WP Ghost Widget on WordPress Dashboard | Guide

WP Ghost adds a security widget to the WordPress Dashboard that displays your site’s security status at a glance. The widget appears automatically after installation and includes a security score gauge (0-100), a 7-day threats chart showing prevented vs passed attacks, and summary stats for threats blocked, brute force IPs, and alert emails sent. You can show or hide the widget from Screen Options.

What the Widget Shows

The widget displays three main sections:

Security Score Gauge: A visual 0-100 meter showing your overall security level. Green (high score) means your site is well protected. Yellow or red indicates vulnerabilities that need attention. The score is based on the same checks as the full Security Check: brute force protection, injection defenses, XML-RPC status, SSL, security headers, and path security.

7-Day Threats Chart: A daily bar chart tracking threats over the past week. Blue bars represent threats prevented (blocked by WP Ghost’s firewall and brute force rules). Orange bars represent threats that passed through. Ideally, you want blue bars and no orange.

Summary Stats: Four boxes at the bottom showing 7-day totals for Threats Prevented, Threats Passed, Brute Force IPs Blocked, and Alert Emails Sent. These give you a quick numeric snapshot of your site’s security activity.

Show or Hide the Widget

1. Go to the WordPress Dashboard (the main admin home page).
2. Click Screen Options at the top right of the page.
3. Check or uncheck the WP Ghost box to show or hide the widget.

Multisite: use subsite dashboards. On WordPress Multisite installations, the WP Ghost widget appears on individual subsite dashboards, not on the Network Admin dashboard. Navigate to a subsite’s Dashboard to see the widget.

Frequently Asked Questions

The widget doesn’t appear on my Dashboard. What should I check?

First, check Screen Options at the top right and make sure the WP Ghost box is checked. If it doesn’t appear in Screen Options, verify that WP Ghost is activated on that site. On Multisite, check that you’re viewing a subsite Dashboard, not the Network Admin dashboard. If the widget still doesn’t show, the user viewing the Dashboard may not have the hmwp_manage_settings capability (see Grant User Role Access).

Is the widget the same as the full Security Check?

The widget shows your security score and 7-day threat activity. The full Security Check at WP Ghost > Security Check provides the detailed breakdown: individual checks with pass/fail status, specific vulnerability descriptions, and one-click fix buttons. Use the widget for a daily glance and the full Security Check when you need to investigate or fix specific issues.

Does the widget slow down the Dashboard?

No. The widget loads cached security check results. It doesn’t run a fresh scan every time you visit the Dashboard. The security check runs periodically in the background and the widget displays the most recent results.

Can other administrators see the widget?

The widget is visible to any user who has the hmwp_manage_settings capability, which by default is all administrators. Each user controls their own widget visibility independently through Screen Options. If you’ve restricted WP Ghost access using role capabilities, only users with the hmwp_manage_settings capability see the widget.

Does WP Ghost modify WordPress core files?

No. The dashboard widget uses WordPress’s standard widget API. No core files are modified.

Related Tutorials

Security monitoring and dashboard features:

• Grant User Role Access – Control which users can see WP Ghost and the widget.
• Hide and Show WP Ghost in the Menu – Restrict WP Ghost visibility to specific users.
• Change WordPress Paths – Improve your security score by enabling path security.
• Install WP Ghost Premium – Installation and activation guide.