS are used to automatically deploy the rewrite data on the server. If this isn’t possible, a graphical user interface can be used to walk you through the procedure. Automatic rewriting updates can be disabled for manual updates if necessary.
  • Paths are blocked and rewritten (by default): The plugin not only allows you to adjust your WordPress default URLs, but it also allows you to hide/block defaults!
    All other comparable plugins just modify the slugs, but the default is still available.
  • Customizing the URL of the plugin: Change the path to a plugin’s folder and any unique URL for that plugin, with the option to disable all defaults.
  • Cleaning up the meta: HTML Meta clean-up for Meta Generator, wlwmanifest, feed links, rsd link, adjacent posts rel, profile link, canonical link, and more PRO FEATURE
  • Ajax calls in WordPress should be changed: PRO FEATURE: Block the default use of run-ajax.php and change it to anything else.
  • Import/Export Preferences: PRO FEATURE: Import/export feature makes it simple to migrate settings and set up plugins.
  • Compatible with PHP mod rewrite and web.config: To offer rapid and efficient URL changes, seamless interaction with current Apache mod rewrite or IIS web.config PHP extensions is provided.
  • Default WordPress folders should be changed: Replace wp-content, wp-include, and wp-admin with customized WordPress directories. Everything is done theoretically; no real folders on the server are modified.
  • Masking by Theme: To suppress the display of the theme name, version, author, and other information about the theme or child theme, hide any references to it. It won’t be obvious that it’s a WordPress theme.
  • Cleaning up the HTML: Clean up HTML comments created by plugins and themes, as well as WordPress core auto-generated classes for the body, post, and pictures, such as page-template-x, format-x, and wp-image-x.
  • Replacements in Postprocessing: PRO FEATURE: Replace any element on your site, including HTML and assets ( CSS, Javascript variables )
  • Clean up the headers: PRO FEATURE: Remove X-Powered-By, X-Pingback, and other headers from server answers.
  • Control using the XML-RPC API: Change the path and block the default path to have complete control over the XML-RPC API (xml-rpc.php path, disable XML-RPC authentication, remove pingback).
  • Control using JSON REST API: By disabling and blocking the default url, you can have complete control over the JSON REST V1 and V2 APIs. Disable the REST API link tag from being shown in the page header. Disable the WP RSD endpoint for JSON REST,
  • CSS Advanced Options: PRO FEATURE: Gives you complete control over CSS data and associated items (Html classes and IDs). Combine all assets and inline CSS into a single file, then do post-processing on the CSS assets and HTML to remove comments, minify, and replace Classes and IDs.
  • Processing in JavaScript: PRO FEATURE: Complete control over JS assets, including inline code concatenation into a single file, code cleaning, minification, and the replacement of JavaScript variables.
  • Access to the default core files is restricted: Direct access to any of the WordPress root files, such as license.txt, wp-load.php, and wp-settings.php, should be blocked. Individual file permissions/restrictions are provided.
  • Controlling the output of HTML: Disable emoji, tidy up styles and scripts resources, remove version from URLs, and delete ID attribute
  • Firewall: PRO FEATURE: Using a proactive security solution, a website may be fully protected. Adds an extra layer of security, preventing harmful and malware from reaching the server.
  • CDN: Supports integration with a Content Distribution Network by providing a specialized interface (CDN)
  • URLs for Custom Maps: PRO FEATURE: Custom Map URLs that may be used to replace any current HTML link. This feature may also be used to remap full paths and subdirectories.
  • Themes and plugins with a white label: PRO FEATURE: White label plugins/themes/code, even complicated programs like page builders, by replacing text on outputted code and assets ( Elementor, WPBakery Page Builder ).

Changelog WP Hide & Security Enhancer PRO Nulled Free


Release Date – 2022-11-01

Process the JCH HTTP2 Preloads headers


Release Date – 2022-10-31

Check if the option is serialized before reverting the URLs within.

Release Date – 2022-10-18

Support the default /cache/wph/ folder location customization through the WPH_CACHE_FOLDER constant
Improved Disable Developer Tools feature, by returning an empty page.
Text typo fixes.

Release Date – 2022-10-12

Ignore the replacements on Avada options save
Fix undefined key when using the emulator options

Release Date – 2022-10-10

Compatibility with JCH Optimize plugin


Release Date – 2022-10-06

Fixed the JavaScript tags with no type paramether
Fixed the captcha for fusion builder when replace the fusion fingerprint
Fixed static function within a2 optimisez compatibility file

Release Date – 2022-10-06

W3 Total Cache – implements support for Push CDN and custom folders


Release Date – 2022-09-28

New options interface – User Interactions: Disable Mouse right click, Disable Text Selection, Disable Copy / Paste, Disable Print, Disable Print Screen, Disable Developer Tools, Disable View Source, Disable Drag / Drop
Better accessibility for additional details regarding each of the options.
Slight layout improvements.
Improved progress score calculation for Headers.
A2 Optimized WP – compatibility fix.
Fix CDN option external help page URL.


Release Date – 2022-09-15

Fixed the TinyMCE editor on Tutor LMS course add when using JavaScript PostProcessing

Release Date – 2022-09-13

When using CSS PostProcessing, for InPlace & Encode Inline, ignore the already base64 encoded blocks.
Check for Uncode WPBakery Page Builder and include the compatibility module

Release Date – 2022-09-09

Add replacements for the forget password url through lostpassword_url filter, for plugins not using the correct format.
When generate random slug for admin ajax option, prepend the php extension.

Release Date – 2022-08-11
Updated WP Backery / JS Composer compatibility, keep the scripts IDs when the option “Remove ID from script tag” is active
Compatibility with Classified Listing – Classified ads & Business Directory Plugin, keep the scripts IDs when the option “Remove ID from script tag” is active

3.8.1 – Release Date – 2022-08-08
Update compatibility with YellowPencil, certain css not rendered correctly when using the replacements.

3.8 – Release Date – 2022-07-28
Compatibility with Debloat
Relocate and deprecate templates_data property on WPH class to WPH_Environment class, for lighter core.

3.7.7 – Release Date – 2022-07-27
Add a new button to reset the current page options.
Improved algorithm to parse the style tags blocks, to avoid regex which fails on very large sections.
Improved CSS PostProcessing
Move very large in-line style block ( > 50k chars ) as separate asset, to prevent browser in-line import URL failure.
Improved regex for faster style/link stylesheet ID removal
Use regex to sanitize the URL arguments
Relocated the Reset All Settings button to the bottom of the interface.
Slight layout improvements and changes.
WordPress 6.0.1 compatibilit tag

3.7.4 – Release Date – 2022-07-26
Sanitize URL arguments using regex instead sanitize_text_field

3.7.1 – Release Date – 2022-07-12
New filter wp-hide/content_urls_replacement/replacement_list to interfact with the replacement list, before the substitutions.
Ignore “Remove ID from script tag” when Fusion/Avada Builder interface
WPML – Add replacements for slugs that include a white space in front, to catch srcset URLs
Fix: Split the content for Emulate function to avoid inserting the tag after head section ( within the body content ).

3.6.8 – Release Date – 2022-07-11
New functionality – Rewrite Mu Plugins / block
Process scripts tags ( e.g. remove IDs ) when PostProcessing.
Process link/style tags ( e.g. remove IDs ) when PostProcessing
Code clean-up
Slight Interface Texts updates

3.6 – Release Date – 2022-06-16
New CSS PostProcessing function – In Place & Encode Inline
Check if preloader attributes, to correctly identify the CSS content
Use utf8_decode for inline CSS to ensure parsing of correct chars
Use the original script tag attributes when PostProcessing
Use the original style/link tag attributes when PostProcessing
Allow Text Replace function to change urls too
Code Clean-up
Code Improvements
Ignore specific assets ( critical, used css, etc ) when PostProcessing Combine.
Compatibility update with Perfmatters
Compatibility update with WP Cloudflare Page Cache

3.5.2 – Release Date – 2022-05-03
Include error type e004, when deactivate a license key and the order is non-allowed.
Assets PostProcessing improvements for “Document Loaded Assets PostProcessing” functionality – Release Date – 2022-05-02
Fix for “Document Loaded Assets PostProcessing”, at rewrite regex group catch when using MultiSite environment
Fix the help links with the relocated postprocessing interfaces – Release Date – 2022-04-20
Upgrade the sample content_security_policy header
Add a sleep ( 2 seconds ) for recovery operation to prevent hammering
Allow rewrites for “Document Loaded Assets PostProcessing”
Check if security headers are successfully deployed and the system allow custom headers
Fix format for content_security_policy header, for block-all-mixed-content’ and ‘upgrade-insecure-requests’ options

3.5 – Release Date – 2022-04-12
New Security Functionality – Headers. HTTP Response Headers are a powerful tool to Harden Your Website.
Security Headers – Content-Security-Policy, Content-Security-Policy-Report-Only, Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), Expect CT, Feature Policy, Strict-Transport-Security (HSTS), X-Content-Type-Options, X-Download-Options, X-Frame-Options (XFO), X-Permitted-Cross-Domain-Policies, X-XSS-Protection.
Security Headers – Protection Level graph
Security Headers – Sample Setup
Security Headers – Recovery functionality
Rewrite engine extend with Headers capability
Use a single replacement list array that runs at the end of replacement procedure, for faster processing.
New Option – Convert Relative URLs to Absolute URLs.
Consolidate the General/CSS and General / JavaScript into the new Post-Processing menu item
Styles and layout improvements
Clean-up comments within generated Rewrites
Disable custom WP_Admin_Bar, to allow final replacements to process it.
Code clean-up
Add simple replacement for ‘/wp-admin’ to ensure it catch instances using relative URL
Fix: Append URL arguments to login URL, if exists
Fix: Ignore CSS PostProcessing for SVG data

v3.4.5 – Release Date – 2022-03-03
Filter for upcoming Avada, when use their combined functionality
Disable E=WPH_REWRITE to avoid any additional server rewrite processing
JSON block ‘Non logged-in’, check the HTTP:Authorization for credentials before block the call
Small code clean-up

v2.9.1 - Release Date – 2021-12-17
Add ‘ajax’ as system reserved to avoid issues when using as value
Release Date – 2021-11-17
Allow Replacements duplicate, through the constant WPH_REPLACEMENTS_ALLOW_DUPLICATE set to True
Release Date – 2021-11-16
License class updates
Release Date – 2021-11-09
Code Update check, set transient for 12 hours
WP Rocket – Optimize CSS Delivery – compatibility

v2.3.4.2 - Release Date – 2021-10-28
New filter wph/module/general_scripts/remove_id_attribute/ignore_ids

v2.3.4 - Release Date – 2021-10-21
New option Remove ID from script tag, using regex

v2.3.3 Release Date – 2021-10-10
Fix API call when license key is not provided

Release Date – 2021-08-26
Author – Nsp Code
Hash – eac64720e88f2730d6f9252245691549d610164d

New feature – JavaScript PostProcessing with InPlace processing and inline code encoding ( base64 ) to avoid dynamic JavaScript code to be saved into cache.
New Feature – Remove JavaScript scripts ID tag using filter ( faster ) or regex (slower, if filter not catching the content )
New feature – Clean the REST API response
Compatibility with WP Meteor

v2.3.1.2 - Release Date – 2021-05-05
Check if get_filesystem_method() method exists or load the filesystem files.
Allow short word as ‘vc’ for replacements to be used for Visual Composer fingerprint replacement

= v2.2.8 =
Release Date – 2020-12-29
Author – Nsp Code
Hash – 7ac7090ae63f3b8e9eb917536d5d67ab780e023b

Use pre_update_option to revert urls for saved options
Remove ‘query’ filtering to avoid breaking of seriaised arrays
Allow links to be processed when using preload attribute and no type as stylesheet

v2.2.7.4 - Release Date – 2020-11-23
Author – Nsp Code
Hash – 29e8095f9d7ac92060ef19d33cb5be37133903d8
Oxygen editor compatibility update

⭐See also: Collection of WordPress plugins updated daily on FreeWP

Download WP Hide & Security Enhancer PRO v4.3.1 Nulled Free

Note: Maybe you need to unzip before installing plugin. We do not give any guarantee if any theme/plugin contains virus. Please check on Virustotal before using it on localhost.