Hiding the wp-admin and wp-login.php paths from the source code is essential, especially when you use a hack-prevention security solution like WP Ghost.
You can hide the paths after you customize them with WP Ghost.
- Follow this tutorial to change and hide the wp-admin path.
- Follow this tutorial to change and hide the wp-login.php path.
Run a Security Check from WP Ghost > Security Check to see if the paths are correctly hidden in the frontend’s source code.
If the paths still appear in the front end after you change and hide them with WP Ghost, this could be because the theme or other active plugins on your website are adding the paths.
A solution is to deactivate the installed plugins and check which plugin adds the default wp-admin and wp-login paths in the source code.
Contact the plugin author and tell him not to expose the direct paths in the frontend but to use the WordPress function to call the paths.
- For wp-admin the WordPress function is
admin_url('/'); - For wp-login.php the WordPress function is
home('wp-login.php');
Calling the paths like this will let WP Ghost change the paths with the new paths in the frontend and not expose the default paths.