The landing page uses the actual plugin interface as the product signal: light cards, clean labels, and the same blue-violet control language used in WordPress admin.
Security without noise
Hide your WordPress admin in plain sight.
GhostAdmin removes the obvious WordPress footprint bots look for. Replace /wp-login.php with your own slug, return stealth 404s on default admin paths, and block high-signal files before scanners learn anything useful.
Set a private URL like /ghost-panel/ and keep the standard WordPress login route out of sight.
Unauthenticated requests to /wp-admin/ or /wp-login.php can return a normal 404 page.
Default admin routes can disappear into a normal not-found response instead of advertising a login form.
External HTTP requests, trackers, analytics beacons, or third-party dependencies in the plugin itself.
Hardening layers in one screen: custom slug, default URL block, file block, XML-RPC block, and IP whitelist.
Open source code with a direct GitHub repository and a lightweight install path for self-hosted WordPress.
What it does
Three core moves, one quiet admin surface.
The plugin is narrow by design: remove the obvious admin entry points, return less information to unauthenticated requests, and keep legitimate admin traffic working.
Custom admin URL
Replace the standard login path with a slug you control, like /ghost-panel/, while logged-in administrators continue moving through WordPress normally.
Stealth 404 blocking
Unauthenticated requests to /wp-login.php and /wp-admin/ can return a real 404 page, so scanners learn no more than they would from any missing URL.
Direct file and folder blocking
Block direct access to XML-RPC, sensitive files like readme.html and wp-config-sample.php, and directory listing paths that expose stack details.
Inside the plugin
Built to feel native inside WordPress, not like a bolted-on security suite.
Your plugin already has a distinct light admin system. The landing page now mirrors that exact visual language instead of fighting it with an unrelated dark style.
One clean control surface
The plugin keeps everything in a single admin page: slug setup, default path blocking, file blocking, stealth mode, and whitelist rules.
1
settings page
5
hardening layers
0
external calls
Purpose-built for WordPress admins
The page is tight, readable, and operational. You can see the login slug, toggle protections individually, and keep recovery paths obvious.
Strong visual hierarchy that matches the shipped admin CSS.
Safety notice for logged-in admins and visible login URL preview.
Toggle-by-toggle explanations for each security decision.
Actual before and after
The result is easy to explain visually: your private login stays available on the custom slug, while the default WordPress admin path stops exposing the usual entry point.
Custom login
Blocked default path
How it works
Set a slug, block the defaults, keep the valid traffic alive.
The product story should stay concrete. The page now walks through the exact admin workflow and the requests GhostAdmin is designed to intercept.
Choose your private path
Define a custom login slug in the GhostAdmin settings page. The UI previews the base site URL so the final path is obvious before saving.
/ghost-panel/Turn on the blocks you need
Enable default URL blocking, sensitive file blocking, XML-RPC blocking, and stealth mode. Each option is isolated so the site owner can tune the hardening level.
404 for /wp-admin/Whitelist trusted sources
Office IPs or CIDR ranges bypass GhostAdmin restrictions. That is useful for teams, controlled infra, and recovery-safe admin access.
10.0.0.0/8
Safety guarantees
Hardening without locking yourself out.
GhostAdmin is opinionated about what should never break. That is a stronger pitch than generic security claims, so the page now surfaces it clearly.
Logged-in administrators are never blocked
Admin bypass is explicit, so site owners can test settings safely while still authenticated.
admin-ajax.php remains exempt
WooCommerce, forms, and front-end AJAX flows keep working because the plugin avoids blocking those request paths.
Recovery path stays simple
If you forget the slug, rename the plugin folder temporarily through FTP or your host file manager to restore the default login URL.
Quiet by default
GhostAdmin is not trying to be a full firewall. The value is that it removes the easiest WordPress admin fingerprints and does it with minimal surface area.
No analytics, no phone-home behavior, no remote dependencies.
Compatible positioning for WooCommerce checkout and common AJAX-driven plugins.
Lightweight admin configuration with clear copy pulled from the plugin itself.
Fast setup for self-hosted WordPress.
The install section is now explicit and product-specific instead of a generic CTA block.
1
Download the plugin zip
Use the packaged archive included beside this landing page or clone the public repository.
2
Upload in WordPress
Go to Plugins, choose Add Plugin, upload the zip, then activate GhostAdmin.
3
Set your custom slug first
Define the private login path before turning on default URL blocking, then save the settings.
Compatibility notes
GhostAdmin is a hardening layer. It works best alongside normal WordPress operational discipline: keep backups, use strong credentials, and pair it with broader server or firewall protections when needed.
WooCommerce-safe
AJAX-safe
Open source
Light admin UI
No telemetry
GhostAdmin 1.0.0
Make the admin URL harder to find before the bots start looking.
Download the zip, activate the plugin, set your private slug, and remove the default WordPress admin trail from unauthenticated traffic.