Yes, two standard WordPress approaches cover this. First, check “Discourage search engines from indexing this site” in Settings > Reading to keep search engines out (though this is a voluntary directive, not a block). Second, install a maintenance mode plugin like WP Maintenance Mode to show visitors a “coming soon” page while you build. WP Ghost is not a maintenance-mode tool, but it complements both options by securing your site during development, unlaunched WordPress sites are common bot targets because owners rarely harden them, and WP Ghost adds path security, firewall, and brute force protection from day one.
Option 1. Discourage Search Engines (Built-In)
The fastest way to hide a site from search engines during development is the built-in WordPress option:
Go to Settings > Reading and check the box labeled “Discourage search engines from indexing this site”. Save.
This adds a noindex directive to your site’s headers and updates robots.txt to request that search engines stay out. Google, Bing, and other mainstream search engines respect this directive and skip indexing your pages.
Important to remember. This is a voluntary request, not a block. The site is still publicly accessible to anyone with the URL, including hacker bots that ignore noindex and robots.txt directives. It also does not hide your content from visitors who know the URL, it only asks search engines not to list your pages. And most critically, you must uncheck this box at launch, otherwise your live site stays invisible to Google.
Option 2. Maintenance Mode Plugin (Recommended)
A maintenance mode plugin shows visitors a “coming soon” or “under construction” page instead of your actual site content. You keep full admin access to build and test, while the public sees only your maintenance page.
The free WP Maintenance Mode plugin is a popular option. Other alternatives include Coming Soon Page & Maintenance Mode by SeedProd, UnderConstructionPage, and LightStart. All of them serve the same purpose: hide your work-in-progress content while you finish the build.
Bonus benefit. Most maintenance mode plugins let you add an email signup form to your coming-soon page. This collects interested visitors into a mailing list you can message when the site launches, turning pre-launch traffic into your first wave of customers.
Comparing the Two Options
| Feature | Discourage Search Engines | Maintenance Mode Plugin |
|---|---|---|
| Blocks search engines | Requested (voluntary) | Yes (plus noindex header) |
| Hides content from visitors | No | Yes |
| Custom coming-soon page | No | Yes |
| Email collection form | No | Yes (most plugins) |
| Time to set up | 10 seconds | 2-5 minutes |
| Must toggle off at launch | Yes (remember to uncheck) | Yes (deactivate or disable) |
| Best for | Quick pre-launch setups | Marketing-focused launches |
Where WP Ghost Fits During Development
WP Ghost does not hide your site from visitors, it hides your site from hacker bots. This matters during development because unlaunched sites are particularly attractive to attackers:
Weak default settings. Fresh WordPress installs often keep default credentials, default database prefixes, and unchanged login URLs, all of which bots probe first.
Lower owner awareness. Owners do not monitor unlaunched sites as closely, so compromises go unnoticed for weeks.
Abandoned staging sites. Sites that get set up and never finished often run for years with no security updates, becoming long-term spam and malware hosts.
Installing WP Ghost alongside a maintenance mode plugin protects the site during development itself. See What is WP Ghost.
Recommended Pre-Launch Setup
Step 1. Discourage Search Engines
Go to Settings > Reading and check the box. This is the quickest first-line defense against your unfinished site appearing in Google.
Step 2. Install a Maintenance Mode Plugin
Install WP Maintenance Mode or an equivalent plugin. Configure the coming-soon page with your branding and an email signup form.
Step 3. Install WP Ghost
Activate WP Ghost and run Safe Mode setup. This hides your WordPress paths, enables the 7G/8G firewall, and activates brute force protection. See Firewall Security and Brute Force Protection.
Step 4. Enable 2FA
Enable 2FA with passkeys at WP Ghost > 2FA Login. During development, your admin account is often the only one, which makes it the single point of compromise worth protecting with 2FA. See Two-Factor Authentication.
Step 5. Whitelist Your IP (Optional)
If you are working from a stable IP address, whitelist it in WP Ghost so you never get caught by your own brute force rules during heavy development cycles. See Whitelist IPs and Paths.
Step 6. Launch Checklist
Before going live: uncheck “Discourage search engines” in Settings > Reading, deactivate your maintenance mode plugin, verify WP Ghost settings are still active, and resubmit your sitemap to Google Search Console.
WP Ghost’s 115+ free features and 150+ premium features cover the prevention layer from pre-launch through production, no reconfiguration needed when you launch.
Frequently Asked Questions
Does “Discourage search engines” actually block Google?
It requests that Google and other mainstream search engines stay out of your site. Respectable search engines honor the request, but it is not a technical block, aggressive crawlers and hacker bots ignore it entirely. For public content, it works well. For confidential content, use password protection or restrict access at the hosting level.
Will I need to undo these settings when I launch?
Yes, for the maintenance mode plugin and the Discourage Search Engines checkbox. Both are designed to be temporary. Deactivate the maintenance plugin and uncheck the search engine option on launch day. WP Ghost does not need changes, it stays active and continues protecting the site in production.
Can I use a password to hide my site instead?
Yes, password protection is a stronger option if you want to fully block access. Use WordPress’s built-in “Password Protected” feature for individual pages, or a plugin like Password Protected to lock the entire site. Most maintenance mode plugins also include password-bypass options for your team to preview the real site behind the coming-soon page.
Should I use a subdomain or staging environment instead?
For larger builds, yes. Staging environments (a copy of your site at staging.yourdomain.com or on a managed host’s staging feature) let you develop without any public exposure at all. Most managed WordPress hosts (Kinsta, WP Engine, SiteGround, Cloudways) provide one-click staging. Build on staging, then push to production when ready.
Do I need WP Ghost during development if the site is not public?
Yes, especially if your staging site is reachable on the public internet. Bots do not care whether a site is “launched”, they scan every exposed WordPress installation for vulnerabilities. Installing WP Ghost from day one means your site is protected before any traffic hits it, and you do not need to retrofit security later.
Does WP Ghost modify WordPress core files?
No. WP Ghost works through server rewrite rules (.htaccess on Apache, hidemywp.conf on Nginx) and WordPress hooks. No WordPress core files are modified, which means you can experiment freely during development without worrying about WP Ghost interfering with WordPress itself. Deactivating WP Ghost restores every default path instantly.