WordPress has many advantages, therefore, it’s the choice of many website owners. However, the sustained popularity of this CMS gave time to cyber-attackers to find vulnerabilities in the popular WordPress themes and plugins.
Cybercriminals often attack common WordPress URLs to launch password-guessing attacks, moreover, they often stage brute force attacks on websites. Many WordPress site owners want to dissuade cyber-attackers from targeting their sites by hiding the fact that they use WordPress. If site owners can successfully hide this, then cyber-attackers need to work harder to find other vulnerabilities, which reduces their incentives.
Hide My WP Ghost is a popular WordPress plugin that helps the owners of WordPress sites to hide the fact that they use WordPress. It also helps in preventing brute force attacks, limiting malicious login attempts, etc. In this review, we will examine the value it offers so that you can decide whether you should use it.
Interface and Ease of Use
A key aspect of Hide My WP Ghost is its ease of use. First of all, the website is very easy to navigate, and it explains the features clearly. You can easily create an account and buy a Ghost package of your choice or download the Lite version.
There is an extensive knowledge base, and you can get instructions for installing, configuring and using the plugin. You can find guidance for using all the key features, e.g., hiding the use of WordPress, activating brute force protection, etc.
After you buy the plugin, you need to login to your account and download it. The plugin works with WordPress version 4.1 and above, and PHP version 5.6 and above. You can use it with all prominent WordPress hosting providers like InMotion, Hostgator, WP Engine, Godaddy, etc.
The next step is to login to your WordPress site as admin, and then you can upload the plugin using the standard admin dashboard. You can then activate the plugin using the email ID you had used for buying the plugin. Subsequently, you need to navigate to the Hide My WP plugin menu in your WordPress dashboard, and you can set up the plugin by following its detailed instructions.
Pricing is an important consideration, and Hide My WP Ghost provides very good value as far as its pricing plans are concerned. The plugin has a free version known as the Lite version, and this offers limited features. We found that the real value is in the paid version called Ghost, and this has 3 pricing packages.
The difference between the 3 pricing packages centers around the number of websites they support. Ghost 1 supports 1 website, and it costs $29.99 for one year. At the time of writing, Ghost 5 and Ghost 10 have 65% and 70% discount respectively on their standard price. They support 5 and 10 websites respectively, and their respective standard prices were $149.99 and $299 per annum before discount.
After the discount, the current prices for Ghost 5 and Ghost 10 are $52.50 and $90 per annum, respectively. If you buy for 1 year only, then you can use the last updated version of the plugin. All the Ghost pricing packages have a 20% discount if you opt for auto-renewal. Every Ghost pricing package includes all features of the plugin, and we will explain the features in a short while.
There is also a customized pricing plan where you can buy Hide My WP Ghost for an unlimited number of websites, and in this plan, you get 70% off. You can pay using 45 payment methods, and these include Visa, MasterCard, PayPal, and more.
When you look for a solution to protect your WordPress site, you will surely consider the features it offers, and that’s certainly the right thing to do! Hide My WP Ghost provides very valuable features that will help you to dissuade hackers, and we will now explain them.
Hiding the common paths: Most WordPress websites have a login page with a URL that reads as http://anywebsite.com/wp-login.php, and the admin login URL reads as http://anywebsite.com/wp-admin. WordPress has been around for long enough for every hacker to know this, therefore, it’s easy for them to find this page and launch a brute force attack to crack the user-id and password combination.
However, if you can hide these common URLs, then cyber-attackers won’t find them. This way, you dissuade them from launching an attack. The most important feature of Hide My WP Ghost is to hide and customize these and other common WordPress paths. You can hide and customize paths like wp-includes, wp-content, uploads, etc., moreover, you can hide plugin & theme paths. When a hacker tries to find the URLs corresponding to these paths, they will be redirected to a “404 Not Found” page.
WordPress also has common files like wp-config.php, readme.html, license.txt, install.php, update.php, etc., and most hackers know about them. With Hide My WP Ghost, you can hide these files. The plugin allows you to change the WordPress theme and plugin directories and scramble the plugin names, moreover, you can customize the URLs for registration, activation, logout, etc.
Protection from brute force attacks: Brute force attacks are very common on websites, and this includes WordPress sites. Cyber-attackers attempt to find the password of the admin ID with repeated attempts and they try this with a large number of username/password combinations. There are bots and other automated tools that can help them launch such attacks, moreover, they need to succeed only once!
In the case of WordPress sites, hackers target the wp-admin and wp-login paths the most. WordPress site owners should enforce strong passwords, hide the fact that they are using WordPress, limit login attempts, and deny access to IP addresses that try to login repeatedly.
WordPress allows unlimited login attempts by default, however, with Hide My WP Ghost you can limit it to a number you want. This plugin can temporarily block IP addresses from where repeated failed login attempts originate, and you can set up a duration for this ban.
You can whitelist a set of IP addresses that can access the admin or login pages, furthermore, you can ban a range of IP addresses from accessing these pages. Hide My WP Ghost also enables you to take many more protective steps, e.g., protecting the WordPress admin area, password-protecting the admin folder, disabling directory browsing, protecting the WordPress configuration file, using CAPTCHA, etc.
Website security check: There can be many security vulnerabilities in your site, and this can happen due to various reasons. Cybercriminals take advantage of these and install malicious scripts on the website. Google can blacklist your site due to the presence of such scripts. Hide My WP Ghost can detect security vulnerabilities in your site, furthermore, it can detect security breaches.
Many WordPress themes and plugins have security vulnerabilities, and if you use them then your site will have these vulnerabilities. Hide My WP Ghost can identify such vulnerabilities in themes and plugins, moreover, it can verify the site integrity.
With Hide My WP Ghost, you can find out plugins that are outdated and haven’t been updated for a while. This is helpful since hackers commonly exploit security vulnerabilities in outdated software. You can take preventive measures against potential security breaches with this plugin, furthermore, you can get guidance to fix these issues.
WordPress activity log: Monitoring user activities and logging them helps site owners to secure their sites, and you need to implement these best practices for your WordPress site. However, this is practically impossible to achieve manually, and this is where Hide My WP Ghost comes handy.
You need to track various user activities on your site, e.g., hacking attempts, deletion of content, activation/deactivation of plugins, activities by content creators, login attempts, IP addresses that make repeated failed login attempts, themes/plugins updated by any user, etc. Hide My WP Ghost monitors and logs all such events, and this is a key advantage.
All logs are stored on the cloud servers of Hide My WP Ghost, and this includes the logs for brute force attacks. You can access these logs, and we recommend that you do so for the security of your WordPress site! This plugin also enables you to receive email alerts, e.g., you will receive emails when a potential hacker finds the hidden login path.
WordPress security tweaks: WordPress is a powerful CMS, and it offers many useful features. You are likely using premium themes and plugins with several features. However, like many popular software products, some of these features might expose your site to risks. What’s more, you might not even use some of these features, however, your site is exposed to risks!
You will need to implement certain WordPress security tweaks to mitigate these risks, however, many WordPress site owners don’t have the necessary technical skills to do so. Hide My WP Ghost makes it easy for you to implement WordPress security tweaks.
With this plugin, you can hide the WordPress admin bar for users that have logged in to your site, moreover, you can hide the WordPress and plugin versions. You can use Hide My WP Ghost to stop showing any WordPress information in HTTP header requests.
Themes and plugins often leave HTML comments, and hackers can find vulnerabilities using these. Hide My WP Ghost can hide all such comments, moreover, you can disable embedded scripts if you don’t embed videos. The good thing with this plugin is that you don’t need technical skills to do these tweaks!
You can get robust technical support for Hide My WP Ghost, and this includes big fixes, site fixes, etc. All of the Ghost pricing packages include support, and you can get help with WordPress speed optimization. You can also get customer support on account and payment related issues.
There is a 30 days money-back guarantee, however, there are terms and conditions for this. If the plugin doesn’t work as expected, or it has security issues, then you will get your money back. You can also get a refund if you didn’t receive the promised support.
Speed and Performance
Hide My WP Ghost is fast, and its website claims that it’s faster than 90% of the WordPress plugins. The website also claims that this plugin has over 50,000 installs, moreover, we didn’t notice any performance issues with it.
We have earlier mentioned that Hide My WP Ghost works with all reputed WordPress hosting providers. The website of the plugin states that it’s tested with over 1,000 WordPress themes and plugins, and this includes popular SEO, CDN, Cache plugins. There are regular updates to Hide My WP Ghost, and this indicates that wpplugins takes compatibility seriously.
WordPress is a highly popular open-source CMS, however, WordPress sites are high on the list of targets of cyber-attackers. Most hackers know the common vulnerabilities of popular WordPress themes and plugins, therefore, it’s a good practice to hide the fact that a website is built using WordPress.
Hide My WP Ghost effectively hides this, moreover, it also offers protection against brute force attacks. You can use this plugin to check how secure your WordPress site is, furthermore, it helps with monitoring, logging, and security tweaks.
A comprehensive knowledge base, good support, compatibility with popular themes and plugins are some of its other advantages. Hide My WP Ghost is fast, and the pricing for this feature-rich plugin is reasonable. Overall, Hide My WP Ghost is a good choice for you in your effort to secure your WordPress site.