Will hiding plugins break any plugin functionality?

No. WP Ghost creates virtual paths through URL rewrite rules. Plugin files stay where WordPress expects them. All plugins work normally. Deactivating restores original paths.

Can I choose custom names instead of random codes?

Yes. Click Show Advanced Options after enabling Hide Plugin Names or Hide Theme Names. Select individual plugins or themes and assign custom names.

Does this work with WooCommerce and Elementor?

Yes. WP Ghost is fully compatible with WooCommerce, Elementor, Divi, Bricks, and all major page builders. All functionality works normally through custom paths.

Can WP Ghost Hide the Plugins and Theme You’re Using?

Q: Does this hide inactive plugins and themes too?

Yes, with the Hide All option enabled. Recommended because deactivated plugins and inactive themes can still be exploited through their default paths.

Q: Will this affect my SEO?

No. Path changes affect asset URLs only, not public page URLs. Search engines don't index plugin file paths.

Q: Does WP Ghost modify WordPress core files?

No. WP Ghost never touches, moves, or renames any file. All changes use URL rewrite rules. Deactivating restores all defaults.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost can hide both the plugins and the theme you’re using on your WordPress site. It changes the directory paths, replaces plugin and theme names with random codes, blocks access to the original paths, and even renames style.css so theme detectors have nothing to grab. Here’s how each layer works and how to set it up.

Why Should You Hide Your Plugins and Theme?

By default, WordPress exposes your plugin and theme names in the page source through paths like /wp-content/plugins/woocommerce/ and /wp-content/themes/flavor/style.css. Any bot, vulnerability scanner, or theme detector can read these paths and instantly know which plugins and theme you’re running, along with their versions from readme.txt files.

That information is a roadmap for attackers. They cross-reference your plugin names and versions against vulnerability databases to find known exploits. If they find a match, they can launch a targeted attack without any guessing. Hiding your plugins and theme removes this entire reconnaissance step from the attack chain.

How Do I Hide Plugin Names and Paths with WP Ghost?

WP Ghost gives you multiple layers of plugin hiding, all configured from the same settings page.

Go to WP Ghost > Change Paths > Plugins Security. You’ll find options to change the plugins directory path (so /wp-content/plugins/ becomes something custom), hide plugin names (replaces each plugin’s directory name with a random code), hide all plugins (covers both active and deactivated plugins), and hide the old plugins path (blocks direct access to the original /wp-content/plugins/ URL with a 404).

Enable all of these, click Save, and clear your cache. Where your source used to show /wp-content/plugins/woocommerce/assets/css/frontend.css, it now shows something like /custom-path/a8f3b2/assets/css/frontend.css. Scanners can’t identify the plugin.

For the full walkthrough with screenshots, see the change plugins path tutorial.

How Do I Hide My Theme Name and Path?

Theme hiding works the same way. Go to WP Ghost > Change Paths > Themes Security. You can change the themes directory path, hide theme names (replaces each theme directory with a random code), hide all themes (includes inactive themes whose files can still be exploited), hide the old themes path (blocks the original URL), and rename the theme style file (changes style.css to a custom name like main.css).

Renaming style.css is especially effective. Every theme detector specifically looks for this file because its header contains the theme name, version, and author in a standardized format. Rename it, and that detection method fails completely.

For the full walkthrough, see the change themes path tutorial.

Should I Also Hide WordPress Common Paths?

Yes. Hiding plugin and theme names is most effective when you also block access to the default WordPress directory structure. Go to WP Ghost > Change Paths > WP Core Security and enable Hide WordPress Common Paths. This ensures that requests to the old /wp-content/, /wp-includes/, and their sub-paths all return a 404 error.

You can also select which file extensions to block from the old paths. The most valuable ones to hide are PHP (blocks direct access to vulnerable files), JS (hides JavaScript that reveals plugin structure), and TXT (hides readme.txt files that expose plugin versions).

For complete path security covering every WordPress directory, follow the best practice guide.

How Do I Verify That Plugins and Theme Are Actually Hidden?

After saving your settings and clearing all caches, run a quick check. Open your site in a private browser window while logged out and view the page source. Search for your plugin names (like “woocommerce”, “elementor”, “contact-form-7”) and your theme name. If none appear, the hiding is working.

You can also go to WP Ghost > Security Check > Start Scan for an automated verification. The scanner confirms that paths are changed and old paths are blocked. For an external check, run your site through a real-time detector like wpthemedetector.com or whatwpthemeisthat.com. If they can’t identify your theme or plugins, you’re fully hidden.

Frequently Asked Questions

Will hiding plugins break any of my plugin functionality?

No. WP Ghost doesn’t physically move, rename, or modify any files. Plugin files stay in /wp-content/plugins/ exactly where WordPress expects them. WP Ghost creates virtual paths through URL rewrite rules. All plugins continue working normally. Deactivating WP Ghost restores all original paths instantly.

Does this hide inactive plugins and themes too?

Yes, if you enable the “Hide All” option for both plugins and themes. This is recommended because deactivated plugins and inactive themes can still be exploited. Their PHP files remain on the server and are accessible through the default path even when not active. If they have a known vulnerability, attackers can target them directly.

Can I choose custom names for individual plugins or themes instead of random codes?

Yes. After enabling Hide Plugin Names or Hide Theme Names, click Show Advanced Options. You’ll see a dropdown where you can select individual plugins or themes and assign custom names. This is useful for developers who need to identify specific assets in the source code while still hiding the real names from the public.

Does this work with WooCommerce and page builders like Elementor?

Yes. WP Ghost is fully compatible with WooCommerce, Elementor, Divi, Bricks, and all major page builders. WooCommerce templates that load from your theme directory use the new path automatically. All cart, checkout, product pages, and customer account functionality work normally through custom paths.

Will this affect my SEO?

No. Plugin and theme path changes affect asset URLs (CSS, JavaScript, images), not your public page URLs. Search engines don’t index or rank based on plugin file paths. Your content, sitemaps, canonical URLs, and meta data are all completely unaffected.

Does WP Ghost modify WordPress core files?

No. WP Ghost never touches, moves, or renames any file or folder on your server. All path changes are handled through URL rewrite rules and WordPress filters. Deactivating WP Ghost restores all original paths instantly.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.