Every WordPress feature is a potential attack vector. WP Ghost Tweaks disable the features your site does not need. XML-RPC gets exploited for brute force amplification. REST API user endpoints leak usernames. Embed scripts, WLW manifest, and database debugging all expose information. The Tweaks panel lets you turn off what you do not use, lock down what you do, and add the login page designer for your custom-branded login URL. More than 65 hardening options, all free.
Pingbacks are a legacy WordPress feature that notifies another site when you link to its content. The notification travels through xmlrpc.php using a method called pingback.ping. It was useful in the early blogging era. Today it is mostly a liability. Attackers abuse pingback.ping to turn your site into an unwilling participant in DDoS campaigns. They […]
Customize your WordPress login page with WP Ghost. Replace the WordPress logo, change colors, choose layout presets, and remove CMS fingerprints. No code needed.
Remove sourceMappingURL and sourceURL references from your WordPress site with WP Ghost. Hide internal file names, build structures, and debugging metadata from bots.
Control what happens when bots hit hidden WordPress paths. Configure 404, 403, or custom page redirects plus role-based login/logout destinations with WP Ghost.
Control whether WP Ghost applies custom paths to logged-in users or only visitors. Maintain page builder compatibility while keeping your site protected from bots.
Ensure WP Ghost custom paths work with caching plugins. Rewrite paths in cached CSS, JS, and HTML files. Compatible with WP Rocket, LiteSpeed, and Autoptimize.
Convert relative WordPress paths to absolute URLs so WP Ghost can rewrite them. Fix paths that slip through path security because they lack a domain prefix.
