Add Files to “Hide WordPress Common Files”

Table of Contents

Adding the Filter in WordPress
- Option A: Editing functions.php
- Option B: Editing wp-config.php
Adding Multiple Files
Hiding the File in WP Ghost
Important

You want to hide additional common WordPress files, specifically wp-cron.php, using the WP Ghost plugin. This is accomplished by adding the filter hmwp_hide_commonfiles_files to modify the list of files to be hidden.

Adding the Filter in WordPress

You need to add a filter to either the functions.php file of your active theme or the wp-config.php file. This filter will modify the hidden files list.

Option A: Editing `functions.php`

Navigate to your WordPress admin dashboard.
Go to Appearance > Theme File Editor.
Select the functions.php file from the right-hand side menu.
Add the following code at the end of the functions.php file

add_filter('hmwp_hide_commonfiles_files', function($files){
  $files[] = 'wp-cron.php';
  return $files;
});

Option B: Editing `wp-config.php`

Access your WordPress site’s root directory via FTP or your hosting control panel’s file manager.
Open the wp-config.php file for editing.
Add the following code at the end of the wp-config.php file

// Add a new file in the list of hidden files
// The file will appear in the Hide WordPress Common Files list
add_filter('hmwp_hide_commonfiles_files', function($files){
  $files[] = 'myfile.php';
  return $files;
});

Adding Multiple Files

If you want to hide additional files such as wp-trackback.php and xmlrpc.php, you can modify the code as follows:

// Add new files in the list of hidden files
// The files will appear in the Hide WordPress Common Files list
add_filter('hmwp_hide_commonfiles_files', function($files){
    $files[] = 'myfile.php';
    $files[] = 'myfile1.php';
    $files[] = 'myfile2.php';
    return $files;
});

Hiding the File in WP Ghost

After adding the filter, you must select the file and save the settings in the WP Ghost to apply the changes.

Navigate to the WP Ghost > Change Paths > WP Core Security > Hide WordPress Common Files.
Select the file from the list, in our case is wp-cron.php file
Click the Save Settings button to ensure the file is hidden.

Note! For Nginx server, you need to restart the Nginx service after saving the settings in WP Ghost plugin.

Important

Avoid Breaking Functionality: Be careful not to hide files that are essential for WordPress functionality. For instance, hiding xmlrpc.php can prevent remote publishing and applications that use XML-RPC from functioning correctly.
Testing: After adding the filter, thoroughly test your website to ensure it continues to function as expected. Check for any broken features or errors.

By following this tutorial, you can easily extend the functionality of the WP Ghost plugin to hide additional files, increasing your WordPress site’s security.

Always test your changes and avoid hiding critical WordPress files to maintain the site’s functionality.

John Darrel