Load a tested security configuration in one click instead of configuring dozens of settings manually. WP Ghost offers four security presets that range from minimal protection (no server config changes) to full Ghost Mode with firewall, brute force, 2FA, and logging enabled. Each preset has been tested across different server environments and plugin combinations. Load a preset, customize your login path, and your site’s hack prevention is configured in under a minute. This is a free feature.
Fastest way to go from zero to protected. A fresh WP Ghost installation starts in Default mode with no protection active. Loading a preset enables an entire security stack in one action. For new users who aren’t sure which settings to enable, presets provide a tested starting point.
Tested configurations, fewer compatibility issues. Each preset has been validated against common server environments and plugin combinations. The Compatibility preset specifically includes settings that prevent conflicts with popular plugins like WooCommerce, Elementor, and caching tools.
Starting point, not a final destination. Presets give you a solid baseline. After loading one, you can fine-tune individual settings: customize paths, switch to a different reCAPTCHA type, adjust firewall rules, or add geo blocking. The preset handles the 80% – you customize the remaining 20% for your specific site.
Best for: Restrictive hosting environments that don’t allow .htaccess or Nginx config modifications.
This preset applies basic security measures without writing any server configuration files. It changes the wp-login.php path to a custom URL but doesn’t modify .htaccess or server config. Use this when your hosting prevents config file changes or when you want the lightest possible WP Ghost setup.
What it enables: Custom login path, basic security hardening options. No firewall, no brute force, no logging.
Best for: Sites running WooCommerce, Elementor, caching plugins, or other popular plugins where compatibility matters.
This preset activates Safe Mode path changes with medium-level firewall protection and includes compatibility settings tested with popular plugins. It’s the recommended starting point for most sites because it provides meaningful protection while minimizing the risk of plugin conflicts.
What it enables: Safe Mode custom paths, medium firewall protection, plugin compatibility settings.
Best for: Sites that need comprehensive protection with Safe Mode’s balanced path changes.
This preset enables Safe Mode paths plus every major protection feature: firewall, brute force protection with Math reCAPTCHA, User Events Log, Security Threats Log, and Two-Factor Authentication. It’s the full security stack without Ghost Mode’s aggressive path security.
What it enables: Safe Mode custom paths, medium firewall, brute force with Math reCAPTCHA, Events Log, Threats Log, 2FA.
Best for: Maximum security when you want the most aggressive path changes and every protection feature active.
This preset enables Ghost Mode’s advanced path security (changes all WordPress paths including plugins, themes, wp-includes, and more) plus 8G Firewall, brute force with Math reCAPTCHA, Events Log, Threats Log, and 2FA. This is the highest level of protection WP Ghost offers as a one-click configuration.
What it enables: Ghost Mode custom paths, 8G Firewall, brute force with Math reCAPTCHA, Events Log, Threats Log, 2FA.
Note: Presets 3 and 4 enable the Events Log and Threats Log, which are Premium features. If you’re using the free version, those features won’t activate but all other preset settings will apply normally.
Important: Loading a preset overwrites all current WP Ghost settings. Back up your settings before loading a preset if you want to preserve your current configuration.
After loading, verify your site is working by opening a new browser tab (or incognito window) and navigating to your homepage and a few internal pages. If anything looks wrong, use the rollback settings to revert.
Each preset sets a default login path:
Safe Mode presets: /newlogin
Ghost Mode preset: /ghost-login
These are generic defaults. For better security, change the login path to something unique to your site:
/my-secret-entry).Bookmark your new login URL immediately. After changing the login path, the default /wp-login.php and /wp-admin are no longer accessible. If you forget your custom path, check the emergency disable guide for recovery options.
Some presets modify server configuration files (.htaccess on Apache, config files on Nginx). If your server doesn’t support the required rules, pages may return 404 or 500 errors. Use the emergency disable guide, the rollback settings, or add a constant in wp-config.php to disable WP Ghost temporarily. Then try a lower-level preset (start with Minimal or Safe + Compatibility).
The preset changed your login path. The default paths are /newlogin for Safe Mode presets and /ghost-login for Ghost Mode. Try both. If neither works, use the emergency disable guide to temporarily restore access.
The Compatibility preset covers the most common plugins, but edge cases exist. Check the WP Ghost Compatibility Plugins List for known issues with specific plugins. If a conflict persists, start with the Minimal preset and add features one by one to isolate the issue.
Start with Safe Mode + Firewall + Compatibility for most sites. It provides meaningful protection with the lowest risk of plugin conflicts. If you need full protection (brute force, 2FA, logging), try Safe Mode + Full Protection. Only use Ghost Mode + Full Protection if you’re comfortable with aggressive path changes and have verified compatibility with your plugins.
Yes. Presets are a starting point. After loading, every setting is individually adjustable. You can change paths, switch reCAPTCHA types, add geo blocking, modify firewall rules, or toggle any feature on or off.
Yes. Loading a preset overwrites all current WP Ghost settings. Always create a backup before loading a preset if you want to preserve your current configuration.
Yes. The Safe Mode + Firewall + Compatibility preset specifically includes settings tested with WooCommerce. For the other presets, WP Ghost is fully compatible with WooCommerce, but you may need to adjust individual settings if you encounter checkout or cart issues.
No. Presets configure WP Ghost settings stored in the WordPress options table. Some presets write server configuration rules (.htaccess on Apache), but no WordPress core files are modified. Disabling WP Ghost or loading a different preset removes the changes instantly.
Configure and manage your security setup:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…