Hide My Wp Ghost brings a complex level of security through obscurity and protection against hackers’ bots.
A reason to change the common paths in WordPress is to be able to hide these paths and prevent script injections into your vulnerable plugins and themes.
Note! The paths will not be physically changed by the plugin so that all the previous settings will go back to normal in case you deactivate the plugin.
The plugin lets you change all the common WP paths but unfortunately not all the themes work when the AJAX URL (https://hidemywpghost.com/api) is changed. Also, some plugins like Contact Form 7 are using the API v2 in frontend and therefore you can’t deactivate the API.
Testing many themes and plugins helped us build two levels of security in Hide My WP Ghost: Safe Mode and Ghost Mode.
1. When to set in Safe Mode?
To make sure that the plugin works on your website and that the website security is not affected, we encourage you to use the Safe Mode.
All the common paths in WordPress will be changed and wp-admin and admin-ajax.php paths with remain unchanged. The wp-admin path will be hidden to visitors and only the ajax calls will be available. Once you selected Safe Mode you can customize the login path and save the settings.
After you set the plugin in Safe Mode, go to Hide My WP > Tweaks and switch on the options like Hide Version and WordPress Tags, Hide RDS, Hide WordPress Comments for more protection.
2. When to set in Ghost Mode?
If you want to hide your WordPress from hackers’ bots and theme detectors, you can set the plugin in Ghost Mode.
Note! Your theme or plugin may not be compatible with Ghost Mode so please check your website functionality and come back to Safe Mode in case of errors.
The Ghost Mode will activate all the security in Permalink to hide as many WP CMS trails as possible. Once you selected Ghost Mode you can customize the paths and save the settings.
After you set the plugin in Ghost Mode, go to Hide My WP > Tweaks and switch on the options for more protection. If you don’t want to hide the Admin Toolbar, you can let that option off.
You can also use Hide My WP > Mapping feature to hide some classes names from source-code but it’s important to know that some plugins may use those classes and you can affect the website functionality.
If you find some URLs that you want to change in the frontend, use Hide My WP > Mapping > URL Mapping and change the URLs with your custom one.
The difference between Safe Mode and Ghost Mode is based on predefined settings. If you are not familiar security through obscurity and how to change the paths in order to protect your website, it’s better if you choose the Safe Mode. If you are confident that you can deactivate the plugin in case of an error and test the website functionality, then switch to Ghost Mode and hide your WordPress CMS.