Hide Your WordPress Website From Hackers
By Using Hide My WP Ghost

Easy to use. Affordable. Fast.
Hours
Minutes
Seconds

Hide my WordPress Ghost is a full-featured security plugin, designed to provide you with the best protection against hackers.

When you start using this plugin, you will be able to hide the fact that you are using WordPress on your site.

NOTE! For WP Multisite, one license is for the entire network. 

Ghost All

$54
$ 16
25/mo

Billed Yearly
70% Special Discount
$12.83/mo on renewal
  • Unlimited Websites
  • 1 Year Plugin Updates
  • 1 Year Events Log & Alerts
  • Premium Security Protection
  • WP Multisite Support
  • Premium Support

Ghost 10

$24.99
$ 7
/ mo

Billed Yearly
70% Special Discount
$5.66/mo on renewal
  • 10 Websites License
  • 1 Year Plugin Updates
  • 1 Year Events Log & Alerts
  • Premium Security Protection
  • WP Multisite Support
  • Premium Support
Best offer

Ghost 1

$ 2
49 / mo

Billed Yearly
$1.99/mo on renewal
  • 1 Website License
  • 1 Year Plugin Updates
  • 1 Year Events Log & Alerts
  • Premium Security Protection
  • WP Multisite Support
  • Premium Support

30 Days Money Back Guarantee. No Long-term Contracts

This is a yearly subscription payment with 20% discount on renewal​

In more than 45 payment methods

Lite vs. Ghost

Features

  • Custom & Hide wp-admin URL
  • Custom & Hide wp-login URL
  • Custom Lost Password URL
  • Custom Register URL
  • Custom wp-content path
  • Custom wp-includes path
  • Custom Logout URL
  • Custom admin-ajax URL
  • Custom uploads URL
  • Custom comment URL
  • Custom author URL
  • Custom plugins path
  • Custom themes path
  • Hide HTML Comments
  • Hide WP and Plugins Version
  • Hide Author ID URL
  • Hide Plugins name
  • Hide Themes name
  • Custom theme style name
  • Custom API path URL
  • Disable Rest API access
  • Hide WordPress Common Paths
  • Hide WordPress Common Files
  • Firewall Against Script Injection
  • Disable Directory Browsing
  • Hide Admin for Logged Users
  • Hide RSD header
  • Hide Emojicons
  • Disable XML-RPC access
  • Disable Embed scripts
  • Disable WLW Manifest scripts
  • Disable DB Debug in Frontent
  • Brute Force Google reCaptcha
  • Whitelist & Blacklist IP Addresses
  • Log Users Events
  • Security Email Alert
  • Complete Security Check
  • Backup & Restore
  • Cache & Optimize Speed
  • URL Mapping
  • Premium Support

Lite version

Ghost version

Lite version

  • Custom & Hide wp-admin URL
  • Custom & Hide wp-login URL
  • Custom Lost Password URL
  • Custom Register URL
  • Custom wp-content path
  • Custom wp-includes path
  • Custom Logout URL
  • Custom admin-ajax URL
  • Custom uploads URL
  • Custom comment URL
  • Custom author URL
  • Custom plugins path
  • Custom themes path
  • Hide HTML Comments
  • Hide WP and Plugins Version
  • Hide Author ID URL
  • Hide Plugins name
  • Hide Themes name
  • Custom theme style name
  • Custom API path URL
  • Disable Rest API access
  • Hide WordPress Common Paths
  • Hide WordPress Common Files
  • Firewall Against Script Injection
  • Disable Directory Browsing
  • Hide Admin for Logged Users
  • Hide RSD header
  • Hide Emojicons
  • Disable XML-RPC access
  • Disable Embed scripts
  • Disable WLW Manifest scripts
  • Disable DB Debug in Frontent
  • Brute Force Google reCaptcha
  • Whitelist & Blacklist IP Addresses
  • Log Users Events
  • Security Email Alert
  • Complete Security Check
  • Backup & Restore
  • Cache & Optimize Speed
  • URL Mapping
  • Premium Support

Ghost version

  • Custom & Hide wp-admin URL
  • Custom & Hide wp-login URL
  • Custom Lost Password URL
  • Custom Register URL
  • Custom wp-content path
  • Custom wp-includes path
  • Custom Logout URL
  • Custom admin-ajax URL
  • Custom uploads URL
  • Custom comment URL
  • Custom author URL
  • Custom plugins path
  • Custom themes path
  • Hide HTML Comments
  • Hide WP and Plugins Version
  • Hide Author ID URL
  • Hide Plugins name
  • Hide Themes name
  • Custom theme style name
  • Custom API path URL
  • Disable Rest API access
  • Hide WordPress Common Paths
  • Hide WordPress Common Files
  • Firewall Against Script Injection
  • Disable Directory Browsing
  • Hide Admin for Logged Users
  • Hide RSD header
  • Hide Emojicons
  • Disable XML-RPC access
  • Disable Embed scripts
  • Disable WLW Manifest scripts
  • Disable DB Debug in Frontent
  • Brute Force Google reCaptcha
  • Whitelist & Blacklist IP Addresses
  • Log Users Events
  • Security Email Alert
  • Complete Security Check
  • Backup & Restore
  • Cache & Optimize Speed
  • URL Mapping
  • Premium Support

Last Updated: in 21 Sept 2018 compatible with WP 4.9.x

 
Hide my WordPress Ghost is an easy to use product designed to provide you with the best protection against hackers. When you start using this plugin, you will be able to hide the fact that you are using WordPress on your site.Being able to hide the common paths is critical because you get to keep intruders away from sensitive website data. This is crucial, and it will provide you with a great experience and really good results in the long term. It will surely be worth it, not to mention that hiding the common paths will also make hacking a lot harder.hide my wp detectorProtect your WordPress website by hiding the fact that you are using WordPress for your website.

In Hide My WordPress Ghost you will get:

  • Hide WordPress wp-admin URL
  • Hide WordPress wp-login URL
  • Hide WordPress wp-login.php URL
  • Hide WordPress  admin bar
  • Hide wp-content
  • Hide wp-config.php
  • Hide wp-config-sample.php
  • 404 Redirect for wp-admin, wp-login access
  • Custom wp-admin and wp-login URLs
  • Custom wp-includes path
  • Custom wp-content path
  • Random plugins names
  • Random themes name
  • Custom wp-content/plugins path
  • Custom wp-content/uploads path
  • Custom authors path
  • Custom wp-comments-post URL
  • Custom category path
  • Custom tags path
  • Custom style.css for themes
  • Remove unwanted classes
  • Remove ids from stylesheets and scrips
  • Disable DB Debug in Frontent
  • Firewall Against Script Injection
  • Disable Directory Browsing
  • Hide RSD (Really Simple Discovery) header
  • Hide WordPress Common Paths
  • Hide WordPress Common Files
  • Hide WordPress HTML Comments
  • Hide WordPress Versions
  • Hide the WP Generator META
  • Hide the WP DNS Prefetch META
  • Disable XML-RPC access
  • Disable Rest API access
  • Disable Embed scripts
  • Disable WLW Manifest scripts
  • Hide Emojicons if you don’t use them
  • Brute Force Attack Protection
  • Custom IPs blocklist
  • Custom IPs whitelist
  • Math function in Login Page
  • Google reCaptcha function in Login Page
  • Custom attempts, timeout, message
  • Log logged users actions by user role
  • Add security alerts by action
  • Support for WordPress Multisites
  • Support for Nginx
  • Support for IIS
  • Support for LiteSpeed
  • Support for Apache
  • Support for Bitnami Servers
  • Support for WpEngine Servers
  • Integrated with Wp Rocket plugin

A Firewall Against Almost Any Attack from Hacker Bots:

  • SQL Injection Protection
  • Script Injection Protection
  • CSRF (Cross-Site Request Forgery) Protection
  • XSS (Cross-Site Scripting) Protection
  • Brute Force Attack Protection
  • Hide WordPress  from Wappalyzer
  • Hide WordPress  from BuiltWith
  • Hide WordPress  from IsItWP
  • Hide WordPress  from WPThemeDetector
  • Hide WordPress  from WhatWPThemeIsThat
Hide My WordPress do not physically change the paths on your server. We use the WordPress hooks for that. source code with the paths changed in hide my wp

PLUGIN SPEED:

There are more and more plugins you can use for hiding the common paths, and you need to consider using one as fast as possible. Your entire website security is at risk, so the best thing you can do is to opt for this and results can indeed be worth it.hide my wp plugin speed

NEW!

  • Support for subdomain and subdirectory WP Multisite
  • Support for Nginx server
  • Support for IIS server
  • Support for LiteSpeed server
  • Support for Bitnami servers
  • Support for WpEngine servers
  • Support for InMotionHosting servers
hide my wp ghost

AND MORE:

  • Monitor your website from your WPPlugins account
  • Premium Support for any installation and compatibility issue
However, once you start using Hide My WP Ghost, the website security will be improved, you will receive constant updates, and you also get a Ninja mode that automates most of the features.You won’t have to worry about hackers anymore once you start using Hide My WP Ghost because this is the tool you have to use whenever you want to take the website security to the next level.So, give it a shot and hide the common paths in WordPress right now. This will offer you the much-needed security boost!

Changelog Hide My WP Ghost:

= 4.0.08 (21 Sept 2018) =
* Update - Compatible with Gutenberg 3.8
* Update - Compatible with WP Super Cache 1.6
* Update - Compatible with All In One WP Security & Firewall 4.3
* Update - Compatible with iThemes Security 7.1
* Update - Compatible with Beaver Builder 2.1
* Update - Compatible with Elementor Editor 2.2
* Update - Compatible with Thrive Architect 2
* Update - Compatible with Woocommerce 3.4
* Fix - Compatibility with WP-Rocket
* Fix - Compatibility with Autoptimize
* Fix - Rewrite paths when moving from Ghost mode to Default in Apache, Nginx and IIS
* Fix - Restore settings didn't save the config rewrites

= 4.0.07 (04 Sept 2018) =
* Update - Remove Admin Cookies from wp-config left by other plugins when Hide My WP is installed.
* Fix - Don't create the activate rewrite in case the URL isn't changed
* Fix - Compatibility with other plugins was checked
* Fix - Compatibility with WP-Lazy-Load

= 4.0.06 (24 Aug 2018) =
* Update - Added URL Mapping option
* Update - Change internal URL to new ones. Works for CSS, JS and Images
* Fix - Corrected the root path to config files

= 4.0.05 (17 Aug 2018) =
* Update - Compatible with Gutenberg plugin
* Update - Compatible with Wp Hide plugin
* Fixed - Corrected the hide paths in Apache, IIS and Nginx
* Fixed - NGINX change alerts to be more visible
* Fixed - Rules for install.php not to include plugin-install.php too

= 4.0.04 (16 Aug 2018) =
* Update - Added security filter when a logged user's IP address is changed
* Update - Added security alerts for failed login attempts
* Update - Added security alerts when a user has login attempts from different IP addresses
* Update - Added security alerts when a plugin is deleted
* Update - Added security alerts when a post is deleted
* Update - Remove inline style ids option
* Fixed - Log username when a plugin is deleted

= 4.0.03 (14 Aug 2018) =
* Fixed - Comments removal
* Fixed - Corrected Typos on Security Check
* Update - Compatibility with more WordPress Themes

= 4.0.02 (10 Aug 2018) =
* Update - Compatibility with the last version of WP-ROcket
* Fixed - Prevent showing blank page on content removal
* Fixed - The ajax error on Security Check Fix button

= 4.0.01 (02 Aug 2018) =
* Update - New Settings design
* Update - Firewall Against Script Injection
* Update - Customize the Hide My Wp safe link
* Update - Log events for specified user roles
* Update - WordPress Security Alerts 
* Update - Security Check and options to fix the issues
* Update - New Ghost Mode option to hide and protect the themes and plugins
* Update - Google Captcha for login page and Woocommerce login page
* Update - Install and Activate recommended plugins

Changelog Hide My WP PRO:

= 3.0.037 (02 Aug 2018) =
* Fix - Fixed the wp-json URL in htaccess
* Fix - Prevent hiding theme/plugin fonts and images when hiding old paths
* Compatible with WP 4.9.8

= 3.0.036 (25 July 2018) =
* Update - Rule to hide Author By ID
* Update - Rule to remove Directory Explorer
* Fix - Save config for IIS servers when only default rules are set
* Fix - Prevent hiding theme/plugin fonts and images when hiding old paths

= 3.0.035 (30 June 2018) =
* Fix - Don't rewrite ajax calls for wp-admin.php
* Fix - Fix version hide small bugs

= 3.0.033 (12 June 2018) =
* Nginx detector for Inmotion Hosting
* Update - Compatibility with Inmotion Hosting
* Update - Compatibility with Powered Cache
* Fix - CDN rewrites for Powered Cache plugin

= 3.0.032 (08 June 2018) =
* Update - Compatibility with W3 Total Cache
* Update - Compatibility with WP Super Cache
* Update - Compatibility with WP Fastest Cache
* Update - Compatibility with Cache Enabler
* Update - Compatibility with WOT Cache
* Update - Compatibility with Autoptimizer
* Update - Compatibility with CDN Enabler
* Update - Compatibility with Squirrly SEO
* Update - Compatibility with Yoast SEO
* Update - Compatibility with All In One SEO
* Update - Increase speed in frontend rewrite
* Fix - Add all the plugins on WP Multisite

= 3.0.031 (06 June 2018) =
* Update - Add Vulnerabilities and Hide Old Paths for Nginx servers
* Update - Compatible with Autoptimizer
* Update - Compatible with Cache Enabler
* Update - Compatible with WPML Multilingual CMS
* Update - Compatible with Polylang
* Update - Compatibility with WP 4.9.6
* Update - Compatible with Wp-Rocket 3.0.5
* Fix - Add Rewrite rules when WordPress has duplicate definition blocks in htaccess
* Fix - Increased security in Frontend
* Fix - Rename paths for all languages

= 3.0.030 (10 May 2018) =
* Update - Add the Website Vulnerability Check in Settings > Hide My Wp
* Update - Compatibility with WP 4.9.5
* Fix - Let upgrade.php access for logged users in WP Multisite
* Fix - Improved the Relative to Absolute link change
* GDPR Compliant

= 3.0.029 (07 April 2018) =
* Update - Add option to manage the licences in https://wpplugins.tips/my-account/my-licenses/
* Fix - Remove Fatal error when DOM extension is not loaded in PHP

= 3.0.028 (28 March 2018) =
* Update - Added the option to hide the wp-activate paths
* Update - Change the login and activation paths in user invite email for single site and multisite
* Update - Increase memory limit in case of memory reach to avoid white screens
* Update - Added new rules in Vulnerability Section
* Update - Added option to disable XML-RPC access and Trackback access
* Fix - Don't hide WP API when Contact Form 7 plugin is active
* Fix - Increased site speed in Frontend

= 3.0.027 (12 Mar 2018) =
* Update - Improved the Login process and the admin redirect
* Update - Increase speed in Frontend for more WP Themes

= 3.0.026 (23 Feb 2018) =
* Update - Exclude login URL from Wp Rocket cache
* Update - Compatibility with WP 4.9.4

= 3.0.025 (22 Jan 2018) =
* Update - Works with more Codecanyon Themes
* Update - Compatibility with WP 4.9.2
* Fixed small CSS bugs

= 3.0.024  (11 Nov 2017) =
* Fix - Change the relative paths without changing them to absolute paths
* Fix - Works with more Codecanyon Themes
* Update - Compatibility with Woo-global-cart + Fix
* Fix - Call to undefined function mime_content_type() error
* Update the compatibility with W3 Total Cache

= 3.0.023 (27 Oct 2017) =
* Update - Remove the dns-prefetch meta link
* Update - Changed the jetpack traffic script with a local file to prevent it from being detected
* Fix - Change the oaths when WP-rocket is installed but not active
* Fix - Don't load the buffer in admin unless the Hide My WP Admin option is active

= 3.0.022 (26 Oct 2017) =
* Update - Compatibility between Hide My WP and Loginstyle-developer
* Fix - Increase frontend loading speed
* Fix - Path Rename for Wp-Rocket CDNs
* Fix - Logout clear cookie for all subsites
* Fix - WP Super Cache update compatibility

= 3.0.021 (04 Oct 2017) =
* Fix - Woocommerce Frontend Login Cookie
* Fix - Ajax calls in frontend for some themes

= 3.0.019 (18 Sept 2017) =
* Fix - The API rest rename is not taking effect right away
* Fix - Group the API rest service in the Hide My Wp Settings
* Fix - PHP Warning: array_map() for Rewrite.php on line 1524
* Fix - Cookie for WP Multisite for Super Users
* Fix - Tab won't open when there are Javascript errors

= 3.0.017 (03 Sept 2017) =
* Update - Ban/Block IP from Hide My WP Ghost is compatible with more WP themes
* Update - Add Fail Attempts limit when Login Math Check is not active
* Fix - Show the block IPs in the Brute Force List

= 3.0.016 (01 Sept 2017) =
* Fix - Ban IP is added on all pages of the website
* Fix - Small bugs when activating the plugin

= 3.0.015 (31 Aug 2017) =
* Update - Ban IP is added in the Brute Force Option
* Update - Add a custom URL for logout path
* Update - Activate the plugin with our server
* Fix - Remove the custom lostpass, signup and logout paths

= 3.0.013 (01 Aug 2017) =
* Update - Spanish Translation
* Fix - Corrected typos
* Fix - Strict login redirect
* Compatible with WordPress DIVI Theme

= 3.0.012 (19 July 2017) =
* Fix - Action Required when there are no rewrite rules
* Fix - Optimized the speed on path renames
* Fix - Compatibility with W3 Total cache & Memcache option

= 3.0.010 (9 July 2017) =
* Update - Hide My WP and Jupiter Theme compatibility
* Fix - PHP Warning: array_map() and array_merge()
* Fix - Compatibility between Hide My WP and WpEngine Hosting
* Fix - Rewrite for WP Fastest Cache

= 3.0.007 (2 July 2017) =
* Update - Removed deprecate functions
* Fix - Blank screen on plugin deactivation

= 3.0.006 =
* Fix - Remove the Warning: in_array() expects parameter 2 to be array, null given in /home/xxxxxxxx/public_html/wp-content/plugins/hide-my-wordpress/classes/Tools.php

= 3.0.005 =
* Update - Increased the loading speed
* Update - Compatibility between Hide My WP and WordPress Contact Form 7
* Update - Compatibility between Hide My WP and All in one wp security
* Update - Compatible with WP 4.7.5 and 4.8 beta

= 3.0.004 =
* Update - Rename the paths when the WordPress URL is different than Site URL in Settings > General
* Fix - Ignore the www. in the rename process

= 3.0.002 (23 May 2017) =
* Fix - rewrite table to prevent losing the rewrites
* Update - Added custom and hidden admin path for nginx servers
* Update - Changed config steps for nsing servers
* Update - IIS config for IIS servers

= 3.0.001 (19 May 2017)=
* Fix - the rewrite for http call when https is set in Settings > General
* Update - Optimized the loading speed

= 3.0.000 (11 May 2017)=
* Update - Added more options for redirect
* Fix - the forced login redirect
* Added the option to hide the new admin path

Frequently Asked Questions

You can use the free version of the plugin on any number of websites, whether or not they are owned by you.

The Ghost version can be installed on a limited number of website, and you can transfer your license if you change your website.

This license is limited to the number of websites you use it on. This means that you have to activate the product with a license for each website you want to use a product on. For WordPress Multisite, the license is for the entire network.

Of course! Just deactivate the plugin from the previous domain, and activate it on the new one. You can manage it in your account via Manage License.

You are actually purchasing a product as a service, with access to security updates, new features, fast replies to support requests for one year.

The advantage is that you don’t need to worry about security updates and compatibilities with other plugins because we’ve got your back. And this is why we recommend that you pay yearly.

We offer a full refund for the first 30 days after purchase, based on our Refund Policy.

Hide My WP Lite offers the basic security options for your website, while Hide My WP Ghost offers you a powerful security level to prevent most of the WordPress attacks made by both humans and bots. More details

You can use PayPal or any credit card to pay for Hide My WP Ghost. We use the 2CO gateway, which supports over 45 payment methods

You can save all the settings from the Free version and restore them after you activate Hide My WP Ghost. 

Yes, you have.

Access the Knowledge Base for more answers or contact us.

To get answers to more questions, visit our complete FAQ page or contact us.

Trusted by over 50k users

Secure your Website!
Speed-up your Website!