WP Ghost is fully compatible with Hummingbird by WPMU DEV. When you use both plugins together, you need to do two things to keep WP Ghost’s path security working: change Hummingbird’s default cache directory away from the predictable /wp-content/cache/hummingbird/ location, and enable WP Ghost’s Change Paths in Cache Files option so the cached HTML, CSS, and JS files reference your custom paths instead of the WordPress defaults. This guide walks through the complete configuration in 4 steps.
Cache plugins like Hummingbird save pre-rendered HTML files that contain the actual paths to your CSS, JavaScript, plugins, themes, and uploads. When WP Ghost changes these paths, the live page output uses the new paths – but the cached HTML files still contain the old WordPress default paths until they’re regenerated. Without coordinating Hummingbird and WP Ghost, your visitors will see cached pages exposing /wp-content/plugins/ and /wp-content/themes/ even though WP Ghost is supposedly hiding them. The fix is two-sided: hide where Hummingbird stores its files, and tell WP Ghost to update paths inside cached files.
If you haven’t already enabled Hummingbird’s caching:
Hummingbird will start saving cached versions of your pages. By default, these are stored in /wp-content/cache/hummingbird/.
Hummingbird’s Asset Optimization minifies and combines CSS and JS files for faster page loads. This creates additional cached files that WP Ghost also needs to know about.
Hummingbird now generates minified and combined CSS/JS files in addition to cached HTML pages. Both need WP Ghost’s path coordination.
This is the most important step for security. The default Hummingbird cache directory /wp-content/cache/hummingbird/ is predictable and can reveal that you’re using Hummingbird (and WordPress) to anyone who probes that path. Change it to a non-obvious directory.
/wp-content/cache/hummingbird/ to something non-obvious like /wp-content/cache/optimization/ or /wp-content/cache/assets/.Tip: Pick a directory name that doesn’t reference Hummingbird, WPMU DEV, or any cache-related terminology. /wp-content/cache/static/, /wp-content/cache/build/, or /wp-content/cache/dist/ all work well. The goal is to make the directory look like a generic asset folder rather than a fingerprintable cache plugin location.
Now tell WP Ghost to rewrite the paths inside Hummingbird’s cached files. Without this step, your cached HTML still references the original WordPress paths even though WP Ghost has changed them on the live site.
For complete configuration details, see Change Paths in Cached Files.
Important: After enabling this option, clear the Hummingbird cache so the next page generation creates fresh cached files with the updated paths. Go to Hummingbird > Caching > Clear Cache and also clear the Asset Optimization cache. Without clearing, your old cached files will continue serving the original paths until they expire.
wp-content/plugins and wp-content/themes in the source. They should NOT appear – you should see your custom WP Ghost paths instead.hummingbird in the source. It should NOT appear if you renamed the cache directory in Step 3.The Hummingbird cache hasn’t been cleared since enabling Change Paths in Cache Files in WP Ghost. Go to Hummingbird > Caching > Clear Cache, then also clear the Asset Optimization cache. Visit a few pages while logged out to regenerate the cache with the updated paths.
This isn’t a WP Ghost issue – it’s a common Hummingbird minification problem when JS/CSS files have dependencies that get combined out of order. In Hummingbird Asset Optimization, exclude the problematic files from minification or use the “Don’t combine” option for files that break when combined. Test which files cause the issue by enabling them one at a time.
Make sure the new cache directory is writable by the web server. Hummingbird falls back to the default location if it can’t write to your custom path. Check folder permissions: the directory should be owned by your web server user (usually www-data on Ubuntu/Debian or nginx on CentOS) with permissions 755.
Use the Safe URL parameter to bypass WP Ghost temporarily. If that doesn’t work, see the Emergency Disable guide to recover access via FTP.
Either order works, but the recommended sequence is: install Hummingbird first, configure caching and minification, then install WP Ghost and enable Change Paths in Cache Files. This ensures Hummingbird’s settings are stable before WP Ghost starts processing cached files.
Yes, whenever you change paths in WP Ghost. Cached files contain the old paths until regenerated. Clear the Hummingbird cache after any WP Ghost path change to ensure visitors see the updated paths immediately.
If you use Hummingbird with a CDN (Cloudflare, BunnyCDN, KeyCDN), you also need to purge the CDN cache after enabling WP Ghost path changes. The CDN serves cached versions of your files from edge servers, which won’t reflect the new paths until purged. Most CDNs have a “Purge Everything” or “Clear Cache” option in their dashboard.
Yes. WP Ghost is fully compatible with WooCommerce and Hummingbird works with WooCommerce too. Make sure Hummingbird excludes cart, checkout, and account pages from caching (this is the default and recommended for any WooCommerce site).
No. WP Ghost doesn’t modify Hummingbird’s plugin files or any WordPress core files. The Change Paths in Cache Files option processes the output before Hummingbird saves it to disk, ensuring the cached files contain the correct paths from the start.
WP Ghost with cache and performance plugins:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…