What if I don't have shell access to Nginx?

Ask your hosting provider to add the include line, or use the Minimal preset for features that work without config changes: custom login paths, brute force, firewall, 2FA, security headers, and version hiding.

Do I need to reload Nginx every time I save settings?

Yes. Nginx loads config at startup. Changes require a reload: sudo nginx -s reload. This applies new rules without dropping active connections.

Does WP Ghost support all features on Nginx?

With the config include: yes, all features. Without it: features using WordPress hooks (login, firewall, brute force, 2FA, headers) work. Features using rewrite rules (path renaming) don't.

Can I use a custom location for hidemywp.conf?

Yes. Use the hmwp_config_file filter in wp-config.php to point to any writable path. Update the Nginx include directive to match.

Does WP Ghost Hide wp-admin on Nginx Servers?

Q: Does WP Ghost hide wp-admin on Nginx servers?

Yes. WP Ghost generates a hidemywp.conf file with rewrite rules. Add one include line to your Nginx server block and reload. After that, WP Ghost manages the rules automatically. Shell access is required for the initial setup.

Q: Does this work with WooCommerce on Nginx?

Yes. Fully compatible. Cart, checkout, products, and customer accounts work normally with custom paths and firewall on Nginx.

Q: Does WP Ghost modify WordPress core files?

No. WP Ghost generates a separate hidemywp.conf and uses WordPress hooks. No core files modified. Deactivating restores all defaults.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Yes. WP Ghost can hide and customize the wp-admin path on Nginx servers. The full path-hiding features (Safe Mode and Ghost Mode) require shell access to add one include line to your Nginx configuration and reload the service. If you don’t have shell access, WP Ghost still provides custom login paths, brute force protection, firewall, 2FA, and other features that work without config changes.

How Does WP Ghost Work on Nginx for wp-admin Hiding?

On Apache and LiteSpeed servers, WP Ghost writes rewrite rules to .htaccess automatically. Nginx doesn’t read .htaccess files, so WP Ghost generates a separate hidemywp.conf file containing all the rewrite rules for your custom paths. You add one include line to your Nginx server block and reload the service. After that one-time setup, WP Ghost updates the conf file automatically every time you save settings. You just need to reload Nginx after each change.

The include line looks like this inside your Nginx server block:

include /path/to/wordpress/hidemywp.conf;

After adding the line, reload Nginx:

sudo nginx -s reload

For the complete Nginx setup walkthrough, see the setup WP Ghost on Nginx guide.

What If I Don’t Have Shell Access to My Nginx Server?

If you’re on managed Nginx hosting (Kinsta, WP Engine, Flywheel, Cloudways, or similar) where you can’t edit the Nginx configuration or restart the service, you have two options.

Option 1: Ask your hosting provider. Contact support and ask them to add the include /path/to/wordpress/hidemywp.conf; line to your Nginx server block and reload the service. Many providers will do this for you. After that, WP Ghost manages the rules automatically.

Option 2: Use WP Ghost without config changes. Load the Minimal (No Config Rewrites) preset in WP Ghost > Change Paths. This gives you custom login paths, brute force protection, the 8G firewall, two-factor authentication, security headers, and version hiding, all without needing any server configuration. You won’t get the full path-hiding features (renaming wp-admin, wp-content, plugins, themes), but the login and security features still provide strong protection. For the full guide, see using WP Ghost on Nginx without config changes.

Do I Need to Reload Nginx Every Time I Save WP Ghost Settings?

Yes. Unlike Apache, which re-reads .htaccess on every request, Nginx loads its configuration at startup and keeps it in memory. Any change to the rewrite rules requires a reload to take effect. After saving WP Ghost settings, run sudo nginx -s reload (or sudo systemctl reload nginx on systemd-based servers). This applies new rules without dropping active connections.

Frequently Asked Questions

Does WP Ghost support all Nginx features or just some?

With the Nginx config include in place, WP Ghost supports all features: full path hiding (wp-admin, wp-login, wp-content, plugins, themes, uploads, REST API), firewall, brute force, 2FA, security headers, and everything else. Without the config include, features that rely on URL rewrite rules (path renaming) don’t work, but all WordPress-hook-based features (custom login, firewall, brute force, 2FA, headers) still function normally.

Can I use a custom location for the hidemywp.conf file?

Yes. By default WP Ghost writes hidemywp.conf to the WordPress root. If your root directory isn’t writable by PHP, you can relocate it to wp-content/ or any other writable path using the hmwp_config_file filter in wp-config.php. Update the include directive in your Nginx config to match. For details, see the custom Nginx config file guide.

Does this work with WooCommerce on Nginx?

Yes. WP Ghost is fully compatible with WooCommerce on Nginx. Cart, checkout, product pages, and customer accounts all work normally with custom paths and firewall protection enabled.

Does WP Ghost modify WordPress core files?

No. WP Ghost generates a separate hidemywp.conf file and uses WordPress hooks for application-level changes. No core files are modified. Deactivating WP Ghost restores all defaults instantly. The Nginx config include line remains but points to an empty or removed file, causing no issues.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.