Skip to contentSkip to main navigation Skip to footer

The Difference Between Safe Mode and Ghost Mode in Hide My WP

May 21, 2019

Category:

Hide My WP Ghost brings a complex level of security through obscurity and protection against hacker bots.

A reason to change the common paths in WordPress is to be able to hide these paths and prevent script injections into your vulnerable plugins and themes.

Is your website secure? Run a free Website Security Check for your website now.

Note! The paths will not be physically changed by the plugin, which means all the previous settings will go back to normal in case you decide to deactivate Hide My WP Ghost.

Hide My WP Ghost makes it possible for you to change all the common WP paths. However, unfortunately, not all themes work when the AJAX URL (wp-admin/admin-ajax.php) is changed.

Also, some plugins like Contact Form 7 use the API v2 in frontend and, therefore, you can’t deactivate the API.

We needed to address these facts when creating the security modes available in Hide My WP Ghost. And after testing many themes and plugins, we came up with two levels of security in Hide My WP Ghost:

What each one of these two options does is that they customize the plugin’s settings; they don’t cancel each other out – but create different/more customizations for the common WordPress paths.

Next up, we’re going to provide more details about the configurations set in each Mode – and give you a few recommendations to help you choose the best Mode for your site.

1. When to set in Safe Mode?

With Safe Mode, there is no risk of incompatibilities with other plugins or themes. To make sure that the plugin works on your website, regardless of the themes and plugins you are using, and that the website security is not affected, we encourage you to use the Safe Mode.

By Activating Safe Mode, Hide My WP Ghost will change the following paths (for each path listed below, it will set a new, predefined path)

  • Login Path: /wp-login.php 
  • Core Contents Path: /wp-content 
  • Core Includes Path: /wp-includes
  • Uploads Path: /wp-content/uploads
  • Author Path: /author 
  • Plugins Path: /wp-content/plugins 
  • Themes Path: /wp-content/themes 
  • Comments Path: /wp-comments-post.php 

All the common paths in WordPress you see listed above will be changed.

However, the wp-admin and admin-ajax.php paths will remain unchanged.

By default, when setting the plugin in Safe Mode:

  • the wp-admin path will be hidden to visitors (a 404 Not Found Error will show when visitors access /wp-admin)
  • and only the ajax calls will be available.

After you select Safe Mode, you can also customize the login path and save the settings.

You can also go to Hide My WP > Tweaks and switch on options like: Hide Version from Images, CSS and JS in WordPress, Hide WordPress DNS Prefetch META Tags, Hide WordPress Generator META Tags, Hide HTML Comments for more protection.

2. When to set in Ghost Mode?

If you want to hide your WordPress from hackers’ bots and theme detectors, you can set the plugin in Ghost Mode.

Note! Your theme or plugin may NOT be compatible with Ghost Mode so please check your website functionality and go back to Safe Mode in case of errors.

By Activating Ghost Mode, Hide My WP Ghost will change the following paths (for each path listed below, it will set a new, predefined path)

  • Admin Path: /wp-admin 
  • Login Path: /wp-login.php 
  • Ajax URL: /wp-admin/admin-ajax.php 
  • Core Contents Path: /wp-content 
  • Core Includes Path: /wp-includes
  • Uploads Path: /wp-content/uploads
  • Author Path: /author
  • Plugins Path: /wp-content/plugins 
  • Themes Path: /wp-content/themes
  • Comments Path: /wp-comments-post.php 

As you can see, unlike Safe Mode, Ghost Mode will also change the wp-admin path and the Ajax URL, thus ensuring a broader protection of your WordPress site. The Ghost Mode will activate ALL the security items in Change Paths to hide as many WP CMS trails as possible.

API Security: For both Safe Mode and Ghost Mode, Hide My WP Ghost will leave the default wp-json as the custom wp-json Path (the reason for this is that many plugins still use this default path to access the REST API’s index).

Once you select Ghost Mode, you can customize the paths and save the settings.

You can also go to Hide My WP > Tweaks and switch on the options for more protection. If you don’t want to hide the Admin Toolbar, you can let that option off.

You can use the Hide My WP > Mapping feature to hide some classes names from source-code, as well. However, it’s important to know that some plugins may use those classes, in which case using this feature may affect website functionality.

If you find some URLs that you want to change in the frontend, use Hide My WP > Mapping > URL Mapping and change the URLs with your custom ones.

Conclusion:

The difference between Safe Mode and Ghost Mode has to do with the predefined settings that each mode enables.

If you are not familiar with security through obscurity and how to change the paths in order to protect your website, we recommend choosing the Safe Mode.

If you are confident that you can deactivate the plugin in case of an error and test the website functionality, then switch to Ghost Mode to hide as many WP CMS trails as possible.

Tags: