Over the last 10+ years, we tested WP Ghost alongside standard hosting security and plugins like Cerber, Wordfence, and Solid Security.
Here’s what we saw again and again:
99% fewer hacker attacks
We measured the attacks before and after activating WP Ghost.
After we enabled the main protections, attack traffic dropped by about 99%.
Hackers didn’t “become nicer”. Their bots simply stopped finding the usual weak spots on WordPress sites that WP Ghost hides and protects.
Spam comments went from “annoying” to “zero”
Default WordPress comment files are a magnet for spam bots. Once we hid those default comment files with WP Ghost, bot access to them dropped by up to 100%.
Then we added Brute Force protection with reCAPTCHA on:
- Comments
- Reviews
- Contact forms
The result: automated spam and fake form submissions disappeared on our sites.
No more cleaning trash comments. No more “Congratulations, you’ve won a crypto prize!” messages in your inbox.
Fake account signups stopped
Bots love to create fake accounts on WordPress and ecommerce sites.
After we turned on Brute Force protection on signup forms, automated registrations stopped.
Not “reduced”. Stopped.
- No more fake user accounts
- No more fake customers
- No more bots filling your database with junk
No more virus and worm injections
The scary hacks are the ones you don’t see:
virus injections, worms, hidden scripts that use your site for phishing, spam, or redirects.
When we:
- Hid WordPress common paths
- Hid the default login
- Activated the 8G Firewall in WP Ghost
…the silent hack attempts simply stopped working.
On the sites that kept WP Ghost properly configured, we didn’t see virus or worm injections succeed. For over a decade, clients who installed and set up WP Ghost correctly did not report a single breach.
Okay, but is it worth it?
Short answer: Yes, absolutely.
You install WP Ghost once, turn on a few options, and your site becomes a much harder target for bots.
You don’t need to learn security jargon or spend hours in logs.
You just see:
- Fewer attack notifications
- Less spam
- No fake signups
- No “we’ve been hacked” panic
Will WP Ghost hurt my SEO or speed?
Definitely not.
We’ve tested WP Ghost for more than 10 years on tons of websites.
- Your page URLs stay the same
- Your content stays the same
- Search engines still crawl and index your site normally
- AI bots still crawl and index your site normally
- The plugin is built to be lightweight, so it doesn’t slow your pages down
What changes is how bots see your site on the back end, not how visitors and Google see it.
What you actually need to do
You don’t have to rebuild your site or change themes.
To see the difference, you only need to:
- Install and activate WP Ghost
- Turn on:
- Hide WordPress common paths
- Hide default login
- 8G Firewall
- Brute Force protection on login, signup, comments, reviews, and contact forms
Then just watch what happens in the next days and weeks:
- Attack counts drop
- Spam dies down
- Fake accounts stop appearing
You’ll feel the difference more than you’ll “see” it.
I have over 15 years of experience in building plugins and themes for WordPress and other platforms.
Contact me if you have plugins that you want me to check before you insert them into your website. I will be happy to check them for security and speed.
- What changed when we started using WP Ghost - December 5, 2025
- WordPress REST API Security: Best Practices and Tools - June 24, 2024
- WordPress Firewalls & Tools for Your Website Security - June 17, 2024