Why do I get a 404 error when I access my new admin URL?

Once you change the admin path and switch on to “hide the new admin path”, you can’t access the new admin URL as a visitor.

You need to go to the new login path, and after you login, you will be redirected to the new admin URL.


Does Hide My WP Ghost Going To Make My Website Invisible On FTP?

Hide My WP Ghost adds a redirecting layer over WordPress to let you customize the old paths without physically change them.
It also gives you the possibility to disable access to the old paths for hackers and protect the WordPress plugins and themes.


WordPress Directory Structure


All these changes will not affect the WordPress directory structure through FTP and it will not break it in case you deactivate the plugin.

It looks like a simple plugin but it’s a complex system behind it and a good firewall against Script Injection and Brute Force attacks.


Should You Disable XML-RPC on WordPress?

XML-RPC on WordPress is actually an API or “application program interface“. It gives developers who make mobile apps, desktop apps, and other services the ability to talk to your WordPress site. The XML-RPC API that WordPress provides gives developers a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.

These include:

  • Publish a post
  • Edit a post
  • Delete a post.
  • Upload a new file (e.g. an image for a post)
  • Get a list of comments
  • Edit comments

For a full list of the WordPress API functions available to developers via XML-RPC, take a look at this page on the WordPress codex.

If you disable the XML-RPC service on WordPress, you lose the ability for any application to use this API to talk to WordPress.

Let’s use an example to illustrate: You have an app on your iPhone that lets you moderate WordPress comments. Someone advises you to disable XML-RPC. Your iPhone app suddenly stops working because it can no longer communicate with your website using the API you just disabled.

There are two common attacks on XML-RPC:

  • DDoS via XML-RPC pingbacks.
  • Brute force attacks via XML-RPC.

If you still want to disable XML-RPC, you can switch on this option in Hide My WP Ghost.

If I’m logged in my website I can access the wp-admin, is that safe?

The wp-admin path can only be accessed if you are logged in as admin. It’s not visible to visitors or hacker bots.

The PRO version is hiding all the paths from the plugins and themes and the common paths.

Even if some plugins are adding code in HTML and some WP detectors are looking for this code in order to tell you that you are using WordPress, the hacker bots are using Brute Force and Script Injection to break the plugins with their known paths.

Having the common paths hidden with Hide My WP Ghost will protect your site against hackers attacks. Also, activate the Brute Force protection from Hide My WP Ghost to prevent the Brute Force attacks.

Having the wp-admin path visible when you’re logged to your website it will prevent crashing your website if you deactivate the plugin or if another plugin uses the old admin path in the backend.

How Do I Know If My Website Is Hidden With Hide My WP Ghost?

Make sure you follow the setup instructions:

You can then use external WordPress detectors to verify if you are 100% hidden:

wordpress vulnerability detector


If the WordPress Detectors still find your website please contact us and we will check if there are some theme incompatibilities.


Is Hide My WP Ghost Hiding The wp-admin On Nginx Servers?

UPDATE! Since Hide My WP Ghost wp-admin can be hidden for Nginx servers. It will require a config update after you install the plugins.

Please read more details about How to configure Hide My WP Ghost for Nginx servers


For NGINX servers the wp-admin can’t be hidden because WordPress can’t use other admin paths to log in.

To prevent WordPress errors we only hide the wp-admin from users.

We work to hide that path too in the near future and we will notify you if we have some updates.

Hide your WordPress website from hackers using the most USER-FRIENDLY security plugin

7-Day Coupon Sale

Get Hide My WP Ghost for 1 Website with only $23.99.

Use coupon 1HIDEMYWP20