How Do I Make My WordPress Site Invisible?

Q: Will hiding my site from search engines affect my SEO once I launch?

Only if you forget to uncheck the noindex setting before launch. WP Ghost path changes do not affect SEO. Search engines follow custom paths normally.

Q: Can I use WP Ghost during development even if my site isn't live yet?

Yes. Install WP Ghost early. Bots start scanning new domains within hours. Installing from day one means you never have an unprotected window.

Q: Will WP Ghost hide my site from Google?

No. WP Ghost hides the fact your site uses WordPress, not the site itself. Google can still crawl and index your pages normally.

Q: Can I also block AI crawlers from scraping my content?

Yes. WP Ghost includes a Block AI Crawler Bots toggle that blocks GPTBot, ClaudeBot, PerplexityBot, and 30+ other AI crawlers at the firewall level without affecting regular search engine indexing.

Q: Does WP Ghost work alongside other security plugins?

Yes. WP Ghost complements tools like Wordfence, Solid Security, and Sucuri. It handles hack prevention while other tools handle scanning and monitoring.

“Making your WordPress site invisible” can mean two different things: hiding the site from visitors while you build it, or hiding the fact that it runs on WordPress so bots and scanners can’t target it. This guide covers both, step by step, so you can keep your site private during development and protected from automated attacks once it’s live.

How Do I Hide My WordPress Site While It’s Under Construction?

If your site isn’t ready for visitors yet, you want to show a placeholder page to the public while you work behind the scenes. There are two parts to this: blocking human visitors from seeing unfinished content and telling search engines not to index your site.

Use a Maintenance Mode Plugin

Install a free maintenance mode or “coming soon” plugin from the WordPress directory. Plugins like SeedProd, WP Maintenance Mode, or LightStart let you display a branded placeholder page to all visitors while you continue working in the admin dashboard. Only logged-in administrators see the actual site.

This is the cleanest approach for development-phase hiding. It keeps the public out without affecting your ability to build pages, install plugins, and test functionality.

Enable Noindex to Block Search Engine Indexing

While you’re building, you don’t want Google crawling and indexing half-finished pages. Go to Settings > Reading in your WordPress dashboard and check the box that says “Discourage search engines from indexing this site.” This adds a noindex tag to every page, telling search engines not to crawl or index your content.

Remember to uncheck this setting when your site is ready to launch. Forgetting this step is one of the most common reasons new sites don’t appear in Google.

How Do I Make My WordPress Site Invisible to Bots and Scanners?

This is where WP Ghost comes in. “Invisible” in this context means hiding the fact that your site runs on WordPress, so automated bots, vulnerability scanners, and theme detectors can’t identify your CMS or exploit known WordPress paths.

WordPress has a predictable structure. Every site uses the same paths: /wp-admin/, /wp-login.php, /wp-content/, /wp-includes/. Bots scan thousands of sites per hour probing these exact URLs. If they find them, they know your CMS, your plugins, your theme, and often your exact versions. From there, they look up known vulnerabilities and attack.

WP Ghost changes all of these paths so bots find nothing. Here’s how to set it up:

Step 1 – Activate a Security Level

Go to WP Ghost > Change Paths > Level of Security. Select Safe Mode for basic path changes, or Ghost Mode for maximum protection. Click Continue to load the predefined custom paths. Ghost Mode changes all core paths automatically and is the recommended choice for sites that want to be fully invisible to detectors.

Step 2 – Customize Paths (Optional)

WP Ghost fills in random path names for you automatically. You can keep the defaults or customize them. The key paths to change include wp-content, wp-includes, wp-admin, wp-login, plugins, themes, and uploads. Make sure each path has a unique name. After customizing, bookmark your new login URL so you don’t lose access.

Step 3 – Hide Old Paths and Enable the Firewall

Changing paths creates new URLs, but the old ones might still respond. Enable Hide WordPress Common Paths to return a 404 on the original paths. Then go to WP Ghost > Firewall and activate the 8G Firewall to block SQL injection, script injection, and other common attacks at the server level.

You can also enable Block Theme Detectors Crawlers and Block AI Crawler Bots from the Firewall page to stop detection services and AI scraping bots from accessing your site entirely.

Step 4 – Run a Security Check

Go to WP Ghost > Security Check > Start Scan. The scanner verifies that your paths are changed, old paths are hidden, and your site passes all security tasks. Use the “Fix it” buttons for any remaining issues.

Step 5 – Test with External Detectors

After configuring, test your site with real-time detection tools to verify you’re actually invisible. Use sites like wpthemedetector.com, whatwpthemeisthat.com, or whatcms.org. If WP Ghost is configured correctly, these tools won’t be able to identify WordPress, your theme, or your plugins.

For the complete hiding checklist covering every signal detectors look for, see the hide from theme detectors guide.

Can I Also Block AI Crawlers from Scraping My Content?

Yes. WP Ghost includes a dedicated Block AI Crawler Bots toggle in the Firewall settings. When enabled, it blocks GPTBot, ClaudeBot, PerplexityBot, CCBot, Bytespider, and over 30 other known AI training crawlers at the server level. It also automatically adds the corresponding Disallow rules to your robots.txt file.

This protects your content from being harvested for AI model training. It does not affect regular search engine indexing (Google, Bing, Yahoo), so your SEO remains unaffected. Only enable this if you want to prevent AI companies from using your content. If you benefit from appearing in AI search answers, you may want to leave some crawlers allowed.

What’s the Difference Between Hiding During Development and Hiding from Bots?

These are two separate goals, and you can (and should) do both at the same time during development:

A maintenance mode plugin hides your unfinished content from human visitors by showing a placeholder page. It doesn’t protect against bots or scanners, and it doesn’t hide your WordPress fingerprint.

WP Ghost hides your WordPress identity from automated bots, vulnerability scanners, and theme detectors. It protects your site’s security by removing the attack surface that WordPress creates with its predictable paths and file structure.

For maximum protection during development, use both: maintenance mode for human visitors, and WP Ghost for bot-level invisibility. Once your site launches, remove the maintenance plugin but keep WP Ghost active permanently.

Frequently Asked Questions

Will hiding my site from search engines affect my SEO once I launch?

Only if you forget to uncheck the noindex setting. Before launch, go to Settings > Reading and make sure “Discourage search engines from indexing this site” is unchecked. WP Ghost’s path changes do not affect SEO at all. Search engines follow the new custom paths just like visitors do, and your pages, posts, sitemaps, and media continue working normally.

Can I use WP Ghost during development even if my site isn’t live yet?

Yes. You should install WP Ghost early, even during development. Bots start scanning new domains within hours of going online. If your site is accessible on a public URL (even without traffic), it’s being probed. Installing WP Ghost from day one means you never have an unprotected window.

Does WP Ghost work on staging and local development sites?

Yes. WP Ghost works on any WordPress installation, including staging environments and local setups. On local development, the security benefits are minimal since the site isn’t publicly accessible, but it’s useful for testing your configuration before deploying to production.

Will WP Ghost hide my site from Google?

No. WP Ghost hides the fact that your site uses WordPress, not the site itself. Google, Bing, and other search engines can still crawl, index, and rank your pages normally. Your content, URLs, sitemaps, and meta tags are all unaffected. WP Ghost targets bots that scan for WordPress-specific vulnerabilities, not legitimate search engine crawlers.

Does WP Ghost work alongside other security plugins?

Yes. WP Ghost is designed to complement other security tools. You can run it together with Wordfence, Solid Security, Sucuri, or your hosting’s built-in firewall. WP Ghost handles the hack prevention layer (path security, firewall, brute force), while other tools handle scanning and monitoring.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses server rewrite rules and WordPress filters to change paths and block threats at runtime. No core files, theme files, or plugin files are modified, moved, or renamed. Deactivating WP Ghost restores all default WordPress paths instantly.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.