Skip to contentSkip to main navigation Skip to footer

Lesson 1 – How to Hide Your WordPress Website with Hide My WP Ghost

In this lesson, I will teach how to customize the paths and hide your WordPress website from theme hackers bots.
Now that you have downloaded the plugin and installed it on your website, you need to make sure you take full advantage of all its features.

Our challenge with Hide My WP Ghost was to offer an easy-to-set-up plugin and a stable and complex security plugin that would protect websites from almost all known WordPress attacks.

Let’s start with some easy-to-follow steps.

Step 1. Select Level of Security

First, go to “Hide My WP > Change Paths” panel and select the Safe Mode level.

If you have the Hide My WP Ghost plugin, you can select Ghost Mode.


Hide My WP Ghost – Safe Mode

Once you have selected the Safe Mode or Ghost Mode, new input fields will appear. These fields contain the common WordPress paths, and you can customize every single one in order to hide your WordPress paths. If you don’t know how to customize the paths, just go with the default paths added by Hide My WP Ghost.


Hide My WP Ghost – Customize the WordPress paths

Note: We don’t physically replace the paths on your server with the custom ones. All changes are made using redirects and if you deactivate the plugin, the old paths will be accessible again.

Feel free to name the paths as you like, but don’t give them the same names. Every path must have a different name in order to avoid breaking the website functionality.

We suggested some easy-to-remember names, especially for the admin and login paths.

Note: Not all the plugins on WordPress support different ajax and admin paths. If you notice any compatibility issue with other plugins, we suggest that you leave the wp-admin and admin-ajax.php paths unchanged.

Step 2. Save the changes

After you set new paths for wp-content, wp-includes, uploads, author, etc. you need to save the settings.

If the config file is not writable, Hide My WP Ghost will show you the set of rules you need to add manually. Just follow the instructions carefully.

Hide My WP on Nginx server
An example for Nginx servers configuration

Note: For Nginx server, you need to restart Nginx after each customization.
For Linux servers use the command line:

 sudo nginx -s reload

Note: For Apache server, you need to make sure you set the AllowOverride All option for your current directory in httpd.conf or apache2.conf.
Read more about it: https://hidemywpghost.com/how-to-set-allowoverride-all/

If you changed wp-admin or wp-login.php with different paths, you will have to check the Frontend login after the settings are saved and make sure the new paths are working.

Note: In case you can’t login to your website, another plugin or theme is not letting Hide My WP Ghost to load the content. You can access the Safe URL, and you will be redirected to wp-login.php.

What should you do if the theme will not allow you to change the wp-login?

Well, you can deactivate the other plugins and try Hide My WP Ghost only with the theme. If the theme is causing the issue, make sure that the theme does work with different paths for wp-admin and wp-login.php.

If everything goes smoothly, you will be able to connect using the new login path and confirm the settings in Hide My WP Ghost.

Step 3.  Run a Security Check


Hide My WP Ghost – Website Security Check

Let’s make sure your website is safe and run a Security Check from “Hide My WP > Security Check > Start Scan“.

Hide My WP Ghost will do 38 security tasks and let you know in just seconds what you need to do to secure your website.

Some of the tasks can be completed automatically, and some will of them require manual action. If you think that some tasks are too difficult, you can talk with your web developer who will be able to complete them.

Feel free to contact us with feedback and suggestions here

In the next lesson, I will teach you why and how to use the Brute Force protection feature of Hide My WP Ghost.