How to Set Up WP Ghost on WP Engine Hosting – Step-by-Step Guide

WP Ghost is fully compatible with WP Engine hosting. Configure Safe Mode or Ghost Mode in WP Ghost, then add the generated redirect rules to WP Engine’s Redirect Rules panel to activate path security.

Why WP Engine Requires Extra Setup

WP Engine is a managed WordPress hosting provider that runs on a custom Nginx-based server stack. Unlike standard Apache hosts where WP Ghost writes rewrite rules directly to .htaccess, WP Engine does not allow direct .htaccess modifications for redirects. Instead, WP Engine provides its own Redirect Rules panel in the User Portal.

After you configure your custom paths in WP Ghost, you need to copy the generated redirect rules into WP Engine’s Redirect Rules tool so the server knows how to route requests to your new paths. The process takes about 5 to 10 minutes depending on how many paths you customize.

Why Paths Security Matters

Every WordPress site uses the same default paths: /wp-admin, /wp-login.php, /wp-content/plugins/, /wp-content/themes/. Even on a premium managed host like WP Engine, these paths are still exposed to automated bot scans. WP Engine provides excellent server-level security, but it does not change or secure your WordPress paths. That is where WP Ghost adds a critical layer of hack prevention.

Step-by-Step Setup on WP Engine

Step 1 – Install and Configure WP Ghost

1. Install and activate WP Ghost on your WordPress site hosted on WP Engine. If you need help with installation, see the Install WP Ghost guide.

2. Go to WP Ghost > Change Paths.

3. Select Safe Mode (recommended for first-time setup) or Ghost Mode (maximum security, Premium only).

4. Scroll down and customize the paths to your preferences. You can change the admin path, login path, plugins path, themes path, uploads path, REST API path, and more.

5. Click Save.

Step 2 – Copy the Redirect Rules

6. After saving, WP Ghost detects that you are on WP Engine and displays the redirect rules you need to add. Copy these rules. You will paste them into WP Engine’s portal in the next step.

Important: Do not log out of your WordPress dashboard until all redirect rules are active in WP Engine. If you log out before the redirects are working, you may not be able to access your new custom login path.

Step 3 – Add Redirect Rules in WP Engine

7. Log into the WP Engine User Portal.

8. Select the environment (Production, Staging, or Development) you want to configure.

9. If you are redirecting for a specific domain, make sure that domain is mapped to the same environment.

10. Click on Redirect Rules in the environment settings.

11. Click New Redirect Rule.

12. For each rule, enter the old URL and the new destination URL. Choose the redirect type according to the rules WP Ghost provided.

13. Click Save or Add another to continue adding rules until all WP Ghost redirects are configured.

Step 4 – Clear Cache and Verify

14. Clear the WP Engine cache from the WordPress admin bar or from the WP Engine User Portal. If you have additional cache plugins installed, clear those caches too.

15. Click the Frontend Login Test button in WP Ghost to verify your new login path loads correctly. You can also test by opening your site in an incognito browser window and navigating to your custom login URL.

16. If everything works, click “Yes, it’s working” to confirm. If something is wrong, click “No, abort” to roll back to your previous settings instantly.

For the full WP Engine redirect documentation, visit: WP Engine Redirect Rules Support.

Troubleshooting

Login page does not load after adding redirects. WP Engine may take a few minutes to process new redirect rules. Wait 2 to 3 minutes and try again. Also confirm you cleared the WP Engine cache.

Old paths still accessible. This usually means the WP Engine cache is serving old pages. Clear the cache from the WP Engine portal and test in an incognito window.

Locked out completely. If you can not access your dashboard, add define('HMWP_DISABLE', true); to your wp-config.php file via sFTP. This disables WP Ghost temporarily so you can log in and reconfigure. See the full emergency disable guide for more options.

WP Engine staging environment. If you set up WP Ghost on your production site and then push a staging copy to production, the redirect rules in the WP Engine portal will need to match your WP Ghost settings. Always verify redirects after any environment push.

Frequently Asked Questions

Why does WP Engine need redirect rules when other hosts do not?

WP Engine runs on a custom Nginx-based stack and does not support .htaccess-based redirects for path changes. On standard Apache hosts, WP Ghost writes rewrite rules to .htaccess automatically. On WP Engine, you use their built-in Redirect Rules panel instead. The security result is the same.

Can I use Ghost Mode on WP Engine?

Yes. Ghost Mode works on WP Engine. You will have more redirect rules to add compared to Safe Mode, but the setup process is the same. Ghost Mode is a Premium feature that applies the maximum security configuration.

Do I need to update the WP Engine redirects when I change WP Ghost settings?

Only if you change paths that affect the redirect rules (login path, admin path, plugin paths, etc.). Changing settings like firewall level, brute force protection, 2FA, or security headers does not require redirect updates.

Does WP Ghost work with WP Engine’s built-in security?

Yes. WP Engine provides server-level security (DDoS protection, SSL, managed updates, and their own firewall). WP Ghost adds a different layer: path security, WordPress-specific firewall rules, brute force protection, and 2FA. They complement each other well and do not conflict.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses server rewrite rules and WordPress hooks. No core files are moved, renamed, or modified. Deactivating the plugin restores all default paths instantly.