Hide My WP Ghost
Buy Now

Search: firewall

139 results

How to Protect Your WordPress Site from Hacker Bots and Theme Detectors

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Table of ContentsWhy Paths Security MattersDefault Paths vs. Secured PathsHow Hacker Bots Attack WordPress SitesWhat Bots Target on WordPressHow WP Ghost Prevents Attacks Before They HappenPaths You Can Secure with WP GhostBuilt-in Firewall ProtectionAdditional Security Features in WP GhostWorks Alongside Other Security PluginsWhat About Theme Detectors Specifically?Frequently Asked QuestionsDoes WP Ghost physically move or rename WordPress files?Is hiding from theme detectors enough to protect my WordPress site?Will WP Ghost slow down my website …

May 6, 2019

Does WP Ghost Hide wp-admin on Nginx Servers?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost can hide and customize the wp-admin path on Nginx servers. The full path-hiding features (Safe Mode and Ghost Mode) require shell access to add one include line to your Nginx configuration and reload the service. If you don’t have shell access, WP Ghost still provides custom login paths, brute force protection, firewall, 2FA, and other features that work without config changes.

How Does WP Ghost Work on Nginx for wp-admin …

Lesson 2 - How to Activate Brute Force Protection in WP Ghost

… the number of seconds set in the IP Lockout Duration field (default: 3600 seconds / 1 hour). You can set a custom Lockout Message that displays on the blocked login page.

Step 3: Set Up IP Whitelist and Blacklist

If you have a static IP, add it to the WP Ghost > Firewall > Whitelist to prevent accidental lockout. Use wildcard ranges for subnets (192.168.0.* or 192.168.*.*). Add known malicious IPs or ranges to the Blacklist to block them permanently.

Step 4: Configure Google reCAPTCHA (Optional)

For Google reCAPTCHA Enterprise, you need API keys from Google. Go to Google reCAPTCHA …

November 17, 2018

Lesson 3 - How to Hide WordPress from Theme Detectors and Hacker Bots

… probe these locations unless you hide them.

Go to WP Ghost > Change Paths > WP Core Security. Enable Hide WordPress Common Paths and Hide WordPress Common Files. After saving, test by visiting /wp-content/ in an incognito browser — you should get a 404 error.

Block Theme Detectors

Go to WP Ghost > Firewall. Enable Block Theme Detectors. This blocks known detector IPs and user agents from crawling your site.

For deeper protection, go to WP Ghost > Tweaks > Change Options > Simulate CMS and select a different CMS name. This stops detectors that perform deep scans beyond path checks.

Enable Security Tweaks

Go to …

November 17, 2018

Lesson 1 - Hide WordPress Paths with WP Ghost in 4 Steps

… test WP Ghost with the theme alone. If the theme itself causes issues, check that the theme supports custom login paths. Contact the theme developer if needed.

Nginx returns 404 on custom paths. The rewrite rules were not added to the Nginx config, or Nginx was not restarted. See the Nginx Server Setup tutorial.

Frequently Asked Questions

What is the difference between Safe Mode and Ghost Mode?

Safe Mode changes core paths (wp-admin, login, wp-content, wp-includes, plugins, themes). Ghost Mode adds additional protections: hides old paths, hides common WordPress files, adds firewall rules, and applies deeper obfuscation.

November 17, 2018

Install WP Ghost Premium - Download, Activate License, and Set Up Ghost Mode

… author, comments, and API paths Most WordPress sites, WooCommerce Ghost Mode (Premium) Everything in Safe Mode plus wp-admin path, admin-ajax.php path, auto-enabled firewall and security headers Maximum path security, passing theme detectors

Select your level and click Save. WP Ghost generates predefined custom paths automatically. Customize individual paths or keep the defaults.

The settings are organized into sections: Admin Security, Login Security, Ajax Security, User Security, WP Core Security, Plugins Security, Theme Security, API Security, and Firewall & Headers Security.

Bookmark your new login URL immediately

After saving, the default /wp-login.php and /wp-admin …

September 9, 2018

How to Set WordPress Database Permissions in phpMyAdmin for Better Security

… should have. They could read server files, create new admin users, export your entire database, or even execute operating system commands.

Restricting database permissions to only what WordPress actually needs is a simple but effective hardening step. It limits the damage an attacker can do even if they find an SQL injection entry point. Combined with WP Ghost’s 8G Firewall (which blocks SQL injection patterns at the server edge) and path security (which makes vulnerable plugin paths invisible to bots), this creates a strong defense-in-depth approach.

Which Permissions WordPress Needs

WordPress requires only eight database permissions to

July 9, 2018

WP Ghost Compatible Plugins List - 1,000+ Tested WordPress Plugins

… through path security, while other plugins handle malware scanning, threat intelligence, and post-breach detection.

Wordfence Security (setup guide), Solid Security (formerly iThemes Security) (setup guide), Shield Security (setup guide), Sucuri Security (setup guide), Defender Security, Patchstack, WP Cerber (setup guide), MalCare Security, BulletProof Security (see note below), CleanTalk, BBQ Firewall (setup guide), Two-Factor, Limit Login Attempts, Limit Login Attempts Reloaded (setup guide), Loginizer (setup guide), Really Simple SSL, Password Protected, Admin Custom Login, Virusdie Security, SiteGround Security (setup guide), Anti-Malware Security.

WooCommerce and eCommerce

WP Ghost is fully compatible with WooCommerce through version 10.6 and its …

June 11, 2018

How to Set Up WP Ghost on WP Engine Hosting - Step-by-Step Guide

… on WP Engine?

Yes. Ghost Mode works on WP Engine. You will have more redirect rules to add compared to Safe Mode, but the setup process is the same. Ghost Mode is a Premium feature that applies the maximum security configuration.

Do I need to update the WP Engine redirects when I change WP Ghost settings?

Only if you change paths that affect the redirect rules (login path, admin path, plugin paths, etc.). Changing settings like firewall level, brute force protection, 2FA, or security headers does not require redirect updates.

Does WP Ghost work with WP Engine’s built-in

June 9, 2018

WP Ghost - Why You Need This Hack Prevention Plugin for WordPress

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Table of ContentsWhat Is WP Ghost and Why Does Your Site Need ItWhy Paths Security MattersDefault Paths vs. Secured PathsWhat WP Ghost Protects You AgainstPath Security8G FirewallBrute Force ProtectionTwo-Factor AuthenticationSecurity Headers and HardeningMonitoring and Logs (Premium)Zero Performance ImpactCompatible with Everything You Already UseOne-Click Setup with Ghost ModeFrequently Asked QuestionsWhat is the difference between WP Ghost Free and Premium?Will WP Ghost slow down my website?Does WP Ghost modify WordPress core files?Can I …

May 18, 2018

WP Ghost Changelog - All Version Updates, Features, and Fixes

… path: legacy, cached and external clients still calling the default wp-json path are now recognized correctly instead of being 404’d

Fix – Compatibility module for WPML: the Advanced Translation Editor sync routes and requests are no longer rewritten with the active language prefix

Security – Hardened REST API detection: the firewall can no longer be bypassed by appending to the query string of another request

Security – Brute force protection also covers REST API Application Password authentication

= 9.0.04 (14 May 2026) =

Fix – Compatibility with WPML and Polylang: static asset URLs (wp-content, wp-includes) no longer get the language …

January 22, 2018

How to Verify Your WordPress Site Is Protected from Hackers and Theme Detectors

… includes a comprehensive security scanner right inside your WordPress dashboard. This is the fastest way to confirm your configuration is working.

Go to WP Ghost > Security Check and click Start Scan. The scanner runs 39 security tasks and reports which checks pass and which need attention. It covers path security, firewall configuration, file permissions, database prefix, weak usernames, SALT keys, and more.

If all path-related checks show green and no /wp-content/ references remain exposed, your path security configuration is correct. Any tasks marked as incomplete will tell you exactly what to fix and where to find the setting …

May 3, 2017

Can WP Ghost Hide wp-admin on Nginx?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost fully supports hiding and customizing the wp-admin path on Nginx servers. After saving your custom paths in WP Ghost, add the generated include line to your Nginx server block and reload the service. Shell access is required. For managed Nginx hosting without shell access, use the Minimal preset for login, firewall, and 2FA features that work without config changes.

For the complete setup guide, see how to configure WP Ghost for Nginx servers …

How to Set Up WP Ghost on Nginx Server - Step-by-Step Guide

… you are on shared hosting without access to the Nginx configuration file, follow the Nginx Hosting Without Editing Config Files tutorial instead. You can still use WP Ghost features that do not require Nginx rewrite rules, including the custom login path, brute force protection, 2FA, security headers, and the 8G Firewall.

Why Nginx Requires Manual Configuration

On Apache servers, WP Ghost writes its rewrite rules directly to the .htaccess file. Apache reads this file automatically on every request, so no manual server configuration is needed.

Nginx does not support .htaccess. Instead, Nginx uses a centralized configuration file (nginx.conf or …

March 24, 2017

Does WP Ghost Work Without Custom Permalinks?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes, WP Ghost works with any permalink structure, including the “Plain” (default) setting that uses post IDs like . However, for both SEO and security, we recommend switching to the “Post Name” permalink structure. Here’s why it matters and how to change it.

Does WP Ghost Work with Plain Permalinks?

Yes. WP Ghost’s core features work regardless of your permalink setting. Custom login paths, brute force protection, the 7G/8G firewall, two-factor authentication, security headers …

Does WP Ghost Work on WordPress Multisite?

… Network > Plugins, and the security settings apply across all subsites. A Multisite network counts as one site for licensing purposes.

How Does WP Ghost Work on Multisite?

WP Ghost is network-activated through Network > Plugins. Once activated, you configure it from the Network Admin dashboard. All security settings (path changes, firewall, brute force, 2FA, security headers) apply across every subsite in the network. You don’t need to configure each subsite individually.

Path changes apply network-wide. When you change to a custom path, that custom path works on every subsite. The same applies to login paths, wp-content, plugins …