Skip to contentSkip to main navigation Skip to footer

How To Videos

How to Set Up Hide My WP Ghost in Safe Mode in 3 Minutes

This video shows how to set up Hide My WP Ghost in Safe Mode with custom login and setup – in just 3 minutes!

NOTE: The plugin was configured on an Apache Server. Certain manual actions are required to configure Hide My WP Ghost on Nginx and IIS servers.

VIDEO OUTLINE

  1. Min. 00.04- 1.01: Select and Save SAFE Mode
  2. Min. 1.02 – 2.31: Change Paths Settings
  3. Min. 2.32 – 2.57: Run New Frontend Login Test
  4. Min. 2.58 – 3.28 : View Changes

Select SAFE Mode and Save Settings

πŸ‘‰Min. 00.04- 1.01

Recommended Actions:

  • Select Safe Mode
  • A pop-up will appear showing you all the predefined paths that Hide My WP Ghost sets in Safe Mode. READ the info.
  • Click on Continue, and then SAVE.
  • Run the Frontend Login test. 
  • SAVE your login URL (!very important that you do this)
  • SAVE your SAFE URL (!also very important, you’ll need this in case you can’t login)
  • If the test is successful, click on Yes, it’s working.

Change Paths Settings

πŸ‘‰ Min. 1.02 – 2.31

Admin Security

  • Custom Admin Path – Recommended action: Leave as is
  • Hide wp-admin – Recommended: ON 
  • Hide wp-admin From Non-Admin users – Recommended: OFF

Login Security

  • Custom Login Path – Recommended action: Customize
  • Hide wp-login.php – Recommended: ON 
  • Hide login Path – Recommended: ON
  • Custom Lost Password Path – Recommended action: Leave as is
  • Custom Register Path – Recommended action: Leave as is
  • Custom Logout Path – Recommended action: Leave as is

Ajax Security

  • Custom admin-ajax Path – Recommended action: Customize
  • Hide wp-admin from Ajax URL – Recommended: ON
  • Change Paths in Ajax Calls – Recommended: ON

User Security

  • Custom Author Path – Recommended action: Leave as is
  • Hide Author ID URL – Recommended: ON

WP Core Security

  • Custom wp-content Path – Recommended action: Leave as is
  • Custom wp-includes Path – Recommended action: Leave as is
  • Custom uploads Path – Recommended action: Leave as is
  • Custom comment Path – Recommended action: Leave as is
  • Hide WordPress Common Paths – Recommended: ON
  • Hide File Extensions – Recommended action: Leave as is
  • Hide WordPress Common Files – Recommended: ON
  • Hide Common Files – Recommended Action: ADD wp-comments-post.php
  • Disable Directory Browsing – Recommended: OFF

Plugins Security

  • Custom plugins Path – Recommended action: Leave as is
  • Hide Plugin Names – Recommended: ON
  • Hide All the Plugins – Recommended: OFF
  • Hide WordPress Old Plugins Path – Recommended: ON
  • Show Advanced Options– Recommended: OFF

Themes Security

  • Custom themes Path – Recommended action: Leave as is
  • Hide Theme Names – Recommended: ON
  • Hide WordPress Old Themes Path – Recommended: ON
  • Custom theme style name – Recommended action: Leave as is
  • Show Advanced Options – Recommended: OFF

API Security

  • Custom wp-json Path – Recommended action: Leave as is
  • Hide REST API URL link – Recommended: ON
  • Disable REST API access – Recommended: OFF
  • Disable XML-RPC access – Recommended: ON
  • Disable RSD Endpoint from XML- RPC – Recommended: ON

Firewall and Headers

  • Add Security Headers for XSS and Code Injection Attacks – Recommended: ON
  • Strict-Transport-Security – Recommended: ACTIVE, leave as is
  • Content-Security-Policy – Recommended: ACTIVE, leave as is
  • X-XSS- Protection – Recommended: ACTIVE, leave as is
  • X-Content-Type- Options – Recommended: ACTIVE, leave as is
  • Cross-Origin-Embedder- Policy – Recommended action: ADD then leave as is
  • Cross-Origin-Opener-Policy – Recommended action: ADD then leave as is
  • X-Frame-Options – Recommended action: ADD then leave as is
  • Remove Unsafe Headers – Recommended: ON
  • Block Theme Detectors Crawlers – Recommended: ON
  • Firewall Against Script Injection – Recommended: ON

Run New Frontend Login Test

πŸ‘‰ Min. 2.32 – 2.57

Recommended Actions:

  • After you save the new settings, Run a new Frontend Login test.
  • SAVE your NEW login URL (!very important that you do this)
  • SAVE your SAFE URL (!also very important, you’ll need this in case you can’t login)
  • If the test is successful, click on Yes, it’s working.

View Changes

πŸ‘‰ Min. 2.58 – 3.28

Recommended Actions: 

  • Click on Visit Site to see the changes you’ve enabled using Hide My Ghost take effect.
  • Take a look at your site’s source code to see the modified paths.

πŸ‘‹Note! The settings shown in this video will work best for most sites – and present a way to quickly, safely, and effectively set up SAFE Mode to increase your site’s protection.

However, the ideal settings can look different from case to case, and you can always further customize these settings based on your needs and wants.

We advise you to always read the documentation that we link to from within the plugin and ensure you clearly understand what each setting enables you to do.

Does WordPress Have Built-in Security?

Hello everyone, and welcome to this video where we’ll be discussing WordPress’s built-in security features. If you’re new to WordPress, you might be wondering if it’s secure enough to use for your website. So, in this video, we’ll explore what security features WordPress offers and how they can protect your website from security threats.

Thankfully, WordPress has several built-in security features that can help keep your site safe.

First up, WordPress enforces strong password requirements to ensure that your login credentials are secure.
When you create a password, WordPress will give you a password strength meter to help you make sure your password is strong enough to resist brute-force attacks.
This is an important first step to keeping your site secure.

Another helpful feature of WordPress is its automatic updates. WordPress releases regular security updates to address known vulnerabilities, and these updates can be installed automatically to help ensure that your site is always up-to-date with the latest security patches. This is important because hackers are constantly discovering new vulnerabilities, and WordPress is always working to fix them.

WordPress also provides user role management, which allows you to control who can access and edit your site. This is important if you have multiple people working on your site because it ensures that each user has the appropriate level of access and permissions.
For example, you may want to restrict certain users from changing critical site settings or publishing content without approval.

Two-factor authentication is another built-in security feature of WordPress. This adds an extra layer of security to your login process by requiring a second factor, such as a code sent to your phone. This makes it much more difficult for hackers to gain access to your account, even if they have your login credentials.

Finally, while not technically a built-in feature, there are many security plugins available for WordPress that can further enhance your site’s security. These plugins can provide features such as malware scanning, firewall protection, and brute force attack prevention. They’re easy to install and can make a big difference in the overall security of your site.

In conclusion, WordPress has several powerful built-in security features that can help protect your website from malicious attacks.
According to a recent study, over 70% of WordPress websites are vulnerable to attacks due to outdated software and plugins.

Therefore, it’s crucial to follow best practices for website security and keep your WordPress installation up-to-date to minimize security risks.

If you are a WordPress user, we encourage you to take a proactive approach to verify the security of your website. You can do this by using security plugins like Hide My WP Ghost, which not only hides your WordPress login page and plugins but also includes a built-in security checklist to ensure your website is secure.

Additionally, implementing security measures like SSL certificates, strong passwords, and regular backups can also help protect your website from potential security threats.

As you can see, WordPress has several built-in security features to help keep your site secure. By taking advantage of these features and following best practices for security, you can ensure that your site is protected from harm.

Thanks for watching and be sure to check out our other WordPress courses for more great tips and tricks!

Is WordPress Website Easily Hacked?

Hey everyone, welcome back to our channel. In this video, we’ll be discussing a topic that’s been on the minds of many website owners. Can hackers easily breach your WordPress security? We’ll be exploring this topic in-depth and giving you valuable tips and insights to keep your WordPress site secure.

So, is WordPress easily hacked? The short answer is no, but it is a common target for cyberattacks due to its popularity.
According to data from W3Techs, WordPress is used by 65% of all the websites whose content management system we know. This is 43% of all websites.

The security of your WordPress site depends on multiple factors, such as the strength of your passwords, the use of security plugins, and regular updating of your software.

In this video, we’ll be covering common vulnerabilities and providing you with solutions to secure your WordPress site.

Let’s start by discussing common vulnerabilities in WordPress .

First, outdated software. Running an outdated version of WordPress or its plugins can leave a site vulnerable to known security exploits. So, make sure you keep your software up to date.

Second, weak passwords. Weak or easily guessable passwords are a common entry point for hackers. So, make sure you use strong passwords, ideally with a combination of uppercase and lowercase letters, numbers, and special characters.

The third common WordPress vulnerability is unsecured hosting. Hosting a WordPress site on an unsecured or poorly configured server can also increase the risk of a successful attack.
Here are some specifications to look for in a hosting provider for security reasons:

SSL Certification: The hosting provider should offer a free SSL certificate to encrypt the data transmitted between the website and the user.

Firewall protection: The hosting provider should have a firewall to protect the website from external threats.

Regular backups & recovery plan: The hosting provider should offer regular backups and have a recovery plan in place to ensure that data is not lost in the event of a security breach.

Malware protection: The hosting provider should have malware detection and removal tools to scan for malware and remove it from the website.

Updates: The hosting provider should regularly update their security systems and software to ensure that the website is protected against the latest security threats.

Denial of Service protection: The hosting provider should have denial of Service protection to prevent the website from being overwhelmed by traffic and taken offline.

Customer support: The hosting provider should offer 24 7 customer support to quickly address any security issues that arise.

Reputation: The hosting provider should have a good reputation in the industry for providing secure hosting services.
So, make sure you choose a reliable and secure hosting provider.

The fourth common vulnerability is the use of unsecured plugins, especially those that are outdated or abandoned, which can introduce vulnerabilities to a WordPress site. Therefore, it is important only to use reputable and up-to-date plugins.

The fifth vulnerability is SQL injection attacks. These attacks target the database behind a WordPress site and can result in the theft of sensitive information. Therefore, it is important to use a security plugin that can detect and prevent SQL injection attacks.

The sixth vulnerability is Cross-Site Scripting or XSS attacks. Cross-site scripting attacks allow an attacker to inject malicious code into a website, which can be used to steal sensitive information or manipulate the site’s behavior. Therefore, it is important to use a security plugin that can detect and prevent XSS attacks.

In general, WordPress sites that follow best practices for security are less vulnerable to attacks.

However, if proper security measures are not taken, a WordPress site can be vulnerable to hacking. The popularity of WordPress makes it a common target for cyberattacks, so it’s important to take steps to secure a site and minimize the risk of a successful attack.

In conclusion, the vulnerability of a WordPress site can range from low to high, depending on the steps taken to secure it. It’s important to keep WordPress and its plugins up-to-date, use strong passwords, secure the hosting environment, and install security plugins to monitor and protect the site.

Regular backups of the site’s data and code can also help in the event of a successful attack.

Why is website security important?

I’m here to guide you through website security issues and provide solutions to resolve them.

In today’s digital age, having a secure website has become a crucial aspect of any online presence. From e-commerce sites to personal blogs, every website is at risk of potential cyber threats.

In this video, we will delve into the reasons why website security is so crucial and discuss the potential consequences of neglecting it. Join us as we explore the importance of keeping your website secure.

Protecting a website is crucial for maintaining its security, protecting sensitive data, and ensuring the continued success of the website.

Protecting sensitive data: Websites often collect and store sensitive data, such as personal information, financial information, and login credentials, and it is important to protect this data from theft or unauthorized access.

Maintaining user trust: If a website experiences a security breach, it can lose the trust of its users, leading to a loss of traffic and revenue.

Preventing cyber attacks: Cyber attacks can have serious consequences, including data theft, disruption of services, and financial loss. By implementing strong security measures, websites can reduce the risk of a cyber-attack and protect against potential threats.

Protecting intellectual property: Websites often contain valuable intellectual property, such as content, designs, and code, and it is important to protect this property from theft or unauthorized use.

Maintaining business continuity: A security breach can cause significant disruption to the website, potentially leading to a loss of revenue and a negative impact on the business.

Avoiding legal liability: Websites that handle sensitive data, such as personal and financial information, can be held legally liable if this data is lost or stolen.

In conclusion, website security is crucial for protecting against cyber threats, maintaining user trust, and ensuring the privacy and security of sensitive data. It’s important to take the necessary steps to protect your website and ensure its continued success.

Having established the importance of website security, we’re excited to delve deeper into one of the crucial steps in protecting your website. In our next video, we’ll explore the steps for securing your website and maintaining its safety.

Install Hide My WP Ghost Lite

Learn how to download and install Hide My WP Ghost Lite.

This tutorial will teach you how to hide the common paths and how to activate the plugin in Lite Mode.
Note, the Lite Mode will not protect you from all the hackers bots, if you need a complex security plugin please read here.

Download

Download Hide My WP Free Plugin

Download Plugin

(more…)

Install Hide My WP Ghost

7 Comments

Learn how to download and install Hide My WP Ghost.

This tutorial will teach you how to hide all the paths, plugins and themes and how to activate the plugin in Safe Mode or Ghost Mode.
In other words, you will activate all the security features you need to keep the hackers bots away from your website.

Download

Connect to your account and download Hide My WP Ghost premium plugin

Download Plugin

(more…)