Download WP Ghost Premium from your account dashboard, install it on your WordPress site, activate your license token, and set up Ghost Mode for maximum path security. This guide covers the complete Premium installation process: downloading the plugin, uploading to WordPress, activating the license, selecting Ghost Mode, customizing paths, configuring server rules, and running your first Security Check. If you’re looking for the free version instead, see Install WP Ghost Free Plugin.
Log in to your WP Ghost Dashboard account and download the Premium plugin zip file from your orders page.
Upgrading from the free version? If you already have WP Ghost Free installed, deactivate it first, then install and activate the Premium version. Your existing settings are preserved. The Premium plugin file is named hide-my-wp.zip, the same as the free version.
Premium activation requires a license token from your WP Ghost Dashboard account, not an email address like the free version.
After activation, you’re redirected to the WP Ghost > Overview page. Go to WP Ghost > Change Paths > Level of Security to select your protection level.
With Premium, Ghost Mode is available and recommended for maximum protection. It changes all WordPress paths including wp-admin and admin-ajax.php, and activates additional security features automatically.
Start with Lite Mode if unsure. Ghost Mode changes wp-admin and admin-ajax.php paths, which may require compatibility testing with some plugins. If you want to verify compatibility first, start with Lite Mode and switch to Ghost Mode later. See Safe Mode vs Ghost Mode for a full comparison.
After selecting Ghost Mode, WP Ghost generates predefined custom paths for every WordPress location. You can use the defaults or customize each path. The settings are organized into sections:
Admin Security – customize and secure the wp-admin path.
Login Security – customize the wp-login.php path.
Ajax Security – customize the admin-ajax.php path in the frontend.
User Security – customize the author path.
WP Core Security – customize wp-content, wp-includes, and common paths and files.
Plugins Security – customize the plugins path and individual plugin names.
Theme Security – customize the themes path and individual theme names.
API Security – customize the REST API path and manage XML-RPC access.
Firewall & Headers Security – activate firewall rules and security headers.
Important: Bookmark your new login path immediately after saving. The default /wp-login.php and /wp-admin are no longer accessible to visitors. If you forget your custom path, use the Safe URL parameter to regain access.
After customizing, click Save to apply the changes.
If WP Ghost can’t write rewrite rules to your server config file automatically, it shows the rules you need to add manually. Follow the on-screen instructions for your server type and click Okay, I set it up.
For Nginx: Add the config include line to your nginx.conf and restart Nginx with sudo nginx -s reload. This is a one-time setup. See Setup WP Ghost on Nginx Server for full instructions.
For Apache: Ensure AllowOverride All is set for your directory. See Set AllowOverride All on Apache.
After saving your configuration, verify everything is working. Go to WP Ghost > Security Check > Start Scan. WP Ghost runs security tasks and reports which checks pass. Use the Fix it buttons to resolve any remaining issues automatically.
Save your Safe URL from WP Ghost > Change Paths. This is your emergency access link if a compatibility issue ever locks you out. The Safe URL bypasses all custom paths and lets you access the default WordPress login.
For a comprehensive security setup beyond the initial install, continue with the complete hiding checklist and brute force protection. If you ever can’t log in, see the Emergency Disable guide.
Yes. Deactivate the free version, install and activate Premium, then enter your license token. All your existing WP Ghost settings are preserved in the database. You don’t need to reconfigure anything.
Log in to your WP Ghost Dashboard account and go to your orders page. The activation token is displayed next to your purchase. Copy and paste it into the WP Ghost activation field in your WordPress dashboard.
Premium adds the full User Events Log, full Security Threats Log, country blocking, extended file extension security, file permission fixes, database prefix changes, SALT key regeneration, vulnerability management, and priority support.
Yes. WP Ghost Premium is fully compatible with WooCommerce. Ghost Mode works with cart, checkout, product pages, and customer accounts. If you experience issues with wp-admin or AJAX paths, start with Lite Mode and test before switching to Ghost Mode.
No. All path changes use server rewrite rules and WordPress hooks. No files are moved, renamed, or modified. Deactivating WP Ghost restores all defaults instantly.
Continue setting up your security:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…