Is WP Ghost Compatible with Kinsta Hosting?
Yes, WP Ghost works on Kinsta. Full path hiding requires Kinsta support to add one config file. Or use the no-config preset for instant protection without support.
FAQ
Does WP Ghost Work With BuddyBoss?
Yes. WP Ghost is compatible with BuddyBoss platform and theme. Keep the REST API path unchanged if you use the BuddyBoss App. Full setup guide.
What Are WP Ghost’s Support Terms for Agency Client Sites?
WP Ghost supports the account holder, not end clients. Learn how agency support works, how to help your clients, and how whitelabeling fits in.
Does WP Ghost Come With a License Transfer System?
WP Ghost has no formal license transfer. You can change the account email to a new owner or remove the site and let them purchase their own license.
Does WP Ghost Support Cover All Connected Websites?
Yes. WP Ghost Premium support covers all websites on your account with an active subscription. No per-site limit. Support goes to the account holder, not third parties.
Can I Recycle Sites on a Limited WP Ghost Plan?
WP Ghost plans count active installs, not total. Remove a site from your account and the slot opens for a new one. No swap limits. Full explanation inside.
Will There Be Issues If I Stop Using WP Ghost?
No. All WP Ghost settings are fully reversible. Deactivating the plugin instantly restores all WordPress defaults. Deleting removes all traces. Zero risk.
Can I Remotely Disable WP Ghost on a Client’s Website?
Yes. Block any client site from the WP Ghost Dashboard without logging into their WordPress. Revokes the license, frees the slot, and keeps their site intact.
Can I Create Custom CMS Footprints in WP Ghost?
WP Ghost simulates Drupal and Joomla by default. You can add a custom generator name using the hmwp_emulate_cms filter, but use a real CMS name for best results.
Does WP Ghost Write Code into PHP Files?
WP Ghost never modifies PHP files. It uses .htaccess rewrite rules and WordPress filters. Deactivating restores everything instantly. Full technical explanation.
Does WP Ghost Protect Against Clickjacking?
Yes. WP Ghost adds X-Frame-Options and CSP frame-ancestors headers to prevent clickjacking. Enable security headers in one click. Free feature.
Does WP Ghost Work on Shared Hosting Plans?
WP Ghost works on shared hosting. Apache and LiteSpeed need no extra setup. Nginx shared hosting needs one config include or use the no-config preset. Full details inside.
Does WP Ghost Work on SiteGround Hosted Websites?
Yes. WP Ghost is fully compatible with SiteGround. It auto-detects the server setup and writes .htaccess rules automatically. No Nginx config editing needed.
Is WP Ghost Available in Other Languages? (16 Languages)
Yes. WP Ghost is translated into 16 languages including French, German, Spanish, Italian, Japanese, and more. Learn how to set or force a specific language.
Is WP Ghost Compatible with the AppMySite Plugin?
Yes. WP Ghost works with AppMySite. Keep the REST API path at default and do not disable REST API access. All other security features work normally.
Does WP Ghost Make Changes to the .htaccess File?
WP Ghost writes rewrite rules and firewall filters to .htaccess on Apache/LiteSpeed. No PHP files changed. Rules removed cleanly on deactivation. Full details inside.
Will WP Ghost Help My Site Against All Bots?
Yes. WP Ghost reduces bot traffic by hiding WordPress paths, blocking malicious requests with 7G/8G firewall, and stopping brute force and spam bots automatically.
Does WP Ghost Have 7G Firewall Protection?
Yes. WP Ghost includes both the 7G and 8G Firewalls by Jeff Starr. Server-level protection against SQL injection, script injection, and bots. Free feature. Setup guide inside.
What Can I Do If I Can’t Login After Using WP Ghost?
Locked out after WP Ghost path changes? Use the Safe URL, Pause 5 Minutes, rollback settings, or FTP emergency disable. Four recovery methods explained.
Can I Disable Inspect Element in WordPress with WP Ghost?
Moved
View on new site
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
Yes. WP Ghost can disable Inspect Element, along with right-click, View Source, copy/paste, and image drag-and-drop. These features block casual source code inspection and content theft through browser keyboard shortcuts and context menus. They’re free features available under WP Ghost > Tweaks > Disable Options.
How Do I Disable Inspect Element with WP Ghost?
Go to WP Ghost > Tweaks > Disable Options. Switch on Disable Inspect Element. Click Save.
Once enabled, WP Ghost blocks the keyboard shortcuts that open browser DevTools: Ctrl+Shift+I, Ctrl+Shift+C, Ctrl+Shift+J, Ctrl+Shift+K, and F12 on Windows, and Option+Shift+Command+I on macOS. It also removes Inspect Element from the right-click context menu. Optionally, you can enable Blank Screen On Debugging to show a blank page when DevTools are detected open.
By default, this only applies to non-logged-in visitors. If you also want it to apply to certain logged-in user roles, switch on Disable Inspect Element for Logged Users and select the roles. Administrators are never affected unless you specifically add them.
What Other Browser Actions Can WP Ghost Disable?
WP Ghost offers five disable features in total, all in the same WP Ghost > Tweaks > Disable Options section. Besides Disable Inspect Element, you can also enable Disable Right-Click (blocks the entire context menu), Disable View Source (blocks Ctrl+U / Cmd+U), Disable Copy/Paste (blocks Ctrl+C / Cmd+C and optionally pasting), and Disable Drag/Drop Images (prevents dragging images to the desktop).
Each feature works independently. You can enable just Inspect Element without blocking right-click, or enable all five together for maximum content protection. Each one also includes a custom warning message field and per-role configuration for logged-in users.
For the complete guide covering all five disable features with detailed configuration, see the disable options tutorial.
Will This Stop All Source Code Inspection?
It stops casual inspection, which covers the majority of users who rely on the browser’s built-in tools. A technically skilled person can still use external tools, browser extensions, or command-line utilities to access your source code. These features aren’t about absolute prevention. They’re about raising the barrier so that the 90% of casual inspectors (theme detector users, content scrapers, casual competitors) are blocked.
For maximum protection, combine Disable Inspect Element with WP Ghost’s source code cleanup features: hide version numbers, hide IDs from META tags, hide HTML comments, and Text Mapping to replace class names. Even if someone does reach the source, there’s nothing identifying to find.
Frequently Asked Questions
Will this affect my site’s administrators?
No, by default. Disable options only apply to non-logged-in visitors. Each feature has a separate “for Logged Users” toggle with role selection. Administrators are never affected unless you specifically add them, which is not recommended since you need DevTools access for site management.
Does disabling Inspect Element affect SEO?
No. These features use client-side JavaScript to block browser interactions. Search engine crawlers don’t execute JavaScript the same way browsers do. Google specifically states that blocking right-click or View Source has no impact on crawling, indexing, or rankings.
Does this work with WooCommerce?
Yes, with one caution: if you also enable Disable Paste, it blocks pasting into all forms including WooCommerce checkout fields (coupon codes, billing information). Either leave Disable Paste off for WooCommerce sites, or whitelist your checkout page path in WP Ghost > Firewall > Whitelist. Disable Inspect Element itself has no impact on WooCommerce functionality.
Is this a free feature?
Yes. All five disable options (Right-Click, Inspect Element, View Source, Copy/Paste, Drag/Drop) are included in WP Ghost Free along with 115+ other security features.
Does WP Ghost modify WordPress core files?
No. All disable features work through JavaScript event handlers injected at runtime. No core files, theme files, or plugin files are modified. Disabling any feature or deactivating WP Ghost restores full browser functionality instantly.
Where is the data from the Events Log Reports being stored?
Moved
View on new site
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
Events Log data is stored in two places: locally in your WordPress database and optionally on WP Ghost’s cloud servers. Local logs are retained based on the retention period you configure. Cloud logs are kept for 30 days and then permanently deleted. The cloud copy can be exported in Excel format before deletion. Data is not shared with third parties and is not used for marketing.
Local Storage (WordPress Database)
When you enable the Events Log at WP Ghost > Logs > Settings, events are recorded in a dedicated database table (_hmwp_logs) inside your WordPress database. This is the primary storage location. You control the retention period through the plugin settings. Local logs are accessible from WP Ghost > Logs > User Events in your WordPress dashboard. If the plugin is uninstalled, local logs are removed along with the database table.
Cloud Storage (WP Ghost Dashboard)
If you enable Enable Cloud Storage for Events Log in the Logs settings, WP Ghost syncs a copy of events to the WP Ghost Dashboard. Cloud logs are retained for 30 days and then permanently deleted. The cloud copy contains the same information as the local report: action name, username, post ID, post type, post name, plugin name, attachment name, IP address, and timestamp.
The advantage of cloud storage is that it survives local tampering. If your site is compromised and an attacker modifies the database or deletes the plugin, the cloud copy preserves the activity log for investigation. Cloud logs are also accessible from any device through the WP Ghost Dashboard, which is useful if you manage multiple sites.
Cloud logs can be exported in Excel format from the WP Ghost Dashboard before the 30-day deletion. Event times in the cloud are stored in UTC-0, so convert to your local timezone when reviewing.
What Data Is Collected
The Events Log records: action names (login, logout, plugin activation, post deletion, etc.), post IDs and types, usernames, post names, plugin names, attachment names, IP addresses, and timestamps. Each piece of information is saved only when a user triggers an action. The data is not shared with any third parties and is not used for marketing purposes. For the full privacy details, see the WP Ghost GDPR Compliance page.
For the complete Events Log configuration guide including role-based filtering, email alerts, and searching the log, see the User Events Log tutorial.
Frequently Asked Questions
Is cloud storage required for the Events Log?
No. Cloud storage is optional. You can use the Events Log with local storage only. However, cloud storage is required if you want to set up email alerts for critical events (like logins from new IPs or plugin deletions), and it provides a tamper-proof copy that survives plugin deletion.
Is the Events Log GDPR compliant?
WP Ghost stores usernames, IP addresses, and user actions, which counts as personal data under GDPR. If you need GDPR compliance, inform your users that their dashboard activity is logged. Cloud data is automatically deleted after 30 days. Local retention is configurable. A notification in the WP Ghost sidebar informs administrators when cloud storage is active. See the GDPR Compliance page for full details.
Is this a free or Premium feature?
The User Events Log is a Premium feature. The free version includes path security, firewall, brute force protection, and 2FA but does not include event logging. See the Free vs Premium comparison.
Does WP Ghost modify WordPress core files?
No. The Events Log operates through WordPress hooks that monitor actions. Local logs use a dedicated database table. Cloud logs are sent via API. No WordPress core files are modified.
Does WP Ghost Rewrite PDF and Upload Links on the Frontend?
Yes. WP Ghost automatically rewrites all PDF, document, and media links when you change the uploads path. No manual updates needed. Links, buttons, and embeds all update.
What Is WP Ghost Backup and Restore? How Does It Work?
Export and import all WP Ghost settings with Backup and Restore. Replicate configurations across multiple sites, save before testing, or migrate settings to a new host.
Will WP Ghost Affect WordPress Migration Plugins?
WP Ghost doesn’t change physical files, so migration plugins work normally. For full migrations, deactivate first and restore after. Domain changes adjust automatically.
Can I Contact WP Ghost Support About Plugin Compatibility Issues?
Yes. Report any plugin or theme conflict to WP Ghost support. The team investigates and releases compatibility fixes. Tested with 1,000+ plugins and themes.
Is Hide My WP Ghost Easy to Use? (Setup in Under 3 Minutes)
Yes. WP Ghost goes from install to protected in under 3 minutes. One-click presets, no coding needed, safety nets for recovery. Full walkthrough inside.
Do I Still Need WP Ghost If I Already Have Sucuri?
Yes. Sucuri detects malware and cleans up after breaches. WP Ghost prevents attacks by hiding WordPress paths. They handle different security layers and work together.
WP Ghost vs Hide My WP (CodeCanyon) – What’s the Difference?
WP Ghost and the CodeCanyon Hide My WP are separate plugins. WP Ghost offers 150+ features, broader compatibility, and a free version on WordPress.org.
How Does WP Ghost Compare to WP Hide Security Enhancer?
WP Ghost includes everything WP Hide offers plus firewall, 2FA, brute force protection, security headers, and country blocking. Full comparison and migration guide.
What Value Does WP Ghost Add to My WordPress Security Stack?
WP Ghost adds hack prevention, the missing layer in most security stacks. It hides WordPress paths so bots cannot discover what to attack. Works with existing plugins.