For Kinsta NGINX Hosting, you need to be able to contact the host to add the hidemywp.conf in the nginx.conf file for your site.
We have customers who use Hide My WP Ghost with Kinsta hosting, but it does require you to contact support and for them to be willing to make the changes in the nginx.conf file.
We’ve tested BuddyBoss without any issue but not the App. We recommend letting the REST API path unchanged and NOT disable REST API access when you have remote access to WP REST API.
QUESTION: Let’s say an agency offers this premium plugin as part of the service being provided. Will your team be able to directly support this agency’s clients for any technical issues or other queries?
Whether you choose to install Hide My WP Ghost on your personal sites or a client’s site, YOU will be our customer and you will get support from us as long as you have an active subscription – for all sites connected to your account.
However, we don’t provide direct support for your agency’s clients.
With whitelabel, we also allow the option to customize the link that usually sends to our Knowledge Base (so that it doesn’t show our branding).
But you can choose to leave that as is, and provide access to our extended Knowledge Base as support to help your customers.
QUESTION: In case I sell my website does my Hide My WP Ghost licensing transfer to the new owner or does the new owner have to buy their own license?
It is possible to change the email address associated with your account. Therefore, you can change it so that it would be the email address of the new owner, if you want.
However, we don’t have a license transfer system.
Yes, support is included as long as you have an active subscription.
However, note that we only provide direct support to you, our customer. But we don’t provide direct support to your agency’s clients, in case you install Hide My WP Ghost on clients’ sites, for example.
We prioritize offering premium support, and we do our best to respond to all support requests as soon as possible (you can typically expect to receive a response within 24-48 hours – during business days).
In case you bought a plan with limited websites, it’s important to know this:
The number of websites associated with a plan refers to active installs (maximum numbers of sites on which you can use the plugin AT THE SAME TIME).
For example: if you get the Ghost 5 PLAN (5 websites), you can have Hide My WP Ghost installed on a maximum of 5 websites at the same time.
However, in case you later decide that you NO longer need to use the plugin on one of those websites, you will be able to remove that website from your account.
This will free up space for a new website.
Want unlimited sites? Then be sure to check out the Ghost ALL plan for Hide My WP Ghost. More details here >>
There won’t be any issues if, for any reason, you decide to stop using Hide My Ghost on your site.
All settings are reversible. When you Deactivate Hide My WP Ghost, all settings will revert and when you delete the plugin, it will be like it was never there in the first place.
Your site(s) will be returned to their exact state before Hide My WP Ghost was installed.
Question: Can I manage my client website by disabling the plugin in the future in a management portal? Or I need to log in to the client site and delete the plugin?
You can manage this from your cloud dashboard and disable access from the SaaS side of Hide My WP Ghost (the cloud app for it).
In the Connected Websites list from your Cloud account, where you see all connected sites, you can delete a site from the list. That will remove their access. There’s no need to log in to the clients’ websites to do this.
The plugin inside their WordPress will tell those customers they need to re-connect and they won’t be able to use it.
RELATED QUESTION: If we delete the website from the main dashboard (Cloud), what happens to the setting and configurations of the installed website? Are they are to retrieve back the same setting if they reactivate the license token? Or do they need to manually perform the import/export method to retain the existing configuration?
To retain an existing configuration – the user will need to use the Backup and Restore method.
Note! If the user didn’t delete the plugin: once the plugin is activated, the user will also see a message to Restore Settings in Hide My WP > Change Paths. If that message doesn’t appear, settings can be restored using Hide My WP > Backup / Restore.
For more details about whitelabel setup, please check out this resource >>
QUESTION: Is it possible to have custom footprints? You provide Joomla, Drupal, and some others, is it possible to make a custom one?
No, this is not possible. This is because CMS detectors know to look for specific headers to detect which CMS a site is using (which we add to simulate Joomla and Drupal).
It’s impossible to make a detector show a Custom generator if it doesn’t already exist in its database.
However, you can add a custom generator name if you hook the Hide My WP Ghost emulator field. This can be done if you add in the theme functions.php file this line:
add_filter('hmwp_emulate_cms', function(){
return 'Custom Generator';
});Note! Change the custom generator with a known CMS footprint so that the theme detectors can identify it.
No, Hide My WP Ghost doesn’t add any code into WordPress core files and it will rollback everything when you deactivate the plugin.
The rewrite rules are added in .htaccess file for Apache and will show you the rules you need to add on NGINX servers and Windows servers.
The clickjaking usually happens AFTER your website was hacked.
HMWP Ghost was created to protect your website and prevent script injection by hackers bots into vulnerable files.
To learn more about how Hide My WP Ghost helps you protect your WordPress site against hacker bots and spammers, check out the Features list here.
Hide My WP Ghost is compatible with most Apache server types.
For NGINX Servers, access to the nginx config file is needed to include the rewrite rules file from Hide My WP Ghost. So, in order to use Hide My WP Ghost, you need to have access to NGINX config file and access to restart the service.
Or, you need to be able to contact the host to add the path_to_file/hidemywp.conf file in NGINX and restart the service for you.
Yes, Hide My WP Ghost plugin works with SiteGround host.
As SiteGround is a combination of Nginx & Apache, the rules will be added in the .htaccess file and processed by SiteGround.
However, to hide the WordPress common paths to files like CSS, JS, TXT, and HTML, you need to switch off the Nginx caching option from SiteGroung website panel.
This will not affect the website speed but it will improve the security on your website especially if you’re using 7G firewall from Hide My WP Ghost
To change the File Permission and protect wp-config.php to 640, go to your SiteGround panel and access Website Tools > Site > File manager and right-click on wp-config.php file. Click to change the permissions and unselect Read All.
To change the User Permission in MySQL and protect the DB access, go to your SiteGround panel, access Website Tools > MySQL, and click on the user database connection. Click on the Manage Access icon in the popup window.
Select the custom access to MySQL and choose the required access for WordPress plugins like in the image below:
After you install and configure the Hide My WP Ghost on your SiteGroung website. Run a Security Check and see if the changed you made are correct.
Currently, the plugin is completely translated to Spanish and Romanian. (that’s in addition to English).
Also, we have plans to translate the plugin in more languages, as you can see on our Roadmap here >>
We are always looking to our customers to help us prioritize, so if you have a language you’d like to see Hide My WP Ghost translated to, we’d love to get your input.
Yes, you can use Hide My WP Ghost with the AppMySite plugin.
By default, for both Safe Mode and Ghost Mode, Hide My WP Ghost will leave the default wp-json as the custom wp-json Path.
When using Hide My WP Ghost with the AppMySite plugin, make sure NOT to change the REST API Path or disable the REST API access.
For more details on this, please check out this resource >>
The rewrite rules are added in .htaccess file for Apache Servers.
Rewrites happen when a browser accesses files and paths.
The files aren’t changed physically. We also add the security filters in .htaccess so no other config file is changed.
QUESTION: Will Hide My WP Ghost help my WP sites against all bots in general? I have a problem with my sites reaching the allowed inode quota due to bots. Will this be a solution for this issue?
Yes, once you change the common WordPress paths and hide them from bots, it will show a 404 error instead of loading the server resources.
What Hide My WP Ghost can’t stop are manually-triggered actions on your website, such as:
But it will stop the automated posts to the old wp-comments-post.php file.
You can use Hide My WP Ghost together with a plugin like Wordfence to boost your site’s security by enabling both proactive protection and website integrity protection.
Yes, Hide My WP Ghost has 7G Firewall protection for Apache-based servers.
7G Firewall is the most advanced firewall supported by Jeff Starr: https://perishablepress.com/7g-firewall/
The 7G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense.
Note! 7G Firewall may not work with all server configurations. Select minimal or medium protection for more compatibility.
To activate 7G Firewall in Hide My WP Ghost follow this tutorial:
https://hidemywpghost.com/kb/customize-paths-in-hide-my-wp-ghost/#firewall_script_injection
When activating either Safe Mode or Ghost Mode, you will be asked to perform a test (enables you to check website functionality from a preview popup).
If you notice any issues at this point, you can abort.
You will also receive a SAFE URL (it’s very important that you save this). This way, you will be able to simply copy the safe URL to be able to login if there is a compatibility issue.
You can learn more about this process here >>
Also read: How to Disable Hide My WP Ghost In Case Of an Error.
Yes, from Tweaks > Disable Options
To reach the Disable options available in Hide My WP Ghost, navigate to Hide My WP > Tweaks > Disable Options. There is where you will find the Disable Inspect Element option.
By activating this option, Hide My WP Ghost will disable the key combination that shows the Inspect Element on your website.
To learn more about the Disable Options that Hide My WP Ghost currently provides, please check out this resource >>
Events Logs will be saved on our Cloud Servers for 30 days, and you can always export the logs directly from the cloud in an Excel format.
Information-wise, what you see in the User Events Log (in the cloud) is the same as what you see in the Events Log report (inside the plugin).
We don’t store the logs longer than 30 days and there is nothing saved in the user’s database.
Question: When linking to PDFs and other documents in wp-content/uploads, does the plugin rewrite links on the front-end, or would we update buttons and things that link to files with aliases that the plugin creates?
When you make the settings for the uploaded documents, the plugin will rewrite the paths to the PDFs. The change will be made automatically and all your buttons will work and send to the re-written path:
https://www.florinmuresan.com/florinhasfile/2021/10/Speed$%#@#$.pdf << it will look like this.
Just added those characters to hide the actual pdf file. It now uses the florinshasfile instead of the common upload path.
The Backup & Restore feature in the Hide My WP Ghost plugin offers you a convenient way to preserve your security configurations. With this feature, you can save your customized setup, making it possible to effortlessly restore it at any time.
Imagine you’ve configured a security setup that you find absolutely perfect. Instead of worrying about remembering every detail, you can create a backup of this setup. This way, you’ll always be assured of restoring it whenever you need it.
But that’s not all! Many of our clients also use the Backup and Restore feature in the following manner:
This approach offers a remarkably simple way to replicate your favorite settings across multiple sites. Picture effortlessly maintaining your preferred configurations on a multitude of websites, perhaps even on a scale of 100 sites or more. With the Backup & Restore feature, it’s a breeze!
No, WordPress Migration Plugins don’t get affected, because the files themselves remain the same.
Rewrites happen when a browser accesses files and paths.
The files aren’t changed physically.
Most of the compatibility concern is around Cache plugins, and that’s why we’ve worked hard to make many of them compatible with Hide My WP Ghost.
You can check out the list of plugins Hide My WP Ghost is compatible with here >>
We’ve tested Hide My WP Ghost with over 1,000 plugins and themes so far, and we are always working to increase the list of plugins and themes that Hide My WP Ghost is compatible with.
We are open to testing Hide My WP Ghost with more tools. And if you encounter any compatibility issues, you can reach out to our support team and we’ll do our best to help and find a solution.
We focused on making the plugin as easy to use as possible.
No coding skills or advanced technical knowledge are required to be able to use this WordPress plugin to enhance the security of your site.
Furthermore, you can choose from pre-built security levels and configure the plugin with just one click.
We are very excited to see that the majority of those who reviewed our plugin mentioned that they found it to be extremely user-friendly and intuitive.
That said, HMWP Ghost is indeed a complex plugin, which is why we made sure to provide access to lots of knowledge support and guidance to help you easily set up HMWP Ghost for your site.
There are already many helpful resources (articles, tutorials, how-tos) that you can access right from the plugin so that you always know how to use every feature.
But we’re constantly working to create more resources (including videos) to serve this purpose.
We are always striving to make HMWP Ghost easier to use and any feedback we receive helps us in this regard.
Question: I already have Sucuri Security Pro. Is it still worth getting this plugin? Will there be conflicts & problems? Would this add to my Sucuri Security experience?
Hide My WP Ghost will complement Sucuri by offering an extra layer of protection that the other doesn’t offer.
With Hide My WP Ghost you prevent attacks from happening, by hiding vulnerabilities in:
Hackers and hacker bots can’t attack what they can’t find.
It does a bit more, as you will see on the Features list >>
This offers an extra layer of protection that you don’t get from other plugins, because those focus on helping you while you are attacked and after you were attacked, by cleaning files, detecting malware, injections etc.
With Hide My WP Ghost, you can avoid getting injections in the first place.
Even if both plugins are considered WordPress Security plugins, Sucuri Security and Hide My WP Ghost work together to add TWO DIFFERENT KINDS of security layers on your websites by stopping the hackers’ attacks and preventing data loss.
You can learn more about using Hide My WP Ghost with Sucuri here >>
Compared to the one on Code Canyon, Hide My WP Ghost:
Plus, at the time of us writing this, they are not compatible with many of the plugins and servers on our compatibility list.
We are continuously working to make Hide My WP Ghost the best it can be. If you want to know what we are currently working on, check out our Roadmap here >>
Hide My WP Ghost and Wp Hide & security enhancer have similar features, but a lot of users switch over to us, because the other plugin is way too hard to use, slows down the site, and it feels too geeky for our userbase.
That said, it’s important to mention that we don’t intend to replace the other security plugins out there. Our purpose is to add an extra layer of protection (not available in the others), in order to prevent hacking attempts.
RELATED: Hide My WP Ghost Security Features
Being the most popular CMS on the internet, WordPress is also the most hacked.
Hide My WP Ghost helps you go undetected by hacker bots and prevent WordPress vulnerability exploitation (this targets multiple areas in WordPress that expose your site to attacks; more on this here).
Other security tools focus on malware scanning and fixing files that were already infected.
With Hide My WP Ghost, we focus on hiding the paths that hacker bots use to gain access or inject scripts. Hackers and hacker bots can’t attack what they can’t find, so this will automatically increase the level of protection of any WP site.
Hide My WP Ghost also offers security reports and the option to set email alerts. This helps you uncover urgent vulnerabilities and fix security threats before they become a problem.
You can learn more about all the features that Hide My WP Ghost provides to help protect your WordPress site against hacker bots and spammers here >>
Wouldn’t it be nice to know you can quit being stressed about updating all the old plugins on all the old sites you’ve worked on?
With Hide My WP Ghost, you won’t care if the other plugins in the site don’t get security patches, because hackers won’t even be able to find them and access their vulnerabilities.