- Why Use Both Plugins Together
- What SiteGround Security Provides
- What WP Ghost Provides
- Recommended Configuration
- Feature Comparison
- Frequently Asked Questions
- Will WP Ghost and SiteGround Security conflict with each other?
- Which plugin should handle the custom login path?
- Should I use SiteGround Security’s 2FA or WP Ghost’s 2FA?
- Do I need SiteGround Security if I have WP Ghost?
- Do I need SiteGround Security if I’m on SiteGround hosting?
- Does this work with WooCommerce?
- Does WP Ghost modify WordPress core files?
- Related Tutorials
WP Ghost and SiteGround Security are fully compatible and complement each other well. SiteGround Security focuses on activity monitoring, login hardening, and basic post-hack actions, while WP Ghost focuses on attack surface reduction by changing WordPress paths and adding firewall rules. Running both plugins together gives you defense in depth: WP Ghost prevents bots from finding your WordPress files in the first place, while SiteGround Security handles activity logs, post-hack cleanup tools, and SiteGround-specific hosting integrations. Both plugins work on all server types and integrate cleanly with SEO and cache plugins.
Why Use Both Plugins Together
Security plugins work best in layers. SiteGround Security and WP Ghost approach WordPress security from different angles: SiteGround Security is reactive (monitors activity, manages logins, helps recover after a hack) while WP Ghost is proactive (prevents bots from finding the attack surface in the first place). When a hacker bot scans for /wp-login.php, WP Ghost returns 404 – the bot never reaches SiteGround’s login protection because it can’t find the login form. When a more sophisticated attacker bypasses path security and reaches the actual login, SiteGround’s activity log and post-hack tools help you respond. Each plugin handles what the other doesn’t.
What SiteGround Security Provides
SiteGround Security is a free WordPress security plugin developed by SiteGround. Its core strengths are activity monitoring and post-hack recovery tools:
- Activity log – tracks logins, content changes, and other user actions.
- Post-hack actions – tools to force-logout all users, regenerate security salts, and reset passwords after a breach.
- Login security – custom login URL, two-factor authentication, and login attempt limits.
- WordPress hardening – disable XML-RPC, hide the WordPress version, disable theme/plugin file editor.
- Anti-bot CAPTCHA – basic bot detection on login forms.
What WP Ghost Provides
WP Ghost is a hack-prevention plugin focused on attack surface reduction:
- Path security – changes wp-admin, wp-login, wp-content, plugins, themes, uploads, and other WordPress paths so bots can’t find them.
- 7G/8G Firewall – blocks malicious requests at the rewrite layer before WordPress loads.
- Security headers – HSTS, CSP, X-Frame-Options, X-XSS-Protection, and other browser-level security headers.
- SQL and script injection prevention – blocks common injection patterns at the request level.
- Country blocking – geographic access control by country.
- 2FA and Magic Links – additional authentication factors including code, email, and passkey methods.
- Brute force protection – rate limiting on login, register, lost password, and comment forms with reCAPTCHA support.
Recommended Configuration
When running both plugins together, configure them to handle complementary tasks rather than duplicating functionality. Here’s the recommended split:
Enable in WP Ghost:
- All path security features (login, admin, wp-content, plugins, themes, uploads, REST API).
- 7G/8G Firewall.
- Security headers (HSTS, CSP, X-Frame-Options).
- Country blocking (if needed).
- 2FA and/or Magic Link login.
- Brute force protection on all forms (login, register, lost password, comments).
- Hide WordPress common paths and files (readme.html, license.txt, etc.).
Enable in SiteGround Security:
- Activity log for monitoring user actions.
- Post-hack actions (in case of compromise).
- SiteGround-specific hosting integrations if you’re on SiteGround hosting.
Avoid duplication: Both plugins offer custom login URL, 2FA, and disable XML-RPC. Pick one plugin to handle each feature – using both creates conflicts and confusing behavior. WP Ghost is recommended for path security features and primary brute force protection, while SiteGround Security is recommended for activity logging and post-hack recovery tools.
Feature Comparison
Use this comparison to decide which plugin should handle each feature on your site:
| Feature Category | SiteGround | WP Ghost |
|---|---|---|
| Path Security (wp-admin, login, plugins, themes, uploads, REST API) | Limited | Yes |
| 7G and 8G Firewall | – | Yes |
| Security Headers (HSTS, CSP, X-Frame-Options) | – | Yes |
| Country Blocking | – | Yes |
| Two-Factor Authentication (Code, Email, Passkeys) | Basic | Yes |
| Magic Link Login & Temporary Logins | – | Yes |
| Brute Force Protection (login, register, lost password, comments) | Login only | Yes |
| reCAPTCHA (Math, V2, V3) | Basic | Yes |
| IP Blacklist / Whitelist | – | Yes |
| Disable XML-RPC | Yes | Yes |
| Text, URL, and CDN Mapping | – | Yes |
| Activity Log & Monitoring | Yes | Yes |
| Post-Hack Recovery Tools | Yes | – |
| SiteGround Hosting Integration | Yes | – |
| Email Alerts & Notifications | Yes | Yes |
Frequently Asked Questions
Will WP Ghost and SiteGround Security conflict with each other?
Not if you configure them properly. Both plugins offer some overlapping features (custom login URL, basic 2FA, disable XML-RPC). To avoid conflicts, enable each feature in only one plugin. We recommend using WP Ghost for path security and primary brute force protection, and SiteGround Security for activity logging and post-hack recovery tools.
Which plugin should handle the custom login path?
WP Ghost. WP Ghost’s path security uses server-level rewrite rules (.htaccess on Apache, Nginx config on Nginx) which are more efficient than PHP-based path rewrites. It also covers more paths than SiteGround Security (lost password, activation, logout, AJAX, plugins, themes, uploads). Disable the custom login URL feature in SiteGround Security if you have it enabled there, then configure it in WP Ghost.
Should I use SiteGround Security’s 2FA or WP Ghost’s 2FA?
WP Ghost. WP Ghost offers 2FA via code (Google Authenticator), email, and passkeys (Face ID, Touch ID, Windows Hello, hardware keys). SiteGround Security’s 2FA options are more limited. Use WP Ghost’s 2FA and disable SiteGround’s 2FA to avoid confusion.
Do I need SiteGround Security if I have WP Ghost?
WP Ghost focuses on prevention – blocking attacks before they reach your site. SiteGround Security adds reactive features like activity logging and post-hack recovery tools that WP Ghost doesn’t include. If you’re on SiteGround hosting, the SiteGround integration features may also be useful. If you’re not on SiteGround hosting and you’re focused purely on hack prevention, WP Ghost alone is sufficient for most sites.
Do I need SiteGround Security if I’m on SiteGround hosting?
SiteGround hosting includes server-level security at the hosting layer (hosting firewall, malware scanning, etc.). SiteGround Security is a separate WordPress plugin that adds application-level features. They complement each other but neither requires the other. WP Ghost works fully on SiteGround hosting and adds path security and firewall rules that the hosting layer doesn’t provide.
Does this work with WooCommerce?
Yes. WP Ghost is fully compatible with WooCommerce, and SiteGround Security works with WooCommerce too. Both plugins protect WooCommerce login forms and customer accounts.
Does WP Ghost modify WordPress core files?
No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks for application-level changes. No core files are modified. Deactivating WP Ghost restores all defaults instantly.
Related Tutorials
WP Ghost compatibility with other security plugins:
- WP Ghost and Wordfence – Configuration guide for using both plugins.
- WP Ghost and Solid Security – Configuration guide for both plugins.
- WP Ghost and Shield Security – Configuration guide for both plugins.
- WP Ghost and WP Cerber – Configuration guide for both plugins.
- Compatible Plugins List – All security plugins tested with WP Ghost.