WP Ghost (Hide My WP Ghost) is a hack-prevention WordPress security plugin available on WordPress.org and wpghost.com. It is a separate product from similarly named plugins sold on Codecanyon. WP Ghost is built specifically for the WordPress ecosystem with a free version on the official WordPress plugin directory and a premium version with advanced features. This page explains the differences for users researching WordPress path security plugins.
WP Ghost provides a comprehensive hack-prevention solution. Key features include:
Path Security: Change and hide wp-admin, wp-login.php, wp-content, wp-includes, plugins, themes, and uploads paths. Predefined security levels (Safe Mode and Ghost Mode) for one-click setup.
Firewall: 7G and 8G firewall rules that block SQL injection, script injection, directory traversal, and other attacks at the server level before WordPress loads.
Brute Force Protection: Login attempt limits with Math reCAPTCHA, Google reCAPTCHA V2/V3, and Google reCAPTCHA Enterprise support.
Two-Factor Authentication: 2FA by code, email, and passkeys (Face ID, Touch ID, Windows Hello, hardware security keys).
Security Headers: HSTS, Content-Security-Policy, X-XSS-Protection, X-Content-Type-Options, and X-Frame-Options.
Advanced Features (Premium): Security Threats Log, User Events Log, country blocking, file permission management, SALT key regeneration, vulnerability management, and AI crawler blocking.
Compatibility: WP Ghost is tested with over 1,000 plugins and themes, including WooCommerce, and works alongside hosting firewalls and other security plugins like Wordfence and Solid Security.
The free version is available at wordpress.org/plugins/hide-my-wp. For a complete feature breakdown, see What Is WP Ghost?
No. WP Ghost (Hide My WP Ghost) and similarly named Codecanyon plugins are completely separate products with different developers, different codebases, and different features. WP Ghost is distributed through WordPress.org (free) and wpghost.com (premium).
Yes. Deactivate and delete the Codecanyon plugin, then install WP Ghost from WordPress.org or wpghost.com. The settings don’t transfer between different products, so you’ll need to configure WP Ghost from scratch. WP Ghost’s predefined security levels (Safe Mode or Ghost Mode) make initial setup quick.
Yes. The free version on WordPress.org includes path security, 8G/7G firewall, 2FA (code, email, passkeys), brute force protection, security headers, reCAPTCHA, text and URL mapping, and 65+ hardening features. The premium version adds advanced logs, country blocking, file permissions, SALT regeneration, and priority support.
The free version updates through WordPress’s built-in update system, just like any WordPress.org plugin. The premium version updates through the WP Ghost Dashboard license system. Both receive automatic update notifications in the WordPress admin.
No. WP Ghost uses server rewrite rules and WordPress hooks for all security features. No files are moved, renamed, or modified. Deactivating WP Ghost restores all defaults instantly.
Getting started with WP Ghost:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…