FAQ

How to Stop WP Ghost Plugin Auto Update Check

Disable WP Ghost automatic update checks by adding WP_AUTO_UPDATE_HMWP to wp-config.php. Keep full control over when you update the plugin.

Same Login Path with Multiple Security Plugins?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

No, using the same custom login path across multiple security plugins is not recommended. Each plugin that offers a custom login path should be configured with a unique URL. Sharing the same path causes style conflicts, redirect loops, and can actually expose your custom login URL instead of protecting it.

Why the Same Login Path Causes Problems

When two security plugins both try to handle the same custom login path, they compete for control over that URL. Each plugin writes its own rewrite rules and applies its own redirect logic. The result is unpredictable: one plugin may redirect the request before the other gets a chance to process it, the login page may load with broken styling because both plugins inject their own CSS, or the login page may become completely inaccessible due to a redirect loop.

Worse, the conflict itself can leak information. If one plugin’s redirect fires first and points back to /wp-login.php before the other plugin hides it, bots watching the redirect chain can discover your real login path. That defeats the entire purpose of changing the login URL in the first place.

Recommended Setup with Multiple Plugins

The best approach is to let one plugin own the login path entirely and disable that feature in the other. WP Ghost is the recommended choice for login path security because it handles the change at the server rewrite level, which is faster and more thorough than PHP-level redirects.

If you still want both plugins to have their own login paths (for example, one styled login for clients and one hidden login for admins), configure each with a completely different URL. In WP Ghost, set your custom login path in WP Ghost > Change Paths > Login Security. In the other plugin, like Wordfence or Solid Security, set a different custom path. Then make sure WP Ghost hides the default /wp-login.php and /login paths so bots cannot reach them.

Example Configuration

Here is a practical example with WP Ghost and Wordfence running together. WP Ghost handles the custom login path at /my-secret-login with the default WordPress paths hidden. Wordfence uses a separate path at /team-access with its styled login page enabled. Both plugins operate independently because they are not fighting over the same URL. Default paths like /wp-login.php and /login return a 404 error, so bots scanning for standard WordPress entry points hit a dead end.

LoginPress Compatibility

WP Ghost is fully compatible with LoginPress. You can use the same custom login path for both plugins in this specific case because LoginPress is a styling plugin, not a security plugin. It does not write its own rewrite rules or redirect logic. LoginPress only applies visual customization to the login page, so there is no conflict with WP Ghost handling the path security. This lets you have a branded, styled login page that is also hidden behind a custom URL.

Frequently Asked Questions

What happens if I accidentally set the same path in two security plugins?

You will likely experience redirect loops, a broken login page, or an inaccessible admin dashboard. If this happens, use the emergency disable method to regain access, then configure unique paths for each plugin.

Which plugin should I use for the custom login path?

WP Ghost is the recommended choice. It handles login path changes at the server rewrite level, which is more efficient and secure than PHP-level redirects. Disable the custom login path feature in your other security plugin and let WP Ghost manage it. For specific configuration guides, check WP Ghost with Wordfence or the compatible plugins list.

Can I use a styled login plugin like LoginPress with WP Ghost?

Yes. LoginPress is a styling-only plugin. It does not interfere with WP Ghost’s path security or rewrite rules. You can use the same custom login path in both WP Ghost and LoginPress without conflict. Alternatively, WP Ghost includes its own built-in Login Page Design feature under WP Ghost > Tweaks, so you may not need LoginPress at all.

Should I hide the default /wp-login.php path too?

Absolutely. Changing the login path without hiding the original is only half the job. Go to WP Ghost > Change Paths > Login Security and enable the option to hide the default /wp-login.php path. This returns a 404 error for anyone trying the standard WordPress login URL. For a full walkthrough, see the Change WordPress Login Path tutorial.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses server-level rewrite rules and WordPress filters to change and hide login paths. No WordPress core files are modified. Deactivating WP Ghost restores all original paths instantly.

Why Has Elementor Stopped Working with WP Ghost Safe or Ghost Mode?

Elementor editor broken after activating WP Ghost Safe Mode or Ghost Mode? Fix it by checking Nginx config, REST API, AJAX path, cache, and logged user settings.

How Do I Install Security Plugins in WordPress? (Guide)

Learn how to install and configure a WordPress security plugin step by step. Covers plugin search, activation, settings, and hack prevention tips with WP Ghost.

Do I Really Need a Security Plugin for WordPress?

Yes. WordPress default paths make every site a bot target. Learn why a hack-prevention plugin like WP Ghost is essential for protecting your WordPress site.

Why Style & Buttons Are Not Working With Hide My WP?

Fix CSS, JavaScript, and button issues after activating WP Ghost. Step-by-step troubleshooting for Text Mapping, hidden paths, META IDs, and cache conflicts.

How Do I Block WP Content in WordPress? (WP Ghost Guide)

Block direct access to wp-content by changing the path and hiding it with WP Ghost. Step-by-step guide to protect themes, plugins, and uploads from bots.

What Is the WP Ghost Security Plugin for WordPress?

WP Ghost is a hack-prevention WordPress plugin that hides default paths, adds 7G/8G firewall rules, 2FA with passkeys, and brute force protection. Learn what it does.

How Do I Make My WordPress Site Invisible?

Hide your WordPress site during development with maintenance mode and noindex, then make it invisible to bots and scanners with WP Ghost path security.

What Is the Best Plugin for Cloaking WordPress?

WP Ghost cloaks WordPress by changing all default paths, removing CMS fingerprints, and simulating Drupal or Joomla. Bots and detectors cannot identify your site.

How Do I Hide the WordPress Version?

Remove WordPress version numbers from CSS, JS, images, and the generator meta tag with WP Ghost. Two toggles strip all version fingerprints from your source code.

How Do I Hide the Theme Name in WordPress?

Hide your WordPress theme name with WP Ghost. Change the themes path, replace directory names with random codes, rename style.css, and block theme detectors.

How Do I Hide My WordPress Site from the Public?

Hide your WordPress site from visitors during development with maintenance mode, noindex, IP whitelisting, and WP Ghost hack prevention. Full step-by-step guide.

How Do I Set Up Two-Factor Authentication in WordPress?

Set up 2FA in WordPress with WP Ghost using authenticator apps, email codes, or passkeys (Face ID, Touch ID). All three methods are free. Step-by-step guide.

Why Do Detectors Like IsItWP Still Show WordPress CMS?

IsItWP and BuiltWith cache CMS results for weeks. Learn which detectors give real-time results and how to correctly test your WP Ghost configuration.

How Do I Hide My WordPress Site from Hackers and Bots?

Hide your WordPress site with WP Ghost by changing all default paths, removing CMS fingerprints, and blocking theme detectors. Complete step-by-step guide.

Can WP Ghost Hide the Plugins and Theme You’re Using?

Yes. WP Ghost hides plugin names, theme names, directory paths, and style.css from scanners. Learn how to set up full plugin and theme hiding step by step.

Why Doesn’t My Theme Layout Load After Using WP Ghost?

Theme layout broken after WP Ghost path changes? Fix it by clearing cache, updating Nginx or Apache config, checking Text Mapping, and resolving plugin conflicts.

Is My Website Loading Slower with WP Ghost?

No. WP Ghost adds about 0.05s to page generation and zero with caching. If your site slowed down, check your server config. Full performance guide inside.

Can I Remove the Language Switcher from WordPress Login?

Yes. WP Ghost removes the WordPress login language switcher with one toggle. Go to Change Paths > Login Security and enable Hide Language Switcher. No code needed.

Why Can’t I Login to WordPress via wp-admin?

Can’t access /wp-admin after activating WP Ghost? Your admin path is hidden for security. Learn how to use your custom login URL, disable hiding, or recover access.

How Do I Disable XML-RPC in WordPress?

Disable XML-RPC in WordPress with one toggle in WP Ghost. Block brute force amplification, DDoS pingback abuse, and username enumeration through xmlrpc.php.

How to Protect Your WordPress Website from Hackers

Protect your WordPress site with four security layers: secure hosting, hack prevention with WP Ghost, updates, and backups. Stop bots before they find your site.

Does WP Ghost Work With WP Umbrella?

Yes. Configure WP Ghost for WP Umbrella by keeping the /login path accessible and matching the REST API path in both plugins. Step-by-step setup guide.

How Do I Change or Hide META Text in WordPress?

Replace WordPress and plugin names in META tags using the free WP Ghost Meta Mapping extension. Covers installation, rule setup, and admin dashboard mapping.

Does HMWG work with Elementor Custom Icons?

Yes. WP Ghost is fully compatible with Elementor Pro custom icons. Icon fonts upload and display correctly with all WP Ghost security options active.

How Do I Change WordPress Paths in the Admin Dashboard?

Enable WP Ghost path changes in the admin backend by adding one line to wp-config.php. Step-by-step guide with warnings and rollback instructions.

How to Remove WP Ghost Rewrite Rules from WordPress .htaccess?

Remove WP Ghost rewrite rules from the WordPress .htaccess block. Switch off Add Rewrites in WordPress Rules Section or use the HMW_RULES_IN_WP_RULES constant.

How Do I Hide Old WordPress Image Paths?

Hide or redirect old WordPress image paths after changing your uploads directory. Covers the HMW_HIDE_OLD_IMAGES constant, MEDIA file redirects, and server rewrite rules.

Why Is My Custom Admin Path Redirecting to the Front Page?

Custom admin path redirects to the front page? Switch off “Hide the New Admin Path” in WP Ghost > Change Paths > Admin Security. Here is why it happens and how to fix it.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.