[WordPress] 外掛分享: WP Ghost (Hide My WP Ghost) – Security & Firewall

WordPress 外掛 WP Ghost (Hide My WP Ghost) – Security & Firewall 的封面圖片。

前言介紹

  • 這款 WordPress 外掛「WP Ghost (Hide My WP Ghost) – Security & Firewall」是 2016-06-30 上架。
  • 目前有 200000 個安裝啟用數。
  • 上一次更新是 2025-04-21,距離現在已有 13 天。
  • 外掛最低要求 WordPress 5.3 以上版本才可以安裝。
  • 外掛要求網站主機運作至少需要 PHP 版本 7.0 以上。
  • 有 363 人給過評分。
  • 論壇上目前有 8 個提問,問題解答率 75% ,不低,算是個很有心解決問題的開發者團隊了!

外掛協作開發者

johndarrel |

外掛標籤

hide | login | firewall | security | wp-admin |

內容簡介

Hide My WP Ghost 是一個 WordPress 安全外掛,透過強大且易於使用的功能,提供最佳的安全解決方案。它可以在不改變任何目錄或檔案的情況下,將網站的安全性提升到另一個層次。

這款外掛已經保護了超過 200,000 個網站,阻止了超過 4,000,000 次暴力破解嘗試,每月還能防止超過 140,000 次駭客入侵。

它增加了過濾器和安全層來預防腳本和 SQL 注入、暴力破解攻擊、XML-RPC 攻擊、XSS 等等。

它更改和隱藏 WP 常見的路徑、外掛和主題路徑,提供最佳的防止駭客機器人攻擊的保護。

請注意!沒有任何檔案或目錄被實際改變。所有的更改都是通過服務器重寫規則進行的,不會影響 SEO 或載入速度。

當常見的路徑被更改之後,所有常見的路徑都被隱藏起來,以保護所有的外掛和主題。

此外掛可以與其他安全外掛一起使用,如Wordfence、iThemes安全、Sucuri等,為您的 WordPress 網站增加一層防護。

Hide My WP Ghost與所有服務器、主機服務都兼容,並支持 WP Multisite。

全球每分鐘有超過 90,000 次駭客攻擊 WordPress 網站和 WordPress 主機,不僅影響擁有大量敏感數據的大型企業網站,還會影響小企業、個體創業者和個人博客等使用 WordPress 的網站。

WordPress 網站的安全性通常是新手和經驗豐富的網站所有者關注的重點。

保護您的 WordPress 網站,隱藏認證路徑,如 wp-admin、wp-login.php 和 wp-login,並更改常見的 WordPress 路徑,如 wp-content、wp-includes、上載等等。

Hide My WP Ghost 具有強大的安全功能:

Hide My WP Ghost(超過 40 個免費的安全功能):

- 隱藏 WordPress wp-admin,顯示 404 錯誤或自定義頁面
- 隱藏 WordPress wp-login.php,顯示 404 錯誤或自定義頁面
- 更改 wp-admin 和 wp-login 的 URL
- 更改忘記密碼的 URL
- 更改註冊 URL
- 更改登出 URL
- 更改啟用 URL
- 更改

原文外掛簡介

Level up your WordPress security with WP Ghost plugin!
WP Ghost (short for Hide My WP Ghost) is a comprehensive hack-prevention security solution for WordPress websites. It adds multiple layers of security to block hacker bots and prevent unauthorized access.
It works by changing and hiding common vulnerabilities, making it difficult for bots and hackers to exploit weak points in plugins, themes, and the WordPress core itself.
Join over 200,000 secured websites with WP Ghost. The plugin has blocked over 9 million brute force attempts and stopped over 140,000 monthly hacks.
Key features include powerful protection against:

Brute Force Attacks
SQL Injection Attacks
Script Injection Attacks
Vulnerability Exploit
Malware Injection
XML-RPC attacks
File Inclusion Exploits
Directory Traversal Attacks
Default WP Paths Exploits
Cross-Site Scripting (XSS)
Throttling of Access Attempts to Entry Points
and more

Protect your site today! WP Ghost hides and secures all common paths, plugins and themes from hacker bots and spammers.

YouTube – Why You Must Have Hide My WP
WP Ghost is packed with over 50 security free features:

Change and Hide Paths:

Hide WordPress wp-admin, and show 404 error or a custom page
Hide WordPress wp-login.php, and show 404 error or a custom page
Change the wp-admin and wp-login URLs
Change lost password URL
Change register URL
Change logout URL
Change activation URL
Change admin-ajax URL
Change wp-content URL
Change wp-includes URL
Change uploads URL
Change comments URL
Change author URL
Change plugins URL
Change plugins name
Change themes URL
Change themes name
Custom themes style.css name
Change REST API wp-json URL
Change category URL

Change tags URL

Custom login redirects based on user role

Custom logout redirects based on user role

Change URLs from Relative to Absolute

Change URLs in Ajax calls
Change URLs for Logged Users
Change URLs in Cache Files
Change paths in Sitemap.xml
Change paths in Robots.txt

Firewall:

Two-factor Authentication By Code (2FA)
Two-factor Authentication By Email (2FA)
Security Headers against XSS & Code Injections
Security Header Strict-Transport-Security
Security Header Content-Security-Policy
Security Header X-XSS-Protection
Security Header X-Content-Type-Options
Security Header X-Frame-Options
Firewall against Script Injections and SQL Injection
7G Firewall Security Filter
8G Firewall Security Filter
Block by IP Addresses
Block by User Agents
Block by Referrers
Block by Hostnames
Hide Website from Theme Detectors

Hide Options:

Hide /wp-admin path
Hide /wp-login path
Hide /login path
Hide REST API wp-json path
Hide Admin Toolbar based on user role
Hide style IDs and META IDs
Hide WordPress HTML comments
Hide Version and WordPress Tags
Hide DNS Prefetch WordPress link
Hide WordPress Generator Meta
Hide RSD (Really Simple Directory) header
Hide Emoticons if you don’t use them

Disable Options:

Disable REST API access
Disable XML-RPC access
Disable Embed scripts
Disable DB-Debug in Frontend
Disable WLW Manifest scripts
Disable Select All – Ctrl+A (Windows and Linux), ⌘+A (macOS)
Disable Copy – Ctrl+C (Windows and Linux), ⌘+C (macOS)
Disable Cut – Ctrl+X (Windows and Linux), ⌘+X (macOS)
Disable Paste – Ctrl+V (Windows and Linux), ⌘+V (macOS)
Disable Save – Ctrl+S (Windows and Linux), ⌘+S (macOS)
Disable Inspect Element/Developer Tool – Ctrl+Shift+I (Windows and Linux), ⌘+⌥+I (macOS)
Disable View Source – Ctrl+U (Windows and Linux), ⌘+U (macOS)
Disable Right Click
Disable Drag-Drop
Disable Image Dragging by Mouse
Disable Text Selection
Disable Directory Browsing

Mapping Text and URLs:

Change URLs using URL Mapping
Change classes using Text Mapping
Change CDN URLs using CDN Mapping
Change paths in the cache files
Change paths in the Feed link
Change paths in the Sitemap XML
Change paths in the Robots.txt

Brute Force Protection:

Brute Force Protection with Math reCaptcha
Brute Force Protection with Google reCaptcha V2
Brute Force Protection with Google reCaptcha V3
Brute Force Protection with Google Enterprise reCaptcha
Brute Force Protection on Login
Brute Force Protection on Password Lost
Brute Force Protection on Signup
Brute Force Protection on Comment
Brute Force Protection on Woocommerce Login
Brute Force Protection shortcode [hmwp_bruteforce]
Custom attempts, timeout, message
Manage Blacklist and Whitelist IPs

Extra Features:

Magic Link Login Without Password
Temporary Logins Without Password
Fix relative URLs
Backup and Restore settings
Change classes on source code using Text Mapping
Change URLs on source code using URL Mapping
Cache CSS, JS, and Images to optimize the loading speed
Weekly security checks and reports

Integrations:

Support for WP Multisite
Support for Nginx
Support for IIS
Support for LiteSpeed
Support for Apache
Support for Siteground
Support for WP Engine
Support for AWS Hosting
Support for Inmotion Hosting
Support for Hostgator Hosting
Support for Godaddy Hosting
Support for Host1plus
Support for Payperhost
Support for Fastcomet
Support for Dreamhost
Support for Bitnami Apache
Support for Bitnami Nginx
Support for Google Cloud Hosting
Support for Litespeed Hosting
Support for Flywheels Local
Support for Flywheels Hosting
Support for Ploi Hosting
Support for Namecheap Hosting
Support for RunCloud Hosting
Support for WPEngine Hosting

Support for CloudPanel Hosting

Recommended by Wp Rocket

Recommended by WPML

Premium Security Features (over 70):

WordPress Hardening
Hide WordPress Common Paths by Extension
Hide WordPress Files like wp-config.php, wp-config-sample.php, wp-load.php, wp-settings.php, wp-blog-header.php, readme.html, readme.txt, install.php, license.txt, php.ini, hidemywp.conf, bb-config.php, error_log, debug.log
Events/Actions Monitoring (Cloud Backup)
Brute Force Monitoring (Cloud Backup)
Geo Security
Country Blocking
Vulnerability Management
Files Permission Fix
Database Prefix Change
SALT Keys Change
Premium Support
and more
Hide My WP Premium Feature

Compatible server types: WP Multisite, Apache, Litespeed, Nginx and Windows IIS.
Hosting Compatibility checked: WP Engine, Inmotion Hosting, Hostgator Hosting, Godaddy Hosting, Host1plus, Payperhost, Fastcomet, Dreamhost, Bitnami Apache, Bitnami Nginx, Google Cloud Hosting, Amazon AWS Lightsail, Litespeed Hosting, Flywheels Hosting, Kinsta Hosting, Ploi.io, CloudPanel, RunCloud, Rocket Domain
Plugins Compatibility updates: Woocommerce, WPML, WPMUDEV, W3 Total Cache, Gravity, WP Super Cache, WP Fastest Cache, Hummingbird Cache, Cachify Cache, Litespeed Cache, SiteGround Optimizer, Nitropack,
Cache Enabler, CDN Enabler, WOT Cache, Autoptimize, Jetpack by WordPress, Contact Form 7, bbPress, Manage WP,
All In One SEO, Rank Math, Yoast SEO, Squirrly SEO, WP-Rocket, Minify HTML, Solid Security, Sucuri Security, Really Simple SSL, WordFence Security, WP Cerber Security, BBQ Firewall, Anti-Malware Security,
Back-Up WordPress, Elementor Page Builder, Divi Builder, Weglot Translate, AddToAny Share Btn, Limit Login Attempts Reloaded, Loginizer, Shield Security, Asset CleanUp, WP Hide & Security Enhancer, and more
Compatibility Plugins List: Hide My WP Compatibility Plugins
Compatibility Theme List: Hide My WP Compatibility Themes
WP Ghost changes and hides WP common paths, admin & login paths, plugin paths, and theme paths, protecting your site from hacker bots.
Note! No files or directories are physically altered. All changes are implemented through server rewrite rules, ensuring no impact on SEO or loading speed.
The plugin works with other security plugins and adds a layer of security to your WordPress website against hacker bots.

Check the Demo Website source code:
https://demo.wpghost.com/
(the elementor is changed in files and classes)
Check the Redirected URLs in Demo Website (all are redirected to Front Page):
https://demo.wpghost.com/wp-admin
https://demo.wpghost.com/wp-login
Check the Hidden Common Paths in Demo Website (all show 404 Page Not Found):
https://demo.wpghost.com/wp-content
https://demo.wpghost.com/wp-content/plugins
https://demo.wpghost.com/wp-content/themes

Over 90,000 hacking attacks per minute strike WordPress sites and WordPress hosting around the world, hitting not only large corporate websites packed with sensitive data, but also sites belonging to small businesses, independent entrepreneurs, and individuals running personal blogs.
Security of WordPress sites typically tops the list of concerns for new and experienced website owners alike.
For owners of WordPress sites, statistics like that one raises particular worries about the security not just of individual WordPress sites, but of WordPress itself.
Is your website secure? Check your website with Free Website Security Check
Protect your WordPress website by hiding the authentication paths like wp-admin, wp-login.php, login, wp-signup.php, and change the common WordPress paths like wp-content, wp-includes, uploads, and more.
Being able to protect the common paths is critical because you get to keep hacker bots away from sensitive website data.
This is crucial, and it will provide you with a great experience and perfect results in the long term.
It will surely be worth it, not to mention that hiding the common paths will make hacking a lot harder as well.
If you don’t protect yourself, you will end up having a hacked website sooner or later.
This is a free version of the plugin, so you can use it for all your websites without any restrictions.
Secure your website in just minutes with the WP Ghost plugin. Protect your WordPress site against hacker bots and spammers!
Please support us and translate the plugin in your language:
https://translate.wordpress.org/projects/wp-plugins/hide-my-wp
Thank you all for your trust, support, and positive reviews!
Important! This is not the Hide My WP Nulled version of the Hide My WP Codecanyon plugin.
Ready To Protect Your Website From Hackers With The Most USER-FRIENDLY WordPress Security Plugin?

各版本下載點

  • 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
  • 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WP Ghost (Hide My WP Ghost) – Security & Firewall」來進行安裝。

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

trunk | 4.0.11 | 4.1.11 | 5.0.26 | 5.0.27 | 5.0.28 | 5.0.29 | 5.1.01 | 5.1.02 | 5.1.03 | 5.2.01 | 5.2.02 | 5.2.03 | 5.2.04 | 5.3.00 | 5.3.01 | 5.3.02 | 5.4.01 | 5.4.02 | 5.4.03 |

延伸相關外掛(你可能也想知道)

  • WPS Hide Login 》中文, WPS Hide Login 是一個非常輕量的外掛,讓您輕鬆且安全地更改登入表單頁面的網址。它不會真正地重命名或更改核心檔案,也不會添加重寫規則。它只是攔截...。
  • Security Optimizer – The All-In-One Protection Plugin 》透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。, ...。
  • Loginizer 》Loginizer 是一個 WordPress 外掛,可幫助您對抗暴力攻擊,當 IP 地址達到最大重試次數時,該外掛會阻止其登錄。您可以使用 Loginizer 將 IP 地址列入黑名單...。
  • Limit Login Attempts 》此外掛可限制正常登入及使用驗證 cookies 登入的次數。, WordPress 預設允許使用者無限次數嘗試登入,無論是透過登入頁面或是傳送特殊 cookies 皆可。這讓密...。
  • LoginPress | wp-login Custom Login Page Customizer 》LoginPress 外掛提供了很多自訂欄位,可以更改 WordPress 登入頁面的版面配置。您可以完全修改登入頁面的外觀和感覺,即使是登入錯誤訊息、忘記密碼錯誤訊息...。
  • WPS Limit Login 》繁體中文, 限制通過登錄頁面和使用權限Cookie可能的登錄嘗試次數。, WordPress 默認情況下允許通過登錄頁面或發送特殊 Cookie 的方式進行無限制的登錄嘗試。...。
  • Login Lockdown & Protection 》Login LockDown 記錄每次失敗的登入嘗試的 IP 位址和時間戳記。如果在短時間內來自相同 IP 範圍的嘗試次數超過一定數量,那麼該 IP 位址的所有登入請求都會被...。
  • Custom Login Page Customizer 》Custom Login Page Customizer 外掛可讓您輕鬆地從 WordPress Customizer 自訂您的登入頁面!在儲存之前,您可以預覽自訂的登入頁面變更!太棒了,對吧?, , ...。
  • All In One Login — WordPress Login Security Plugin to Protect and Customize WP Admin 》Change wp-admin login 是一個輕量級的外掛程式,可讓您輕鬆且安全地更改 wp-admin,讓它變成您想要的東西。它不會重新命名或更改核心檔案,只是攔截頁面請求...。
  • WP fail2ban – Advanced Security 》Fail2ban是您可以實施來保護 WordPress 網站的最簡單和最有效的安全措施之一。, WP fail2ban 提供 WordPress 與 fail2ban 之間的連接:, Oct 17 20:59:54 foo...。
  • Theme My Login 》曾經希望您的 WordPress 登入頁面與網站的其餘部分相匹配嗎?現在您的願望成真了!「Theme My Login」讓您可以繞過預設的 WordPress 標誌登入頁面,該頁面與...。
  • Login No Captcha reCAPTCHA 》此外掛新增了 Google 無人類驗證功能的勾選框,可應用於您的 WordPress 和 Woocommerce 登錄、忘記密碼及使用者註冊頁面,讓人類使用者輕鬆透過勾選框登入,...。
  • WP-Members Membership Plugin 》8211; allows you to restrict file downloads to registered users only, with customizable download links., MailChimp Integration – integrates W...。
  • WP Hide & Security Enhancer 》WP-Hide 推出了最簡單的方法,完全隱藏 WordPress 核心文件、登錄頁面、佈景主題和外掛程式的路徑,使其不會顯示在前端,這是 Site Security 的一個巨大改進...。
  • JWT Authentication for WP REST API 》此外掛使用 JSON Web Tokens (JWT) 做為驗證方式,擴充了 WP REST API 。JSON Web Tokens 是一種開放且具有行業標準的方法,用來在兩方之間安全地傳遞聲明。,...。

文章
Filter
Mastodon