plugin-icon

WP Ghost (Hide My WP Ghost) – Security & Firewall

Par John Darrel·
Hide and Secure WP paths, wp-login, wp-admin, et plus. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, et plus.
firewall
hide
login
Note
4.5/5
Version
5.4.08
Installations actives
100K
Mis à jour récemment
Dec 15, 2025
Extension incompatible : Cette extension n’est pas prise en charge sur WordPress.com.En savoir plus
WP Ghost (Hide My WP Ghost) – Security & Firewall

Level up your WordPress security with WP Ghost plugin!

WP Ghost (short for Hide My WP Ghost) is a comprehensive hack-prevention security solution for WordPress websites. It adds multiple layers of security to block hacker bots and prevent unauthorized access.

It works by changing and hiding common vulnerabilities, making it difficult for bots and hackers to exploit weak points in plugins, themes, and the WordPress core itself.

Join over 200,000 secured websites with WP Ghost. The plugin has blocked over 9 million brute-force attempts and stopped over 140,000 monthly hacks.

Key features include powerful protection against:

  • Brute Force Attacks
  • Attaques par injection SQL
  • Attaques par injection de script
  • Vulnerability Exploit
  • Malware Injection
  • XML-RPC attacks
  • File Inclusion Exploits
  • Directory Traversal Attacks
  • Default WP Paths Exploits
  • Cross-Site Scripting (XSS)
  • Throttling of Access Attempts to Entry Points
  • et plus

Protect your site today! WP Ghost hides and secures all common paths, plugins, and themes from hacker bots and spammers.

YouTube – Why You Must Have Hide My WP

WP Ghost is packed with over 65 security-free features:

Change and Hide Paths:

  • Hide WordPress wp-admin, and show 404 error or a custom page
  • Hide WordPress wp-login.php, and show 404 error or a custom page
  • Change the wp-admin and wp-login URLs
  • Change lost password URL
  • Change register URL
  • Change logout URL
  • Change activation URL
  • Change admin-ajax URL
  • Change wp-content URL
  • Change wp-includes URL
  • Change uploads URL
  • Change comments URL
  • Change author URL
  • Change plugins URL
  • Change plugins name
  • Change themes URL
  • Change themes name
  • Custom themes style.css name
  • Change REST API wp-json URL
  • Change category URL

  • Change tags URL

  • Custom login redirects based on user role

  • Custom logout redirects based on user role

  • Change URLs from Relative to Absolute

  • Changer les URL dans les appels ajax
  • Change URLs for Logged Users
  • Change URLs in Cache Files
  • Change paths in Sitemap.xml
  • Change paths in Robots.txt

Firewall:

  • Two-factor Authentication By Code (2FA)
  • Two-factor Authentication By Email (2FA)
  • Two-factor Authentication By Passkey (2FA)
  • Security Headers against XSS & Code Injections
  • Security Header Strict-Transport-Security
  • Security Header Content-Security-Policy
  • Security Header X-XSS-Protection
  • Security Header X-Content-Type-Options
  • Security Header X-Frame-Options
  • Firewall against Script Injections and SQL Injection
  • 7G Firewall Security Filter
  • 8G Firewall Security Filter
  • Block by IP Addresses
  • Block by User Agents
  • Block by Referrers
  • Block by Hostnames
  • Hide Website from Theme Detectors

Hide Options:

  • Hide /wp-admin path
  • Hide /wp-login path
  • Hide /login path
  • Hide REST API wp-json path
  • Hide Admin Toolbar based on user role
  • Cacher les identifiants de style et les META ID
  • Hide WordPress HTML comments
  • Hide Version and WordPress Tags
  • Cacher le lien Préférer le DNS à WordPress
  • Cacher le méta-générateur WordPress
  • Hide RSD (Really Simple Directory) header
  • Hide Emoticons if you don’t use them

Disable Options:

  • Disable REST API access
  • Disable XML-RPC access
  • Désactiver les scripts Embed
  • Désactiver le DB-Debug en frontend
  • Désactiver les scripts du manifeste de la WLW
  • Disable Select All – Ctrl+A (Windows and Linux), ⌘+A (macOS)
  • Disable Copy – Ctrl+C (Windows and Linux), ⌘+C (macOS)
  • Disable Cut – Ctrl+X (Windows and Linux), ⌘+X (macOS)
  • Disable Paste – Ctrl+V (Windows and Linux), ⌘+V (macOS)
  • Disable Save – Ctrl+S (Windows and Linux), ⌘+S (macOS)
  • Disable Inspect Element/Developer Tool – Ctrl+Shift+I (Windows and Linux), ⌘+⌥+I (macOS)
  • Disable View Source – Ctrl+U (Windows and Linux), ⌘+U (macOS)
  • Disable Right Click
  • Disable Drag-Drop
  • Disable Image Dragging by Mouse
  • Disable Text Selection
  • Désactiver la navigation dans les répertoires

Mapping Text and URLs:

  • Change URLs using URL Mapping
  • Changer de classe en utilisant le Text Mapping
  • Changer les URL de CDN en utilisant la cartographie CDN
  • Change paths in the cache files
  • Change paths in the Feed link
  • Change paths in the Sitemap XML
  • Changez de chemin dans le fichier Robots.txt

Brute Force Protection:

  • Brute Force Protection with Math reCaptcha
  • Brute Force Protection with Google reCaptcha V2
  • Protection de la force brute avec Google reCaptcha
  • Brute Force Protection with Google Enterprise reCaptcha
  • Brute Force Protection on Login
  • Brute Force Protection on Password Lost
  • Brute Force Protection on Signup
  • Brute Force Protection on Comment
  • Brute Force Protection on Woocommerce Login
  • Brute Force Protection shortcode [hmwp_bruteforce]
  • Custom attempts, timeout, message
  • Gérer les IP de la liste noire et de la liste blanche

Extra Features:

  • Magic Link Login Without Password
  • Temporary Logins Without Password
  • Fix relative URLs
  • Backup and Restore settings
  • Change classes on source code using Text Mapping
  • Change URLs on source code using URL Mapping
  • Cache CSS, JS, and Images to optimize the loading speed
  • Weekly security checks and reports

Integrations:

  • Soutien au WP Multisite
  • Soutien à Nginx
  • Support for IIS
  • Soutien à LiteSpeed
  • Soutien à Apache
  • Support for Siteground
  • Support for WP Engine
  • Support for AWS Hosting
  • Support for Inmotion Hosting
  • Support for Hostgator Hosting
  • Support for Godaddy Hosting
  • Support for Host1plus
  • Support for Payperhost
  • Support for Fastcomet
  • Support for Dreamhost
  • Support for Bitnami Apache
  • Support for Bitnami Nginx
  • Support for Google Cloud Hosting
  • Support for Litespeed Hosting
  • Support for Flywheels Local
  • Support for Flywheels Hosting
  • Support for Ploi Hosting
  • Support for Namecheap Hosting
  • Support for RunCloud Hosting
  • Support for WPEngine Hosting

  • Support for CloudPanel Hosting

  • Recommended by Wp Rocket

  • Recommended by WPML

Premium Security Features (over 80):

  • WordPress Hardening
  • Hide WordPress Common Paths by Extension
  • Hide WordPress Files like wp-config.php, wp-config-sample.php, wp-load.php, wp-settings.php, wp-blog-header.php, readme.html, readme.txt, install.php, license.txt, php.ini, hidemywp.conf, bb-config.php, error_log, debug.log
  • Events/Actions Monitoring (Cloud Backup)
  • Brute Force Monitoring (Cloud Backup)
  • Geo Security
  • Country Blocking
  • Vulnerability Management
  • Files Permission Fix
  • Database Prefix Change
  • SALT Keys Change
  • Premium Support
  • and more Hide My WP Premium Feature

Compatible server types: WP Multisite, Apache, Litespeed, Nginx, and Windows IIS. Hosting Compatibility checked: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, CloudPanel, RunCloud, Rocket Domain, Yunohost

Plugins Compatibility updates: Woocommerce, WPML, WPMUDEV, W3 Total Cache, Gravity, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache, SiteGround Optimizer, Nitropack, Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress, Manage WP, All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, Solid Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security, Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer, and more

Compatibility Plugins List: Hide My WP Compatibility Plugins Compatibility Theme List: Hide My WP Compatibility Themes

WP Ghost changes and hides WP common paths, admin & login paths, plugin paths, and theme paths, protecting your site from hacker bots.

Note! No files or directories are physically altered. All changes are implemented through server rewrite rules, ensuring no impact on SEO or loading speed.

The plugin works with other security plugins and adds a layer of security to your WordPress website against hacker bots.

Check the Demo Website source code: https://demo.wpghost.com/ (the elementor is changed in files and classes)

Check the Redirected URLs in Demo Website (all are redirected to Front Page): https://demo.wpghost.com/wp-admin https://demo.wpghost.com/wp-login

Check the Hidden Common Paths in Demo Website (all show 404 Page Not Found): https://demo.wpghost.com/wp-content https://demo.wpghost.com/wp-content/plugins https://demo.wpghost.com/wp-content/themes

Plus de 90 000 attaques de piratage par minute frappent les sites WordPress et les hébergements WordPress dans le monde entier, touchant non seulement les sites web de grandes entreprises contenant des données sensibles, mais aussi des sites appartenant à des petites entreprises, des entrepreneurs indépendants et des personnes qui tiennent des blogs personnels.

Security of WordPress sites typically tops the list of concerns for new and experienced website owners alike.

Pour les propriétaires de sites WordPress, des statistiques comme celle-ci suscitent des inquiétudes particulières quant à la sécurité non seulement des sites WordPress individuels, mais de WordPress lui-même.

Is your website secure? Check your website with Free Website Security Check

Protect your WordPress website by hiding the authentication paths like wp-admin, wp-login.php, login, wp-signup.php, and change the common WordPress paths like wp-content, wp-includes, uploads, and more.

Being able to protect the common paths is critical because you get to keep hacker bots away from sensitive website data.

This is crucial, and it will provide you with a great experience and perfect results in the long term.

Cela en vaudra certainement la peine, sans compter que cacher les chemins communs rendra le piratage beaucoup plus difficile également.

Si vous ne vous protégez pas, vous finirez tôt ou tard par avoir un site web piraté.

This is a free version of the plugin, so you can use it for all your websites without any restrictions.

Secure your website in just minutes with the WP Ghost plugin. Protect your WordPress site against hacker bots and spammers!

GitHub version: https://github.com/johndarrel/hide-my-wp

Thank you all for your trust, support, and positive reviews!

Important! This is not the Hide My WP Nulled version of the Hide My WP Codecanyon plugin.

Ready To Protect Your Website From Hackers With The Most USER-FRIENDLY WordPress Security Plugin?

Gratuitsur le plan Business
Commencer
En procédant à l’installation, vous acceptez les Conditions d’utilisation de WordPress.com ainsi que les Conditions de l’extension tierce.
Testé jusqu’à version
WordPress 6.9
Cette extension est disponible en téléchargement pour votre site .
Télécharger