How Does WP Ghost Compare to WP Hide Security Enhancer?

Q: How does WP Ghost compare to WP Hide Security Enhancer?

WP Ghost is a superset of WP Hide. It includes all WP Hide features (path security, HTML cleanup) plus 7G/8G firewall, brute force protection, 2FA with passkeys, security headers, country blocking, activity logs, and more. Most users should use WP Ghost alone.

Q: Will WP Ghost and WP Hide conflict?

Yes, if both have path security enabled. Both plugins write rewrite rules and modify HTML output. Disable path security in one plugin to avoid conflicts.

Q: How do I migrate from WP Hide to WP Ghost?

Deactivate WP Hide first, activate WP Ghost, and configure your custom paths. WP Ghost covers all WP Hide paths plus additional ones like REST API, AJAX, and author paths.

Q: Is there anything WP Hide does that WP Ghost doesn't?

No. WP Ghost covers every path and HTML cleanup feature WP Hide offers, plus additional paths WP Hide doesn't support.

Q: Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and WordPress hooks. No core files modified. Deactivating restores all defaults.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

WP Ghost is a superset of WP Hide and Security Enhancer. Every feature WP Hide offers (path security and HTML cleanup) is included in WP Ghost, plus WP Ghost adds a 7G/8G firewall, brute force protection, two-factor authentication with passkeys, security headers, country blocking (Premium), IP blacklist/whitelist, text and URL mapping, activity logs, and email alerts. If you already have WP Hide, WP Ghost replaces it entirely. If you use both, disable path security in one to avoid conflicts.

Where the Plugins Overlap

Both WP Ghost and WP Hide are path security plugins at their core. They both change and hide WordPress paths (login, admin, wp-content, plugins, themes, uploads) and clean WordPress fingerprints from the HTML source (generator meta tags, version numbers). This overlap is nearly total. Both write rewrite rules to .htaccess and both modify HTML output to replace WordPress paths. Running both with path security enabled in each causes rule conflicts, broken URLs, and unpredictable behavior.

What WP Ghost Adds Beyond WP Hide

WP Hide focuses exclusively on path security and HTML cleanup. It does not include any features beyond hiding WordPress. WP Ghost provides the same path security plus a complete hack-prevention stack: the 7G/8G firewall blocks SQL injection, XSS, and other malicious patterns at the server level. Brute force protection limits login attempts with Math reCAPTCHA, Google reCAPTCHA V2/V3, and automatic IP blocking. Two-factor authentication supports authenticator apps, email codes, and passkeys (Face ID, Touch ID, Windows Hello). Security headers add HSTS, CSP, X-Frame-Options, and other browser-level protections. Country blocking restricts access by geographic region (Premium). Text, URL, and CDN mapping let you customize every detail of your source code. The User Events Log and Security Threats Log (Premium) give you visibility into both internal activity and external attacks.

Recommended Approach

For most users, the best approach is to use WP Ghost alone and deactivate WP Hide. WP Ghost covers everything WP Hide does and adds significantly more security layers. This avoids any risk of path rewrite conflicts and gives you a single plugin to configure and maintain.

If you prefer to keep WP Hide for path security and use WP Ghost only for its additional features, that also works. Disable all path security in WP Ghost (custom login, admin, wp-content, plugins, themes, uploads, REST API) and let WP Hide handle the path changes. Enable only WP Ghost features that WP Hide does not have: firewall, brute force, 2FA, security headers, country blocking, and activity logs. Do not enable path security in both plugins at the same time.

For the full configuration guide with a feature-by-feature comparison table, see the WP Ghost and WP Hide Security Enhancer compatibility tutorial.

Frequently Asked Questions

Will WP Ghost and WP Hide conflict?

Yes, if both have path security enabled simultaneously. Both plugins write rewrite rules to .htaccess and modify HTML output to replace WordPress paths. Having two plugins doing the same rewrite causes rule conflicts and broken URLs. Disable path security in one plugin and use it only for its unique features.

How do I migrate from WP Hide to WP Ghost?

Deactivate WP Hide first, then activate WP Ghost and configure your custom paths. WP Ghost has settings for all the same paths WP Hide covers (login, admin, wp-content, plugins, themes, uploads) plus additional paths WP Hide does not support (REST API, AJAX, lost password, register, logout, activation). After configuring, verify your site works and check the page source to confirm paths are updated.

Is there anything WP Hide does that WP Ghost doesn’t?

No. WP Ghost covers every path and HTML cleanup feature that WP Hide offers. WP Ghost also covers additional paths (REST API, AJAX, author, lost password, register, logout, activation) that WP Hide does not support.

Does WP Ghost modify WordPress core files?

No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks for application-level changes. No core files are modified. Deactivating WP Ghost restores all defaults instantly.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.