Secure Your WordPress Site Against
Hacker Bots and Spammers

HWP provides multiple options to customize security features based on your needs.

Hide My WP Ghost is Packed
with Awesome Security Features

Rank Math helps you to improve your website ranking
After
Before
Your website ranking before using the Rank Math

It gives you the best security solutions with its powerful and easy-to-use features. Without physically changing any directory or file, Hide My WP Ghost can take your website’s security to the next level

  • Custom wp-admin URL & wp-login Paths
  • Hide wp-admin
  • Hide wp-login
  • Hide Language select from Login Page
  • Change Author Path
  • Hide Author ID
  • Change Lost Password Path
  • Change Register Path
  • Change Logout Path
  • Change Activation Path
  • Change admin-ajax.php Path
  • Change Paths in Ajax Calls
  • Hide wp-admin from non-admin users
  • Change wp-content Path
  • Change wp-includes Path
  • Change wp-content/uploads Path
  • Change comments Path
  • Change Plugins Path
  • Change Themes Path
  • Hide WP headers
  • Customize each plugin name
  • Customize each theme name
  • Hide WordPress Old Plugins Path
  • Hide WordPress Old Themes Path
  • Change REST API Path
  • Hide REST API URL Link
  • Disable XML-RPC access
  • Hide RSD (Really Simple Discovery) endpoint
  • Hide WordPress Common Paths
  • Hide WordPress Common Files
  • Firewall Against SQL & Script Injection
  • 6G Firewall & 7G Firewall Protection
  • Restrict Theme Detectors access
  • Disable Directory Browsing
  • Redirect Hidden Paths
  • Login Redirect URL
  • Logout Redirect URL
  • Change Paths for Logged Users
  • Change Paths in Cached Files
  • Customize paths
  • Two-factor Authentication By Code (2FA)
  • Two-factor Authentication By Email (2FA)
  • Temporary Logins Without Password
  • Change Relative URLs to Absolute URLs
  • Hide Feed and Sitemap Link Tags
  • Change Paths in RSS Feed
  • Change Paths in Sitemaps XML
  • Change Paths in Robots.txt
  • Hide Admin Toolbar by user role
  • Hide Version from Images, CSS & JS URLs
  • Hide IDs from META Tags
  • Hide WordPress Generator META Tags
  • Hide WordPress DNS Prefetch META Tags
  • Hide HTML Comments
  • Hide Emoji icons
  • Disable Embed scripts
  • Disable WLW Manifest scripts
  • Disable Right-Click
  • Disable Inspect Element
  • Disable Ctrl+U, Ctrl+I, Ctrl+C & more
  • Disable Keys for Logged Users
  • Disable View Source
  • Disable Copy/Paste
  • Disable Drag/Drop Images
  • Disable Mouse Right Click
  • Disable DB Debug in Frontend
  • URL Mapping
  • Text Mapping Classes, IDs, JS variables
  • CDN URLs Mapping
  • Text Mapping in CSS and JS caches files (E)
  • Optimize CSS and JS files (E)
  • Auto-detect server type
  • Brute Force Protection
  • WooCommerce Login Protection
  • Math reCAPTCHA Protection
  • Google reCAPTCHA v2 Protection
  • Google reCAPTCHA v3 Protection
  • Ban an IP address or multiple IP addresses
  • Whitelist an IP address or multiple IPs
  • Blocked IPs Report
  • Limit login fail attempts
  • Add Security Headers for XSS and Code Injection Attacks
  • Whitelist IPs and URLs
  • Brute force protection for Memberpress, WooCommerce, lost password form & user signup forms
  • Prevent Pingbacks
  • Cache & Optimize Speed
  • Backup/Restore Settings
  • Hide WordPress Version Number
  • Hide wp-image and wp-post classes
  • Custom theme style name
  • Custom attempts, lokout message
  • Change Category Path
  • Change Tags Path
  • Custom Safe URL Parameter
  • 7G firewall
  • Hide vulnerabilities of core, themes, and plugins
  • Sub-option to show a white-screen on inspect element for desktop

Activity Log

  • Log Users Events & Events Log report
  • Log User Roles
  • Accessing the Events Log Report in the Cloud
  • Email Alerts Options
  • Custom Email Address Notification

Run a Website Security Check

  • Detect potential security breaches on your site
  • Identify security or access issues on your website before they become a problem
  • Determine whether any of your plugins or themes have security vulnerabilities
  • Verify your site integrity for you
  • Take preventive measures against attacks.
  • Teaches you how to fix these potential breaches

Log Users Events & Events Log Report

  • Find out if someone is trying to hack your site
  • Know when a post was deleted, and who deleted it
  • Know when a plugin was activated/deactivated, and who did it
  • Track your freelancers’ or hired developer’s activities
  • Track your multiple blog authors’ activities
  • Track who has logged in, when, and with what IP address
  • View successful and failed login attempts
  • Track which IP address is targeting your login page
  • Track which themes, plugins, and core files are updated
  • Accessing the Events Log Report in the Cloud
  • Disable multiple options (such as right click option, or inspect element option) for specific WP user roles
  • Create loginless URLs for temporary access, based on role
  •  Log events for specific WP user roles (such as editing posts/pages, deleting content, making modifications, etc.)
  • User activity logs and suspicious activity alerts
  • Disable all HMWP features solely for users with a specific IP (helpful for those working in the same office)

Hide wp-admin

Protecting the admin area from unauthorized access allows you to block many common security threats.

If visitors know you are using WordPress, they can easily find out the default Admin & Login pages, thus making your site an easier target.

Hackers regularly target wpadmin and brute force it using a list of usernames and passwords.

Changing your admin page URL benefits:

  1. hackers will not know it and you will reduce the Brute Force to 0% on the wp-admin path.
  2. you will save a lot of resources and eliminate any possible hack.

Hide wp-login.php

Login page URL is the web address you visit when you want to access the backend of your website.

Every WordPress website has the same structure. You can login to a website by visiting:

https://www.yourwebsite.com/wp-login.php

Hiding your wp-login.php page is a great way to secure your site from targeted hackers and automated brute force attacks. Attackers cannot identify your website’s point of entry. Hide My WP Ghost enables you to create a new URL for your login page and hide the default one. 

By changing the wp-login page you provide an extra layer of security for your website.

Custom wp-admin URL & wp-login Paths

By default, we all login into WordPress at https://www.yoursite.com/wp-admin/ or directly to https://www.yoursite.com/wp-login.php.

I know that, you know that, hackers know it. Brute Force Attacks on login pages is one of the common types of web attacks that your website is likely to face.

By changing these URLs, hackers will not be able to find these links. This reduces with up to 100% the chance of getting attacked.

Note! No file or directory is physically changed. All the changes are made by redirects. All the actions are done automatically by the plugin.

Brute Force Attacks Protection

A successful brute force attack can give hackers access to your websites’ admin area & credentials. They can install backdoor, malware, steal sensitive information, delete everything on your website, make your website inaccessible. 

An unsuccessful brute force attack can slow down your website and even crash your wp hosting server.

The attacks begin with multiple requests to /xmlprc.php and /wp-login.php with different combinations of usernames and passwords. Once a combination matches, the hackers have access to your admin interface.

There are many strategies for dealing with brute force attacks. Using Hide My WP Ghost Plugin, to activate Brute Force protection, switch on “Use Brute Force Protection” button.

 

Manage Blacklist IPs

An IP address is a unique numeric code allocated to a device that is connected to the internet.

IP address blacklisting is a method of protecting your website from malicious attacks: comment spam, email spam, hacking attempts, and DDOS (denial of service) attacks.

With Hide My WP Ghost you can ban the IP addresses or a range of IP addresses that you never want to be able to access the login page.

Manage Whitelist IPs

IP whitelisting is a security feature often used for limiting and controlling access only to trusted users.

An easy and useful WordPress security plugin to protect your WordPress admin area using IP Whitelist is Hide My WP Ghost.  You can Whitelist the IP addresses or range of IP addresses that you want to have access to the login page on your website.

Brute Force Protection with Math Captcha

A CAPTCHA is a feature that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. 

Websites use forms for registration and signups and to provide services to their users. Bots usually target such forms and fill them with junk information. CAPTCHA is usually implemented to stop such spam registrations from bots.

The Math CAPTCHA feature requests the user to solve a mathematical problem in order to prove human. 

You can also customize the Math reCAPTCHA widget and limit the number of failed login attempts a user can perform before he/she is temporarily locked.

Google reCaptcha V2 Brute Force Protection

By activating this CAPTCHA, Hide My WP Ghost will display the Google reCAPTCHA V2 widget to validate requests with the “I’m not a robot” Checkbox

Brute Force Protection with Google reCaptcha V3

The reCAPTCHA “I’m not a robot” Checkbox is very useful for fighting against spammers, but its one-time verification doesn’t fit every use case. With Hide My WP Ghost, you also have the option to add Google reCAPTCHA V3 protection for your site.

reCAPTCHA v3 helps you detect abusive traffic on your website without user interaction. reCAPTCHA v3 works behind the scenes to determine if the user is a robot or human. Based on your previous usage, Google will determine if that particular user is a bot. If so – the puzzle challenges will display, stopping the bot in it’s tracks.

Limit Login Fail Attempts​​

By default, WordPress allows users to try different passwords as many times as they want. Hackers may try to exploit this by using scripts that enter different combinations until your website cracks.

If you limit the login attempts, after the limit exceeds, the user gets blocked for a certain amount of time.

Hide My WP Ghost plugin will allow you to configure the amount of failed login attempts you’d like to permit before blocking that user from further attempts for an amount of time.

The ban duration and the lockout message the user will see on the login page instead of the login form after their IP has been blocked can be customized as well.

Custom attempts, lockout message

By default, when a hacker gets locked out because of too many logins fail attempts, will get the message “Your IP has been flagged for potential security violations. Please try again in a little while…“.

With Hide My Wp Ghost you can change the lockout message and the lockout time. 

Custom Author Path

Did you know that the WordPress admin username can be displayed on the author’s URL?

By default, WordPress will display some sensitive information on author pages (full name, first or last name, your username). An attacker is able to brute force valid IDs or valid usernames.

The author page is typically called by requesting the URL 

 https://yourdomain.com/author/

Hide my WP Ghost help you protect your website against user enumeration attacks on author pages and other places where valid user names can be obtained.

Hide Author ID URL

What is Author ID?

If someone types in a web address http://www.example.com/?author=1
he will be automatically redirected to http://www.example.com/author/username/
where username is (by default) the login name of the blogger with an ID of 1 (usually the admin user).

Author ID exposes usernames of WordPress websites users and hackers can use the usernames as a backdoor to access or break your website.

Using Hide My WP Ghost you can disable Author ID URL.

Change admin-ajax Path

WordPress default ajax URL is /wp-admin/admin-ajax.php. Even though it is located in the wp-admin folder, non-administrative users and also the guests can send requests to them.

There are a few actions that are submitted via WordPress’s admin-ajax.php: make requests to access data and/or delete them.

All the ajax calls in the frontend are made by the default URL /wp-admin/admin-ajax.php. This URL is also used by hackers to upload viruses and scrips on your website.

Using Hide My WP Ghost you can change the ajax path and remove the wp-admin path from ajax URL.

Change URLs in Ajax Calls

Some plugins are using Lazy Load options to load videos and images only when the user scrolls to that specific image. In this case, the images are usually called through Ajax and you need to be sure that these images’ paths are also changed.

If some themes are loading CSS styles through Ajax you may have CSS duplicates if the paths are not always the same.

Change wp-content Path

By default WordPress stores all the installed website themes and plugins in /wp-content/ directory.  Unfortunately, this directory is not protected when there are vulnerable plugins or themes installed. 

A person, bot or hacker who wants to see all your library content could read the directory content in the browser: http://websitename/wp-content/uploads.

In many cases, WordPress websites crashed because a hacker had access to the wp-content directory. So, wp-content is an ideal spot for hackers.

Giving the wp-content a custom name is one of the most easiest ways to make your WordPress safer.

Change wp-includes Path

Files in the wp-includes are responsible for how WordPress looks. This folder is large in size, and most of the WordPress core files are stored here.

This folder basically stores the files that enable your WordPress site to function.

WP-includes directory gives away a lot of information about your WordPress to hackers.

It is important to restrict access to the WP-includes folder and files as it contains files strictly meant to run the core version of WordPress.

Custom Uploads Path

By default WordPress stores all the images in the /uploads/ directory.  

A person, bot or hacker who wants to see all your directory content could read the directory content in the browser like: http://websitename/wp-content/uploads.

In many cases, WordPress websites crashed because a hacker had access to /uploads directory.

Giving the /uploads a custom name is one of the easiest ways to make your WordPress safer.

Change Comments Path

Are you getting a lot of spam comments in your WordPress site?

By default, WordPress has the comments enabled in all posts and the comments.php as the default file to post the comments.

By changing the comments path you will:

  • get rid of the automatic comments posts on the comments.php file.
  • hide the custom path that shows you’re using WordPress CMS

Custom Plugins Path

Vulnerable plugins and themes are exploited to gain access to your site. Then your pages are injected with something that hackers want.

The easy way to protect your website is to completely hide your WordPress core files, login page, theme, and plugins paths from being shown on the front side.

There are two layers of security offered by Hide My WP Ghost. First of all lets you change the path to all plugins and it will automatically add custom names to each active plugin. After wp-content/plugins path is changed, it’s important to restrict access to it from here

Change Themes Path

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked.

Vulnerable plugins and themes are exploited to gain access to your site. Then your pages are injected with something that hackers want.

The easy way to protect your website is to  completely hide your WordPress core files, login page, theme, and plugins paths from being shown on the front side. 

 This amazing plugin can also hide the WordPress theme name from hackers. 

Hide Rest API (wp-json)

WordPress REST API provides a built-in API that can be integrated with your themes, plugins, mobile apps, etc.

It also lets WordPress to interact with any application, and developers can even use it to build their own APIs.

As xmlrpc, wp-json is a path that is known by hackers and they will try to brute force it in order to obtain data or to break into your website.

Hide My WP Ghost helps you change its name without affecting the website functionality. 

Changing the /wp-json and hiding it from hackers it’s a big step in improving the security of the website.

Disable XML-RPC Access

The XML-RPC is a system that allows remote access and updates to WordPress from other applications.  

An attacker will try to access your site using xmlrpc.php by using various username and password combinations. They can effectively use a single command to test hundreds of different passwords. This allows them to bypass security tools that typically detect and block brute force attacks.

By disabling xmlrpc.php access, you’ll eliminate the risk of external attacks gaining access to your website.

Prevent Pingbacks

Pingbacks are modes of communication between WordPress blogs

The functionality should be used to generate cross-references between blogs, but it can just as easily be used for a single machine to originate millions of requests from multiple locations.

According to WPBeginner, 99% of all trackbacks and pingbacks are spam. This is the easiest way for spammers to get a backlink from your site.

It can expose your site’s security to the risk of a DDoS attack, which can interrupt your site and online connection. When your site is down customers searching for you will be lost and any E-commerce website could become vulnerable.

You can protect against WordPress Pingback vulnerability using Hide My WP Ghost.

Hide RSD (Really Simple Directory) Header

Really Simple Discovery, this is a link placed in the header and is used for connecting third-party software to your website to publish blogs. This header will expose the WordPress service on every website call.

If you are not using any Really Simple Discovery services (eg. pingbacks) then you can remove the link to hide the fact that you are using WordPress.

Hiding the RSD header is mandatory when you want to hide the WordPress CSM from Theme Detectors.

 

Hide Common Paths

You can hide the fact that you’re using WordPress CMS from Theme Detectors or hackers by changing your permalinks without making changes to the actual locations of your website files.

An important action in protecting your website from hacker attacks is by hiding the WordPress common paths after the path names are changed.

Hide My WP Ghost will add a filter in the config file to show 404 error when the user is not logged on the website and access these paths.

The main paths this option hides are: /wp-content/wp-include/plugins/themes. It will also hide files like upgrade.php and install.php for visitors.

Hide WordPress Common Files

An important action in hiding your website from Theme detectors and protecting your website from hacker attacks is hiding the WordPress common files.

Hide My WP Ghost will add a filter in the config file to show 404 error when the user is not logged on website and access the files.

The hidden files are wp-config.php, readme.html, license.txt, etc.

Firewall Against Script Injection

Cross-site scripting, often abbreviated as XSS, is a type of attack in which malicious scripts are injected into websites and web applications for the purpose of running on the end user’s device.

The most common way to hack a website is by accessing the domain and adding harmful queries in order to reveal information from files and database. These attacks are made on any website, WordPress or not, and if a call succeeds … it will be probably too late to save the website.

Hide My WP Ghost will add filters in the config file to block harmful params and queries, and therefore protect the website from these types of attacks.

Disable Directory Browsing

Directory browsing allows visitors to your site to see and browse through the contents of folders on your web site. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information. By default most webservers like Apache, NGINX and LiteSpeed have directory browsing enabled.

Directory browsing would also enable an attacker to view the critical and confidential contents of restricted files in the directory.

Redirect Hidden Paths

If you have visitors that try to access the protected (changed and hidden) WordPress common paths (such as: /wp-admin and /wp-login) you can use the Redirect Hidden Paths feature to redirect those visitors to another page whenever they reach those WordPress common paths.

So, for example, if someone tries to access your /wp-admin once you’ve used Hide My WP Ghost to protect that path, that visitor will instantly be redirect to another page.

Change Paths In The Robots.txt​

The robots.txt file is used to tell web crawlers and other well-meaning robots a few things about the structure of a website.

Robots.txt files tell search engines which directories on a web server they can and cannot read.  But also tells hackers the places you don’t want them to look.

This feature in the Hide My WP Ghost plugin will change and remove any  WordPress common paths that show you’re using a WordPress CMS with the custom ones. It also hides the admin and login paths if present. 

Change Paths in the Sitemap XML

The Sitemap XML is used to improve SEO and will help search engines like Google, Bing, Yahoo, Yandex, and more to better index your site. In simple terms, an XML sitemap is a list of your website’s URLs.

For better Search Engine Optimization we recommend using this feature and change all the images path with the custom ones in sitemap.xml.

Hide My WP Ghost will remove all the Sitemap style added by SEO plugins like Yoast SEO, Squirrly SEO, Google Sitemap XML, that reveal the plugin’s author. The sitemap will be shown as required by Google and other search engines.

Disable Embed scripts

This feature is useful for many themes, and you may want to keep it enabled on your website.

However, what this means is that it also generates an additional HTTP request on your WordPress site now to load the wp-embed.min.js file. And this loads on every single page.

Hide My WP Ghost comes with the option to disable the embed scripts if you don’t use it.

Disable WLW Manifest Scripts

If you don’t use Windows Live Writer, then this code is completely useless to you and should be removed.

Some vulnerability scanning scripts check for the existence of this file in order to detect if WordPress is installed.

Hide My WP Ghost will help you disable this function and remove the wlwmanifest link Meta from source code.

Log Users Events

It’s safe to know what happened on your website at any time, in admin and on frontend. 

By activating Log User Events, you can see exactly what happens on your WordPress website:

  • find out if someone is trying to hack your site;
  • know when a post was deleted, and who deleted it;
  • know when a plugin was activated/deactivated, and who did it;
  • track your freelancers’ or hired developer’s activities;
  • track your multiple blog authors’ activities; track who has logged in, when, and with what IP address;
  • view successful and failed login attempts; track which IP address is targeting your login page;
  • track which themes, plugins, and core files are updated by which user.

Log User Roles

With this option, you can tell Hide My WP Ghost which users to track based on User Role.

Once you select the user roles, Hide My WP Ghost will monitor those users’ activity and record what actions they take on your site while they are logged in. The log report will also include login sessions for each user you chose to track.

Send Email Alerts

With this option, you can easily create alerts and be notified via email when a specific user action is triggered on your website.

This enables you to respond in minutes to possible security threats such as unauthorized changes, repeated failed login attempts, and other issues that can put your WordPress site at risk.

You can choose from a set of predefined actions and be notified via email.

Accessing the Events Log Report in the Cloud

Similar to the Events Log Report that can be accessed directly within the plugin, here you can see the following details about each recorded user action:

– URL
– IP address
– Details (such as: the path where that action was recorded, the name of the user who performed said action and their role, name of the plugin if for example the action the user performed was to deactivate a plugin)
 – Date & Time

Cache & Optimize Speed

Hide My WP Ghost is a speed-optimized plugin.

The average loading time is 0.03s which is faster than 90% of the WordPress plugins.

This will help your website rank better in Search Engine.

If this option is activated, Hide My WP Ghost will activate the caching process for the website static files like CSS, JS, and Images.

Weekly Security Check and Reports

Most sites get hacked from entirely preventable issues, like not keeping things updates or using insecure passwords. You can test the vulnerabilities of a WordPress installation and detect any holes and weaknesses of your website.

Hide My WP Security Check will help you :

  • Detect potential security breaches on your site.
  • Identify security or access issues on your website before they become a problem.
  • Determine whether any of your plugins or themes have security vulnerabilities.
  • Verify your site integrity for you.
  • Take preventive measures against attacks.
  • Teaches you how to fix these potential breaches.

Backup/Restore Settings

By creating regular backups, you can secure your custom paths in Hide My WP Ghost are saved in case you reinstall the plugin or you want to setup multiple websites with the same paths and features.

The backup file is encrypted so that the paths are not visible in the backup. 

Once the backup is restored, all the custom paths are automatically applied to the config file.

Text Mapping

Changing the class names in the source code will hide the CMS from themes detectors.

With the Text Mapping feature, you can change classes like wp-blocks, wp-post, wp-custom, wp-smiley and more.

With Hide My WP Ghost you can also change classes like Elementor or Woocommerce who need deep CSS and JS mapping

URL Mapping

Having all the WordPress common paths changed with the custom ones will avoid any relative URL to point to the old paths.

We recommend using this feature and change all the HTML URLs into absolute URLs.

CDN URLs

Having all the WordPress common paths changed with the custom ones will avoid any relative URL to point to the old paths.

We recommend using this feature and change all the HTML URLs into absolute URLs.

Change Register Path

Changing the WordPress register URL has two main benefits:

  • It can strengthen your website’s security by making it slightly harder or even impossible for bots to find your registration page.
  • It’s more user-friendly and offers an opportunity for better branding.

 

Change the register path to prevent spam emails with new user requests.

Change Logout Path

Changing the logout path will hide the fact that you are using WordPress CMS by customers and subscribers who have access to a custom user panel. 

Is often used when Woocommerce, bbPress, BuddyPress plugins are installed or when the theme has a custom member page.

Change Activation Path

The activation process only works in WP Multisite.

Changing the WordPress Activation Path has two main benefits:

  • It can strengthen your security by making it slightly harder for bots to find your activation page.
  • It’s more user friendly and offers an opportunity for better branding.

Change Category Path

By default, WordPress automatically adds /category/ as a prefix to URLs for all category pages.

With Hide My WP Ghost you can add a custom category prefix for the post category and hide the default one that shows you’re using WordPress.

Change Tags Path

By default, WordPress automatically adds /tags/ as a prefix to URLs for all post tags.

With Hide My WP Ghost you can add a custom tag prefix for the post tags and hide the default one that shows you’re using WordPress.

Change Lost Password Path

Even if the lost password parameter is attached to the login page, adding a custom login path will help you have a more user-friendly link

The Lost Password link can help the customers or members to reset the password for their accounts on your website.

Hide DNS Prefetch WP Link

DNS prefetching it’s used to resolve domain names (or perform a DNS lookup in the background) before a user clicks on a link. This can improve website performance.

This link will also tell others that you are using WordPress.

Disabling this option will definitely help you hide from theme detectors.

Hide WP Generator Meta

WordPress comes with many headers that point to WordPress CMS. 

One of them is the generator meta that does exactly what is says. Adds a WordPress generator meta in your website’s header side.

Hide My WP Ghost helps you to easily remove that Meta and break any link to WordPress.org.

Hide Emojicons

Emojis are little icons used to express ideas or emotions. If you don’t use them into your website you don’t need to load them.

Another reason to disable Emojicons is for speed optimization.

You will notice a significant improvement in your page loading when these libraries are not loaded.

Fix Relative URLs

Having all the WordPress common paths changed with the custom ones will avoid any relative URL to point to the old paths.

We recommend using this feature and change all the HTML URLs into absolute URLs.

Disable DB-Debug in Frontend

Many plugins come with the option to debug the WordPress admin to find what functions slow it down.

Not all the plugins are disabling the Debug for the database or scripts on the frontend and this may show other WordPress data like version, installed plugins, installed themes, etc.

Hide My WP Ghost will make sure that the Debug is not shown on the frontend for the visitors.

Custom REST API path URL

REST API is recently used by WP 5 for many admin actions and even in post editor but WordPress works with any custom API path and not only with /wp-json.

Changing the /wp-json and hiding it from hackers is a big step in improving the security of the website.

Custom Theme Style Name

As WordPress requires all the themes to have the theme details in the style.css file, it will be easy to see what theme you’re using. This will make it easier to identify what attacks to run on the website.

Hide My WP Ghost changes the default style.css to a different file name to hide the theme details from hackers. 

Add Security Headers for XSS and Code Injection Attacks

By activating this option, Hide My WP Ghost will add through the config file and PHP the headers with the required values for good functionality of the website and also for good protection.

By adding these security headers to your website, you’re adding another layer of security for different kind of attacks like Cross-Site Scripting.

Hide WordPress Version Number

It’s important to hide the version info from all plugins, themes, and WordPress core in order to hide from Theme Detectors.

Your current WordPress version number can be found very easily. It’s basically sitting right there in your site’s source view.

It only takes a couple of minutes for a malicious attacker to run an automated tool that can discover these vulnerabilities and exploit them.

Hide wp-image and wp-post classes

Hiding/Changing IDs and Classes in source-code may affect the website’s functionality so this is not recommended if you don’t test the frontend after mapping.

Theme detectors are looking for WordPress common classes and IDs like wp-image, wp-post, wp-blocks, wp-emoji, etc.

With Hide My WP Ghost you can easily change the common WordPress classes with custom names or even remove them.

Custom login & logout redirects

Hide My WP Ghost comes with custom redirects for each user role. This will come in handy when you need to redirect the members to a member page and the editors or authors to another page once they log in to your website.
 
You can also redirect customers to a user interface and not to Admin dashboard. This feature works well with Hide Admin Toolbar feature.

Do you want to protect your business?

you can do it in just minutes

How to Hide From Theme Detectors?

With Hide My WP Ghost you can hide your website from Theme Detectos like 

whatwpthemeisthat.com, wpthemedetector.com, whatcms.org, wpplugins.tips

Rank Math helps you to improve your website ranking
After
Before
Your website ranking before using the Rank Math
Rank Math helps you to improve your website ranking
After
Before
Your website ranking before using the Rank Math
4.8/5

over 100k active installs | over 1.5mil blocked attacks

It’s working perfectly and I’m glad there are still some good developers that are on WordPress that actually care about their plugins. Most just try to blame it on other things and don’t even bother to see what the issue is. Anyways. It’s got a lot of options to it and perfect for a security plugin and really simple to use. USE IT.
@destructiveburn

Hide My WP Ghost works with
popular WordPress Security Plugins

Services
Why it's important to protect your WordPress website from hackers​?

43% of all data breaches involve small and medium-sized businesses.

61% of all SMBs have reported at least one cyber-attack during the previous year. 

Over 90,000 hacking attacks strike WordPress sites. EVERY minute. 

  • There is an attack every 39 seconds on average on the web
  • On average 30,000 new websites are hacked every day
  • WordPress is used by over 35% of all websites

WordPress is one of the main targets for hackers and it may be because it has a massive user-base.

Security of the website is the responsibility of the business, because they control the website. Web security must be taken seriously by businesses. Web security require to protect your website from malicious attacks against your site or users.

Web security problems can lead to the loss of customers’ personal info and financial data. Being secure in the online world becomes more and more important every day and it is vital to protect your website and the data it holds now.

Hide My WP Ghost is a WordPress Security plugin. It changes and hides WP common paths for the Best WP Security against hacker bots.

Don’t let hackers know that you use a WordPress CMS!