What is WP Ghost?

Introduction

WP Ghost (short for Hide My WP Ghost) is a comprehensive hack-prevention security solution for WordPress websites. It adds multiple layers of security to block hacker bots and prevent unauthorized access.

It works by changing and hiding common vulnerabilities, making it difficult for bots and hackers to exploit weak points in plugins, themes, and the WordPress core itself.

What is Hack Prevention?

It involves implementing multiple layers of security measures to block common attack vectors such as:

• Brute Force Attacks
• SQL Injection Attacks
• Script Injection Attacks
• Malware Injection
• XML-RPC attacks
• File Inclusion Exploits
• Vulnerability Exploits
• Directory Traversal Attacks
• Default WP Paths Exploits
• Cross-Site Scripting (XSS)
• Throttling of Access Attempts to Entry Points
• Signup and Comment Spams
• and more

Hack prevention minimizes vulnerabilities, strengthens login protections, and reduces visibility to potential attackers, ensuring a secure and resilient WordPress site.

Key Security Features

• Path Security: WP Ghost changes and hides critical paths (like common paths, plugin paths, theme paths, login), hiding them from bots looking to exploit known WordPress entry points.
• 8G Firewall Protection: This firewall blocks harmful traffic before it reaches your site, filtering out malicious IPs, bad bots, and common threats.
• Header Security: WP Ghost enforces secure headers to prevent various types of attacks, including clickjacking and cross-site scripting.
• Anti-Spam Blocking: WP Ghost filters and blocks bad bots, minimizing spam and preventing bots from crawling your site unnecessarily. This feature saves bandwidth and reduces server load, improving your site’s performance.
• Brute Force Protection: By limiting login attempts and blocking suspicious IPs, WP Ghost helps to prevent brute-force attacks, enhancing login security.
• Two-Factor Authentication (2FA): Adds an extra layer of verification to prevent unauthorized access, even if passwords are compromised.
• Country Blocking: Allows you to block access from specific countries, minimizing exposure to known high-risk locations.

In addition to these core features, WP Ghost monitors for vulnerabilities and sends email alerts for fail attempts or risky actions, providing users with a proactive, easy-to-manage security solution. It’s designed to work with popular plugins and themes without disrupting your site, delivering an effective shield against common WordPress threats.

Security Features

Change Paths

• Change wp-admin path
• Change wp-login.php path
• Change lost password path
• Change register path
• Change logout path
• Change activation path
• Change admin-ajax.php path
• Change wp-comments-posts.php path
• Change wp-includes path
• Change wp-content/uploads path
• Change comments path
• Change author path
• Change wp-content/plugins path
• Change plugins name (customize each plugin name)
• Change wp-content/themes path
• Change themes name (customize each theme name)
• Custom theme style.css name
• Change REST API wp-json path

Hide Paths

• Hide wp-admin path and show 404 error or a custom page
• Hide wp-admin path for non-admin users
• Hide wp-login.php and show 404 error or a custom page
• Hide wp-login path and show 404 error or a custom page
• Hide login path and show 404 error or a custom page
• Hide admin-ajax path
• Hide wp-admin from admin-ajax.php path
• Hide wp-content path
• Hide wp-includes path
• Hide wp-content/uploads path and sub paths
• Hide wp-comments-posts.php
• Hide author path
• Hide author ID access
• Hide wp-content/plugins path and sub paths
• Hide wp-content/themes path and sub paths
• Hide REST API wp-json path
• Hide rest_route parameter
• Hide wp-config.php & wp-config-sample.php
• Hide wp-load.php
• Hide wp-settings.php
• Hide wp-blog-header.php
• Hide bb-config.php
• Hide install.php
• Hide license.txt, readme.txt & readme.html
• Hide php.ini, error-log & debug.log
• Hide WordPress Common Paths by Extension
• Hide Admin Toolbar based on user role
• Hide style IDs and META IDs
• Hide WordPress HTML comments
• Hide Version and WordPress Tags
• Hide DNS Prefetch WordPress link
• Hide WordPress Generator Meta
• Hide RSD (Really Simple Directory) header
• Hide Emoticons if you don’t use them

Disable Options

• Disable REST API access
• Disable XML-RPC access
• Disable Embed scripts
• Disable DB-Debug in Frontend
• Disable WLW Manifest scripts
• Disable Select All – Ctrl+A (Windows and Linux), ⌘+A (macOS)
• Disable Copy – Ctrl+C (Windows and Linux), ⌘+C (macOS)
• Disable Cut – Ctrl+X (Windows and Linux), ⌘+X (macOS)
• Disable Paste – Ctrl+V (Windows and Linux), ⌘+V (macOS)
• Disable Save – Ctrl+S (Windows and Linux), ⌘+S (macOS)
• Disable Inspect Element/Developer Tool – Ctrl+Shift+I (Windows and Linux), ⌘+⌥+I (macOS)
• Disable View Source – Ctrl+U (Windows and Linux), ⌘+U (macOS)
• Disable Right Click
• Disable Drag-Drop
• Disable Image Dragging by Mouse
• Disable Text Selection
• Disable Directory Browsing

Redirects

• Custom login redirects based on user role
• Custom logout redirects based on user role
• Custom redirects for hidden paths
• Automatically redirect logged users to dashboard

Mapping & Changing

• Change class names & IDs using Text Mapping
• Change URLs using URL Mapping
• Change CDN domains using CDN Mapping
• Change URLs from Relative to Absolute
• Change paths in Ajax calls
• Change paths for Logged Users
• Change paths in Cache Files
• Change paths in the Feed link
• Change paths in the Sitemap XML
• Change paths in the Robots.txt

Firewall

• Two-factor Authentication By Code (2FA)
• Two-factor Authentication By Email (2FA)
• Two-factor Authentication By Passkey (2FA)
• Security Headers against XSS & Code Injections
• Security Header Strict-Transport-Security
• Security Header Content-Security-Policy
• Security Header X-XSS-Protection
• Security Header X-Content-Type-Options
• Security Header X-Frame-Options
• Firewall against Script Injections and SQL Injection
• 7G Firewall Security Filter
• 8G Firewall Security Filter
• Block by IP Addresses
• Block by User Agents
• Block by Referrers
• Block by Hostnames
• Hide Website from Theme Detectors

Brute Force Protection

• Brute Force Protection with Math reCaptcha
• Brute Force Protection with Google reCaptcha V2
• Brute Force Protection with Google reCaptcha V3
• Brute Force Protection on Login
• Brute Force Protection on Password Lost
• Brute Force Protection on Signup
• Brute Force Protection on Comment
• Brute Force Protection on Woocommerce Login
• Brute Force Protection shortcode
• Custom attempts, timeout, message
• Manage Blacklist and Whitelist IPs

Geo Security

• Country Blocking
• Path based country blocking

Security Check & Fix

• Files & Folders Permission Fix
• Database ‘wp’ Prefix Fix
• Weak username login Fix
• SALT keys Fix
• WordPress debugging Fix
• Script debugging Fix
• Plugin editing Fix

Extra Features

• Magic Link Login Without Password
• Temporary Logins Without Password
• Fix relative URLs
• Backup and Restore settings
• Change classes on source code using Text Mapping
• Change URLs on source code using URL Mapping
• Cache CSS, JS, and Images to optimize the loading speed
• Load Security Presets for quick configuration
• Weekly security checks and reports
• Events/Actions Monitoring (Cloud Backup)
• Brute Force Monitoring (Cloud Backup)
• Hide My WP Premium Feature

Free & Pro Features

While WP Ghost’s free version offers robust protection, the premium version provides additional advanced features for enhanced security, such as:

Extended Attack Log: Access detailed reports on blocked threats, allowing you to monitor your site’s security over time and understand the types of threats it faces.

Extended Hiding Options: Pro users have the option to hide additional WordPress elements, such as wp-content, wp-includes, wp-content/uploads, and other identifiable WordPress paths and files, providing an even higher level of protection.

Country Blocking: allows you to restrict access to your WordPress site based on geographic locations, blocking traffic from specific countries to reduce hacking attempts, spam, and malicious activities while improving security and performance.

Events Log: tracks and records security-related activities on your WordPress site, including login attempts, plugin install and removal, brute force attacks, blocked requests, and other suspicious actions, providing detailed logs to monitor activity and quickly detect potential threats.

Priority Support: With the Pro version, users get access to priority support, ensuring timely assistance for any issues or questions that arise during use.

Why Choose WP Ghost?

WP Ghost is designed for simplicity and security, making it an attractive choice for website owners, bloggers, e-commerce store owners, and enterprise-level administrators.

Here are some reasons why WP Ghost is the ideal WordPress security solution:

Ease of Use: WP Ghost’s intuitive interface and setup wizard mean that even beginners can enhance their website security without feeling overwhelmed. The plugin’s preconfigured settings ensure that users can start with secure defaults and gradually explore more advanced options as they gain confidence.

Fast & Robust: WP Ghost is engineered to provide powerful security features without compromising site performance. By avoiding direct alterations to WordPress core files, it remains lightweight and compatible with core updates, ensuring that your site stays secure without unnecessary slowdowns.

Update and Support: WP Ghost is actively maintained and updated, with regular updates that address emerging security threats and improve functionality. The plugin’s support team is available to assist with any questions or issues, ensuring a smooth and effective security experience.