Customize Paths in Hide My WP Ghost

change wordpress admin path

To go deeper into customizing the paths and to understand why you need all these customizations, let us look into the most important features which will increase your website security significantly.

Change WordPress Admin Path

The most important path in WordPress is the wp-admin and the only way to protect this path is by changing its name and hiding it from hacker bots.

To do this with Hide My WP Ghost, just change the name for the wp-admin with your custom name in Hide My WP > Permalinks.

change wordpress admin path

Paths are not physically changed

Hide My WP Ghost will not physically change the paths on your server. It uses rewrite rules to prevent any functionality errors.


Change WordPress Login Path

WordPress wp-login, wp-login.php, and login paths are the first ones a hacker bot will access for Brute Force attacks. Changing these paths and hiding them is mandatory when you have a WordPress CMS.

To do this with Hide My WP Ghost, just change the name for the wp-login with your custom name in Hide My WP > Permalinks.

change wordpress login path

Paths are not physically changed

Hide My WP Ghost will not physically change the paths on your server. It uses rewrite rules to prevent any functionality errors.


Change Author Path and Hide ID

Many hacker bots are scrapping for the author username by calling your website with the author ID. In return, they will get the author username without even guessing it. The username will use to access the dashboard from your login form.

To change the author path, go to Hide My WP > Permalinks > Custom author URL and change the name.

To disable the author ID calls, simply switch on Hide Author URL in Hide My WP > Permalinks


Change Lost Password Path

Change the lost-password path to prevent spam emails with the new password requests.

To change the lost-password path, go to Hide My WP > Permalinks > Custom Lost Password URL and change the name.


Change Register Path

Change the register path to prevent spam emails with the new user requests.

To change the register path, go to Hide My WP > Permalinks > Custom Register URL and change the name.


Change Logout Path

Changing the logout path is not mandatory but is useful when you have a customized dashboard for customers. The custom logout path is applied also for the WordPress plugins like Woocommerce in the account page.

To change the logout path, go to Hide My WP > Permalinks > Custom Logout URL and change the name.

custom logout paths

Change admin-ajax.php Path

All the ajax calls in the frontend are made by the default URL /wp-admin/admin-ajax.php. This URL is also used by hackers to upload viruses and scrips on your website.

To change the admin-ajax.php path, go to Hide My WP > Permalinks > Custom Ajax URL and change the name.

To hide the wp-admin path from ajax calls, switch on Hide My WP > Permalinks > Hide wp-admin from ajax URL .

Custom admin-ajax path

Changing this URL is mandatory and hiding the wp-admin from ajax calls is also a required action.

Theme compatibility check

Not all the WP themes are working with custom ajax path. Make sure the theme is working properly after you change this path.


Change wp-content Path

All the plugins and themes are added in the wp-content directory. Changing the wp-content and hiding it from source-code it’s an important step in hiding the website from Theme detectors.

Once it’s changed, you can choose to restrict the call to wp-content from here

To change the wp-content path, go to Hide My WP > Permalinks > Custom wp-content URL and change the name.

Custom wp-content path

Change wp-includes Path

WordPress core scripts and styles are located in this directory. To hide your WordPress site from Theme detectors you must customize its name and hide it from source-code in frontend.

To change the wp-includes path, go to Hide My WP > Permalinks > Custom wp-includes URL and change the name.

Custom wp-includes path

Change wp-content/uploads Path

Because all the uploaded images are located in this directory by default, you need to change this path in order to hide your website from Theme detectors.

You can also protect the vulnerable script from uploads directory here

To change the wp-content/uploads path, go to Hide My WP > Permalinks > Custom uploads URL and change the name.

Custom wp-content/uploads path

Change comments Path

To change the comment path, go to Hide My WP > Permalinks > Custom comments URL and change the name.

Custom comments Path

Change Plugins Path

There are two layers of security in this feature. Hide My WP Ghost lets you change the path to all plugins and it will automatically add custom names to each active plugin. After wp-content/plugins path is changed, it’s important to restrict access to it from here.

To change the wp-content/plugins path, go to Hide My WP > Permalinks > Custom plugins path URL and change the name.

To change all the plugins name, switch on Hide My WP > Permalinks > Hide plugins name.


Change Themes Path

There are two layers of security in this feature. Hide My WP Ghost lets you change the path to all themes and it will automatically add custom names to each active theme. After wp-content/themes path is changed, it’s important to restrict access to it from here.

To change the wp-content/themes path, go to Hide My WP > Permalinks > Custom themes path URL and change the name.

To change all the themes name, switch on Hide My WP > Permalinks > Hide themes name.

Customize themes path

Hide WordPress Common Paths

An important action in protecting your website from hacker attacks is by hiding the WordPress common paths after the path names are changed.

Hide My WP Ghost will add a filter in the config file to show 404 error when the user is not logged on website and access the paths.

The main paths this option hides are: /wp-content, /wp-include, /plugins, /themes. If will also hide upgrade.php and install.php for visitors.

To hide WordPress common paths, switch on Hide My WP > Permalinks > Hide WordPress Common Paths.

Hide WordPress common paths

Theme compatibility check

Not all the WP themes are working if this option is on. Make sure the website is working properly after you activate this option.


Hide WordPress Common Files

An important action in hiding your website from Theme detectors and protecting your website from hacker attacks is hiding the WordPress common files.

Hide My WP Ghost will add a filter in the config file to show 404 error when the user is not logged on website and access the files.

The hidden files are wp-config.php, readme.html, license.txt, etc.

To hide WordPress common files, switch on Hide My WP > Permalinks > Hide WordPress Common Files.

Hide WordPress common files

Firewall Against Script Injection

The most common way to hack a website is by accessing the domain and adding harmful queries in order to reveal information from files and database. These attacks are made on any website, WordPress or not, and if a call succeeds … it will be probably too late to save the website.

Hide My WP Ghost will add a filter in the config file to block harmful params and queries and to protect the website from these types of attacks.

Firewall Updates

The harmful list queries is continuously updated in Hide My WP Ghost so make sure you have the plugin always up to date.

To activate the Firewall, switch on Hide My WP > Permalinks > Firewall Against Script Injection.

Firewall Against Script Injection

Disable Directory Browsing

Don’t let hackers see the directory content when you don’t have an index file in that directory. For example, it’s easy to find vulnerable files if you see the list of files in wp-content/uploads.

To disable the directory browsing on your server, switch on Hide My WP > Permalinks > Disable Directory Browsing .

Disable Directory Browsing

Was This Article Helpful?