In this lesson, I will teach how to customize the paths and hide your WordPress website from theme hackers bots.
Now that you have downloaded the plugin and installed it on your website, you need to make sure you take full advantage of all its features.
Our challenge with Hide My WP Ghost was to offer an easy-to-set-up plugin and a stable and complex security plugin that would protect websites from almost all known WordPress attacks.
Let’s start with some easy-to-follow steps.
Step 1. Select Level of Security
First, go to “Hide My WP > Change Paths” panel and select the Safe Mode level.
If you have the Hide My WP Ghost plugin, you can select Ghost Mode.
Hide My WP Ghost – Safe Mode
Once you have selected the Safe Mode or Ghost Mode, new input fields will appear. These fields contain the common WordPress paths, and you can customize every single one in order to hide your WordPress paths. If you don’t know how to customize the paths, just go with the default paths added by Hide My WP Ghost.
Hide My WP Ghost – Customize the WordPress paths
Note: We don’t physically replace the paths on your server with the custom ones. All changes are made using redirects and if you deactivate the plugin, the old paths will be accessible again.
Feel free to name the paths as you like, but don’t give them the same names. Every path must have a different name in order to avoid breaking the website functionality.
We suggested some easy-to-remember names, especially for the admin and login paths.
Note: Not all the plugins on WordPress support different ajax and admin paths. If you notice any compatibility issue with other plugins, we suggest that you leave the wp-admin and admin-ajax.php paths unchanged.
Step 2. Save the changes
After you set new paths for wp-content, wp-includes, uploads, author, etc. you need to save the settings.
If the config file is not writable, Hide My WP Ghost will show you the set of rules you need to add manually. Just follow the instructions carefully.
Note: For Nginx server, you need to restart Nginx after each customization.
For Linux servers use the command line:
sudo nginx -s reload
Note: For Apache server, you need to make sure you set the AllowOverride All option for your current directory in httpd.conf or apache2.conf.
Read more about it: http://hidemywpghost.com/how-to-set-allowoverride-all/
If you changed wp-admin or wp-login.php with different paths, you will have to check the Frontend login after the settings are saved and make sure the new paths are working.
Note: In case you can’t login to your website, another plugin or theme is not letting Hide My WP Ghost to load the content. You can access the Safe URL, and you will be redirected to wp-login.php.
What should you do if the theme will not allow you to change the wp-login?
Well, you can deactivate the other plugins and try Hide My WP Ghost only with the theme. If the theme is causing the issue, make sure that the theme does work with different paths for wp-admin and wp-login.php.
If everything goes smoothly, you will be able to connect using the new login path and confirm the settings in Hide My WP Ghost.
Step 3. Run a Security Check
Hide My WP Ghost – Website Security Check
Let’s make sure your website is safe and run a Security Check from “Hide My WP > Security Check > Start Scan“.
Hide My WP Ghost will do 38 security tasks and let you know in just seconds what you need to do to secure your website.
Some of the tasks can be completed automatically, and some will of them require manual action. If you think that some tasks are too difficult, you can talk with your web developer who will be able to complete them.
Feel free to contact us with feedback and suggestions here
In the next lesson, I will teach you why and how to use the Brute Force protection feature of Hide My WP Ghost.