Take preventive measures against attacks
using Hide My WordPress Ghost

In the next steps you will find out how Hide My WP Ghost can help you to secure your website.

Main Plugin Features


hide my wp ghost

Protect WP Common
Paths & Files

hide my wp ghost

URL Mapping & Text

Brute Force Attack

WP Headers

hide my wp ghost


Cross Site Scripting (XSS)

hide my wp ghost

Script & SQL
Injection Firewall

Limit Login Attempts

Email Alerts

Security Check

hide my wp ghost

Activity Log

Join over 50k websites that are using it

"Enjoyed it. Very innovative plugin that helps with security. You can’t beat that for a free plugin. Would like to see more areas that need to be hidden or prevent hackers from accessing. Keep up the good work!"
"It’s working perfectly and I’m glad there are still some good developers that are on WordPress that actually care about their plugins. Most just try to blame it on other things and don’t even bother to see what the issue is. Anyways. It’s got a lot of options to it and perfect for a security plugin and really simple to use. USE IT."

Don't let hackers know that you use a WordPress CMS!

What's included?

Hide your WordPress Form Hackers!

Hide My WP - Protection Steps

step 1. Hide WordPress wp-admin URL, wp-login URL, admin-ajax URL

step 2. Hide WordPress Common files: wp-config.php, readme.html, license.txt, etc.

step 3. Customize common paths: wp-admin, wp-login, wp-includes, wp-content, plugins & themes, uploads, authors, comment, category & tags

step 4. Customize WP API Rest path, Lost Password URL, Register URL, Logout URL, Activation URL, Ajax URL

step 5. Customize plugin names, theme names & theme style name

hide wp common paths
Levels of security

There is no difference in features between Safe Mode and Ghost Mode, just in the predefined settings.

By default, Safe Mode does not modify the wp-admin and admin-ajax.php paths, it just hides them. Also, it doesn’t hide the common paths (wp-includes, wp-content, plugins, themes) and WP-JSON API calls.

Safe Mode has been created to eliminate many incompatibilities with custom themes and plugins that we have tested in recent years.

Safe Mode provides a good level of security, even if these settings are not enabled.

If you feel confident you can switch to Ghost Mode, you can always go back to Safe Mode in one click.

Your WordPress Website Brute Force Attack Protection

Brute force attack protection

Hide My WP Ghost - Brute Force Attacks Protection Steps

1. Hide the fact that you are using WordPress CMS.
2. Limit Login Attempts.
3. Restrict access to the authentication URLs.
(deny the IP address after a few fail attempts.)
4. Use reCaptcha or human recognition
5. Whitelist specific IP addresses

Track Your WordPress Activity and See What Happens On You Website

Hide My WP Ghost - Activity Log

1. Monitor, track and log events on your website
2. Know what the other users are doing on your website and when
3. Set it to send alert emails for one or more user actions
4. Filter user events and usernames
5. Save time with preset alerts and opportunities

wordpress activity log

Be Proactive! Identify Your Potential WordPress Security Breaches

Hide My WP Ghost - Security Check

1. Detect security breaches
2. Take preventive measures against attacks
3. Identify security or access issues on your website before they become a problem
4. Teach you how to fix common problems in cases where a manual action is need

Try Some WordPress Tweaks

Hide My WP Ghost WordPress Tweaks

1. Hide WordPress CMS for Logged Users
2. Hide Versions and WordPress Tags
3. Hide RSD (Really Simple Discovery) header
4. Hide WordPress HTML Comments
5. Hide Emojicons
6. Disable XML-RPC access
7. Disable Embed Scripts
8. Disable WLW Manifest scripts
9. Disable DB Debug in Frontend

wordpress tweaks

Awesome Integration

Subdomain and Subdirectory WordPress Multisites

Apache Server (Add extra security into .htaccessScripting (XSS))

Nginx server
Bitnami Servers LiteSpeed Server
IIS server
Wp Rocket plugin WpEngine Servers