In this lesson, I will teach how to customize the paths and hide your WordPress website from theme detectors and hackers.
Now that you have downloaded the plugin and installed it on your website, you need to make sure you take full advantage of all its features.
Our challenge with Hide My WP Ghost was to offer an easy-to-set-up plugin and a stable and complex security plugin that would protect websites from almost all known WordPress attacks.
Let’s start with some easy-to-follow steps.
Step 1. Select a level of security
First, go to “Hide My WP > Permalinks” panel and select the Lite Mode level.
If you have the Hide My WP Ghost plugin, select Safe Mode or Ghost Mode.
Hide My WP Ghost – Safe Mode
Once you have selected the Lite Mode or Safe Mode, new input fields will appear. These fields contain the common WordPress paths, and you can customize every single one in order to hide your WordPress CMS platform. If you don’t know how to customize the paths, just go with the defaults.
Hide My WP – Customize the WordPress paths
Note: You need to understand that we don’t physically replace the paths on your server with the custom ones. All changes are made using redirects and if you deactivate the plugin, the old paths will be accessible again.
Feel free to name the paths as you like, but don’t give them the same names. Every path must have a different name in order to avoid breaking the website functionality.
We suggested some easy-to-remember names, especially for the admin and login paths.
Note: Not all the plugins on WordPress support different ajax and admin paths. If you notice any compatibility issue with other plugins, we suggest that you leave the wp-admin and admin-ajax.php paths unchanged.
Step 2. Save the changes
After you set new paths for wp-content, wp-includes, uploads, author, etc. you need to save the settings.
If the config file is not writable, Hide My WP Ghost will show you the set of rules you need to add manually. Just follow the instructions carefully.
This is an example for Nginx servers
Note: For Nginx server, you need to restart Nginx after each customization. If you don’t have Nginx server access, just click on the “I can’t configure it now” button and let Hide My WP Ghost do the rewrites, and not the server.
Even if you select this option, it may require an Nginx config reload (sudo nginx -s reload).
If you changed wp-admin or wp-login.php with different paths, you will have to re-login to your website after the settings are saved. Before you click to re-login, save the Safe URL in case you can’t re-login, and click the re-login button. Use the same credentials to log back to your dashboard.
Note: In case you can’t login to your website, another plugin or theme is not letting Hide My WP to load the content. You can now access the Safe URL, and you will be redirected to wp-login.php. All the Hide My WP settings will roll back to default.
What should you do if the theme will not allow you to change the wp-login?
Well, you can deactivate the other plugins and try Hide My WP Ghost only with the theme. If the theme is causing the issue, talk with the theme’s authors and tell them to update their theme and make it compatible with different paths for wp-admin and wp-login.php.
If everything goes smoothly, you will be able to connect using the new login path.
Step 3. Run a Security Check
Hide My WP – Website Security Check
Let’s make sure your website is safe and run a Security Check from “Hide My WP > Security Check > Start Scan“.
Hide My WP Ghost will do 38 security tasks and let you know in just seconds what you need to do to secure your website.
Some of the tasks can be completed automatically, and some will of them require manual action. If you think that some tasks are too difficult, you can talk with your web developer who will be able to complete them.
Feel free to contact us with feedback and suggestions at [email protected]
In the next lesson, I will teach you why and how to use the Brute Force protection feature of Hide My WP Ghost.