Does WP Ghost Work on Shared Hosting Plans?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost works on shared hosting plans. On Apache and LiteSpeed shared hosting (the most common types), it works out of the box with no extra configuration. On Nginx shared hosting, you may need your host to include one config file, or you can use WP Ghost’s features that don’t require server config changes. Here’s how it works on each server type.

Does WP Ghost Work on Apache Shared Hosting?

Yes, and this is where WP Ghost works most seamlessly. Apache is the most common server on shared hosting plans (Bluehost, GoDaddy shared, InMotion, HostGator, and many others). WP Ghost writes rewrite rules to the .htaccess file automatically. No server config access is needed. Just install the plugin, select a security level, save, and your paths are changed instantly.

The only requirement on Apache is that AllowOverride All is enabled for your directory, which it is on most shared hosting by default. If it’s not, see the AllowOverride setup guide.

Does WP Ghost Work on LiteSpeed Shared Hosting?

Yes. LiteSpeed reads .htaccess rules with its own engine, so WP Ghost works the same way as on Apache. Popular LiteSpeed shared hosts like Cloudways, A2 Hosting, and many cPanel-based providers work with WP Ghost without any extra steps. Install, configure, and save.

Does WP Ghost Work on Nginx Shared Hosting?

It depends on what level of access your host provides. Nginx doesn’t read .htaccess files, so WP Ghost’s path rewrite rules need to be added to the Nginx configuration file instead. There are two paths forward:

If your host gives you access to nginx.conf (or a hosting panel that lets you add custom Nginx rules): WP Ghost generates a hidemywp.conf file with all the rewrite rules. You add one include line to your Nginx config, restart the service, and everything works. For the full walkthrough, see the Nginx setup guide.

If you don’t have Nginx config access (common on managed and shared Nginx hosting): Contact your host’s support team and ask them to add the hidemywp.conf include for you. Alternatively, use WP Ghost’s features that work without server config changes. Custom login paths, brute force protection, the 8G firewall, two-factor authentication, security headers, and version hiding all run through WordPress hooks and work on any server without config access.

WP Ghost includes a Minimal (No Config Rewrites) preset for exactly this situation. For the complete guide, see using WP Ghost on Nginx without config changes.

How Do I Know What Server Type My Shared Hosting Uses?

If you’re not sure whether your hosting runs Apache, LiteSpeed, or Nginx, go to Tools > Site Health > Info > Server in your WordPress dashboard. The “Web server” field shows your server software. You can also check your hosting panel (cPanel, Plesk, hPanel), which usually displays the server type on the main page, or simply ask your hosting provider’s support team.

Quick reference for common shared hosts: Bluehost uses Apache, GoDaddy shared uses Apache, InMotion uses Apache, HostGator uses Apache, SiteGround uses Nginx, A2 Hosting uses LiteSpeed, and Cloudways varies by stack choice.

Frequently Asked Questions

Will WP Ghost slow down my shared hosting site?

No. On Apache and LiteSpeed, the rewrite rules are processed by the web server before PHP loads, adding virtually zero overhead. WP Ghost can actually reduce server load on shared hosting by blocking malicious bot traffic before it consumes your limited resources. With a caching plugin active, there’s no measurable impact on page speed.

Does WP Ghost work on free hosting plans?

If the free plan runs Apache or LiteSpeed and supports WordPress, WP Ghost should work. However, some free hosts restrict .htaccess modifications or don’t allow custom plugins. Check whether your free host supports .htaccess rewrite rules and allows plugin installations before installing WP Ghost.

Can I use the full path-hiding features on Nginx shared hosting?

Only if you or your host can add the hidemywp.conf include to the Nginx configuration. Without that, you’re limited to features that work through WordPress hooks (custom login paths, brute force, firewall, 2FA, security headers). These still provide strong protection against the most common attack vectors.

Does this work with WooCommerce on shared hosting?

Yes. WP Ghost is fully compatible with WooCommerce on all server types. Cart, checkout, product pages, and customer accounts work normally on Apache, LiteSpeed, and Nginx shared hosting alike.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses server rewrite rules (.htaccess on Apache/LiteSpeed, hidemywp.conf for Nginx) and WordPress filters. No core files, theme files, or plugin files are modified. Deactivating restores all defaults instantly.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.