Hide My WP Ghost is more complex in terms of the security features it offers.
Being the most popular CMS on the internet, WordPress is also the most hacked. Hide My WP Ghost helps you go undetected by hacker bots and prevent WordPress vulnerability exploitation (this targets multiple areas in WordPress that expose your site to attacks; more on this here)
Plus, Hide My WP Ghost allows you to monitor security level and uncover and fix security threats before they become a problem.
That said, it’s important to mention that our purpose is not to replace other security tools but to add an extra layer of protection (not available in the others), in order to prevent hacking attempts.
Instead of focusing on fixing files that were already infected, we focus on hiding the paths that hacker bots use to gain access or inject scripts.
Hackers and hacker bots can’t attack what they can’t find, so this will automatically increase the level of protection of any WordPress site.
How does Hide My WP Ghost compare to Clearfy?
Based on a quick research:
There are several features that Hide My WP Ghost and Clearfy both offer, such as:
enabling you to hide the login page
giving you the ability to hide your WordPress footprint (not exactly sure HOW clearfy does this, as we haven’t got the chance to test it).
Another thing that we noticed is that, at the time of us writing this, Clearfy has a lot of coming soon features that Hide My WP Ghost already offers, like:
option to set a limit of login attempts
option to block ip address to control upcoming traffic
security recommendations allowing you to protect your website from attacks.
What other security plugin do you recommend using alongside Hide My WP Ghost?
Hide My WP Ghost is not meant to be an all in one security plugin, and we don’t intend to replace the other security plugins out there. Our purpose is to add an extra layer of protection (not available in the others), in order to prevent hacking attempts.
You can use HMWP Ghost with the security plugin you already use on your website or you can install a free plugin like Wordfence, iThemes, or Shield Security.
Hide My WP Ghost will complement those tools by offering an extra layer ofprotection that the others don’t offer.
With Hide My WP Ghost, we focus on hiding the paths that hacker bots use to gain access or inject scripts. Hackers and hacker bots can’t attack what they can’t see/find.
With Hide My WP Ghost you prevent attacks from happening, by hiding vulnerabilities in themes, WP core and plugins.
Other security tools focus on different things, such as malware scanning and fixing files that were already infected.
Using HMWP Ghost is a prevention method not a cure method.
So we recommend using Hide My WP Ghost alongside other security plugins that focus on that for increased protection.
We have many clients using Hide My WP Ghost alongside tools such as:
If you have file cleaners / malware removal, etc. from your hosting company, then you may not need to pair Hide My WP Ghost up with another security plugin. Otherwise, we recommend that you use something like WP Cerber, WordFence, or others.
Does Hide My WP Ghost complement, overlap, or replace other security tools like VirusDie, Wordfence, Sucuri?
Hide My WP Ghost will complement them by offering an extra layer of protection that the others don’t offer.
With Hide My WP Ghost you prevent attacks from happening, by hiding vulnerabilities in:
themes,
WP core,
and plugins.
Hackers and hacker bots can’t attack what they can’t find.
This offers an extra layer of protection that you don’t get from other plugins and security tools, because those focus on helping you while you are attacked and after you were attacked, by cleaning files, detecting malware, injections etc.
With Hide My WP Ghost you can avoid getting injections in the first place.
How extensive is the monitoring of hacking attempts in Hide My WP Ghost?
With Hide My WP Ghost, you have access to the Events Log Report which includes events that take place on your login page.
Hide My WP Ghost will track user login sessions and report on both successful and failed login attempts.
How does Hide My WP Ghost compare to Wordfence? Can they be used together?
Hide My WP Ghost adds an extra layer of security to what Wordfence does and they are compatible.
Hide My WP Ghost is not meant to replace Wordfence but to add extra security.
We don’t intend to replace the other security plugins out there. Our purpose is to add an extra layer of protection (not available in the others), in order to prevent hacking attempts. Hide My WP Ghost will complement Wordfence by offering an extra layer of protection that the other doesn’t offer.
With Hide My WP Ghost you prevent attacks from happening, by hiding vulnerabilities in themes, WP core and plugins. Hackers and hacker bots can’t attack what they can’t find.
This offers an extra layer of protection that you don’t get from other plugins, because those focus on helping you while you are attacked and after you were attacked, by cleaning files, detecting malware, injections etc.
With Hide My WP Ghost you can avoid getting injections in the first place.
Even if both plugins are considered WordPress Security plugins, Wordfence and Hide My WP Ghost work together to add TWO DIFFERENT KINDS of security layers on your websites by stopping the hackers’ attacks and preventing data loss.
Hide My WP Ghost and Wordfence can be used together for increased protection, as they complement each other.
To learn more about the advantages of using the two plugins together and the settings we recommend activating when using Hide My WP Ghost alongside Wordfence, check out this resource >>
Will Hide My WP Ghost protect my site against signup spammers / spam signups?
We didn’t specifically build Hide My WP Ghost for that. However it will help stop the spam sign ups.
About the extra layer of security provided by Hide My WP Ghost:
With Hide My WP Ghost, you prevent attacks from happening, by hiding vulnerabilities in themes, WP core and plugins. Hackers and hacker bots can’t attack what they can’t find. It does a bit more, as you can see on the Features list.
This offers an extra layer of protection that you don’t get from other plugins, because those focus on helping you while you are attacked and after you were attacked, by cleaning files, detecting malware, injections etc.
With Hide My WP Ghost you can avoid getting injections in the first place.
For protection against spam signups, spam submissions, and fake account creation:
changing the signup paths using Hide My WP Ghost will make those spam bots stop because they won’t find where to sign up anymore;
changing the register path helps you prevent spam emails with new user requests;
you can also activate Brute Force protection using Hide My WP Ghost.
To learn more about other features that HMWP Ghost provides to protect your site against hacker bots and spammers, please check out this resource.
How customizable is Hide My WP Ghost? Can I turn settings on or off depending on my needs?
Hide My WP Ghost is highly-customizable, and you can turn settings and features OFF or ON based on your needs and preferences, which gives you a lot of control.
You can customize your security setup and easily turn features on or off – directly from the Overview panel.
You can also further customize the settings for each individual feature. Be sure to check out some of the videos from the article below to get a better sense of just how much freedom HMWP Ghost gives you when it comes to customizing settings:
Hide My WP Ghost is extremely lightweight and will NOT slow your website down.
Loading times are very good, as you can see from the image with the SPEED BONUS below.
We have tested Hide My WP Ghost on many websites and we even noticed a slight improvement when it comes to loading speed.
You can also look in the comments section of this YouTube video here for the comment regarding speed.
The creator of the video shared his numbers, if you’re curious to have a look.
There are just a couple of settings inside Hide My WP Ghost that can slow the site. These settings are NOT active by default. Plus, we offer warnings, so that people will know that playing with those settings will have an impact on this.
But that’s only for those who want to use it hard core for footprint removal, instead of using it for security.
Why should I use Hide My WP Ghost if I’ve implemented an 2FA Plugin?
Even if you’ve implemented an 2FA plugin, the vulnerable paths will still be there, which means script injections can still happen.
With Hide My WP Ghost, you prevent attacks from happening, by hiding vulnerabilities in themes, WP core, and plugins. Hackers and hacker bots can’t attack what they can’t find.
It does a bit more, as you will see on the Features list.
This offers an extra layer of protection that you don’t get from other plugins, because those focus on helping you while you are attacked and after you were attacked, by cleaning files, detecting malware, injections etc.
With Hide My WP Ghost you can avoid getting injections in the first place.
Is the CDN Server included or do I have to buy my own CDN Server to use the CDN Mapping?
Hide My WP Ghost is not a CDN provider.
The CDN URL Mapping feature is extremely useful when you already use a CDN plugin for your website and want to change the WordPress common paths for the CDN domain too.
Hide My WP Ghost integrates with the most popular CDN plugins.
How can using Hide My WP Ghost increase site speed?
Hide My WP Ghost enables you to activate certain settings that can improve site speed.
For example:
the Hide Emojicons option. (If you don’t use them on your website, you don’t need to load them. Another reason to disable Emojicons is for speed optimization.) More about this here.
The Disable Embed scripts option.
oEmbed allows users to embed YouTube videos, tweets, and many other resources on their sites simply by pasting a URL, which WordPress then automatically converts into an embed (also provides a live preview inside the visual editor).
Most of the themes already include this option, so you don’t need to load these scripts anymore.
Another reason to disable oEmbed scripts is for speed optimization. You will notice a significant improvement in your page loading times when these libraries are NOT loaded.
Can I use Hide My WP Ghost with iThemes Security?
Yes, you can use Hide My WP Ghost with iThemes Security.
The plugin is compatible with iThemes Security. We have many customers who use them together, as they complement each other.
Even if both plugins are considered WordPress Security plugins, iThemes Security and Hide My WP Ghostwork together to add security layers on your websites by stopping the hackers’ attacks and preventing data loss.
RELATED QUESTION: We use the passwordless login from iThemes and I can’t jeopardize anything conflicting with it. Please advise?
Based on our tests, we don’t anticipate any conflicts. We recommend testing with a different browser after activating the passwordless option from iThemes.
Can Hide My WP Ghost replace iThemes Security?
We don’t intend to replace the other security plugins out there.
Our purpose is to add an extra layer of protection (not available in the others), in order to prevent hacking attempts.
Hide My WP Ghost is compatible with iThemes Security and we recommend using them both for increased website protection.
We have many customers who use them together successfully, as they complement each other.
So, if you are already using the iThemes plugin, we don’t recommend replacing it, as it has many complementary features that do a great job protecting your website.
Check out the resource linked below to see what features to activate in HMWP Ghost while using it together with the iThemes plugin.
Hide My WP Ghost adds an extra layer of security to what iThemes does and they are compatible. It’s not meant to overlap with iThemes but to add extra security.
Check out this video to learn more about why these plugins are very different from one another and why WordFence, Sucuri, iThemes will not offer the extra security layer that Hide My WP Ghost provides.
If I use HMWP Ghost on clients’sites, will they be asked to add a token?
If you have the Hide My WP Ghost White Label, the plugin will automatically connect to your account and the client will not be asked to add a token.
The token is required to identify the website and license.
Without the token, the plugin doesn’t work. Once you delete the website from your account, the token will be deleted from the client’s website and he will need to add a different license token.
Will Hide My WP Ghost replace the sitemap created by SEO Plugins?
Question: Suppose I install Hide My WP Ghost and change SEO plugin-created sitemap. And also change in google search console. So what if I create another sitemap in my SEO plugin? Do I have to hide the sitemap path again in my SEO plugin and Google Search Console as well?
Hide My WP Ghost doesn’t replace the sitemap created by the SEO Plugins.
With Hide My WP Ghost Sitemap feature activated, all the images paths will be changed and any style that leads to the plugin author inside the sitemap will be removed.
This way, the sitemap will be clean for Google Search Console.
Can I use Hide My WP Ghost with Cloudflare?
Yes, you can use Hide My WP Ghost with Cloudflare without any issues.
There is a feature in place to make Hide My WP Ghost work with CDNs.
Yes, if you disable brute force protection and the alerts, then it is. Because it won’t gather any data about IPs or which user does what on the WordPress site.
And you will still benefit from all the other amazing security features that Hide My WP Ghost provides to help protect your WordPress site against hacker bots and spammers.
How does HMWP Ghost affect the existing assets that Google may have indexed (media files like images or linked pdfs)?
Question: How does Hide My WP Ghost affect all the existing assets that Google may have indexed, in particular media files like images or linked pdf, etc?
Hide My WP Ghost does NOT affect that, because we made image files and PDFs still be accessible via wp-content.
It was important to make it this way:
for SEO
for Cache plugins
The new images that will be uploaded will go on the new custom path.
Images and PDFs are not the vulnerable / attacked files, so it was better to do this, in order to ensure SEO and good caching.
However, if a user DOES want all the old images and PDFs on the new custom path, they can reach out to support.
There is a special setting that can be activated, but we’ve hidden that to protect users.
The most important types of files to hide can be hidden without the special setting.
Will using Hide My WP Ghost impact my SEO / Rankings?
No, using Hide My WP Ghost will have NO impact on your SEO and won’t influence your SEO rankings, because you will have the same public-facing URLs inside your site.
Schema, meta data, Open Graph, Twitter Cards, etc. will be kept the same inside your site’s source code.
All the images can still be accessed by Google via the old paths so that the indexation of the new paths will not be affected in any way.
HMWP Ghost doesn’t change/affect the things that play a role in how high you rank on Google (JSON-LD, schemas, Open Graphs, Twitter Cards, meta Title, meta descriptions, etc.) as they are un-related to having WordPress.
Therefore, using Hide My WP Ghost does NOT impact/influence your SEO rankings.
Furthermore, Hide My WP Ghost has compatibilities with all SEO plugins.
Can Hide My WP Ghost prevent spam messages that come through my contact forms?
For comment spam: you can use Hide My WP Ghost to hide: wp-comments-post.php.
Note! Hiding the file wp-comments-post.php will NOT stop the people who fill in the comment forms on your site and send you spam comments.
To completely stop spam comments, we recommend also installing a dedicated Anti-Spam plugin which has a database of spam emails and messages.
^^ Those were related to measures against automatic spam.
We also help against spammers who find your site has Elementor (for example) or WordPress and then spam you based on knowing that info. They think they are “targeting” you that way and that you’ll be interested in their offers.
However, strictly for contact form spam: we don’t currently offer a feature inside Hide My WP Ghost against that.
HMWP Ghost was made mostly for blocking the access of bots to the login, admin, and vulnerable themes/plugins.
It also stops the bots submission on the wp-comments-posts.php path but does not stop the comments made through the form submission.
For this, we recommend using a dedicated plugin such as AntiSpam Bee.
Do I still need Hide My WP Ghost if I already have server side protection?
Yes, you can still benefit from using Hide My WP Ghost, even if you already have server side protection.
Here’s why:
Server side protection is great for stopping all sorts of DDOS and similar attacks.
Now, on the application side (WordPress) – its information is exposed.
People can easily find out you are using WordPress as your CMS (Content Management System) and start to poke the common points of XSS entries, such as RSD, WP-JSON, and similar entry points.
They will also predict which vulnerable plugin paths you have, so they can try cross scripting on those plugins.
So you should use Hide My WP Ghost to completely block out those easy to guess information (together with brute force and limit login attempts).
This way, your WP application side is protected without having the bloat on it.
And gain peace of mind knowing both Server and Application are well protected.
Your best security stack:
Server Side: Protected and Hardened with Malware detection, etc.
Application side (WP): use Hide My WP Ghost to complete the story.
Can Hide My WP Ghost be used as a stand-alone security plugin?
Question: Can Hide My WP Ghost be used as a stand-alone security plugin? Is using it sufficient for protecting my WordPress site or should I also use it together with other plugins like wordfence?
Hide My WP Ghost can be used as a stand-alone security plugin IF your hosting service already provides backups, file cleaning, malware detection, etc. In this case, you only need to install Hide My WP Ghost for attack prevention.
So, if you have file cleaners / malware removal, etc. from your hosting company, then you may don’t need to pair this up with another security plugin. With a good hosting provider, you are protected and hardened on the server side.
And then you can just protect WP login and directories using HMWP Ghost on the application side.
Otherwise, if you DON’T have file cleaners / malware removal, etc. from your hosting company, we recommend that you use something like WP Cerber, WordFence, or others.
With Hide My WP Ghost you prevent attacks from happening in the first place. Hackers and hacker bots can’t attack what they can’t find.
There are many vulnerabilities in WordPress itself, in themes and plugins. It’s still good to have features to scan for infected files, though: through things like iThemes security or server-side features from hosts that offer those.
It’s important to mention that Hide My WP Ghost is not meant to be an all in one security plugin, and we don’t intend to replace the other security plugins out there.
Our purpose is to add an extra layer of protection (not available in the others), in order to prevent hacking attempts.
Other tools focus on malware scanning and fixing files that were already infected, we focus on hiding the paths that hacker bots use to gain access or inject scripts.
So, HMWP Ghost is a prevention method NOT a cure method.
Hide My WP Ghost is compatible with other popular security tools and plugins, and we have clients using it alongside tools such as:
Wordfence,
iThemes,
Shield Security,
Sucuri Security,
and WP Cerber Security.
Will I be able to see all edits and settings changes made by users using Activity Logs?
By activating Log User Events, you can find out exactly who does what on your WordPress website:
Find out if someone is trying to hack your site.
Know when a post was deleted, and who deleted it.
Know when a plugin was activated/deactivated, and who did it.
Track your freelancers’ or hired developer’s activities.
Track your multiple blog authors’ activities.
Track who has logged in, when, and with what IP address.
View successful and failed login attempts. Track which IP address is targeting your login page.
Track which themes, plugins, and core files are updated by which user.
All this data will show in the Events Log Report that can be accessed at Hide My WP > Log Events > Events Log Report. Can be set according to user roles.
Can I reverse all settings so that my site goes back to pre-Hide My WP Ghost state?
Yes, ALL settings are reversible.
If you Deactivate the plugin first (instead of deleting via FTP), then ALL settings will revert (everything will go back to how things were) and when you delete the plugin it will be like it was never there in the first place.
This offers an extra layer of protection that you don’t get from other plugins, because those focus on helping you while you are attacked and after you were attacked, by:
cleaning files,
detecting malware,
injections etc.
With Hide My WP Ghost – you can avoid getting injections in the first place.
Therefore, even if you are already using a WordPress Security plugin or tool, you can still benefit from using Hide My WP Ghost – as it will add more value to your security stack.
Hide My WP Ghost will work together with other security plugins and tools to add a different kind of security layer on your websites by stopping the hackers’ attacks and preventing data loss.
How Can I Deactivate All Plugins At Once?
With FTP access or File Manager
Rename /wp-content/plugins to /wp-content/plugins_temp
Create the folder /wp-content/plugins
This way you will deactivate all the plugins without deleting them one by one from WordPress.
If you rename the folder /wp-content/plugins_temp back to /wp-content/plugins you will have all the plugins activated again.
Note! During this process, do not access the Plugins tab in WordPress to avoid detecting that the plugins are missing and deactivating them all.
Now, you can do even more:
Test Only One Plugin
If you want to test only a plugin, you can copy the plugin folder from /wp-content/plugins_temp in /wp-content/plugins folder after creating it.
Rename /wp-content/plugins to /wp-content/plugins_temp
Create the folder /wp-content/plugins
Copy one plugin folder like /wp-content/plugins_temp/hide-my-wp to /wp-content/plugins/hide-my-wp
Now, after the test, remove the created folder and rename the temp folder back.
Do I Need to Hide WordPress From Detectors or Hackers?
This is a really good question a website owner should ask.
I will try to explain as simple as I can how some of the attacks happen and what is the best way to protect against them.
Hackers vs Bots
A human hacker loads software with tons of actions and URLs that are designed to find breaches on a specific CMS. From URL to URL on the internet, the software (bot) is loading all the actions and URLs without checking the website CMS first. Once the bot gets a signal that a breach was found, it will automatically inject the script/worm and the rest … well … is not bright.
As most of the attacks are made by bots and not by human hackers, there can be thousands of calls per minute for each website and the owner does’t even know about it.
Type of Actions and URLs
I will resume the actions and the URLs to the WordPress CMS to keep it simple.
As most of the plugins and themes owners are not familiar with the types of bot attacks, offer their work with small windows for hackers to find usernames and passwords, to upload files on the server, to inject scripts in files and the list can continue.
Path Traversal Example
Script Injection in Login Page
For websites like WordPress, most of the attacks contain paths to /wp-content/plugins/ and /wp-content/themes/, to the default /wp-login.php and /wp-admin.
As you can’t guarantee that all the plugins you have installed are secured or that an update can’t come with a breach, I can say that it’s a lottery and it’s a matter of time until a bot finds a breach.
If you want to use Hide My WP Ghost for security and not just for hiding your website from theme detectors, then you don’t need to change the plugin’s classes in the source-code.
The best way is to change the WordPress CMS paths using the Hide My WP > Change Paths and hide the WordPress old/common paths from bots so that the attacks will be rejected. This way you don’t need to worry if a plugin is 100% secure or not and concentrate on growing your business.
source ukfast.co.uk
The good news about Hide My WP is that the plugin works well with other security plugins like Wordfence, iThemes Security,Shield Security, and more, who come to block more types of attacks and to monitor all files’ integrity.
Also works with other 2 Factor Authentication plugins that work on the login page if you have an e-commerce website or a website with members who need to login to your website.
Hide WordPress For Themes Detectors
As we explained in other articles, hiding the website from theme and CMS detectors is not going to make your website safer.
Hiding from CMS and theme detectors if useful if you don’t want your visitors to know that you have a WordPress website or you don’t want to have your website associated with WordPress for your company image.
Here you can find help for how to configure the Hide My WP Ghost plugin to hide your website from themes detectors:
Hiding the WordPress CMS shouldn’t affect the SEO from your website.
All the main URLs should remain unchanged. Only the vulnerable URLs are changed once you change the paths.
Through sitemap.xml Google is notified about the new paths and next time the Google will verify the website it will index the new media paths together with the old paths.
We have tested Hide My WP Ghost on many websites and we noticed even a slight improvement in the loading speed and great results in search engines like Google, Bing and Yandex.
Is Hide My WP Login plugin making my site more secure?
Hiding your WordPress login page is a great way to secure your site from both targeted hacks and automated brute-force attacks.
Why you should care about hiding the login page?
The answer is: Brute-force attacks.
In a brute-force attack, hackers basically try to guess your username and password over and over until it breaks in.
They’re hoping that, with enough tries, they’ll find the magic combination. Now I think you’re seeing where hiding the login page comes into it… if you hide your login page, there’s nowhere for hackers to run their brute-force attack.
So protecting the login path from your website is really important.
A quick and simple way to do that is to use a plugin like Hide My WP Ghost
Once you install it, you can customize the wp-login and also hide the /wp-login and /wp-login.php path from your website.
The extra feature this plugin has is to protect your login page from Brute Force attacks in case you have the login option for your members on your page.
You can use Math Check protection or reCaptcha protection from Google. Both protections are fine and will block the hackers to a limited attempts of login.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
