In this lesson, I will teach how to customize the paths and hide your WordPress website from theme detectors and hackers.
Now that you have downloaded the plugin and installed it on your website, you need to make sure you take full advantage of all its features.
Our challenge with Hide My WP Ghost was to offer an easy-to-set-up plugin and a stable and complex security plugin that would protect websites from almost all known WordPress attacks.
Let’s start with some easy-to-follow steps.
First, go to “Hide My WP Ghost> Permalinks” panel and select the Lite Mode level.
If you have the Hide My WP Ghost plugin, select Safe Mode or Ghost Mode.
Hide My WP Ghost – Safe Mode
Once you have selected the Lite Mode or Safe Mode, new input fields will appear. These fields contain the common WordPress paths, and you can customize every single one in order to hide your WordPress CMS platform. If you don’t know how to customize the paths, just go with the defaults.
Hide My WP Ghost – Customize the WordPress paths
Note: You need to understand that we don’t physically replace the paths on your server with the custom ones. All changes are made using redirects and if you deactivate the plugin, the old paths will be accessible again.
Feel free to name the paths as you like, but don’t give them the same names. Every path must have a different name in order to avoid breaking the website functionality.
We suggested some easy-to-remember names, especially for the admin and login paths.
Note: Not all the plugins on WordPress support different ajax and admin paths. If you notice any compatibility issue with other plugins, we suggest that you leave the wp-admin and admin-ajax.php paths unchanged.
After you set new paths for wp-content, wp-includes, uploads, author, etc. you need to save the settings.
If the config file is not writable, Hide My WP Ghost will show you the set of rules you need to add manually. Just follow the instructions carefully.
This is an example for Nginx servers
Note: For Nginx server, you need to restart Nginx after each customization.
For Linux servers use the command line:
sudo nginx -s reload
Note: For Apache server, you need to make sure you set the AllowOverride All option for your current directory in httpd.conf or apache2.conf.
Read more about it: https://stackoverflow.com/questions/18740419/how-to-set-allowoverride-all
If you changed wp-admin or wp-login.php with different paths, you will have to re-login to your website after the settings are saved. Before you click to re-login, save the Safe URL in case you can’t re-login, and click the re-login button. Use the same credentials to log back to your dashboard.
Note: In case you can’t login to your website, another plugin or theme is not letting Hide My WP Ghost to load the content. You can now access the Safe URL, and you will be redirected to wp-login.php. All the Hide My WP Ghost settings will roll back to default.
Well, you can deactivate the other plugins and try Hide My WP Ghost only with the theme. If the theme is causing the issue, talk with the theme’s authors and tell them to update their theme and make it compatible with different paths for wp-admin and wp-login.php.
If everything goes smoothly, you will be able to connect using the new login path.
Hide My WP Ghost – Website Security Check
Let’s make sure your website is safe and run a Security Check from “Hide My WP Ghost> Security Check > Start Scan“.
Hide My WP Ghost will do 38 security tasks and let you know in just seconds what you need to do to secure your website.
Some of the tasks can be completed automatically, and some will of them require manual action. If you think that some tasks are too difficult, you can talk with your web developer who will be able to complete them.
Feel free to contact us with feedback and suggestions here
In the next lesson, I will teach you why and how to use the Brute Force protection feature of Hide My WP Ghost.