WP Ghost and WP Hide & Security Enhancer can run together, but they overlap significantly on their core feature: path security. Both plugins change and hide WordPress paths (login, admin, wp-content, plugins, themes). Running both means two plugins are rewriting the same paths, which creates potential conflicts and adds complexity without adding much security value. If you run both, disable all path security features in one plugin and only use it for its unique features. In most cases, WP Ghost alone covers everything WP Hide offers and adds firewall, 2FA, brute force protection, and country blocking on top.
Why Both Plugins Overlap Heavily
WP Hide & Security Enhancer and WP Ghost are both path security plugins. Their core function is identical: change and hide WordPress paths so bots and theme detectors can’t identify your WordPress installation. WP Hide focuses exclusively on path security and HTML cleanup. WP Ghost provides path security plus a full suite of additional features (7G/8G firewall, 2FA with passkeys, brute force protection, country blocking, security headers, activity logs). Because the primary function overlaps, running both simultaneously means two plugins are competing to rewrite the same paths, which can cause .htaccess rule conflicts and unexpected behavior.
What WP Hide Security Enhancer Provides
WP Hide & Security Enhancer is a focused path security plugin:
- Hide WordPress core files – conceals core WordPress file paths from the frontend.
- Hide login page – changes the default login URL.
- Hide theme and plugin paths – changes wp-content, plugins, and themes paths.
WP Hide doesn’t include a firewall, brute force protection, 2FA, country blocking, security headers, or activity logging. It’s a path security specialist.
What WP Ghost Provides
WP Ghost is a comprehensive hack-prevention plugin that includes path security plus additional security layers:
- Path security – changes wp-admin, wp-login, wp-content, plugins, themes, uploads, REST API, and other WordPress paths.
- 7G/8G Firewall – blocks malicious requests at the rewrite layer before WordPress loads.
- Security headers – HSTS, CSP, X-Frame-Options, X-XSS-Protection.
- SQL and script injection prevention – blocks common injection patterns.
- Country blocking – geographic access control by country.
- 2FA and Magic Links – code, email, and passkey authentication methods.
- Brute force protection – rate limiting on login, register, lost password, and comment forms with reCAPTCHA.
Recommended Configuration
These plugins overlap on their primary function (path security). You have two options:
Option 1 (recommended): Use WP Ghost alone.
WP Ghost covers everything WP Hide offers (path security, HTML cleanup) plus firewall, 2FA, brute force, country blocking, and security headers. Deactivate WP Hide and use WP Ghost for all security. This is the simplest approach and avoids any conflict risk.
Option 2: Run both with strict feature separation.
If you prefer to keep WP Hide for path security and use WP Ghost for its additional features only:
- Disable all path security features in WP Ghost (custom login, admin, wp-content, plugins, themes, uploads, REST API paths). Let WP Hide handle all path changes.
- Enable WP Ghost features that WP Hide doesn’t have: 7G/8G Firewall, security headers, brute force protection, 2FA with passkeys, country blocking, activity logs.
- Test thoroughly after configuration. Check the page source to confirm paths are changed and the site works correctly.
Do not enable path security in both plugins simultaneously. Both plugins write rewrite rules to .htaccess and both modify HTML output to replace WordPress paths. Having two plugins rewrite the same paths causes rule conflicts, broken URLs, and unpredictable behavior. Pick one plugin for path security and disable it in the other.
Feature Comparison
Use this comparison to see the overlap and unique features:
| Feature Category | WP Hide | WP Ghost |
|---|---|---|
| Path Security (login, admin, plugins, themes, uploads, REST API) | Yes | Yes |
| HTML Cleanup (generator meta, version tags) | Yes | Yes |
| 7G and 8G Firewall | – | Yes |
| Security Headers (HSTS, CSP, X-Frame-Options) | – | Yes |
| Country Blocking | – | Yes |
| Two-Factor Authentication (Code, Email, Passkeys) | – | Yes |
| Magic Link Login & Temporary Logins | – | Yes |
| Brute Force Protection (login, register, lost password, comments) | – | Yes |
| reCAPTCHA (Math, V2, V3) | – | Yes |
| IP Blacklist / Whitelist | – | Yes |
| Text, URL, and CDN Mapping | – | Yes |
| Activity Log & Email Alerts | – | Yes |
Frequently Asked Questions
Will WP Ghost and WP Hide conflict?
Yes, if both have path security features enabled simultaneously. Both plugins rewrite WordPress paths using .htaccess rules and HTML output filtering. Having two plugins doing the same rewrite causes rule conflicts and broken URLs. Disable all path security in one plugin and use it only for its unique features.
Do I need WP Hide if I have WP Ghost?
No. WP Ghost is a superset of WP Hide’s functionality. Every feature WP Hide offers (path security, HTML cleanup) is included in WP Ghost, plus WP Ghost adds firewall, 2FA, brute force protection, country blocking, security headers, and activity logs. There’s no unique feature in WP Hide that WP Ghost doesn’t cover.
How do I migrate from WP Hide to WP Ghost?
Deactivate WP Hide first, then activate WP Ghost and configure your custom paths. WP Ghost has settings for all the same paths WP Hide covers (login, admin, wp-content, plugins, themes, uploads) plus additional paths WP Hide doesn’t support (REST API, AJAX, lost password, register, logout). After configuring WP Ghost, verify your site works and check the page source to confirm paths are updated.
Does WP Ghost modify WordPress core files?
No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks for application-level changes. No core files are modified. Deactivating WP Ghost restores all defaults instantly.
Related Tutorials
WP Ghost compatibility with other security plugins:
- WP Ghost and Wordfence – Configuration guide for both plugins.
- WP Ghost and Solid Security – Configuration guide for both plugins.
- Compatible Plugins List – All plugins tested with WP Ghost.
- Emergency Disable – Recovery via FTP if needed.