Search: error

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

This is expected behavior, not an error. When the Hide “wp-admin” option is enabled in WP Ghost, the custom admin path is only accessible to logged-in users. If you try to visit your custom admin URL without being logged in first, WP Ghost returns a 404 to prevent bots from discovering the admin area. The solution is simple: go to your custom login path first, log in, and then access the admin URL.

Why the …

… Save and test the editor again. This way, WP Ghost still hides all paths from visitors and bots, but your admin experience (including Elementor) uses the original paths. See the Security Tweaks tutorial for details.

Still Not Working?

If none of the steps above resolve the issue, check your server error logs for specific 404 or 500 errors. Log out and log back in to refresh your session cookies (especially after changing the admin path). You can also test Elementor’s own Safe Mode by going to Elementor > Tools > Safe Mode, which loads Elementor without any theme or plugin interference …

… and gets a 404 error, it moves on to the next target. No login page found means no brute force attack, no credential stuffing, no exploit attempt. WP Ghost takes this approach, changing and hiding over 30 WordPress paths including the admin, login, plugins, themes, uploads, and REST API.

Firewall protection. A web application firewall filters incoming requests and blocks malicious patterns before they reach your WordPress core. This stops SQL injection, cross-site scripting (XSS), and other common injection attacks at the server level. WP Ghost includes both 7G and 8G firewall rules as a free feature.

Brute …

… Still Broken?

If none of the four settings above are the cause, the issue is usually server configuration. When WP Ghost changes your paths, the server needs to know how to route requests to the new URLs. If rewrite rules aren’t loaded correctly, CSS and JS files return 404 errors and the theme appears broken.

Start by running the Frontend Test. Go to WP Ghost > Change Paths and click the Frontend Test button in the sidebar. WP Ghost will check whether your new paths are resolving correctly and show you any server configuration steps you need to follow.

For …

… wp-content path tutorial.

How Do I Hide the Old wp-content Path So Bots Get a 404?

Changing the path creates a new URL, but the original path might still respond if someone types it directly. You need to block access to the old path so bots and scanners hit a dead end.

Still in WP Ghost > Change Paths > WP Core Security, switch on Hide WordPress Common Paths. This blocks direct access to the old , , and other default WordPress directories. Anyone or any bot that tries to access the original path gets a 404 error instead.

You can …

… plugins and themes. Once a bot knows your CMS and your plugins, it checks vulnerability databases and attacks automatically.

WP Ghost breaks this cycle at the first step. It changes all those default paths to custom URLs that bots don’t expect. If a bot probes and gets a 404 error, it cannot launch a brute force attack. If it scans for and finds nothing, it cannot target that plugin’s vulnerabilities. The bot moves on to an easier target. That is what hack prevention means: you don’t just react to attacks, you make them impossible to start.

Core …

… Tutorial.

To verify the cloaking works, check your site with a theme detector like IsItWP, BuiltWith, or Wappalyzer. If they cannot detect WordPress, your cloaking is working.

Frequently Asked Questions

Is WordPress cloaking the same as “security through obscurity”?

No. WP Ghost uses path security, not obscurity. Obscurity means relying on secrecy as your only defense. WP Ghost changes the actual attack surface: paths that bots probe return 404 errors, the firewall blocks injection attempts, brute force protection limits login attempts, and 2FA secures authentication. Path changes are one layer of a multi-layer defense strategy.

Will cloaking affect …

… a randomly generated code. Instead of , the path becomes . No one can identify your theme from the page source. Click Save.

Hide all themes. Switch on Hide All the Themes to also rename inactive theme directories. Inactive themes still sit on your server and can be exploited if they have known vulnerabilities. This option protects them too.

Hide the old themes path. Switch on Hide WordPress Old Themes Path. This returns a 404 error for any request to the original URL, blocking bots that probe the default location.

Rename style.css. Enter a custom name in the Custom Theme …

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

To hide your WordPress site from bots, scanners, and theme detectors, you need to change the default paths, remove CMS fingerprints from the HTML source, and block access to common WordPress files. WP Ghost does all of this in a single plugin with 115+ free features. After configuration, tools like BuiltWith, Wappalyzer, and IsItWP cannot identify your site as WordPress.

What “Hiding WordPress” Actually Means

Hiding your WordPress site does not mean making it invisible to visitors …

… way. Go to WP Ghost > Change Paths > Themes Security. You can change the themes directory path, hide theme names (replaces each theme directory with a random code), hide all themes (includes inactive themes whose files can still be exploited), hide the old themes path (blocks the original URL), and rename the theme style file (changes to a custom name like ).

Renaming is especially effective. Every theme detector specifically looks for this file because its header contains the theme name, version, and author in a standardized format. Rename it, and that detection method fails completely.

For the full walkthrough, see …

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

If your theme layout breaks or CSS/JS files fail to load after activating Safe Mode or Ghost Mode in WP Ghost, the issue is almost always a server configuration problem or a stale cache. The new paths need to be recognized by your server before they can serve files correctly. Here is how to diagnose and fix it.

Step 1: Clear All Cache

This is the most common cause and the easiest fix. When WP Ghost …

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

If you can’t access your WordPress dashboard through the usual /wp-admin path, it’s almost certainly because WP Ghost is doing its job. The plugin hides the default wp-admin and wp-login.php paths so bots can’t find them. You need to use your custom login URL instead. This guide explains what happened, how to find your custom path, how to disable the hiding if you prefer, and what to do if you …