How To - Page 2 of 4 - Hide My WP Ghost

Ideal Hide My WP Ghost Settings – Best Practice 2026

Learn how to set up WP Ghost using the Ghost Mode preset to activate all essential security features and protect your site from hacker bots in under 4 minutes.

VIDEO OUTLINE

Min. 0:13 – 0:44: Load Ghost Mode Preset (Instant Setup)
Min. 0:45 – 1:16: Fine-Tune Change Paths
Min. 1:17 – 1:40: Tweaks, Hide, and Disable Options
Min. 1:41 – 2:13: Mapping (Hide from Theme Detectors)
Min. 2:14 – 2:27: Firewall Settings (8G Firewall)
Min. 2:28 – 2:44: Brute Force Protection
Min. 2:45 – 3:07: Two-Factor Authentication (2FA)
Min. 3:08 – 3:22: Events Log (Cloud Monitoring)
Min. 3:23 – 3:44: Security Check

👉 Min. 0:13 – 0:44: Load Ghost Mode Preset

Recommended Actions:

Go to the Restore section and back up your current settings.
Select the Ghost Mode preset and click Load Preset to apply the best-practice hack prevention configuration instantly.

👉 Min. 0:45 – 1:16: Fine-Tune Change Paths

Admin Security

Custom Admin Path – Change to something unique (e.g., custom-admin).
Hide wp-admin – Recommended: ON

Login Security

Custom Login Path – Create a secure path (e.g., custom-login).
Hide wp-login.php – Recommended: ON

👉 Min. 1:41 – 2:13: Mapping (Paths Security)

Neutralize fingerprints by hiding your theme and plugin identity from scanners.

Text Mapping – Hide CSS class names to block theme detector bots.
URL Mapping – Obfuscate file URLs in your source code.
CDN Support – Add your CDN domain to ensure all external paths are secured.

👉 Min. 3:23 – 3:44: Security Check

Recommended Actions:

Click on Start Scan to run a comprehensive WordPress security audit.
Review the Action Items and follow the instructions to reach a 100% optimization score.

NOTE!

👋 How to Fix 403 Forbidden Error caused by mod_security

If your host uses ModSecurity rule #212340, it may prevent the Code Editor from working in Ghost Mode. If you encounter a 403 error, ask your host to whitelist Rule 212340 for your account.

WP Ghost Compatible Themes List – Tested WordPress Themes for 2026

Complete list of WordPress themes tested and compatible with WP Ghost, including Astra, Avada, Divi, Flatsome, Woodmart, and more. WP Ghost works with virtually all themes.

Hide My WP Ghost Exceptions

WP Ghost works on all major servers and hosts with two exceptions. WordPress.com blocks login path changes. Shared Nginx without config access limits path features. Workarounds for both documented here.

Setup Hide My WP on RunCloud

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Table of Contents

Option 1: NGINX + Apache2 Hybrid (Easiest)
Option 2: Native NGINX
Troubleshooting
Frequently Asked Questions
Related Tutorials

WP Ghost (formerly Hide My WP Ghost) works on RunCloud with both web application stacks. If you use NGINX + Apache2 Hybrid, WP Ghost works automatically through .htaccess. If you use Native NGINX, add one include line in RunCloud’s NGINX Config panel. Both options are one-time setup steps.

Option 1: NGINX + Apache2 Hybrid (Easiest)

If your RunCloud application uses NGINX + Apache2 Hybrid as the Web Application Stack, WP Ghost works automatically. All rewrite rules load from .htaccess through the Apache layer. No Nginx configuration needed.

Install WP Ghost, go to WP Ghost > Change Paths > Level of Security, select Safe Mode or Ghost Mode, click Save, and follow the Customize All WordPress Paths tutorial.

RunCloud Web Application Stack showing NGINX + Apache2 Hybrid selected

Option 2: Native NGINX

If your RunCloud application uses Native NGINX, you need to add the WP Ghost config file include through RunCloud’s NGINX Config panel.

Step 1: Create the hidemywp.conf File

In RunCloud, go to your application’s File Manager. Create a file named hidemywp.conf in your website root directory.

RunCloud File Manager showing hidemywp.conf being created in the website root

Step 2: Activate WP Ghost and Get the Include Line

In WP Ghost, go to Change Paths > Level of Security. Select Safe Mode or Ghost Mode. Click Save. WP Ghost detects Nginx and displays the include line you need to add to RunCloud’s config.

WP Ghost showing the hidemywp.conf include line after saving Safe Mode

Step 3: Add the Include Line in RunCloud

In RunCloud, go to your application’s NGINX Config section. Add the include line from WP Ghost. Click Verify to check the syntax, then Save.

RunCloud NGINX Config panel with the WP Ghost include line added

Step 4: Rebuild the Web App Config

After adding the include, click Rebuild Web App Config in RunCloud to apply the changes. This reloads the Nginx configuration with WP Ghost’s rewrite rules.

RunCloud Rebuild Web App Config button to apply Nginx changes

Rebuild after path changes

When you change paths in WP Ghost on a Native NGINX stack, click Rebuild Web App Config in RunCloud afterward to reload the updated rewrite rules. With the Hybrid stack, this is not needed.

Troubleshooting

Custom paths return 404 on Native NGINX. The include line was not added or the config was not rebuilt. Go to RunCloud NGINX Config, verify the include line is present, and click Rebuild Web App Config.

Paths work on Hybrid but not after switching to Native NGINX. The Hybrid stack uses .htaccess (Apache), while Native NGINX ignores .htaccess entirely. You need to add the hidemywp.conf include as described in Option 2.

Locked out after configuration. Use the Safe URL parameter or the Emergency Disable guide. RunCloud provides File Manager access where you can rename the plugin folder.

Frequently Asked Questions

Which RunCloud stack should I choose?

NGINX + Apache2 Hybrid is easiest for WP Ghost – no Nginx configuration needed. Native NGINX is faster (no Apache overhead) but requires the include line setup. If you already have a Native NGINX app, follow Option 2. If creating a new app, Hybrid is simpler.

Do I need to rebuild after every WP Ghost path change?

On Native NGINX, yes. WP Ghost updates the hidemywp.conf file automatically, but Nginx does not detect file changes until the config is rebuilt. Click Rebuild Web App Config in RunCloud after changing paths. On the Hybrid stack, this is not needed.

Can I switch from Hybrid to Native NGINX later?

Yes. If you switch stacks, you need to set up the hidemywp.conf include as described in Option 2. Your WP Ghost path settings are preserved – only the server configuration method changes.

Does WP Ghost modify WordPress core files?

No. WP Ghost writes rewrite rules to .htaccess (Hybrid) or hidemywp.conf (Native NGINX). No core files modified. Deactivating restores all defaults.

Nginx Server Setup – general Nginx configuration for WP Ghost.

Customize All WordPress Paths – configure paths after server setup.

Theme Not Loading Correctly – troubleshoot path issues across server types.

Emergency Disable Guide – recovery if configuration causes issues.

Compatibility Plugins List – hosting-specific notes.

Hide or Redirect Old WordPress Image Paths with WP Ghost

Block access to old WordPress image URLs with 404 or redirect them to new paths. Includes the HMW_HIDE_OLD_IMAGES constant, IMAGE vs MEDIA file options, SEO impact guidance, and troubleshooting.

WP Ghost with SiteGround Security – Compatible Features and Configuration

WP Ghost and SiteGround Security are fully compatible and complement each other. WP Ghost handles path security and firewall. SiteGround handles activity logging and post-attack scanning. Feature comparison table included.

WP Ghost with WP Cerber Security – Compatible Configuration and Feature Comparison

WP Ghost and WP Cerber Security complement each other. WP Ghost handles path security and firewall. WP Cerber handles anti-spam, malware scanning, and traffic inspection. Enable shared features in one plugin only.

WP Ghost with BBQ Firewall – Firewall Overlap and Configuration Options

WP Ghost and BBQ Firewall both use nG-series rules to block SQL injection and XSS. WP Ghost’s built-in 7G/8G firewall makes BBQ redundant. Use one firewall for efficiency. WP Ghost adds path security, 2FA, headers, and brute force that BBQ lacks.

WP Ghost with Sucuri Security – Compatible with No Feature Overlap

WP Ghost and Sucuri Security are fully compatible with almost no overlap. WP Ghost handles server-level path security and firewall. Sucuri handles cloud WAF, DDoS protection, malware scanning, and post-hack cleanup. Both can run fully active.

WP Ghost with Anti-Malware Security (GOTMLS) – Compatible with No Overlap

WP Ghost and Anti-Malware Security are fully compatible. WP Ghost prevents attacks through path security and firewall. Anti-Malware detects and removes infections with definition-based scanning. Both can run fully active.

WP Ghost with Limit Login Attempts Reloaded – Login Security Overlap and Configuration

WP Ghost and Limit Login Attempts Reloaded overlap on login protection. WP Ghost includes all LLAR features plus path security, firewall, 2FA, and headers. LLAR Premium adds cloud IP intelligence. Enable login limits in one plugin only.

WP Ghost with Loginizer – Login Security Overlap and Configuration

WP Ghost and Loginizer overlap heavily on login security. WP Ghost includes all Loginizer features (brute force, reCAPTCHA, IP blocking, 2FA) plus path security, firewall, and headers. Enable login protection in one plugin only.

WP Ghost with Wordfence Security – Compatible Configuration and Feature Comparison

2 Comments

WP Ghost and Wordfence are fully compatible. WP Ghost prevents attacks by changing paths and blocking bots. Wordfence detects threats with its application firewall, malware scanner, and live traffic. Enable shared features in one plugin only.

WP Ghost vs WP Hide & Security Enhancer – Feature Comparison and Migration

WP Ghost and WP Hide overlap on path security. WP Ghost covers everything WP Hide offers plus firewall, 2FA, brute force protection, and country blocking. Feature comparison and migration guide included.

WP Ghost with Shield Security – Compatible Configuration and Feature Comparison

WP Ghost and Shield Security complement each other. WP Ghost handles path security and firewall. Shield handles automated bot detection, spam filtering, and file scanning. Enable shared features in one plugin only.

WP Ghost with Solid Security (iThemes) – Compatible Configuration

WP Ghost and Solid Security complement each other. WP Ghost handles path security and firewall prevention. Solid Security handles monitoring, file detection, site scanning, and alerts. Enable shared features in one plugin only.

Connect a New Website or Move Your WP Ghost Premium License

Connect new websites to your WP Ghost Premium license or move a license to a different site. Manage connected websites from your WP Ghost Dashboard. Includes license limit info and site removal steps.

How to Change the WordPress Database Prefix for Better Security

Change the default wp_ database prefix to a random one with WP Ghost’s one-click Security Check tool. Prevent SQL injection attacks that target hardcoded WordPress table names.

WP Ghost with WP Rocket – File Combination, Cache Path Hiding, and CDN Setup

Configure WP Ghost with WP Rocket. Combine CSS/JS files, enable Change Paths in Cached Files, map the WP Rocket cache directory, and integrate with WP Rocket CDN. Step-by-step with 3 screenshots.

Grant a User Access to WP Ghost Settings (hmwp_manage_settings Capability)

1 Comment

Give a specific WordPress user access to WP Ghost settings without full admin access. Use the hmwp_manage_settings capability via User Role Editor. Optional: hide WP Ghost from other administrators.

How to Set Up WP Ghost on Flywheel Hosting – Step-by-Step Guide

Learn how to configure WP Ghost path security on Flywheel hosting. Activate Safe Mode or Ghost Mode, add redirect rules to Flywheel’s Redirect tool, clear cache, and verify your setup.

How to Use Autoptimize with WP Ghost for Speed and Security

WP Ghost and Autoptimize are fully compatible. Learn how to configure both plugins together for optimal WordPress performance and hack prevention, including cache path mapping.

Setup Hide My WP on Amazon AWS Lightsail

Configure WP Ghost on AWS Lightsail Bitnami WordPress by enabling AllowOverride All or adding rewrite rules to httpd-app.conf. Two options with step-by-step SSH commands and troubleshooting.

WP Ghost with Really Simple SSL – htaccess Rule Order and Compatibility

WP Ghost is fully compatible with Really Simple SSL. Save Really Simple SSL first, then re-save WP Ghost to ensure correct .htaccess rule order. One-time setup with troubleshooting for mixed content, redirect loops, and rule conflicts.

WP Ghost with ManageWP – Must Use Plugin Loading Configuration

Configure WP Ghost to work with ManageWP by setting Plugin Loading Hook to Must Use Plugin. Ensures WP Ghost does not block ManageWP worker communication. Includes whitelisting, troubleshooting, and MainWP compatibility.

Advanced Text Mapping in WP Ghost – {blank} and {rand} Patterns

Use WP Ghost {blank} to remove WordPress class names entirely or {rand} to replace them with random strings. Advanced Text Mapping patterns for maximum CMS fingerprint removal.

WP Ghost Dashboard Widget – Security Score and Threat Monitoring

WP Ghost adds a security monitoring widget to your WordPress Dashboard showing your security score (0-100), 7-day threats chart, brute force IPs blocked, and alert emails sent. Learn how to read and improve your security metrics.

Set Up WP Ghost on Windows IIS Server – web.config Rewrite Rules

Configure WP Ghost on Windows IIS by adding rewrite rules to web.config. Requires IIS URL Rewrite module. Step-by-step with 5 screenshots, IIS Manager restart, and Frontend Test verification.

Fix Theme Not Loading or Slow Website After Activating WP Ghost