WP Ghost with Sucuri Security – Compatible with No Feature Overlap
October 20, 2021
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
WP Ghost (formerly Hide My WP Ghost) and Sucuri Security are fully compatible with very little feature overlap. WP Ghost focuses on hack prevention through path security, 7G/8G firewall, and security headers. Sucuri focuses on cloud-based protection with its Web Application Firewall, DDoS mitigation, CDN, malware scanning, and post-hack cleanup. They address completely different security layers.
How They Work Together
WP Ghost and Sucuri have almost no feature overlap. WP Ghost operates at the server and application level — changing paths, adding rewrite rules, blocking known attack patterns. Sucuri operates at the network level — its cloud WAF sits between your server and the internet, filtering traffic before it reaches your site. WP Ghost prevents bots from finding vulnerabilities on your server. Sucuri prevents malicious traffic from reaching your server at all. Together, they provide server-level prevention (WP Ghost) plus network-level filtering and post-hack recovery (Sucuri).
What to Activate in Each Plugin
Use WP Ghost for:
All path changes, hide old paths, hide common files, 7G/8G firewall, security headers, brute force protection with reCAPTCHA, 2FA with passkeys, country blocking, text/URL/CDN mapping, and change paths in cached files.
Use Sucuri for:
Cloud Web Application Firewall (WAF), DDoS protection, CDN/performance optimization, malware scanning and removal, file integrity monitoring, blocklist monitoring, and post-hack security actions.
Because the feature sets are almost entirely separate, no “choose one” configuration is needed. Both plugins can be fully active with all their features enabled.
Feature Comparison
| Feature Category | WP Ghost | Sucuri |
|---|---|---|
| Path Security (wp-admin, login, plugins, themes, uploads, REST API, AJAX) | Yes | – |
| 7G and 8G Firewall (server-level rules) | Yes | – |
| Cloud Web Application Firewall | – | Yes |
| DDoS Protection | – | Yes |
| CDN / Performance Optimization | – | Yes |
| Security Headers (HSTS, CSP, X-Frame-Options) | Yes | – |
| Two-Factor Authentication (Code, Email, Passkeys) | Yes | – |
| Brute Force Protection & reCAPTCHA | Yes | – |
| Country Blocking | Yes | Yes |
| Text, URL, and CDN Mapping | Yes | – |
| Malware Scanner & Removal | – | Yes |
| File Integrity Monitoring | – | Yes |
| Blocklist Monitoring | – | Yes |
| Post-Hack Security Actions | – | Yes |
| Activity Log & Email Alerts | Yes | Yes |
Frequently Asked Questions
Will the two plugins conflict?
No. WP Ghost and Sucuri operate on different levels (server vs network). There is almost no feature overlap. Both can be fully active without configuration adjustments.
Does Sucuri’s cloud WAF interfere with WP Ghost’s path changes?
No. Sucuri’s WAF proxies traffic to your server. WP Ghost’s rewrite rules process on your server after Sucuri forwards the request. The path changes work normally behind Sucuri’s WAF.
Do I need Sucuri if I use WP Ghost?
WP Ghost covers prevention (path security, firewall, brute force, 2FA). Sucuri adds network-level protection (cloud WAF, DDoS), detection (malware scanning, blocklist monitoring), and recovery (post-hack cleanup). If you need DDoS protection or malware removal, Sucuri is a strong addition. If you only need hack prevention, WP Ghost alone is sufficient.
Does WP Ghost modify WordPress core files?
No. WP Ghost uses rewrite rules and WordPress hooks. No core files modified. Deactivating restores all defaults.
Related Tutorials
Customize All WordPress Paths – configure WP Ghost’s path security features.
Header Security – enable HSTS, CSP, and other headers.
Brute Force Protection – add reCAPTCHA and login limits.
Compatibility Plugins List – all tested security plugins.
Website Security Check – verify your configuration.
