Skip to contentSkip to main navigation Skip to footer

Install Hide My WP Ghost

Learn how to download and install Hide My WP Ghost.

This tutorial will teach you how to hide all the paths, plugins and themes and how to activate the plugin in Safe Mode or Ghost Mode.
In other words, you will activate all the security features you need to keep the hackers bots away from your website.


Connect to your account and download Hide My WP Ghost premium plugin

Download Plugin

  1. Log In as an Admin on your WordPress site.
  2. In the menu displayed on the left, there is a “Plugins” tab. Click it.
  3. Now click “Add New”.
  4. There, you have the “Upload Plugin” button
  5. Upload the file.
  6. After the upload it’s finished, click Activate Plugin.
  7. In the Activation panel, enter the Activation Token from your account
  8. Click to activate and start the plugin setup.

Once you’ve activated the plugin, click on the Settings link to go to Hide My WP Ghost Settings page.

How To Activate the Plugin in Safe Mode or Ghost Mode

1. Go to Hide My WP Ghost tab and Select the Safe Mode or Ghost Mode.

Set Hide My WP Ghost in Safe Mode
Set Hide My WP Ghost in Ghost Mode

2. After you confirm the Safe Mode or Ghost Mode, the paths will be automatically changed with the predefined ones.
Now you can customize the paths as you desire.

  • Admin Security – customize the wp-admin path (optional) and if you want to hide the old wp-admin from visitors.
  • Login Security – customize the wp-login.php path and hide it from visitors.
  • Ajax Security – customize the admin-ajax.php path in frontend.
  • User Security – customize the author path in frontend.
  • WP Core Security – customize the WordPress common paths and hide them together with the common files.
  • Plugins Security – customize the plugins path and names in frontend.
  • Theme Security – customize the themes path and names in frontend.
  • API Security – customize the REST API path and XML-RPC.
  • Firewall & Headers Security – add Security Headers and Firewall against Script & SQL Injections.

Note! You have to remember the new login path because you will have to access it every time you connect to your website.

3. Click Save after you customized the paths.

4. (optional) If Hide My WP Ghost can’t write the rewrite codes on your config files (.htaccess for Apache, nginx.conf for Nginx, web.config for IIS), you will be asked to do this manually. Follow the instructions and click the button “Okay, I set it up

5. (optional) If you installed the plugin on Nginx Server you need to have access to nginx.conf file or to have a managed hosting plan.

Only for the first time you need to add the config line in Nginx and restart the server. All the rewrite rules are present in the hidemywp.conf file.

Learn how to include the config line in Nginx File

Note: For Nginx Servers, you need to restart Nginx after each customization with the command: sudo nginx -s reload

Note: For Apache Servers, you need to make sure you set the AllowOverride All option for your current directory in httpd.conf or apache2.conf.

5. Go to Security Check section and run a test to make sure all the settings and tweaks are set correctly. You can automatically fix them by clicking the “Fix it” button

For more customization in Hide My WP Ghost, follow these tutorials:


Make sure you copy the safe URL from the top of the page. In case you can’t log in, you can sign in using the safe URL.

In case you can’t login please follow these steps: Hide my WP Ghost – How to disable it in case of error