In this lesson, you will learn how to customize paths and hide your WordPress website. This will help protect it from theme detectors and hacker bots. After downloading and installing the plugin, make sure to use all its features.
Our challenge with WP Ghost was to create an easy-to-set-up plugin. It also needed to be a stable and complex security plugin. The goal was to protect websites from almost all known WordPress attacks.
Let’s start with some easy-to-follow steps.
Select Level of Security
If you didn’t install and activate the plugin yet, follow these steps first:
Install WP Ghost Lite Plugin and Install WP Ghost Premium Plugin
Next, go to WP Ghost > Change Paths panel and select the Safe Mode level.
If you have the WP Ghost premium plugin, you can select also Ghost Mode.
Customize the WordPress Paths
Once you have selected the Safe Mode or Ghost Mode, new input fields will appear. These fields contain the common WordPress paths, and you can customize every single one to hide your WordPress paths. If you don’t know how to customize the paths, just go with the default paths added by WP Ghost.
Note: The plugin doesn’t physically replace any paths on your server with custom ones. All changes are made using redirects and if you deactivate the plugin, the old paths will be accessible again.
Feel free to name the paths as you like, but don’t give them the same names. Every path must have a different name in order to avoid breaking the website functionality.
We suggested some easy-to-remember names, especially for the admin and login paths.
Note: Not all the plugins on WordPress support different ajax and admin paths. If you notice any compatibility issues with other plugins, we suggest that you leave the wp-admin and admin-ajax.php paths unchanged.
Save the changes
After you set new paths for wp-content, wp-includes, uploads, author, etc. you need to save the settings.
If the config file is not writable, WP Ghost will show you the set of rules you need to add manually. Just follow the instructions carefully.
For Nginx server, you need to restart Nginx after each customization.
For Linux servers use the command line:
sudo nginx -s reload
For Apache server, you need to make sure you set the AllowOverride All option for your current directory in httpd.conf or apache2.conf.
Read more about it: https://wpghost.com/kb/how-to-set-allowoverride-all/
If you changed wp-admin or wp-login.php with different paths, you will have to check the Frontend login after the settings are saved and make sure the new paths are working.
Note: In case you can’t log in to your website, another plugin or theme is not letting WP Ghost load the content. You can access the Safe URL, and you will be redirected to wp-login.php.
What to do if the theme doesn’t allow wp-login change
Well, you can deactivate the other plugins and try WP Ghost only with the theme. If the theme is causing the issue, make sure that the theme does work with different paths for wp-admin and wp-login.php.
If everything goes smoothly, you can connect using the new login path and confirm the settings in WP Ghost.
Run a Security Check
Let’s make sure your website is safe and run a Security Check from “WP Ghost > Security Check > Start Scan“.
WP Ghost will do 39 security tasks and let you know in just seconds what you need to do to secure your website.
Some of the tasks can be completed automatically, and some will of them require manual action. If you think that some tasks are too difficult, you can talk with your web developer who will be able to complete them.
Feel free to contact us with feedback and suggestions here