Does WP PHP Secure Really Fix WordPress Vulnerability to Attacks?

Mark Hess and Michael Thomas are the vendors of WP PHP Secure.

According to Mark, WordPress security should be one of your top priorities when you are building out sites using WordPress.

He claims that their WP PHP Secure closes a massive security loophole.

And, that they apparently found on a ton of websites, and that all a hacker has to do is go to a URL on your site and they are supposed to be able to see all of your information about that site.

Mark states that the hackers can get usernames, they can access files, they can do practically anything that they want, once they have all of this information.

He then shows you inside a WordPress website, where he has the All In One WP Security and Wordfence Security plugins both installed and activated on his site.

And then, Mark shows you a page that is supposed to be of this site.

This page has many sections blurred out, including the URL of both this page and the WordPress site with the two previously mentioned plugins installed and activated.

screen print from vendor's landing page video

Mark then claims that even with those two plugins on the website, apparently you can still go to “this link on your site” and get all of this information.

Then he says that typically how this comes onto your site is by way of:

  • support people,
  • malicious plugin, or
  • theme creators, and that there are a ton of them out there.

Then Mark explains that they will put this file there and then access all of your information, and he says it’s pretty crazy.

He then states that they have a simple plugin that fixes this step.

My review of WP PHP Secure will cover the following:

If You Don’t Want to Waste Anymore of Your Time on Scams,

See My #1 Recommended Way of Making Money Online:

get my free making money online guide here button

What is WP PHP Secure?

screen print of vendor's product

Program Name: WP PHP Secure

Website: :

Price: Single Site License $12 US funds, Unlimited Site License $12.97 US funds + 3 UPSELLS and 1 DOWNSELL

Recommended? NO


Mark Hess explains that WP PHP Secure is a WordPress plugin that they offer, and it is supposed to protect your website better than the All In One WP Security and Wordfence Security plugins.

In his landing page video, Mark shows you these two plugins are installed on a WordPress site that he has blurred out the URL of.

And, he goes on to explain that what happens when they install their WP PHP Secure plugin and activate it, and then he goes to WP PHP Secure that appears in his left-hand sidebar and clicks on it.

Then Mark shows that he clicks on Save Changes and then clicks on the Clean PHP Files Now button.

screen print from vendor's landing page video

Once he does this, Mark explains that the minute he clicks on that OK button, and he goes back to that page shared previously, he refreshes the page…

screen print from vendor's landing page video

…and that page disappears, while he goes on to say, “and you can see none of that information is there.”

Mark goes on to assure you that you are closing a loophole and securing your website even further.

Then he goes on to say that you can use this as a stand-alone plugin, or you can use this with Wordfence and the All In One Security to better protect your sites.

Mark claims that this loophole he has shared with you, is instantly closed, and what’s cool about this is that their plugin will constantly monitor your site, so if that page ever appears again, it will automatically be deleted.

He says, so, that’s how easy it is to use this plugin and includes a major loophole on your site.

He quickly states that you get instant access by clicking on his either of his buy buttons.

Mark goes on to insist that this is a plugin that you should install on all of your WordPress powered sites immediately, if you are serious at all about securing your WordPress sites.

How WP PHP Secure Actually Works

screen print of vendor's product page

On their product page, you will find a video titled WP PHP Secure Instruction (01:46 minutes).

Below the video is a large button titled, Click Here To Download The WP PHP Secure WordPress Plugin Now, and it is a zip file 571 KB in size.

Below this button are instructions as follows:

“Problems Accessing Your Purchase or Need Some Help?

IMPORTANT: Please Read Before Submitting Your Support Request:

We strive to provide a high level of customer support.

All support requests are answered in the order in which they were received.

So if you sent us a support request recently, we may have not gotten to it yet but we will.

An invalid email address is a common issue we encounter when trying to correspond with our customers.

Make sure when you submit a ticket you are using a valid email address and double check before submitting your ticket for any mis-spellings of your email address.

Make sure to watch the video at the top of this page as it relates to licensing, downloads, and training before submitting a ticket.

For the fastest resolution of any technical issues, provide us with access details to your site when you first submit a ticket.

This prevents some back-and-forth and allows us to better serve you in a timely manner.” [END OF NO INSTRUCTIONS]

With a link titled, CONTACT SUPPORT, offered below the notice.

What My Investigation Uncovered

Being a user and an advocate of the Wordfence Security plugin for several years now, I was shocked to hear Mark making the claims that he did.

So, I reached out to Wordfence Security plugin staff for their take on this.

Here’s what I learned (letter edited from our conversation, to share only relevant information with you).

“These two people are internet marketers and not security experts.

When they said: “Once the file is there all a hacker (or anyone for that matter) would need to do is go to a URL on your domain and get all the information…”

It can give attackers useful information in some cases but it will not allow attackers to take down or destroy sites at will.

The information page they are referring to is the same page that is generated when you click on the Click to view your system’s configuration in a new window link on the Wordfence Diagnostics page.

For an attacker to find that file they would need to know the name of the file, which they cannot find out.

Customer Support Engineer”


Having maintained several customer’s websites, one of my customer’s sites was under attack constantly for many months and it was the Wordfence Security plugin that saved that site from being hacked.

All the attackers could do was to bombard the server, trying to shut the site down.

The web hosting provider tended to that part.

This is why I found it so difficult to believe what Mark was saying against Wordfence Security.

My Take on WP PHP Secure

thumb pointing downward in disapproval

Due to what I discovered during a lengthily conversation with the Wordfence Security plugin Customer Support Engineer, I do not recommend WP PHP Secure.

The notice shared above is simply the basic key points the Engineer shared with me.

So to answer the question, does WP PHP Secure really fix WordPress vulnerability to attacks, my response is simply “hardly!”

Adding yet another plugin to weigh down the loading time of my WordPress website is NOT something I take lightly either, never mind using a plugin by an unknown developer.

Below is my video review of WP PHP Secure by Mark Hess and Michael Thomas

get my free making money online guide here button


Out of curiosity of the contents of WP PHP Secure plugin, I did purchase it and discovered a “vendor” folder inside this plugin.

Inside the “vendor” folder is another folder titled “composer”, with a file inside that folder that is titled LICENSE, which has NO file extension.

So, I gave that file a TXT file extension, and below is a screen print of the contents of that file:

screen print of plugin's LICENSE file

It truly pays off to investigate even the inexpensive, overly stated plugins that some vendors are selling.

Should you have any question regarding, does WP PHP Secure really fix WordPress vulnerability to attacks, please leave them in a comment below.

I value my viewers and respond to all comments in a timely manner.

It Pays to Investigate,

photo of Trish with her name below that
Spread the love

As a full certified Internet Specialist for Parr's Publishing. I help business owners and organizations increase their profits by providing them with media marketing, as well as a fully managed, custom designed website and basic Search Engine Optimization.

Leave a comment