Hide Your WordPress From Hackers

How Hide My WP Ghost can help you to change common paths and hide your URLs from hackers

Which Are The Most Attacked Paths?

The majority of password-guessing attacks will try to hit your WordPress wp-admin,  wp-login, xmlrpc endpoints URL that accepts a user name and password. Also it may attack the installed themes and plugins and other known vulnerable files.

Why is important to hide them?

Hackers are everywhere online, and they are always ready to capture your company data and even sell it to the highest bidder.

brute force attack protection

Hide my WP Ghost Can Help You to Hide All Those Paths and More

In the following, I’ll explain every step that you should take to have a secure website. 

You’ll learn how to use Hide My WP Ghost to protect your website from hackers.

Hide & Custom wp-admin and wp-login URLs

A hacker needs to find your login page, if he or she intends to brute force the login page to gain access. 

Normally, to get to the login page all you have to do is go to /wp-admin or /wp-login.php. Most WordPress websites have the login entry point at http://yourwebsite.com/wp-login.php.

By hiding your login page you will protect your website. This way, the attacker can’t identify a potential point of entry. 

A bot that can’t find your login page, can’t attempt to log in.

Similar to the wp-login.php page, there is the wp-admin directory which also needs to be protected.

WordPress Login Fail Attempts
404 redirect

How Hide My WP Ghost can help you

  • Hides WordPress wp-admin URL and redirects hackers to 404 page or a custom page
  • Hides WordPress wp-login.php and redirects hackers to 404 page or a custom page
  • Changes the wp-admin and wp-login URLs  to custom names. 
  • Hides admin-ajax URL

Beside the huge security advantage, this saves lots of server processing time by reducing PHP and MySQL usage since brute-force attacks trigger wrong URLs.

Custom & Hide WordPress Common Paths

By default, WordPress puts all your content (including images, plugins, themes, uploads and more) in a directory called “wp-content”

This default folder name makes it easy for attackers to scan for files with security vulnerabilities on your WordPress installation because they know where the vulnerable files are located.

Renaming the “wp-content” folder can make it more difficult or even impossible for an attacker to find the vulnerable files, as scans of your site’s file system will not produce any results.

You also need to change any links containing /wp-content/, /themes/, and /plugins/ for better security.

WordPress Common Paths

Hide My WP Ghost Options

  • Custom & Hide WP wp-includes path
  • Custom & Hide WP wp-content path
  • Custom & Hide WP plugins & themes path
  • Custom & Hide WP uploads path
  • Custom WP authors path / Hide Author ID URL
  • Custom WP comment URL
  • Custom WP category & tags path
  • Custom WP API Rest path
  • Custom WP Lost Password URL
  • Custom Register URL
  • Custom Logout URL
  • Custom Activation URL
  • Custom Ajax URL
  • Restrict user access to old common paths/directories
  • Choose to redirect unwanted visitors to a custom page

Hide WordPress Common Files

Hide WordPress Common files:

  • wp-config.php
  • readme.html
  • license.txt
  • install.php
  • update.php
  • and more

Restrict access for unwanted visitors and trigger a “Page not found” error

Hide WordPress Common Files

Plugin and Theme Settings

How Hide My WP Ghost can help you

Changes WordPress theme directory, removes theme Info from stylesheets and replaces default WP classes.

Changes plugins directory and hashes plugins name.

Sets random plugins names
Sets random themes name

Removes unwanted classes
Removes ids from stylesheets and scrips
Sets Custom style.css for themes

Other Security Settings

Firewall Against Script Injection 

  • Most WordPress installations are hosted on the popular Apache, Litespeed, Nginx and IIS web servers.
  • A thorough set of rules can prevent many types of SQL Injection and URL hacks from being interpreted.

Disable Directory Browsing

  • Don’t let hackers see any directory content.
Disable Directory Browsing

Advanced Security Settings

Advanced Settings CSS and JS loading optimize

Optimize CSS and JS files

  • Cache CSS, JS and Images to increase the frontent loading speed.
  • Leverage browser caching

Notification Settings

  • Send emails with the changed admin and login URLs
  • Send security alerts and weekly website security stats

URL Mapping

  • You can add a list of URLs you want to change into new ones. It’s important to include only internal URLs from your frontend source code after you activate the plugin in Safe Mode or Ghost Mode.

from: https://yourdomain.com /assets/f9f4ca341/main.css
to:  https://yourdomain.com/mystyle.css

URL Domain Mapping

You Can Choose From 2 Levels Of Security

Both modules, Safe Mode and Ghost Mode, have the same features. The difference is in the predefined settings.

Safe Mode

By default, Safe Mode does not modify the wp-admin and admin-ajax.php paths, just hides them. Also, it doesn’t hide the common paths (include, plugins, themes) and WP-JSON API calls.

Safe Mode has been created to eliminate many incompatibilities with custom themes and plugins that we test during last years.
Safe Mode is a good level of security, even if these settings are not enabled.

Ghost Mode

If you feel confident, you can try the Ghost Mode and in case of any issue you can go back to Safe Mode with one click.

Loving what you see?

I want to know more about Hide my WP Ghost

30 Days Money Back Guarantee. No Long-term Contracts

Best WordPress
No Coding
Other Plugins
Dedicated Support
30 days
Money Back