How to Set Up Hide My WP Ghost in Safe Mode in 3 Minutes
June 17, 2024
This video shows how to set up Hide My WP Ghost in Safe Mode with custom login and setup – in just 3 minutes!
NOTE: The plugin was configured on an Apache Server. Certain manual actions are required to configure Hide My WP Ghost on Nginx and IIS servers.
- VIDEO OUTLINE
- Select SAFE Mode and Save Settings
- Change Paths Settings
- Admin Security
- Login Security
- Ajax Security
- User Security
- WP Core Security
- Plugins Security
- Themes Security
- API Security
- Firewall and Headers
- Run New Frontend Login Test
- View Changes
VIDEO OUTLINE
- Min. 00.04- 1.01: Select and Save SAFE Mode
- Min. 1.02 β 2.31: Change Paths Settings
- Min. 2.32 β 2.57: Run New Frontend Login Test
- Min. 2.58 β 3.28 : View Changes
Select SAFE Mode and Save Settings
πMin. 00.04- 1.01
Recommended Actions:
- Select Safe Mode
- A pop-up will appear showing you all the predefined paths that Hide My WP Ghost sets in Safe Mode. READ the info.
- Click on Continue, and then SAVE.
- Run the Frontend Login test.
- SAVE your login URL (!very important that you do this)
- SAVE your SAFE URL (!also very important, youβll need this in case you canβt login)
- If the test is successful, click on Yes, itβs working.
Change Paths Settings
π Min. 1.02 – 2.31
Admin Security
- Custom Admin Path β Recommended action: Leave as is
- Hide wp-admin β Recommended: ON
- Hide wp-admin From Non-Admin users β Recommended: OFF
Login Security
- Custom Login Path β Recommended action: Customize
- Hide wp-login.php β Recommended: ON
- Hide login Path β Recommended: ON
- Custom Lost Password Path β Recommended action: Leave as is
- Custom Register Path β Recommended action: Leave as is
- Custom Logout Path β Recommended action: Leave as is
Ajax Security
- Custom admin-ajax Path β Recommended action: Customize
- Hide wp-admin from Ajax URL β Recommended: ON
- Change Paths in Ajax Calls β Recommended: ON
User Security
- Custom Author Path β Recommended action: Leave as is
- Hide Author ID URL β Recommended: ON
WP Core Security
- Custom wp-content Path β Recommended action: Leave as is
- Custom wp-includes Path β Recommended action: Leave as is
- Custom uploads Path β Recommended action: Leave as is
- Custom comment Path β Recommended action: Leave as is
- Hide WordPress Common Paths β Recommended: ON
- Hide File Extensions β Recommended action: Leave as is
- Hide WordPress Common Files β Recommended: ON
- Hide Common Files β Recommended Action: ADD wp-comments-post.php
- Disable Directory Browsing β Recommended: OFF
Plugins Security
- Custom plugins Path β Recommended action: Leave as is
- Hide Plugin Names β Recommended: ON
- Hide All the Plugins β Recommended: OFF
- Hide WordPress Old Plugins Path β Recommended: ON
- Show Advanced Optionsβ Recommended: OFF
Themes Security
- Custom themes Path β Recommended action: Leave as is
- Hide Theme Names β Recommended: ON
- Hide WordPress Old Themes Path β Recommended: ON
- Custom theme style name β Recommended action: Leave as is
- Show Advanced Options β Recommended: OFF
API Security
- Custom wp-json Path β Recommended action: Leave as is
- Hide REST API URL link β Recommended: ON
- Disable REST API access β Recommended: OFF
- Disable XML-RPC access β Recommended: ON
- Disable RSD Endpoint from XML- RPC β Recommended: ON
Firewall and Headers
- Add Security Headers for XSS and Code Injection Attacks β Recommended: ON
- Strict-Transport-Security β Recommended: ACTIVE, leave as is
- Content-Security-Policy β Recommended: ACTIVE, leave as is
- X-XSS- Protection β Recommended: ACTIVE, leave as is
- X-Content-Type- Options β Recommended: ACTIVE, leave as is
- Cross-Origin-Embedder- Policy β Recommended action: ADD then leave as is
- Cross-Origin-Opener-Policy β Recommended action: ADD then leave as is
- X-Frame-Options β Recommended action: ADD then leave as is
- Remove Unsafe Headers β Recommended: ON
- Block Theme Detectors Crawlers β Recommended: ON
- Firewall Against Script Injection β Recommended: ON
Run New Frontend Login Test
π Min. 2.32 – 2.57
Recommended Actions:
- After you save the new settings, Run a new Frontend Login test.
- SAVE your NEW login URL (!very important that you do this)
- SAVE your SAFE URL (!also very important, youβll need this in case you canβt login)
- If the test is successful, click on Yes, itβs working.
View Changes
π Min. 2.58 – 3.28
Recommended Actions:
- Click on Visit Site to see the changes youβve enabled using Hide My Ghost take effect.
- Take a look at your siteβs source code to see the modified paths.
πNote! The settings shown in this video will work best for most sites β and present a way to quickly, safely, and effectively set up SAFE Mode to increase your site’s protection.
However, the ideal settings can look different from case to case, and you can always further customize these settings based on your needs and wants.
We advise you to always read the documentation that we link to from within the plugin and ensure you clearly understand what each setting enables you to do.