Replace the default WordPress login with a branded page using WP Ghost. Custom logo, layout presets, colors, and background. Built-in feature, no extra plugin.
Hide My WP Features
43 Articles
Compare WP Ghost Free (115+ features) vs Premium (150+ features). Both share the same hack-prevention engine. Premium adds Ghost Mode, full logs, geo-blocking, file extension hiding, and priority support.
Remove WordPress generator META, version parameters from CSS/JS files, WPML/Slider Revolution/WPBakery generator tags, and DNS prefetch with one toggle. Includes Random Static Number for cache-busting.
Remove ID attributes from stylesheet and script tags in WordPress source code. WordPress adds plugin and theme names as IDs to every enqueued asset. One toggle in WP Ghost removes them all.
WP Ghost is fully compatible with Really Simple SSL. Save Really Simple SSL settings first, then re-save WP Ghost to ensure correct .htaccess rule order. One-time setup with no conflicts.
Change the /wp-content/themes/ path and hide individual theme names with WP Ghost. Block theme detectors, protect child themes, and prevent CMS detection through theme directory scanning.
Redirect old WordPress image URLs from /wp-content/uploads/ to custom paths. Preserve external links, consolidate image SEO, and prevent duplicate content. Works with WooCommerce product images and CDNs.
Extend WP Ghost path changes to CDN-served assets. When your CDN uses a different domain, standard path rewriting misses those URLs. CDN Mapping ensures consistency. Supports WP Rocket, Bunny CDN, EWWW, and more.
Protect WordPress login, registration, password reset, and comment forms from brute force attacks. Add Math reCAPTCHA, Google V2/V3, set attempt limits, and configure lockout. Free feature including WooCommerce support.
Enable seven HTTP security headers in WordPress with one toggle in WP Ghost. Covers HSTS, Content-Security-Policy, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, COEP, and COOP with troubleshooting.
Change and hide the WordPress wp-content path with WP Ghost to remove the most visible WordPress fingerprint. Block WPScan enumeration, hide plugin versions, and defeat theme detectors. Step-by-step guide.
Change the WordPress plugins path, hide plugin directory names, and block plugin detection with WP Ghost. Stop WPScan from enumerating your plugins. Step-by-step guide with screenshots.
Change and hide the WordPress wp-includes path with WP Ghost to remove the primary CMS fingerprint from your source code. Block theme detectors, hide core scripts, and protect against exploit attacks.
Change the WordPress comments path, hide wp-comments-post.php, and add reCAPTCHA to comment forms with WP Ghost. Block spam bots that POST directly to the default file. Step-by-step guide.
Monitor every malicious request your WordPress site receives with the WP Ghost Security Threats Log. Track attack types, source IPs and countries, firewall rules triggered, and block status. Respond by whitelisting paths or blacklisting IPs directly from the log. Premium feature.
Load a tested security configuration in one click with WP Ghost’s four security presets. Choose from Minimal, Safe Mode + Compatibility, Safe Mode + Full Protection, or Ghost Mode + Full Protection. Free feature.
Add a Content Security Policy to WordPress with WP Ghost to block XSS attacks and data injection. Includes CSP examples for WordPress, directive reference table, WooCommerce payment gateway configuration, and troubleshooting.
Change the WordPress uploads path with WP Ghost to hide media file URLs from scanners. Every image reveals /wp-content/uploads/ by default. Includes CDN configuration, Nginx troubleshooting, and image redirect options.
Configure the WP Ghost firewall to block SQL injection, script injection, and exploit attacks. Set up the 8G Firewall, automate IP blocking, add security headers, block theme detectors and AI crawlers, enable country blocking, and manage IP whitelisting and blacklisting.
Enable passwordless login for WordPress and WooCommerce with WP Ghost’s Magic Link Login. Users enter their email, receive a one-time link, click it, and they are logged in. No passwords needed. Free feature.