WP Ghost and WP Cerber Security Compatibility

Q: Should I use WP Cerber's 2FA or WP Ghost's 2FA?

WP Ghost. WP Ghost offers 2FA via code, email, and passkeys (Face ID, Touch ID, Windows Hello, hardware keys). WP Cerber's 2FA options are more limited.

Q: Does WP Ghost modify WordPress core files?

No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks. No core files are modified.

Table of Contents

Why Use Both Plugins Together
What WP Cerber Provides
What WP Ghost Provides
Recommended Configuration
Feature Comparison
Frequently Asked Questions
Related Tutorials

WP Ghost and WP Cerber Security are fully compatible and complement each other well. WP Cerber focuses on login protection, malware scanning, and anti-spam, while WP Ghost focuses on attack surface reduction by changing WordPress paths and adding firewall rules. Running both plugins together gives you defense in depth: WP Ghost prevents bots from finding your WordPress files in the first place, while WP Cerber catches the attacks that do reach your login forms. Both plugins work on all server types (Apache, Nginx, IIS, LiteSpeed) and integrate cleanly with SEO and cache plugins.

Why Use Both Plugins Together

Security plugins work best in layers. WP Cerber and WP Ghost approach WordPress security from different angles: Cerber is reactive (catches and blocks attacks as they happen) while WP Ghost is proactive (prevents bots from finding the attack surface in the first place). When a hacker bot scans for /wp-login.php, WP Ghost returns 404 – the bot never reaches Cerber’s login protection because it can’t find the login form. When a more sophisticated attacker bypasses path security and reaches the actual login, Cerber’s brute force protection, anti-spam, and malware scanning take over. Each plugin handles what the other doesn’t.

What WP Cerber Provides

WP Cerber Security is a security plugin focused on login protection, anti-spam, and malware detection:

Login form protection – limits failed login attempts via the login form, XML-RPC, REST API, and auth cookies.
Anti-spam engine – specialized spam detection for comments and registration forms.
Malware scanner – scans WordPress files for known malicious code.
Activity tracking – logs user activity and bad actor behavior.
Notifications – flexible email, mobile, and desktop alerts for security events.
IP blocklist – manual and automatic IP blocking with geolocation data.

What WP Ghost Provides

WP Ghost is a hack-prevention plugin focused on attack surface reduction:

Path security – changes wp-admin, wp-login, wp-content, plugins, themes, uploads, and other WordPress paths so bots can’t find them.
7G/8G Firewall – blocks malicious requests at the rewrite layer before WordPress loads.
Security headers – HSTS, CSP, X-Frame-Options, X-XSS-Protection, and other browser-level security headers.
SQL and script injection prevention – blocks common injection patterns at the request level.
Country blocking – geographic access control by country.
2FA and Magic Links – additional authentication factors including code, email, and passkey methods.
Brute force protection – rate limiting on login, register, lost password, and comment forms with reCAPTCHA support.

Recommended Configuration

When running both plugins together, configure them to handle complementary tasks rather than duplicating functionality. Here’s the recommended split:

Enable in WP Ghost:

All path security features (login, admin, wp-content, plugins, themes, uploads, REST API).
7G/8G Firewall.
Security headers (HSTS, CSP, X-Frame-Options).
Country blocking (if needed).
2FA and/or Magic Link login.
Hide WordPress common paths and files (readme.html, license.txt, etc.).

Enable in WP Cerber:

Anti-spam engine for comments and registration.
Malware scanner.
Activity tracking and notifications.
Cerber’s specific anti-spam features that WP Ghost doesn’t duplicate.

Avoid duplication: Both plugins offer login limit attempts, IP blocking, and basic 2FA. Pick one plugin to handle each feature – using both creates conflicts and confusing behavior. WP Ghost is recommended for path security features and primary brute force protection, while WP Cerber is recommended for malware scanning and anti-spam.

Feature Comparison

Use this comparison to decide which plugin should handle each feature on your site:

Feature Category	WP Cerber	WP Ghost
Path Security (wp-admin, login, plugins, themes, uploads, REST API)	Limited	Yes
7G and 8G Firewall	–	Yes
Security Headers (HSTS, CSP, X-Frame-Options)	–	Yes
Country Blocking	–	Yes
Two-Factor Authentication (Code, Email, Passkeys)	–	Yes
Magic Link Login & Temporary Logins	–	Yes
Brute Force Protection (login, register, lost password, comments)	Login only	Yes
reCAPTCHA (Math, V2, V3)	Yes	Yes
IP Blacklist / Whitelist	Yes	Yes
Disable XML-RPC	Yes	Yes
Text, URL, and CDN Mapping	–	Yes
Anti-Spam Engine	Yes	–
Malware Scanner	Yes	–
Activity Log & Email Alerts	Yes	Yes

Frequently Asked Questions

Will WP Ghost and WP Cerber conflict with each other?

Not if you configure them properly. Both plugins offer some overlapping features (login limit attempts, basic IP blocking, custom login path). To avoid conflicts, enable each feature in only one plugin. We recommend using WP Ghost for path security and primary brute force protection, and WP Cerber for malware scanning and anti-spam.

WP Ghost. WP Ghost’s path security uses server-level rewrite rules (.htaccess on Apache, Nginx config on Nginx) which are more efficient than PHP-based path rewrites. It also covers more paths than Cerber (lost password, activation, logout, AJAX). Disable the custom login path feature in WP Cerber if you have it enabled there, then configure it in WP Ghost.

Should I use WP Cerber’s 2FA or WP Ghost’s 2FA?

WP Ghost. WP Ghost offers 2FA via code (Google Authenticator), email, and passkeys (Face ID, Touch ID, Windows Hello, hardware keys). WP Cerber’s 2FA options are more limited. Use WP Ghost’s 2FA and disable Cerber’s authentication features.

Do I need WP Cerber if I have WP Ghost?

WP Ghost focuses on prevention – blocking attacks before they reach your site. WP Cerber adds reactive features like malware scanning and anti-spam that WP Ghost doesn’t include. If you want both prevention and detection/scanning, run both plugins together. If you’re focused purely on hack prevention, WP Ghost alone is sufficient for most sites.

Does this work with WooCommerce?

Yes. WP Ghost is fully compatible with WooCommerce, and WP Cerber works with WooCommerce too. Both plugins protect WooCommerce login forms and customer accounts.

Does WP Ghost modify WordPress core files?

No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks for application-level changes. No core files are modified. Deactivating WP Ghost restores all defaults instantly.

WP Ghost compatibility with other security plugins: