Does WP Ghost (Hide My WP Ghost) – Security & Firewall have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Ghost (Hide My WP Ghost) – Security & Firewall have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Ghost (Hide My WP Ghost) – Security & Firewall compatible with WordPress 6.9.4?

According to WordPress.org data, WP Ghost (Hide My WP Ghost) – Security & Firewall 5.5.02 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Ghost (Hide My WP Ghost) – Security & Firewall compatible with PHP 7.0+?

WP Ghost (Hide My WP Ghost) – Security & Firewall requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Ghost (Hide My WP Ghost) – Security & Firewall updated?

WP Ghost (Hide My WP Ghost) – Security & Firewall was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is WP Ghost (Hide My WP Ghost) – Security & Firewall's security score?

WP Ghost (Hide My WP Ghost) – Security & Firewall has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Ghost (Hide My WP Ghost) – Security & Firewall Security & Risk Analysis

wordpress.org/plugins/hide-my-wp

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K active installs v5.5.02 PHP 7.0+ WP 5.3+ Updated Feb 26, 2026

firewallhideloginsecuritywp-admin

A · Safe

CVEs total7

Unpatched0

Last CVEMar 19, 2025

Plugin page Download

Safety Verdict

Is WP Ghost (Hide My WP Ghost) – Security & Firewall Safe to Use in 2026?

Generally Safe

Score 92/100

WP Ghost (Hide My WP Ghost) – Security & Firewall has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Mar 19, 2025Updated 1mo ago

Risk Assessment

The hide-my-wp plugin v5.5.02 exhibits a mixed security posture, with some positive aspects overshadowed by concerning findings. While the static analysis indicates a small attack surface with no immediately obvious unprotected entry points, the presence of the dangerous `shell_exec` function is a significant red flag, as it can allow for arbitrary command execution if exploited. The taint analysis reveals flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, points to potential weaknesses in how user-supplied data is handled. The plugin's vulnerability history is also a major concern, with a total of 7 known CVEs, including one critical and one high severity vulnerability in the past. This pattern suggests a recurring struggle with secure coding practices, particularly regarding file inclusion, path traversal, and input sanitization, hinting at a need for more robust security development lifecycle processes.

Key Concerns

Dangerous function 'shell_exec' found
Flows with unsanitized paths found
Vulnerability history: 1 critical CVE
Vulnerability history: 1 high CVE
Vulnerability history: 5 medium CVEs
Low percentage of properly escaped output
Limited capability checks

Vulnerabilities

WP Ghost (Hide My WP Ghost) – Security & Firewall Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

2 CVEs in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

7 total CVEs

CVE-2025-26909critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Hide My WP Ghost <= 5.4.01 - Unauthenticated Local File Inclusion

Mar 19, 2025 Patched in 5.4.02 (7d)

CVE-2025-2056high · 7.5Relative Path Traversal

WP Ghost <= 5.4.01 - Unauthenticated Limited File Read

Mar 13, 2025 Patched in 5.4.02 (1d)

CVE-2024-13794medium · 5.3Protection Mechanism Failure

Hide My WP Ghost – Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure

Feb 11, 2025 Patched in 5.4.01 (17d)

CVE-2024-10825medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hide My WP Ghost – Security & Firewall <= 5.3.01 - Reflected Cross-Site Scripting via URL

Nov 14, 2024 Patched in 5.3.02 (1d)

CVE-2024-6420medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Hide My WP Ghost – Security & Firewall <= 5.2.01 - Login Page Disclosure

Jul 2, 2024 Patched in 5.2.02 (39d)

CVE-2023-34001medium · 5.3Reliance on Untrusted Inputs in a Security Decision

Hide My WP Ghost <= 5.0.25 - CAPTCHA Bypass in brute_math_authenticate

Aug 22, 2023 Patched in 5.0.26 (154d)

CVE-2022-4537medium · 6.5Use of Less Trusted Source

Hide My WP Ghost – Security Plugin <= 5.0.18 - IP Address Spoofing to Protection Mechanism Bypass

May 8, 2023 Patched in 5.0.20 (260d)

Code Analysis

Analyzed Mar 17, 2026

WP Ghost (Hide My WP Ghost) – Security & Firewall Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

837

589 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_exec@shell_exec( 'nginx -s reload' );controllers\Settings.php:744

SQL Query Safety

74% prepared19 total queries

Output Escaping

41% escaped1426 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

postRequest (models\Files.php:563)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Ghost (Hide My WP Ghost) – Security & Firewall Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[hmwp_bruteforce] models\bruteforce\Shortcode.php:18

WordPress Hooks 344

actionhmwp_debug_requestclasses\Debug.php:38

actionhmwp_debug_cacheclasses\Debug.php:39

actionhmwp_debug_filesclasses\Debug.php:40

actionhmwp_debug_local_requestclasses\Debug.php:41

actionhmwp_debug_access_logclasses\Debug.php:42

actionadmin_noticesclasses\Error.php:24

filterfilesystem_methodclasses\ObjController.php:223

actioninitclasses\Tools.php:57

actionrequest_metadata_http_resultclasses\Tools.php:69

filterwp_mail_content_typeclasses\Tools.php:2188

filtercron_schedulescontrollers\Cron.php:35

filterhmwp_process_hide_urlscontrollers\Firewall.php:564

filterhmwp_process_hide_urlscontrollers\Firewall.php:569

filterhmwp_process_find_replacecontrollers\Firewall.php:570

filterhmwp_process_initcontrollers\Firewall.php:575

filterhmwp_process_buffercontrollers\Firewall.php:576

filterhmwp_process_hide_disablecontrollers\Firewall.php:577

filterauthenticatecontrollers\Log.php:18

actionwp_loadedcontrollers\Log.php:24

actionwp_dashboard_setupcontrollers\Menu.php:52

actionadmin_enqueue_scriptscontrollers\Menu.php:56

filterhmwp_alert_countcontrollers\Menu.php:60

filtergettextcontrollers\Menu.php:76

filterplugin_row_metacontrollers\Menu.php:88

filterhmwp_getviewcontrollers\Menu.php:105

filterhmwp_getviewcontrollers\Menu.php:112

filterhmwp_showaccountcontrollers\Menu.php:120

filtersite_urlcontrollers\Rewrite.php:73

filterhmwp_process_initcontrollers\Rewrite.php:74

filterhmwp_process_hide_urlscontrollers\Rewrite.php:86

filterauthor_rewrite_rulescontrollers\Rewrite.php:111

filterquery_varscontrollers\Rewrite.php:114

filterlogin_redirectcontrollers\Rewrite.php:115

filterwp_redirectcontrollers\Rewrite.php:116

filterx_redirect_bycontrollers\Rewrite.php:117

actionwp_logincontrollers\Rewrite.php:121

actionset_current_usercontrollers\Rewrite.php:122

filterhmwp_url_login_redirectcontrollers\Rewrite.php:123

filterhmwp_url_logout_redirectcontrollers\Rewrite.php:124

filterwoocommerce_login_redirectcontrollers\Rewrite.php:125

filterwp_redirectcontrollers\Rewrite.php:130

actionlogin_initcontrollers\Rewrite.php:134

actionlogin_headcontrollers\Rewrite.php:135

actionwp_logoutcontrollers\Rewrite.php:136

actioncheck_admin_referercontrollers\Rewrite.php:137

filteradmin_urlcontrollers\Rewrite.php:140

filterlostpassword_urlcontrollers\Rewrite.php:142

filterlogin_titlecontrollers\Rewrite.php:143

filterregistercontrollers\Rewrite.php:144

filterlogin_urlcontrollers\Rewrite.php:145

filterlogout_urlcontrollers\Rewrite.php:146

filternetwork_admin_urlcontrollers\Rewrite.php:147

filtersite_urlcontrollers\Rewrite.php:148

filternetwork_site_urlcontrollers\Rewrite.php:149

filterplugins_urlcontrollers\Rewrite.php:150

filterwp_php_error_messagecontrollers\Rewrite.php:152

filterrest_url_prefixcontrollers\Rewrite.php:154

actionthe_excerpt_rsscontrollers\Rewrite.php:180

actionthe_content_feedcontrollers\Rewrite.php:181

actionrss2_headcontrollers\Rewrite.php:182

actioncommentsrss2_headcontrollers\Rewrite.php:183

actionthe_permalink_rsscontrollers\Rewrite.php:184

actioncomments_link_feedcontrollers\Rewrite.php:185

actionget_site_icon_urlcontrollers\Rewrite.php:186

filterget_the_generator_atomcontrollers\Rewrite.php:191

filterget_the_generator_commentcontrollers\Rewrite.php:192

filterget_the_generator_exportcontrollers\Rewrite.php:193

filterget_the_generator_htmlcontrollers\Rewrite.php:194

filterget_the_generator_rdfcontrollers\Rewrite.php:195

filterget_the_generator_rss2controllers\Rewrite.php:196

filterget_the_generator_xhtmlcontrollers\Rewrite.php:197

filterwp_sitemaps_add_providercontrollers\Rewrite.php:205

actionshutdowncontrollers\Rewrite.php:214

filteroembed_response_datacontrollers\Rewrite.php:221

filterrest_endpointscontrollers\Rewrite.php:228

filterwp_sitemaps_users_pre_url_listcontrollers\Rewrite.php:231

actionshutdowncontrollers\Rewrite.php:237

actioninitcontrollers\Rewrite.php:242

actioninitcontrollers\Rewrite.php:245

actionplugins_loadedcontrollers\Rewrite.php:250

actionplugins_loadedcontrollers\Rewrite.php:254

actiontemplate_redirectcontrollers\Rewrite.php:278

actiontemplate_redirectcontrollers\Rewrite.php:282

filterthe_generatorcontrollers\Rewrite.php:287

filterxmlrpc_enabledcontrollers\Rewrite.php:321

filtershow_admin_barcontrollers\Rewrite.php:339

filterhmwp_option_hmwp_disable_clickcontrollers\Rewrite.php:369

filterhmwp_option_hmwp_disable_clickcontrollers\Rewrite.php:372

filterhmwp_option_hmwp_disable_inspectcontrollers\Rewrite.php:379

filterhmwp_option_hmwp_disable_inspectcontrollers\Rewrite.php:382

filterhmwp_option_hmwp_disable_sourcecontrollers\Rewrite.php:389

filterhmwp_option_hmwp_disable_sourcecontrollers\Rewrite.php:392

filterhmwp_option_hmwp_disable_copy_pastecontrollers\Rewrite.php:399

filterhmwp_option_hmwp_disable_copy_pastecontrollers\Rewrite.php:402

filterhmwp_option_hmwp_disable_drag_dropcontrollers\Rewrite.php:409

filterhmwp_option_hmwp_disable_drag_dropcontrollers\Rewrite.php:412

actiontemplate_redirectcontrollers\Rewrite.php:452

actiontemplate_redirectcontrollers\Rewrite.php:471

actionlogin_initcontrollers\Rewrite.php:474

actionadmin_noticescontrollers\Settings.php:34

actionadmin_noticescontrollers\Settings.php:39

filteradmin_body_classcontrollers\Settings.php:44

actionhmwp_confirmed_settingscontrollers\Settings.php:53

actionhmwp_apply_permalink_changescontrollers\Settings.php:68

filterhmwp_option_hmwp_mapping_url_showcontrollers\Settings.php:173

filterhmwp_getviewcontrollers\Settings.php:249

filterhmwp_getviewcontrollers\Settings.php:278

actionrewrite_rules_arrayindex.php:78

actionactivated_pluginindex.php:94

actionafter_switch_themeindex.php:100

actionautomatic_updates_completeindex.php:113

actionupgrader_process_completeindex.php:120

filterpreprocess_commentmodels\bruteforce\Comments.php:17

filtercomment_form_default_fieldsmodels\bruteforce\Comments.php:18

filterauthenticatemodels\bruteforce\Login.php:21

actionwp_login_failedmodels\bruteforce\Login.php:23

actionlogin_headmodels\bruteforce\Login.php:24

actionlogin_formmodels\bruteforce\Login.php:25

filterlostpassword_errorsmodels\bruteforce\LostPassword.php:20

filterlostpassword_formmodels\bruteforce\LostPassword.php:21

filterallow_password_resetmodels\bruteforce\LostPassword.php:55

filterregistration_errorsmodels\bruteforce\Registration.php:20

filterregister_formmodels\bruteforce\Registration.php:21

actionwp_footermodels\Clicks.php:22

filterhmwp_process_buffermodels\compatibility\Abstract.php:58

filteraiowps_site_lockout_outputmodels\compatibility\AioSecurity.php:16

filterautoptimize_html_after_minifymodels\compatibility\Autoptimize.php:25

filterbreeze_minify_content_returnmodels\compatibility\Breeze.php:16

filterhmwp_process_find_replacemodels\compatibility\Breeze.php:20

filterbreeze_minify_content_returnmodels\compatibility\Breeze.php:22

filterhmwp_process_find_replacemodels\compatibility\Breeze.php:23

filterhmwp_priority_buffermodels\compatibility\Cmp.php:17

actioncmp_footermodels\compatibility\Cmp.php:19

actioninitmodels\compatibility\ConfirmEmail.php:15

filterwpfc_buffer_callback_filtermodels\compatibility\FastestCache.php:18

filterflying_press_optimization:aftermodels\compatibility\FlyingPress.php:18

actionhmwp_login_initmodels\compatibility\hCaptcha.php:19

filterwphb_cache_contentmodels\compatibility\Hummingbird.php:16

filtertemplate_redirectmodels\compatibility\Hummingbird.php:17

filterjch_optimize_save_contentmodels\compatibility\JsOptimize.php:23

filterhmwp_process_initmodels\compatibility\LiteSpeed.php:21

filterhmwp_process_buffermodels\compatibility\LiteSpeed.php:22

filterhmwp_process_hide_urlsmodels\compatibility\LiteSpeed.php:23

filterhmwp_process_find_replacemodels\compatibility\LiteSpeed.php:24

actionhmwp_settings_savedmodels\compatibility\LiteSpeed.php:27

filterhmwp_whitelisted_ipsmodels\compatibility\LiteSpeed.php:34

actionwp_initialize_sitemodels\compatibility\LiteSpeed.php:82

actioncreate_termmodels\compatibility\LiteSpeed.php:86

actionadmin_footermodels\compatibility\LiteSpeed.php:87

actionhmwp_apply_permalink_changesmodels\compatibility\LiteSpeed.php:93

actionadmin_footermodels\compatibility\LiteSpeed.php:94

actionhmwp_settings_savedmodels\compatibility\LiteSpeed.php:103

actionlitespeed_initingmodels\compatibility\LiteSpeed.php:112

filterhmwp_process_buffermodels\compatibility\LiteSpeed.php:114

filterlitespeed_buffer_aftermodels\compatibility\LiteSpeed.php:119

filterlitespeed_commentmodels\compatibility\LiteSpeed.php:122

filterhmwp_process_hide_urlsmodels\compatibility\MainWP.php:28

filterhmwp_process_initmodels\compatibility\MainWP.php:29

filterhmwp_option_hmwp_hide_loginmodels\compatibility\MemberPress.php:24

filterhmwp_option_hmwp_lostpassword_urlmodels\compatibility\MemberPress.php:27

filterhmwp_option_hmwp_register_urlmodels\compatibility\MemberPress.php:28

filterhmwp_option_hmwp_logout_urlmodels\compatibility\MemberPress.php:29

actionmepr-validate-loginmodels\compatibility\MemberPress.php:45

actionmepr-login-form-before-submitmodels\compatibility\MemberPress.php:46

actionmepr-login-form-before-submitmodels\compatibility\MemberPress.php:47

actionmepr-validate-forgot-passwordmodels\compatibility\MemberPress.php:50

actionmepr-forgot-password-formmodels\compatibility\MemberPress.php:51

actionmepr-forgot-password-formmodels\compatibility\MemberPress.php:52

filtercsmm_get_optionsmodels\compatibility\MMaintenance.php:18

filtercsmm_force_displaymodels\compatibility\MMaintenance.php:28

filterhmwp_priority_buffermodels\compatibility\MMaintenance.php:48

actionwp_headmodels\compatibility\Nitropack.php:24

filterhmwp_common_paths_extensionsmodels\compatibility\Nitropack.php:33

actionhmwp_login_initmodels\compatibility\Others.php:31

filterhmwp_priority_buffermodels\compatibility\Others.php:55

filterhmwp_option_hmwp_hideajax_pathsmodels\compatibility\Others.php:60

filterhmwp_process_buffermodels\compatibility\Others.php:74

filterhmwp_option_hmwp_hide_loginmodels\compatibility\Others.php:84

filtershow_admin_barmodels\compatibility\Others.php:91

actionplugins_loadedmodels\compatibility\Others.php:96

filterhmwp_preauth_checkmodels\compatibility\Others.php:99

filterhmwp_laterloadmodels\compatibility\Others.php:103

filtercache_buffermodels\compatibility\Others.php:115

filterwpmm_footermodels\compatibility\Others.php:120

filterhmwp_laterloadmodels\compatibility\Others.php:125

filterhmwp_option_hmwp_hide_styleidsmodels\compatibility\Others.php:130

filterwot_cachemodels\compatibility\Others.php:135

filterhmwp_buffermodels\compatibility\Others.php:142

actionsm_build_indexmodels\compatibility\Others.php:151

actionsm_build_contentmodels\compatibility\Others.php:152

filtersq_sitemap_stylemodels\compatibility\Others.php:156

filterwpseo_stylesheet_urlmodels\compatibility\Others.php:161

filterrank_math/sitemap/remove_creditmodels\compatibility\Others.php:170

filterrank_math/sitemap/remove_creditmodels\compatibility\Others.php:173

filterseopress_sitemaps_xml_indexmodels\compatibility\Others.php:178

filterseopress_sitemaps_xml_authormodels\compatibility\Others.php:179

filterseopress_sitemaps_xml_single_termmodels\compatibility\Others.php:180

filterseopress_sitemaps_xml_singlemodels\compatibility\Others.php:181

filterwp_sitemaps_stylesheet_urlmodels\compatibility\Others.php:185

filterwp_sitemaps_stylesheet_index_urlmodels\compatibility\Others.php:186

filtertemplate_directory_urimodels\compatibility\Others.php:193

filterwp_redirectmodels\compatibility\Others.php:198

filterhmwp_buffermodels\compatibility\Others.php:215

filterriode_filter_comment_form_argsmodels\compatibility\Others.php:222

filterwoocommerce_product_review_comment_form_argsmodels\compatibility\Others.php:226

filterhmwp_priority_hookmodels\compatibility\Others.php:232

actionwp_enqueue_scriptsmodels\compatibility\Others.php:237

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:261

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:271

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:277

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:282

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:287

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:294

filterhmwp_process_hide_urlsmodels\compatibility\Others.php:299

filterpowered_cache_page_caching_buffermodels\compatibility\PowerCache.php:18

actionhmwp_flushed_rewritesmodels\compatibility\ReallySimpleSsl.php:16

actionhmwp_mappsettings_savedmodels\compatibility\SiteGuard.php:17

actionhmwp_settings_savedmodels\compatibility\SiteGuard.php:18

filterpre_option_siteguard_configmodels\compatibility\SiteGuard.php:25

filterhmwp_process_buffermodels\compatibility\SiteGuard.php:38

filterhmwp_process_find_replacemodels\compatibility\SiteGuard.php:39

actioninitmodels\compatibility\SiteGuard.php:40

actionshutdownmodels\compatibility\SiteGuard.php:41

filterhmwp_process_find_replacemodels\compatibility\SiteGuard.php:96

filtersq_option_sq_minifymodels\compatibility\Squirrly.php:16

filtersq_buffermodels\compatibility\Squirrly.php:19

filtersq_custom_robotsmodels\compatibility\Squirrly.php:27

filterwpsupercache_buffermodels\compatibility\SuperCache.php:18

filterhmwp_files_handle_loginmodels\compatibility\TwoFactor.php:16

filterhmwp_option_hmwp_hide_loginmodels\compatibility\UltimateMember.php:23

filterhmwp_option_hmwp_lostpassword_urlmodels\compatibility\UltimateMember.php:26

filterhmwp_option_hmwp_register_urlmodels\compatibility\UltimateMember.php:27

filterhmwp_option_hmwp_logout_urlmodels\compatibility\UltimateMember.php:28

actionum_submit_form_loginmodels\compatibility\UltimateMember.php:48

actionum_after_login_fieldsmodels\compatibility\UltimateMember.php:49

actionum_after_login_fieldsmodels\compatibility\UltimateMember.php:50

actionum_submit_form_registermodels\compatibility\UltimateMember.php:54

actionum_after_register_fieldsmodels\compatibility\UltimateMember.php:55

actionum_after_register_fieldsmodels\compatibility\UltimateMember.php:56

actionum_reset_password_errors_hookmodels\compatibility\UltimateMember.php:60

actionum_after_password_reset_fieldsmodels\compatibility\UltimateMember.php:61

actionum_after_password_reset_fieldsmodels\compatibility\UltimateMember.php:62

actionuwp_template_fieldsmodels\compatibility\UsersWP.php:18

actionuwp_template_fieldsmodels\compatibility\UsersWP.php:19

filterw3tc_lazyload_is_embed_scriptmodels\compatibility\W3Total.php:18

filterw3tc_lazyload_embed_scriptmodels\compatibility\W3Total.php:19

filterw3tc_can_print_commentmodels\compatibility\W3Total.php:23

filterw3tc_processed_contentmodels\compatibility\W3Total.php:25

actionadmin_urlmodels\compatibility\Woocommerce.php:18

filterwoocommerce_is_rest_api_requestmodels\compatibility\Woocommerce.php:21

filterwoocommerce_product_review_comment_form_argsmodels\compatibility\Woocommerce.php:32

filterhmwp_preauth_checkmodels\compatibility\Woocommerce.php:39

filterhmwp_preauth_checkmodels\compatibility\Woocommerce.php:51

filterwoocommerce_login_formmodels\compatibility\Woocommerce.php:60

filterwoocommerce_login_formmodels\compatibility\Woocommerce.php:61

filterwoocommerce_registration_errorsmodels\compatibility\Woocommerce.php:66

filterwoocommerce_register_formmodels\compatibility\Woocommerce.php:79

filterwoocommerce_register_formmodels\compatibility\Woocommerce.php:80

actionlostpassword_postmodels\compatibility\Woocommerce.php:84

filterwoocommerce_lostpassword_formmodels\compatibility\Woocommerce.php:85

filterwoocommerce_lostpassword_formmodels\compatibility\Woocommerce.php:86

filterhmwp_process_initmodels\compatibility\Wordfence.php:20

filterhmwp_process_hide_urlsmodels\compatibility\Wordfence.php:21

actioninitmodels\compatibility\Wordfence.php:24

actionnetwork_admin_menumodels\compatibility\Wordfence.php:30

actionnetwork_admin_menumodels\compatibility\Wordfence.php:31

actionnetwork_admin_menumodels\compatibility\Wordfence.php:32

actionnetwork_admin_menumodels\compatibility\Wordfence.php:33

actionnetwork_admin_menumodels\compatibility\Wordfence.php:34

actionnetwork_admin_menumodels\compatibility\Wordfence.php:35

actionnetwork_admin_menumodels\compatibility\Wordfence.php:36

actionnetwork_admin_menumodels\compatibility\Wordfence.php:37

actionnetwork_admin_menumodels\compatibility\Wordfence.php:38

filterhmwp_option_brute_use_captcha_v3models\compatibility\Wordfence.php:49

actionwf_scan_monitormodels\compatibility\Wordfence.php:54

actionwordfence_start_scheduled_scanmodels\compatibility\Wordfence.php:55

actionlogin_form_defender-verify-otpmodels\compatibility\WpDefender.php:17

filterwd_mask_login_enablemodels\compatibility\WpDefender.php:31

actionadmin_headmodels\compatibility\WPFrontendAdmin.php:20

actionadmin_footermodels\compatibility\WPFrontendAdmin.php:38

filterrocket_cache_reject_urimodels\compatibility\WpRocket.php:16

actionhmwp_mappsettings_savedmodels\compatibility\WpRocket.php:19

actionhmwp_settings_savedmodels\compatibility\WpRocket.php:20

filterrocket_buffermodels\compatibility\WpRocket.php:30

filterrocket_cache_busting_filenamemodels\compatibility\WpRocket.php:32

filterrocket_iframe_lazyload_placeholdermodels\compatibility\WpRocket.php:33

filterlogin_body_classmodels\compatibility\WPSocial.php:15

filterhmwp_option_hmwp_hide_loginmodels\compatibility\Wpum.php:23

filterhmwp_option_hmwp_lostpassword_urlmodels\compatibility\Wpum.php:26

filterhmwp_option_hmwp_register_urlmodels\compatibility\Wpum.php:27

filterhmwp_option_hmwp_logout_urlmodels\compatibility\Wpum.php:28

actionwpum_before_submit_button_login_formmodels\compatibility\Wpum.php:47

actionwpum_before_submit_button_login_formmodels\compatibility\Wpum.php:48

filtersubmit_wpum_form_validate_fieldsmodels\compatibility\Wpum.php:52

filterwpum_before_submit_button_password_recovery_formmodels\compatibility\Wpum.php:53

filterwpum_before_submit_button_password_recovery_formmodels\compatibility\Wpum.php:54

filtersubmit_wpum_form_validate_fieldsmodels\compatibility\Wpum.php:58

filterwpum_before_submit_button_registration_formmodels\compatibility\Wpum.php:59

filterwpum_before_submit_button_registration_formmodels\compatibility\Wpum.php:60

filterhmwp_start_buffermodels\Compatibility.php:139

filterhmwp_process_buffermodels\Compatibility.php:140

filterhmwp_process_hide_disablemodels\Compatibility.php:141

filterhmwp_process_find_replacemodels\Compatibility.php:142

filterredirect_post_locationmodels\Cookies.php:22

actionclear_auth_cookiemodels\Cookies.php:23

actionset_auth_cookiemodels\Cookies.php:24

actionset_logged_in_cookiemodels\Cookies.php:25

filterhmwp_option_hmwp_remove_third_hooksmodels\Files.php:126

filterhmwp_option_hmwp_remove_third_hooksmodels\Files.php:524

actionhome_urlmodels\Rewrite.php:189

filterhmwp_iis_hide_files_rulesmodels\Rewrite.php:507

filterhmwp_iis_hide_paths_rulesmodels\Rewrite.php:515

filteriis7_url_rewrite_rulesmodels\Rewrite.php:521

actionwp_loadedmodels\Rewrite.php:1003

filterrest_url_prefixmodels\Rewrite.php:1013

filterlogin_headerurlmodels\Rewrite.php:1382

filterwp_redirectmodels\Rewrite.php:1490

actionlogin_headermodels\Rewrite.php:1503

filterlogin_headerurlmodels\Rewrite.php:1510

filterlogin_redirectmodels\Rewrite.php:1511

filterlostpassword_redirectmodels\Rewrite.php:1516

filterregistration_redirectmodels\Rewrite.php:1517

filterlogin_display_language_dropdownmodels\Rewrite.php:1524

filterhmwp_change_home_urlmodels\Rewrite.php:1897

filterhmwp_change_site_urlmodels\Rewrite.php:1898

filterhmwp_change_home_urlmodels\Rewrite.php:1925

filterhmwp_change_site_urlmodels\Rewrite.php:1926

filterhmwp_change_home_urlmodels\Rewrite.php:1951

filterhmwp_change_site_urlmodels\Rewrite.php:1952

filterhmwp_change_home_urlmodels\Rewrite.php:2214

filterhmwp_change_site_urlmodels\Rewrite.php:2215

filteremoji_svg_urlmodels\Rewrite.php:3122

filtertiny_mce_pluginsmodels\Rewrite.php:3125

filterjson_enabledmodels\Rewrite.php:3193

filterjson_jsonp_enabledmodels\Rewrite.php:3194

filterrest_endpointsmodels\Rewrite.php:3222

filterembed_oembed_discovermodels\Rewrite.php:3230

actionadmin_initmodels\RoleManager.php:16

filteruser_has_capmodels\RoleManager.php:17

filterhmwp_validate_keysmodels\Settings.php:295

filterhmwp_invalid_namesmodels\Settings.php:301

filterhmwp_validate_keysmodels\Settings.php:368

filterhmwp_invalid_namesmodels\Settings.php:374

actionhome_urlview\blocks\FrontendLoginCheck.php:4

Maintenance & Trust

WP Ghost (Hide My WP Ghost) – Security & Firewall Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version7.0

Downloads2.5M

Community Trust

Rating90/100

Number of ratings369

Active installs100K

Alternatives

WP Ghost (Hide My WP Ghost) – Security & Firewall Alternatives

Admin Login Hide – PTI

admin-login-hide-pti

100

Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.

10 No CVEs

MM Login Customization

mm-login-customization

To hide admin login url by this plugin auto generated URL and make secure your site and it's data. You may frequenty change the URL for your site …

0 No CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Developer Profile

WP Ghost (Hide My WP Ghost) – Security & Firewall Developer Profile

John Darrel

2 plugins · 100K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

68 days

View full developer profile

Detection Fingerprints

How We Detect WP Ghost (Hide My WP Ghost) – Security & Firewall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hide-my-wp/assets/css/hmwp.css/wp-content/plugins/hide-my-wp/assets/js/hmwp.js/wp-content/plugins/hide-my-wp/assets/js/hmwp.main.js/wp-content/plugins/hide-my-wp/assets/js/hmwp.admin.js/wp-content/plugins/hide-my-wp/assets/js/hmwp.cron.js/wp-content/plugins/hide-my-wp/assets/js/hmwp.tools.js

Generator Patterns

Hide My WP Ghost

Version Parameters

/wp-content/plugins/hide-my-wp/assets/css/hmwp.css?ver=/wp-content/plugins/hide-my-wp/assets/js/hmwp.js?ver=/wp-content/plugins/hide-my-wp/assets/js/hmwp.main.js?ver=/wp-content/plugins/hide-my-wp/assets/js/hmwp.admin.js?ver=/wp-content/plugins/hide-my-wp/assets/js/hmwp.cron.js?ver=/wp-content/plugins/hide-my-wp/assets/js/hmwp.tools.js?ver=

HTML / DOM Fingerprints

CSS Classes

hmwp-dashboard-wrapperhmwp-settings-pagehmwp-hide-loginhmwp-security-settingshmwp-advanced-settings

HTML Comments

Hide My WP GhostHMWP

Data Attributes

data-hmwp-setting

JS Globals

hmwp_mainhmwp_adminhmwp_cron_settingshmwp_tools

REST Endpoints

/wp-json/hmwp/v1/settings/wp-json/hmwp/v1/security/wp-json/hmwp/v1/updates

FAQ