Skip to content Skip to main navigation Skip to footer

WP Ghost Free vs Premium – Full Feature Comparison

WP Ghost is available in two versions: a free version on WordPress.org with over 115 security features, and a Premium version with over 150 security features focused on security intelligence, automated response, and advanced site hardening. Both versions share the same core hack-prevention engine.

If you haven’t installed the plugin yet, follow the Install WP Ghost Free or Install WP Ghost Premium guide.

Paths Security

FeatureFreePremium
Change wp-admin pathYesYes
Change wp-login.php pathYesYes
Change lost password, register, activation, logout pathsYesYes
Change wp-content pathYesYes
Change wp-includes pathYesYes
Change uploads pathYesYes
Change author pathYesYes
Change comments pathYesYes
Change admin-ajax.php pathYesYes
Change REST API wp-json pathYesYes
Change plugin directory pathYesYes
Change theme directory pathYesYes
Hide plugin names with random namesYesYes
Hide theme names with random namesYesYes
Hide WordPress old plugins pathYesYes
Hide WordPress old themes pathYesYes
Hide WordPress common pathsYesYes
Custom theme style nameYesYes
Custom login/logout/register redirects by user roleYesYes
Frontend Test to verify paths load correctlyYesYes
Change paths in cache filesYesYes
Change paths in sitemapsYesYes
Change paths in robots.txtYesYes
Change paths in RSS feedsYesYes
Ghost Mode (maximum path security preset)Yes
Hide file extensions (PHP, CSS, JS, JSON, HTML, TXT, LOCK, media)Yes
Hide WordPress common files (wp-config.php, readme.html, license.txt, php.ini, debug.log)Yes
Manually customize each individual plugin nameYes
Manually customize each individual theme nameYes

Firewall

FeatureFreePremium
7G Firewall filterYesYes
8G Firewall filterYesYes
Script injection protectionYesYes
SQL injection protectionYesYes
Security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection)YesYes
Remove unsafe headers (PHP version, server info, server signature)YesYes
Block Theme Detector crawlersYesYes
IP whitelistYesYes
IP blacklistYesYes
User agent blacklistYesYes
Referrer blacklistYesYes
Hostname blacklistYesYes
Whitelist pathsYesYes
Automate IP blocking (auto-block repeat offenders)Yes
Configure automation rules (attacks, time window, block duration)Yes
Block AI Crawler Bots at firewall level (30+ crawlers)Yes
Automatic robots.txt Disallow rules for AI crawlersYes
AI crawler list updated automatically with each releaseYes

Brute Force Protection

FeatureFreePremium
Protection on login formYesYes
Protection on lost password formYesYes
Protection on signup formYesYes
Protection on comments formYesYes
Protection on WooCommerce login, signup, lost passwordYesYes
Google reCAPTCHA v2, v3, EnterpriseYesYes
Math reCAPTCHAYesYes
Custom attempt limitsYesYes
Custom lockout durationYesYes
Custom warning messagesYesYes
Block wrong usernames immediatelyYesYes

Authentication (2FA, Passkeys, Magic Login)

FeatureFreePremium
Two-Factor Authentication by codeYesYes
Two-Factor Authentication by emailYesYes
Two-Factor Authentication by passkey (Face ID, Touch ID, Windows Hello)YesYes
User selects preferred 2FA method in profileYesYes
Trust current browser (skip 2FA on trusted devices)YesYes
Magic Link login (one-time passwordless email link)YesYes
Temporary Logins (time-limited access links)YesYes

Security Monitoring & Logs

FeatureFreePremium
Security Optimization Score (0-100) with dynamic gaugeYesYes
GEO Threats Map with top 5 threat countriesYesYes
Threats prevented chart (7-day view)YesYes
Lifetime attacks blocked counterYesYes
Weekly domain security monitoring emailYesYes
Security Check with numeric score and task listYesYes
Notification to activate firewall when unblocked threats detectedYesYes
Security Threats Log (last 20 entries)YesYes
User Events Log (last 20 entries)YesYes
Security Threats Log with full history, unlimited entriesYes
User Events Log with full history, unlimited entriesYes
Filter logs by threat typeYes
Filter logs by statusYes
Filter logs by countryYes
Filter logs by time rangeYes
Full-text search in logsYes
Log paginationYes
Export Security Threats Log to CSVYes
Export User Events Log to CSVYes
Click GEO map country to open filtered threats logYes
Extended log retention (configurable)Yes
Cloud storage for events log (30-day retention)Yes
Log user roles filterYes
Real-time email alerts for brute force and suspicious activityYes

Geo Security

FeatureFreePremium
GEO Threats Map on Overview dashboardYesYes
Top 5 threat countries with attack countsYesYes
Country Blocking (block entire countries)Yes
Path-based country blocking (block countries on specific paths)Yes

Login Page Designer

FeatureFreePremium
Custom logo with live previewYesYes
Custom logo link URLYesYes
Background image with blur and overlay controlsYesYes
Page background colorYesYes
Form background colorYesYes
Button colorYesYes
Text colorYesYes
Link colorYesYes
10 color scheme presetsYesYes
12 layout presetsYes

Hiding & Footprint Removal

FeatureFreePremium
Remove WordPress version tagsYesYes
Remove Generator meta tagYesYes
Remove RSD headerYesYes
Remove WLW Manifest linkYesYes
Remove WordPress HTML commentsYesYes
Hide admin toolbar by user roleYesYes
Hide REST API URL linkYesYes
Hide rest_route parameterYesYes
Disable emoticons scriptYesYes
Text Mapping (change class names and IDs in source code)YesYes
URL Mapping (change URLs dynamically)YesYes
CDN MappingYesYes
Hide Source Map ReferencesYesYes
Hide User EnumerationYesYes

Disable Options

FeatureFreePremium
Disable XML-RPCYesYes
Disable REST API access for non-authenticated usersYesYes
Disable rest_route parameter accessYesYes
Disable embed scriptsYesYes
Disable database debugYesYes
Disable directory browsingYesYes
Disable right-click (for visitors and by user role)YesYes
Disable Inspect Element (for visitors and by user role)YesYes
Disable View Source (for visitors and by user role)YesYes
Disable Copy/Paste (for visitors and by user role)YesYes
Disable Drag/Drop (for visitors and by user role)YesYes

Database & Server Hardening

FeatureFreePremium
Security Check identifies permission, prefix, username, SALT issuesYesYes
Fix weak admin/administrator usernamesYesYes
Fix file and directory permissions (quick and complete)Yes
Change database table prefixYes
Regenerate WordPress SALT keysYes
Fix WordPress debugging modeYes
Fix script debugging modeYes
Disable plugin/theme editorYes

Setup & Compatibility

FeatureFreePremium
One-click security presets (3 levels)YesYes
Frontend Test and Login CheckYesYes
Backup and restore settingsYesYes
Pause plugin for 5 minutes for safe testingYesYes
Dark mode supportYesYes
Translations in 16 languagesYesYes
Compatible with Apache, Nginx, LiteSpeed, IISYesYes
Compatible with 20+ hosting providersYesYes
Compatible with WooCommerce, Elementor, Divi, WPML, and 50+ pluginsYesYes
Compatible with WP Rocket, LiteSpeed Cache, Cloudflare, and 15+ cache pluginsYesYes

Support

FeatureFreePremium
Knowledge base (wpghost.com/kb)YesYes
Community support (WordPress.org forums)YesYes
Free setup assistanceYesYes
Priority support with direct access to security expertsYes
Faster response timesYes

Frequently Asked Questions

Is the free version enough for most sites?

Yes. The free version covers all essential hack prevention: path changes, firewall, brute force protection, 2FA, and security headers. Premium adds intelligence (logs), automated response (IP blocking rules), and advanced hardening for high-security requirements.

Can I upgrade from free to Premium without losing settings?

Yes. Deactivate the free version, install Premium, enter your license token. All existing settings are preserved in the database.

Are both Safe Mode and Ghost Mode free?

Safe Mode is free. Ghost Mode is a Premium feature. Both use the same path-changing engine — Ghost Mode adds wp-admin and admin-ajax.php path changes plus auto-enabled firewall and security headers.

April 13, 2026

Tags: