Does WP Ghost Write Code into PHP Files?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

No. WP Ghost does not write code into any PHP files. It never modifies, edits, or injects anything into WordPress core files, theme files, or plugin files. All path changes and security features work through server rewrite rules and WordPress runtime filters. Deactivating WP Ghost rolls back everything instantly.

How Does WP Ghost Change Paths Without Modifying PHP Files?

WP Ghost uses two mechanisms to change your WordPress paths, and neither one touches your PHP files.

The first is server rewrite rules. On Apache and LiteSpeed servers, WP Ghost writes URL rewrite rules to the .htaccess file. This is a server configuration file, not a PHP file. It tells the web server how to route requests from the new custom paths to the original file locations. On Nginx servers, WP Ghost generates a hidemywp.conf file that you (or your host) include in the Nginx configuration. On Windows IIS servers, WP Ghost provides rules for the web.config file.

The second is WordPress runtime filters. WP Ghost hooks into WordPress using standard WordPress filters and actions. These are the same hooks that every WordPress plugin uses. They modify the HTML output as WordPress generates pages, changing path references in the source code on the fly. The actual files on disk are never touched.

What Files Does WP Ghost Actually Write To?

WP Ghost writes to exactly two types of files, neither of which are PHP core files:

Server configuration files: .htaccess on Apache/LiteSpeed, hidemywp.conf for Nginx inclusion, or web.config on Windows IIS. These contain URL rewrite rules that the web server processes. WordPress itself uses .htaccess for permalink rules, and WP Ghost follows the same pattern.

Plugin settings in the WordPress database: All of WP Ghost’s configuration (custom paths, firewall settings, mapping rules, etc.) is stored in the WordPress options table, just like any other plugin’s settings.

No PHP files are ever modified. Your wp-config.php, wp-settings.php, wp-load.php, theme functions.php, and plugin files all remain exactly as they were before WP Ghost was installed.

What Happens When I Deactivate WP Ghost?

Everything reverts instantly. WP Ghost removes its rewrite rules from .htaccess (or the equivalent config file) and stops processing WordPress filters. Your site returns to its exact state before WP Ghost was installed. All default WordPress paths (/wp-admin, /wp-login.php, /wp-content/, /wp-includes/) become active again. No cleanup needed, no leftover code, no orphaned files.

If you delete the plugin entirely, even the database settings are cleaned up. Your site is completely as if WP Ghost was never there.

Does WP Ghost Affect My File Structure on FTP?

No. If you connect to your site via FTP or a hosting file manager, you’ll see the standard WordPress directory structure exactly as it was before WP Ghost: /wp-admin/, /wp-content/, /wp-includes/, and all plugin and theme folders in their original locations with their original names. WP Ghost creates virtual paths through URL rewriting, not physical file changes. The files stay where WordPress put them.

Frequently Asked Questions

Does WP Ghost write to .htaccess? Is that safe?

Yes, WP Ghost writes rewrite rules to .htaccess on Apache and LiteSpeed servers. This is the standard, expected way to handle URL rewriting in WordPress. WordPress core itself writes to .htaccess for permalink rules. WP Ghost follows the same pattern. All rules are placed between #BEGIN HMWP_RULES and #END HMWP_RULES markers and are removed cleanly on deactivation.

Will WP Ghost leave behind any code if I uninstall it?

No. Deactivating removes the rewrite rules from your server config file. Deleting the plugin removes the database settings as well. Your site returns to its exact pre-installation state with no leftover code, no orphaned database entries, and no modified files.

Can WP Ghost break my site if something goes wrong?

Because WP Ghost doesn’t modify PHP files, any issue is fully reversible. If something stops working, you can use the emergency disable method (rename the plugin folder via FTP) to instantly restore all defaults. No file repair or code cleanup is ever needed.

Is this different from other security plugins that modify files?

Some security plugins do modify PHP files (for example, inserting code into wp-config.php or creating .user.ini directives). WP Ghost takes a non-invasive approach. All changes happen at the server config level (.htaccess) and the WordPress filter level (runtime hooks). This means fewer compatibility issues, easier troubleshooting, and a clean uninstall.

Does WP Ghost modify WordPress core files?

No. WP Ghost never modifies, moves, or renames any WordPress core file, theme file, or plugin file. All path changes use server rewrite rules and WordPress filters at runtime. Deactivating the plugin restores all default WordPress paths instantly.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.