WP Ghost vs WP Hide & Security Enhancer – Feature Comparison and Migration
October 17, 2021
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
WP Ghost (formerly Hide My WP Ghost) and WP Hide & Security Enhancer overlap heavily on their core feature: path security. Both change and hide WordPress paths. Running both creates .htaccess rule conflicts. WP Ghost covers everything WP Hide offers plus firewall, 2FA, brute force protection, country blocking, and security headers. For most sites, WP Ghost alone is sufficient.
Why Both Plugins Overlap
WP Hide & Security Enhancer is a focused path security plugin that changes login URLs, hides wp-content/plugins/themes paths, and cleans HTML source. WP Ghost provides the same path security plus a full security suite: 7G/8G firewall, 2FA with passkeys, brute force protection with reCAPTCHA, country blocking, security headers, and activity logs. Because the core function overlaps, running both means two plugins competing to rewrite the same paths.
Recommended Configuration
If you use both plugins, disable all path security features in one and only use it for its unique features. In most cases, WP Ghost alone covers everything WP Hide offers. To migrate from WP Hide to WP Ghost: deactivate WP Hide first, then activate WP Ghost and configure your paths. WP Ghost has settings for all the same paths plus additional ones WP Hide does not support (REST API, AJAX, lost password, register, logout, activation).
Feature Comparison
| Feature Category | WP Ghost | WP Hide |
|---|---|---|
| Path Security (wp-admin, login, plugins, themes, uploads, REST API, AJAX) | Yes | Yes |
| Change lost password, register, logout, activation paths | Yes | – |
| Security Levels (Safe Mode / Ghost Mode one-click setup) | Yes | – |
| 7G and 8G Firewall | Yes | – |
| Security Headers (HSTS, CSP, X-Frame-Options) | Yes | – |
| Two-Factor Authentication (Code, Email, Passkeys) | Yes | – |
| Brute Force Protection (login, register, lost password, comments) | Yes | – |
| Google reCAPTCHA V2/V3 & Math reCAPTCHA | Yes | – |
| IP Blacklist / Whitelist | Yes | – |
| Country Blocking | Yes | – |
| Text Mapping (class name replacement) | Yes | – |
| URL Mapping & CDN URL Mapping | Yes | Yes |
| Activity Log & Email Alerts | Yes | – |
| Weekly Security Monitoring Report | Yes | – |
| WordPress Multisite Support | Yes | Yes |
Frequently Asked Questions
Will WP Ghost and WP Hide conflict?
Yes, if both have path security features enabled. Both rewrite WordPress paths using .htaccess rules and HTML output filtering. Having two plugins doing the same rewrite causes rule conflicts and broken URLs. Disable all path security in one plugin if you run both.
Do I need WP Hide if I have WP Ghost?
No. WP Ghost is a superset of WP Hide’s functionality. Every feature WP Hide offers (path security, HTML cleanup) is included in WP Ghost, plus WP Ghost adds firewall, 2FA, brute force protection, country blocking, security headers, and activity logs.
How do I migrate from WP Hide to WP Ghost?
Deactivate WP Hide first. Activate WP Ghost and configure your custom paths. WP Ghost has settings for all the same paths WP Hide covers plus additional paths. Verify your site works and check page source to confirm paths are updated.
Does WP Ghost modify WordPress core files?
No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks. Deactivating restores all defaults.
Related Tutorials
Customize All WordPress Paths – configure WP Ghost paths after migrating from WP Hide.
Brute Force Protection – a feature WP Ghost adds that WP Hide does not have.
Header Security – security headers unique to WP Ghost.
Compatibility Plugins List – all tested security plugins.
Emergency Disable Guide – recovery if plugin conflict causes issues.
