WP Ghost offers advanced configuration options through constants that can be added to the wp-config.php file. These constants allow you to fine-tune the plugin’s behavior without using the admin interface.
Below is a detailed tutorial on each constant and how to configure them.
define( 'HMW_PRIORITY', true );Forces the plugin to load immediately after WordPress initializes, ensuring that it executes its security measures as early as possible.
Equivalent: WP Ghost > Advanced > Compatibility > Plugin Loading Hook > Priority Loading
Enable this option if you experience compatibility issues with other plugins that might load before WP Ghost. It ensures that WP Ghost has priority, minimizing conflicts and enforcing security features early in the WordPress initialization process.
define( 'HMW_RULES_IN_WP_RULES', true );Adds WP Ghost rules directly into WordPress rewrite rules defined in the .htaccess file. This integration provides a fallback mechanism for applying plugin rules within WordPress itself rather than relying solely on external .htaccess configurations.
Equivalent: WP Ghost > Advanced > Compatibility > Add Rewrites in WordPress Rules Section
Use this setting when external factors (e.g., server configurations) block the addition of custom rules in .htaccess. It ensures that rewrite rules are always applied, even if the server prevents direct modification of .htaccess files.
define( 'HMW_DYNAMIC_FILES', true );Forces the plugin to dynamically load CSS and JS files, including cached files, ensuring paths are obfuscated and protected from direct access.
Equivalent: WP Ghost > Mapping > Text Mapping > Text Mapping in CSS and JS files including cached files
Use this option to prevent caching plugins or CDN services from exposing sensitive paths. It is particularly helpful when cached or minified files reveal original paths that could be exploited, offering an extra layer of protection for resources.
define( 'HMW_ALWAYS_CHANGE_PATHS', true );Forces WP Ghost to rename paths even within the WordPress admin area, hiding URL parameters, file paths, and sensitive text.
Also Use: https://wpghost.com/kb/wp-ghost-admin-mapping/
This option is useful for users who want enhanced privacy and path masking even for logged-in admin users. It ensures that paths remain obfuscated regardless of whether the user is browsing the frontend or working in the backend dashboard, improving overall security.
define( 'HMW_HIDE_OLD_IMAGES', true );Blocks access to old image paths after paths have been changed. Returns a 404 error for image formats like jpeg, jpg, tiff, gif, bmp, png, and webp to prevent exposure.
After adding the option in the config file, Go to WP Ghost > Change Paths > WP Core Security > Hide WordPress Common Paths and select the extension IMAGE Files.
Read Also: https://wpghost.com/kb/hide-the-old-image-paths-with-wp-ghost/
This prevents the exposure of old URLs to protect against direct access or brute-force attempts targeting old image paths. It is especially useful after migrating or restructuring a site to block old references that attackers might use.
define( 'HMWP_LOGGED_IN_COOKIE', 'hmwp_logged_in_' );Sets a custom cookie for logged-in users to work with custom admin path, improving compatibility with login sessions and security measures.
Enhances security for dynamic path disabling when logged-in users access the admin dashboard. This ensures seamless authentication while maintaining hidden paths, making it harder for attackers to guess login URLs.
define( 'HMW_FILE_PERMISSION', 0644 );
define( 'HMW_DIR_PERMISSION', 0755 );
define( 'HMW_CONFIG_PERMISSION', 0444 );Configures permissions for files, directories, and configuration files when using the Security Check > Fix Permissions feature. Setting strict permissions ensures files and folders are only accessible where necessary.
Default Values:
064407550444Enforce stricter permissions to enhance security, especially in shared hosting environments or high-security websites. Restricting permissions reduces the risk of unauthorized modifications or access by malicious scripts.
define('WP_AUTO_UPDATE_HMWP', false);To prevent the WP Ghost plugin from automatically checking for updates, add the following line to your wp-config.php file:
This setting disables the plugin’s automatic update checks. If you need to update WP Ghost manually, navigate to the plugin list in your WordPress dashboard and click the Check for Updates link next to the plugin.
Because hackers often use bots to search for security flaws in your website, it is…
The easiest way to change the default media uploads path is to use the WP…
To hide all CSS and JS you need to follow the steps to Combine the…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
When you enable two-factor authentication (2FA) for your WordPress website, it adds an extra layer…