Is Solid Security the same as iThemes Security?

Yes. iThemes Security was renamed to Solid Security in November 2023 as part of the SolidWP brand. WP Ghost is compatible with both the old and current branding.

Can I Use WP Ghost with iThemes Security (Solid Security)?

Q: Can I use WP Ghost with iThemes Security (Solid Security)?

Yes. WP Ghost and Solid Security are fully compatible. WP Ghost handles path security and firewall. Solid Security handles hardening, password policies, and file detection. Disable overlapping features like custom login URL and brute force in one plugin.

Q: Which plugin should handle the custom login path?

WP Ghost. Its path security is more comprehensive than Solid Security's Hide Backend feature. Disable Hide Backend in Solid Security and configure the login path in WP Ghost.

Q: Can WP Ghost replace Solid Security entirely?

For most sites, yes. WP Ghost includes 115+ free features. Solid Security adds password policies and file change detection that WP Ghost doesn't include. Keep both if you need those features.

Q: Does WP Ghost modify WordPress core files?

No. Rewrite rules and WordPress filters only. Solid Security's file change detection will not flag WP Ghost.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost is fully compatible with Solid Security (formerly iThemes Security). The two plugins complement each other: Solid Security focuses on WordPress hardening, password policies, and file monitoring. WP Ghost focuses on attack surface reduction by changing WordPress paths and adding firewall rules. Running both gives you defense in depth, as long as you avoid enabling the same feature in both plugins.

What Solid Security Provides

Solid Security (renamed from iThemes Security in November 2023 as part of the SolidWP brand) is a well-established WordPress security plugin. Its core strengths are WordPress hardening (enforce strong passwords, change database prefix, disable file editing), the Hide Backend feature (changes the login URL), two-factor authentication, file change detection, password requirements, and a guided onboarding experience. Solid Security Pro adds malware scanning, user logging, and passwordless login.

What WP Ghost Adds

WP Ghost covers areas that Solid Security does not: full path security for over 30 WordPress paths (not just the login URL), the 7G/8G firewall that blocks SQL injection and XSS at the server level, individual plugin and theme name randomization, CMS simulation (fake Drupal or Joomla fingerprints), security headers (HSTS, CSP, X-Frame-Options), text and URL mapping for complete fingerprint removal, country blocking (Premium), and 2FA with passkeys (Face ID, Touch ID, Windows Hello). These features focus on preventing bots from discovering your WordPress structure, which is a layer that Solid Security’s approach does not cover.

Recommended Configuration

The two plugins overlap on a few features. Configure them so each handles complementary tasks.

Let WP Ghost handle: custom login path (more comprehensive than Solid Security’s Hide Backend), 7G/8G firewall, all path security (plugins, themes, wp-content, wp-includes, REST API, uploads), brute force protection, 2FA (WP Ghost offers passkeys which Solid Security does not include in the free version), and security headers.

Let Solid Security handle: password policies and enforcement, file change detection, database prefix changes, and any SolidWP-specific integrations.

Disable in one plugin: custom login URL (disable Hide Backend in Solid Security, use WP Ghost instead), brute force/login limiting (enable in one only), and 2FA (pick one to avoid double prompts). If Solid Security has its Hide Backend feature enabled, disable it and configure the login path in WP Ghost instead to avoid redirect conflicts.

For the full step-by-step configuration guide, see the WP Ghost and Solid Security compatibility tutorial.

Passwordless Login Compatibility

Solid Security Pro includes a passwordless login feature. WP Ghost is compatible with it. After enabling passwordless login in Solid Security, test the login flow in a different browser or incognito window to confirm everything works with WP Ghost’s path changes active. If the passwordless link does not work after changing the login path, make sure the link points to the custom login URL and not the default /wp-login.php. Clear all cache after making path changes.

Frequently Asked Questions

Is this the same plugin as iThemes Security?

Yes. iThemes Security was renamed to Solid Security in November 2023 when it became part of the SolidWP brand. WP Ghost is compatible with both the old and current branding. The plugin slug remains better-wp-security.

Which plugin should handle the custom login path?

WP Ghost. Its path security operates at the server rewrite level, covers more paths than Solid Security’s Hide Backend feature, and pairs with brute force protection and 2FA for a complete login security setup. Disable Hide Backend in Solid Security and configure the login path in WP Ghost.

Can WP Ghost replace Solid Security entirely?

For most sites, yes. WP Ghost includes 115+ free features covering path security, firewall, brute force, 2FA with passkeys, and security headers. Solid Security adds password policies and file change detection that WP Ghost does not include. If you need those specific features, keep both. If your focus is hack prevention, WP Ghost alone is sufficient.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and WordPress filters. No core files are modified. Solid Security’s file change detection will not flag WP Ghost as a modification.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.