WP Ghost with Shield Security – Compatible Configuration and Feature Comparison

WP Ghost (formerly Hide My WP Ghost) and Shield Security are compatible and complement each other. WP Ghost focuses on hack prevention through path security, 7G/8G firewall, and security headers. Shield Security focuses on automated bot detection, login protection, comment spam filtering, and file scanning. Enable shared features (login path, brute force, IP blocking) in one plugin only.

How They Work Together

WP Ghost and Shield Security address different security layers. WP Ghost reduces the attack surface by changing and hiding WordPress paths, blocking known attack patterns with 7G/8G server-level rules, and adding security headers. Shield Security provides automated bot detection (silentCAPTCHA), intelligent IP blocking, comment spam filtering, file change detection, and vulnerability scanning. Both can change the login path and limit login attempts — enable these shared features in one plugin only.

What to Activate in Each Plugin

Use WP Ghost for:

All path changes (wp-admin, login, wp-content, wp-includes, uploads, plugins, themes, comments, REST API, author, admin-ajax), hide old paths, hide common files, 7G/8G firewall, security headers, 2FA with passkeys, text/URL/CDN mapping, country blocking, and change paths in cached files.

Use Shield Security for:

Automated bot detection (silentCAPTCHA), comment and registration spam filtering, file change detection, vulnerability scanning, and traffic rate limiting.

Choose one plugin for shared features:

Both can change the login path, limit login attempts, enable reCAPTCHA, and ban/whitelist IPs. Enable these in one plugin only. WP Ghost is recommended for login path changes (it also covers lost password, register, logout, and activation paths that Shield does not change).

Feature Comparison

Frequently Asked Questions

Will the two plugins conflict?

Not if you avoid enabling the same feature in both. Shared features (login path, brute force, reCAPTCHA, IP blocking, 2FA) should be active in one plugin only. Path security is unique to WP Ghost and bot detection/spam filtering is unique to Shield — these will not conflict.

Do I need Shield Security if I use WP Ghost?

WP Ghost covers prevention (path security, firewall, brute force, 2FA, headers). Shield adds automated bot detection (silentCAPTCHA is invisible and blocks bots without user interaction), comment spam filtering, and file change detection. If spam or automated bot traffic is a concern, Shield is a useful addition.

Both plugins offer 2FA. Which should I use?

Choose one. WP Ghost offers 2FA by code, email, and passkey (Face ID, Touch ID, Windows Hello). Shield offers 2FA by code and email. If you want passkey/passwordless authentication, use WP Ghost’s 2FA. Otherwise, either works.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and WordPress hooks. No core files modified. Deactivating restores all defaults.

Related Tutorials

Customize All WordPress Paths – configure WP Ghost’s unique path security features.

Brute Force Protection – configure brute force in WP Ghost (disable in Shield if using this).

Header Security – enable HSTS, CSP, and other headers.

Compatibility Plugins List – all tested security plugins.

Website Security Check – verify your combined configuration.