Hide My WP Ghost
Buy Now

Search: error

88 results

How to Use Autoptimize with WP Ghost for Speed and Security

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Table of ContentsWhy Use Both Plugins TogetherStep 1 – Configure Autoptimize for PerformanceStep 2 – Configure WP Ghost Path SecurityStep 3 – Change Paths in Cached FilesStep 4 – Map the Autoptimize Cache Directory (Optional)After Configuration – Clear All CachesFrequently Asked QuestionsWill WP Ghost slow down my site if I use it with Autoptimize?Do I need to change paths in cache files if I use Autoptimize?Can I use other cache plugins instead of Autoptimize?Autoptimize is showing errors after …

December 16, 2020

How to Protect Your WordPress Website from Hackers - Complete Guide

… wp-admin, wp-login.php, wp-includes, wp-content, plugins, themes, uploads, REST API, author paths, comments path, admin-ajax.php, and more. It also hides common files like wp-config.php, readme.html, license.txt, and debug.log. Once the paths are changed, the old paths return a 404 error when bots try to access them. For the full path security guide, see Customize Paths with WP Ghost.

Layer 2 – 8G Firewall

The built-in 8G Firewall operates at the server edge, filtering out SQL injection, script injection, XSS, file inclusion exploits, and directory traversal attacks before they reach …

November 25, 2020

Does Hiding WordPress with a Plugin Affect SEO?

… original paths even after you change the uploads directory. Google can still reach already-indexed images through the old URLs. New references in your page source use the custom paths, and Google indexes those as it recrawls your site.

If you enable Hide WordPress Common Paths with media files included, WP Ghost redirects old image URLs to the new paths automatically. Google follows the redirect, consolidates to the new URL, and your image SEO authority transfers cleanly. No 404 errors, no broken links, no duplicate content. For details, see the redirect images from old paths guide.

After making path changes,

Does Hiding the WordPress Login Page Make My Site More Secure?

Yes. Hiding the WordPress login page is one of the most effective single steps you can take against automated brute force attacks. Bots target /wp-login.php and /wp-admin on every WordPress site because these paths are identical on every default installation. When WP Ghost changes the login path to a custom URL, bots scanning for the default path get a 404 error and move on. But hiding the login is only one layer. For real security, you need path changes for all WordPress paths, a firewall, brute force protection, and 2FA working together.

Why Hiding the Login Path …

Advanced WP Security

… WP Ghost automatically detects your server type (Apache, Nginx, LiteSpeed, IIS, and hosting-specific profiles like SiteGround, WP Engine, Flywheel, InMotion, Bitnami, GoDaddy, and CloudPanel). The server type determines which rewrite rules WP Ghost generates for your custom paths.

In most cases, auto-detection is accurate. If you experience 404 errors on custom paths after activating Safe Mode or Ghost Mode, the server type may be incorrect. You can override it manually.

Go to WP Ghost > Advanced > Compatibility > Server Type and select your server from the dropdown.

If you do not know your server type, check Tools > Site Health > Info …

How Can I Hide Plugins From WordPress Detectors?

… the new URLs, but the server knows to serve them from the original locations. Functionality is completely unaffected.

Does this also hide plugins from vulnerability scanners like WPScan?

Yes. Vulnerability scanners like WPScan detect plugins by probing known paths (like ). When WP Ghost changes these paths, the scanner gets 404 errors for every probe and reports zero detected plugins. This is the security benefit: bots cannot find plugins to check against vulnerability databases.

Is this a free feature?

Changing the plugins directory path and randomizing plugin names are included in the free version of WP Ghost. Text Mapping for replacing

How Do I Change admin-ajax.php in WordPress?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Go to WP Ghost > Change Paths > Ajax Security, set a custom name in the Custom admin-ajax.php Path field, and click Save. WP Ghost replaces the default URL with your custom path across the entire frontend. The default path returns a 404 error for bots while all legitimate AJAX calls route through the new URL transparently.

Why Changing admin-ajax.php Matters

The file is one of the most targeted endpoints in WordPress. Every AJAX request …

How Do I Change the Default Login Page in WordPress?

… the Login Path with WP Ghost?

Go to WP Ghost > Change Paths > Login Security. Enter your custom name in the Custom Login Path field. For example, instead of you could use or any name that’s not easily guessable. Click Save.

After saving, the old , , and paths return a 404 error for non-logged-in visitors. Only your custom URL reaches the login form. Bookmark your new login URL immediately, as the default paths will no longer work.

WP Ghost does not physically change any files on your server. It uses rewrite rules to route requests from the new URL …

Can I Change WP-Admin to Something Else in WordPress?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. Go to WP Ghost > Change Paths > Admin Security and enter your custom name in the Custom Admin Path field. Click Save. WP Ghost replaces with your custom path using server rewrite rules. The actual wp-admin directory is not renamed or moved. Bots scanning for the default get a 404 error, while you access the dashboard through the new URL.

Why Changing wp-admin Matters

The directory is the single most recognizable WordPress path. Every WordPress …

Safe Mode vs Ghost Mode in WP Ghost - Which Security Level to Choose

… rewrite rules (.htaccess on Apache, config blocks on Nginx). Deactivating WP Ghost removes all rules and restores default WordPress behavior instantly.

Related Tutorials

Configure and customize your security level:

Customize Paths with WP Ghost – Step-by-step guide to changing all WordPress paths after selecting a mode.

Preset Security Options – One-click configurations for Safe Mode and Ghost Mode.

Hide from WordPress Theme Detectors – Complete checklist for passing all detection tools.

Text Mapping and URL Mapping – Replace WordPress class names and URLs in the source code.

Disable WP Ghost in Case of Error – Recovery if Ghost Mode causes compatibility issues.

May 21, 2019

How to Change the wp-content Directory in WordPress for Better Security

… your site and finds /wp-content/plugins/contact-form-7/ in your source code, it instantly knows you are running WordPress and which plugins to target.

Changing the wp-content path to something custom, like /lib/ or /assets/, removes this fingerprint entirely. Bots scanning for /wp-content/ get a 404 error, and the actual directory is served under a name they do not recognize. This is one of the most impactful path security changes you can make.

Path Default (Vulnerable to bots) Secured Content directory /wp-content/ /lib/ (or any custom name) Plugins /wp-content/plugins/ /lib/extensions/ Themes /wp …

May 16, 2019

How to Protect Your WordPress Site from Hacker Bots and Theme Detectors

… Themes directory /wp-content/themes/ /custom-assets/layouts/ Uploads folder /wp-content/uploads/ /custom-assets/media/ REST API /wp-json/ /custom-api/ Old paths accessible? Yes (exploitable) 404 Not Found

When a bot scans a WP Ghost-protected site, every single request to a default WordPress path returns a 404 error. The bot cannot confirm the site runs WordPress, so it moves on to easier targets. Your plugins, themes, and login page stay invisible.

How Hacker Bots Attack WordPress Sites

Understanding the attack process helps you see why path security is so effective. Here is what actually happens behind the …

May 6, 2019

Is It Safe That I Can Access wp-admin While Logged In?

… deactivate WP Ghost or if another plugin depends on the default admin path.

How WP Ghost Handles the Admin Path

WP Ghost’s path security is designed to block unauthenticated access, not authenticated access. When a bot or non-logged-in visitor tries to access , WP Ghost returns a 404 error or redirects them to a page you specify. The bot cannot confirm WordPress and moves on. When you are logged in as an administrator and visit , WP Ghost recognizes your authenticated session and lets you through. Your custom admin path also works, giving you two ways to reach the …

Does WP Ghost Make My Website Invisible on FTP?

… not through FTP. They scan for , , and by sending web requests. WP Ghost makes these paths return 404 errors or redirect to custom URLs at the HTTP level, which is where the attacks happen. The actual file locations on the server are irrelevant to bots because they cannot access your FTP. This is why virtual path changes are just as effective as physically moving files, without any of the risks or complexity that file-level changes would introduce.

Frequently Asked Questions

Can I still use FTP to edit theme files with WP Ghost active?

Yes. Your theme files are …

Lesson 3 - How to Hide WordPress from Theme Detectors and Hacker Bots

… are still accessible by default. Bots can still probe these locations unless you hide them.

Go to WP Ghost > Change Paths > WP Core Security. Enable Hide WordPress Common Paths and Hide WordPress Common Files. After saving, test by visiting /wp-content/ in an incognito browser — you should get a 404 error.

Block Theme Detectors

Go to WP Ghost > Firewall. Enable Block Theme Detectors. This blocks known detector IPs and user agents from crawling your site.

For deeper protection, go to WP Ghost > Tweaks > Change Options > Simulate CMS and select a different CMS name. This stops detectors that perform deep scans …

November 17, 2018

WP Ghost on InMotion Hosting - Cache Manager Force Passthru Configuration

MovedThis tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.View on new site

Table of ContentsWhy InMotion Needs This ConfigurationHow to Configure InMotion Cache ManagerTroubleshootingFrequently Asked QuestionsIs this a one-time setup?Will the Force Passthru Path affect my site’s performance?Does this apply to other hosting providers with Nginx reverse proxy?Does WP Ghost modify WordPress core files?Related Tutorials

WP Ghost (formerly Hide My WP Ghost) works on InMotion Hosting with one cache configuration step. InMotion uses an Nginx-based Cache Manager that caches static files (CSS, JS …

June 9, 2018

WP Ghost - Why You Need This Hack Prevention Plugin for WordPress

… things are. They already know.

Bots scan millions of sites per day, firing requests at these default paths and waiting for a valid response. When a path responds, the bot launches the matching exploit. The site owner usually has no idea it is happening. According to Wordfence, WordPress sites face an average of 90,000 attacks per minute globally, and the vast majority are automated.

WP Ghost changes all these predictable paths to custom URLs you control. Once changed, the old paths return a 404 error. Bots can not confirm the site runs WordPress, so they move on to …

May 18, 2018

Should You Disable XML-RPC on WordPress?

… , and your server sends the pingback traffic to the target site. Thousands of WordPress sites can be coordinated this way to create a distributed denial-of-service attack, and your server’s resources are consumed in the process.

How to Disable XML-RPC in WP Ghost

Go to WP Ghost > Change Paths > API Security and switch on Disable XML-RPC Access. Click Save. Requests to will return an error, and the two attack vectors described above are eliminated. For the full XML-RPC configuration guide, see the Disable XML-RPC tutorial.

If You Need to Keep XML-RPC Enabled …

Fix Frontend Theme Not Loading After Activating WP Ghost

MovedThis tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.View on new site

Table of ContentsStep-by-Step Troubleshooting1. Clear All Caches2. Run the Frontend Test3. Check Your .htaccess File (Apache/LiteSpeed)4. Verify AllowOverride All (Apache)5. Add Rules to Nginx Config (Nginx Servers)6. Check Text Mapping Rules7. Switch to Safe Mode or Lite Mode8. Emergency RecoveryFrequently Asked QuestionsWhy does the theme break only in Ghost Mode but not Safe Mode?I see the WP Ghost rules in .htaccess but the theme is still broken. What else could it …

March 5, 2018

WP Ghost Changelog - All Version Updates, Features, and Fixes

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View full changelog

Last plugin update: 02 June 2026

Stay informed about the latest updates and improvements to the WP Ghost plugin. This changelog provides a detailed record of all version releases, including new features, security enhancements, bug fixes, and performance optimizations. For the most up-to-date changelog, visit the WP Ghost Knowledge Base.

= 9.0.06 (02 June 2026) =

Fix – Some sites could show a blank page when source code optimization was enabled; the header find & replace is now …

January 22, 2018

How to Set Up WP Ghost on Nginx Server - Step-by-Step Guide

… Connect to your server via SSH.

7. Open your Nginx configuration file. The location depends on your server setup:

On most Linux servers: (or on Arch Linux). On Windows: . If your Nginx uses the sites-enabled directory (check for a sites-enabled subdirectory next to nginx.conf), open the file for your domain inside that directory instead.

8. Find the block for your domain. It looks something like this:

9. Add the include directive before the block:

Replace with the actual absolute path to your WordPress installation directory.

10. Save the configuration file.

Important: Do not delete or modify …

March 24, 2017

How to Set Up WP Ghost on Bitnami Servers (Apache and Nginx)

… and shows you the include line to add.

Step 2 – Add the Include Directive to Nginx

1. Connect to your server via SSH.

2. Open the Bitnami Nginx server block file. The typical location is:

3. Add the include line for the hidemywp.conf file inside the server block:

Replace the hidemywp.conf path with the actual path shown in your WP Ghost notification.

Step 3 – Restart Nginx

4. Restart Nginx to apply the changes:

Step 4 – Verify Your Setup

5. Go back to WP Ghost, confirm the change, and click Frontend Login Test.

6. If the test login …

March 15, 2017

Set Up WP Ghost on Nginx Server - Include hidemywp.conf Configuration

… in one of these locations:

/etc/nginx/sites-enabled/ — if your Nginx uses the sites-enabled/sites-available pattern (common on Ubuntu/Debian). Open the file named after your domain.

/etc/nginx/conf.d/ — if your Nginx uses the conf.d pattern. Open the .conf file for your site.

/etc/nginx/nginx.conf — if the server block is defined directly in the main config file (less common).

Find the server { } block for your WordPress site.

Step 3: Add the Include Line

Add the include line before the WordPress rewrite rules (the location / block). Placement matters: if placed after the …

March 14, 2017

How to Disable WP Ghost and Regain Access to WordPress in an Emergency

… in your dashboard, take these steps to prevent the issue from recurring:

Switch to Safe Mode. If you were using Ghost Mode and experienced issues, Safe Mode is the most compatible option. It changes the most important paths while leaving wp-admin and admin-ajax.php at their defaults, which avoids most conflicts.

Save your Safe URL. Write it down or store it in a password manager. You will need it if you ever get locked out again.

Run a Frontend Test. After changing any settings, click the Frontend Login Test button in WP Ghost before logging out. This …

January 14, 2017