WP Ghost and WP Hide & Security Enhancer – Compatibility, Conflicts, and Migration

WP Ghost (formerly Hide My WP Ghost) and WP Hide & Security Enhancer are both path security plugins. They overlap heavily – both change and hide the same WordPress paths. WP Ghost covers every feature WP Hide offers plus firewall, 2FA, brute force protection, country blocking, and security headers. Running both simultaneously causes .htaccess rule conflicts. For most sites, WP Ghost alone is the recommended solution.

Why These Plugins Conflict

Both WP Ghost and WP Hide & Security Enhancer rewrite WordPress paths using .htaccess rules and HTML output filtering. When two plugins compete to rewrite the same paths, .htaccess rule conflicts and broken URLs result. If you currently use both, disable all path security in one plugin and use it only for its unique features.

What WP Hide Provides

WP Hide & Security Enhancer is a focused path security plugin. It hides WordPress core file paths from the frontend, changes the login URL, changes wp-content/plugins/themes paths, and cleans HTML source to remove WordPress fingerprints. It does not include a firewall, brute force protection, 2FA, country blocking, security headers, or activity logging.

What WP Ghost Adds Beyond WP Hide

WP Ghost provides the same path security as WP Hide plus: 7G/8G Firewall (blocks SQL injection, XSS, script injection), security headers (HSTS, CSP, X-Frame-Options), 2FA with passkeys (Face ID, Touch ID, Windows Hello), brute force protection with reCAPTCHA on login/register/lost password/comments/WooCommerce, country blocking, temporary logins, magic link login, text mapping for class names, security threats log, user events log, and weekly security monitoring. WP Ghost also changes paths that WP Hide does not support: lost password, register, logout, activation, and admin-ajax.php.

How to Migrate from WP Hide to WP Ghost

If you are currently using WP Hide and want to switch to WP Ghost:

1. Deactivate WP Hide first. This restores all paths to WordPress defaults and removes WP Hide’s .htaccess rules.

2. Install and activate WP Ghost. Go to WP Ghost > Change Paths > Level of Security. Select Safe Mode or Ghost Mode. Click Save.

3. Configure your paths. WP Ghost has settings for all the same paths WP Hide covers (login, admin, wp-content, plugins, themes, uploads) plus additional paths WP Hide does not support. See Customize All WordPress Paths.

4. Verify your site. Open a private browser, check login works at the new path, view source and confirm no /wp-content/ references remain.

Frequently Asked Questions

Can I use both plugins together?

Technically yes, but it is not recommended. Both rewrite the same paths via .htaccess, which causes conflicts. If you must run both, disable all path security in WP Hide and only use WP Ghost for path changes. WP Hide has no unique feature that WP Ghost does not already provide.

Does WP Ghost physically change files like WP Hide does?

No. WP Ghost uses server rewrite rules and WordPress hooks. No files or directories are physically changed, moved, or renamed. This avoids the compatibility issues that can occur with plugins that physically alter file paths. Deactivating WP Ghost restores all defaults instantly.

Will I lose my custom paths when migrating?

You need to reconfigure your custom paths in WP Ghost after deactivating WP Hide. WP Ghost does not import WP Hide settings. However, Safe Mode or Ghost Mode sets up all paths automatically with predefined names – you can customize them afterward.

Does WP Ghost modify WordPress core files?

No. Rewrite rules and WordPress hooks only. Deactivating restores all defaults.

Related Tutorials

WP Ghost vs WP Hide Feature Comparison – full feature-by-feature comparison table.

Customize All WordPress Paths – configure WP Ghost paths after migrating.

Brute Force Protection – a feature WP Ghost adds that WP Hide does not have.

Compatibility Plugins List – all tested security plugins.

Emergency Disable Guide – recovery if migration causes issues.