Should I use 404 or redirect for old image paths?

Use redirect if your images are indexed by Google and you receive image search traffic. Use 404 if maximum path hiding is more important, for example on private sites or new sites with no Google Image index.

How To

Hide Old Image Paths with WP Ghost | Guide

Table of Contents

Before You Hide Old Image Paths
Option 1: Block Access to Old Image Paths (404)
Option 2: Redirect Old Paths to New Paths
Troubleshooting
Frequently Asked Questions
Related Tutorials

After WP Ghost changes your uploads path, the old /wp-content/uploads/ URLs still work by default. You can either block access to old image paths (returning 404) or redirect them to the new paths. Blocking prevents bots from discovering the original WordPress directory structure. Redirecting preserves SEO value for images already indexed by Google. This guide covers both options and helps you choose the right approach.

Before You Hide Old Image Paths

Images themselves are not a security risk. Hiding old image paths is an optional hardening step, not a necessity. The main reason to do it is to prevent bots from confirming the /wp-content/uploads/ directory exists, which identifies your site as WordPress. However, there are trade-offs: if Google has already indexed your images at the old URLs, blocking those URLs causes 404 errors for users arriving via Google Images. Over time, Google re-indexes images at the new paths naturally without any intervention. Consider whether the security benefit outweighs the temporary SEO impact for your site.

Option 1: Block Access to Old Image Paths (404)

This option returns a 404 error for any request to old image URLs. Bots scanning the original /wp-content/uploads/ path find nothing.

This requires the HMW_HIDE_OLD_IMAGES constant first, then selecting the option in WP Ghost:

Open wp-config.php and add the following line before the /* That's all, stop editing! */ comment:

define('HMW_HIDE_OLD_IMAGES', true);

Go to WP Ghost > Change Paths > WP Core Security > Hide WordPress Common Paths.
Select IMAGE Files from the file extensions list.
Click Save.

Requests for images at the old path (jpeg, jpg, gif, png, webp, tiff, bmp) now return 404. Images served from the new custom path continue to work normally.

Option 2: Redirect Old Paths to New Paths

This option redirects requests from old image URLs to the new custom path. This preserves SEO value for already-indexed images and prevents duplicate content (the same image accessible at two different URLs).

Go to WP Ghost > Change Paths > WP Core Security > Hide WordPress Common Paths.
Select MEDIA Files from the file extensions list.
Click Save.

Requests for images at the old /wp-content/uploads/ path are now redirected to the new path. Google will update its index to the new URLs over time, and users arriving via Google Images are redirected instead of seeing a 404 error.

Redirect is the safer choice for most sites. If your images are already indexed by search engines and you receive traffic from Google Images, use the redirect option (MEDIA Files) to preserve that traffic. Use the 404 option (IMAGE Files + constant) only if you prioritize maximum path hiding over preserving image SEO.

Troubleshooting

Images not loading after hiding old paths. If your theme or plugins reference images in CSS or JS files using the old /wp-content/uploads/ path, those images will break. Enable Change Paths in Cached Files at WP Ghost > Change Paths to ensure CSS and JS files use the new paths. Also clear your cache plugin after enabling. See Change Paths in CSS Files for the full guide.

External sites linking to old image URLs. If other websites link directly to your images using the old path, those links will return 404 (Option 1) or redirect (Option 2). You can’t control external links, but the redirect option ensures visitors still see the image at the new URL.

If something breaks, remove the HMW_HIDE_OLD_IMAGES constant from wp-config.php (if added) and deselect the file extension in WP Ghost to restore default behavior. For emergency recovery, see the emergency disable guide.

Frequently Asked Questions

Should I use Option 1 (404) or Option 2 (redirect)?

Use Option 2 (redirect) if your images are indexed by Google and you receive traffic from image search. Use Option 1 (404) if maximum path hiding is more important than preserving image SEO, for example, on private sites, intranets, or new sites with no existing Google Image index.

Do I need to hide old image paths at all?

Not necessarily. Images are not a direct security risk. The main benefit is preventing bots from confirming the /wp-content/uploads/ directory exists. If you’ve already changed the uploads path with WP Ghost, the new path is what appears in your HTML source. Old paths only matter if bots probe them directly. For most sites, changing the uploads path is sufficient without hiding old paths.

How long does Google take to re-index images at the new path?

It varies by site. Google re-crawls and re-indexes images over weeks to months. During this transition, users finding your images via Google Images will see the old URLs. With the redirect option, they’re sent to the new URL seamlessly. Without any hiding, Google naturally updates its index to the new paths over time.

Does WP Ghost modify WordPress core files?

No. Image path hiding uses server rewrite rules. The HMW_HIDE_OLD_IMAGES constant is added to wp-config.php (your configuration file). No core files are modified.

Uploads path and image security:

Customize Uploads Directory – Change the uploads path (prerequisite).
Change Paths in CSS Files – Fix image references in cached CSS/JS.
WP Ghost Constants Reference – All wp-config.php constants including HMW_HIDE_OLD_IMAGES.
Add Files to Hide Common Files – Add custom file types to the hidden files list.