WP Ghost with Solid Security (iThemes) – Compatible Configuration

WP Ghost and Solid Security (formerly iThemes Security) are fully compatible and complement each other. WP Ghost focuses on hack prevention by protecting paths, filtering malicious requests, and blocking bots before they reach vulnerable components. Solid Security focuses on monitoring, detection, and administrative control — tracking user activity, detecting file changes, and sending security alerts. Enable shared features (brute force, login limits) in one plugin only.

How They Work Together

WP Ghost and Solid Security operate at different levels. WP Ghost reduces the attack surface by changing and protecting WordPress paths, blocking known attack patterns with 7G/8G firewall rules, and adding security headers. Solid Security monitors what happens after traffic reaches your site — detecting suspicious login behavior, tracking file changes, logging user activity, and sending real-time alerts. WP Ghost prevents attacks at the entry point. Solid Security detects and responds to suspicious activity inside the site.

What to Activate in Each Plugin

Use WP Ghost for:

All path changes (wp-admin, login, wp-content, wp-includes, uploads, plugins, themes, REST API, author, admin-ajax), hide old paths, hide common files, 7G/8G firewall, security headers, 2FA with passkeys, text/URL/CDN mapping, country blocking, and change paths in cached files.

Use Solid Security for:

File change detection, user activity monitoring, security notifications and alerts, site scanning, and administrative security controls (database backups, version management).

Choose one plugin for shared features:

Both offer brute force protection, login attempt limits, IP banning, and 2FA. Enable these in one plugin only. WP Ghost is recommended for brute force (it covers login, register, lost password, comments, and WooCommerce forms with reCAPTCHA). Solid Security is recommended if you prefer its 2FA implementation or passwordless login.

Feature Comparison

Frequently Asked Questions

Will the two plugins conflict?

Not if you avoid enabling the same feature in both. Enable brute force, login limits, and 2FA in one plugin only. Path security is unique to WP Ghost and file detection/site scanning is unique to Solid Security — these will not conflict.

Do I need Solid Security if I use WP Ghost?

WP Ghost covers prevention (paths, firewall, brute force, headers). Solid Security adds monitoring and detection (file changes, site scanning, activity logging, vulnerability detection). If you want both prevention and detection, using both is a strong combination.

Both offer 2FA. Which should I use?

Choose one. WP Ghost offers 2FA by code, email, and passkey (Face ID, Touch ID, Windows Hello). Solid Security offers 2FA by code and email plus passwordless login. If you want passkey authentication, use WP Ghost. Otherwise, either works.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and WordPress hooks. No core files modified. Deactivating restores all defaults.

Related Tutorials

Customize All WordPress Paths – configure WP Ghost’s unique path security features.

Brute Force Protection – configure brute force in WP Ghost (disable in Solid Security if using this).

Header Security – enable security headers unique to WP Ghost.

Compatibility Plugins List – all tested security plugins.

Website Security Check – verify your combined configuration.