How to Set Up Hide My WP Ghost in Safe Mode in 3 Minutes

This video shows how to set up Hide My WP Ghost in Safe Mode with custom login and setup – in just 3 minutes!

NOTE: The plugin was configured on an Apache Server. Certain manual actions are required to configure Hide My WP Ghost on Nginx and IIS servers.

• VIDEO OUTLINE
• Select SAFE Mode and Save Settings
• Change Paths Settings
• Admin Security
• Login Security
• Ajax Security
• User Security
• WP Core Security
• Plugins Security
• Themes Security
• API Security
• Firewall and Headers
• Run New Frontend Login Test
• View Changes

VIDEO OUTLINE

1. Min. 00.04- 1.01: Select and Save SAFE Mode
2. Min. 1.02 – 2.31: Change Paths Settings
3. Min. 2.32 – 2.57: Run New Frontend Login Test
4. Min. 2.58 – 3.28 : View Changes

Select SAFE Mode and Save Settings

👉Min. 00.04- 1.01

Recommended Actions:

• Select Safe Mode
• A pop-up will appear showing you all the predefined paths that Hide My WP Ghost sets in Safe Mode. READ the info.
• Click on Continue, and then SAVE.
• Run the Frontend Login test. 
• SAVE your login URL (!very important that you do this)
• SAVE your SAFE URL (!also very important, you’ll need this in case you can’t login)
• If the test is successful, click on Yes, it’s working.

Change Paths Settings

👉 Min. 1.02 – 2.31

Admin Security

• Custom Admin Path – Recommended action: Leave as is
• Hide wp-admin – Recommended: ON 
• Hide wp-admin From Non-Admin users – Recommended: OFF

Login Security

• Custom Login Path – Recommended action: Customize
• Hide wp-login.php – Recommended: ON 
• Hide login Path – Recommended: ON
• Custom Lost Password Path – Recommended action: Leave as is
• Custom Register Path – Recommended action: Leave as is
• Custom Logout Path – Recommended action: Leave as is

Ajax Security

• Custom admin-ajax Path – Recommended action: Customize
• Hide wp-admin from Ajax URL – Recommended: ON
• Change Paths in Ajax Calls – Recommended: ON

User Security

• Custom Author Path – Recommended action: Leave as is
• Hide Author ID URL – Recommended: ON

WP Core Security

• Custom wp-content Path – Recommended action: Leave as is
• Custom wp-includes Path – Recommended action: Leave as is
• Custom uploads Path – Recommended action: Leave as is
• Custom comment Path – Recommended action: Leave as is
• Hide WordPress Common Paths – Recommended: ON
• Hide File Extensions – Recommended action: Leave as is
• Hide WordPress Common Files – Recommended: ON
• Hide Common Files – Recommended Action: ADD wp-comments-post.php
• Disable Directory Browsing – Recommended: OFF

Plugins Security

• Custom plugins Path – Recommended action: Leave as is
• Hide Plugin Names – Recommended: ON
• Hide All the Plugins – Recommended: OFF
• Hide WordPress Old Plugins Path – Recommended: ON
• Show Advanced Options– Recommended: OFF

Themes Security

• Custom themes Path – Recommended action: Leave as is
• Hide Theme Names – Recommended: ON
• Hide WordPress Old Themes Path – Recommended: ON
• Custom theme style name – Recommended action: Leave as is
• Show Advanced Options – Recommended: OFF

API Security

• Custom wp-json Path – Recommended action: Leave as is
• Hide REST API URL link – Recommended: ON
• Disable REST API access – Recommended: OFF
• Disable XML-RPC access – Recommended: ON
• Disable RSD Endpoint from XML- RPC – Recommended: ON

Firewall and Headers

• Add Security Headers for XSS and Code Injection Attacks – Recommended: ON
• Strict-Transport-Security – Recommended: ACTIVE, leave as is
• Content-Security-Policy – Recommended: ACTIVE, leave as is
• X-XSS- Protection – Recommended: ACTIVE, leave as is
• X-Content-Type- Options – Recommended: ACTIVE, leave as is
• Cross-Origin-Embedder- Policy – Recommended action: ADD then leave as is
• Cross-Origin-Opener-Policy – Recommended action: ADD then leave as is
• X-Frame-Options – Recommended action: ADD then leave as is
• Remove Unsafe Headers – Recommended: ON
• Block Theme Detectors Crawlers – Recommended: ON
• Firewall Against Script Injection – Recommended: ON

Run New Frontend Login Test

👉 Min. 2.32 – 2.57

Recommended Actions:

• After you save the new settings, Run a new Frontend Login test.
• SAVE your NEW login URL (!very important that you do this)
• SAVE your SAFE URL (!also very important, you’ll need this in case you can’t login)
• If the test is successful, click on Yes, it’s working.

View Changes

👉 Min. 2.58 – 3.28

Recommended Actions: 

• Click on Visit Site to see the changes you’ve enabled using Hide My Ghost take effect.
• Take a look at your site’s source code to see the modified paths.

👋Note! The settings shown in this video will work best for most sites – and present a way to quickly, safely, and effectively set up SAFE Mode to increase your site’s protection.

However, the ideal settings can look different from case to case, and you can always further customize these settings based on your needs and wants.

We advise you to always read the documentation that we link to from within the plugin and ensure you clearly understand what each setting enables you to do.