How to Configure WP Ghost with Advanced Access Manager (AAM)
June 17, 2019
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
WP Ghost (formerly Hide My WP Ghost) is compatible with Advanced Access Manager (AAM) with one adjustment. AAM’s media file protection uses .htaccess rewrite rules that reference wp-content/uploads. When WP Ghost changes the uploads path, update AAM’s rules to match. One-time edit, takes under a minute.
Why AAM Needs This Adjustment
Advanced Access Manager controls user access rights and can restrict media file downloads by user role. It does this by adding rewrite rules to .htaccess that intercept requests to files in wp-content/uploads and check user permissions before serving the file.
When WP Ghost changes the uploads path (e.g., from wp-content/uploads to “storage”), AAM’s rules stop matching because they still reference the original path. The fix is to update the path in AAM’s .htaccess rules to match your WP Ghost custom uploads path.
Update the AAM .htaccess Rules
AAM adds the following rewrite rules to your .htaccess file. Find the block containing aam-media=1 and replace wp-content/uploads with your WP Ghost custom uploads path.
Original AAM rules (default WordPress uploads path):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png|svg|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|xlsx|psd)$
RewriteCond %{REQUEST_URI} wp-content/uploads/(.*)$
RewriteRule . /index.php?aam-media=1 [L]
</IfModule>Updated rules (with your WP Ghost custom uploads path):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png|svg|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|xlsx|psd)$
RewriteCond %{REQUEST_URI} storage/(.*)$
RewriteRule . /index.php?aam-media=1 [L]
</IfModule>Replace storage with whatever custom uploads path you set in WP Ghost > Change Paths > WP Core Security. For example, if your custom uploads path is “media”, use media/(.*)$ instead.
To make this change: open your .htaccess file via FTP, File Manager, or SSH. Find the AAM rewrite block (look for the line containing aam-media=1). Replace wp-content/uploads with your custom path. Save the file.
Manual update required
If you change your WP Ghost uploads path later, you need to update the AAM .htaccess rules again to match. WP Ghost does not automatically update third-party plugin rewrite rules. This applies to Apache and LiteSpeed servers only. Nginx does not use .htaccess files.
Verify the Setup
After updating the .htaccess rules, verify that both plugins are working together:
Log out of WordPress or open an incognito window. Try to access a media file that AAM should be restricting. Confirm you get a 403 Forbidden or redirect instead of the file content. Log in as a user with permission and confirm you can access the same file. Check the page source to confirm WP Ghost is still showing custom paths (search for “wp-content/uploads” – it should not appear).
Troubleshooting
Restricted media files are accessible to everyone
AAM’s rewrite rule is not matching your custom uploads path. Open .htaccess and confirm the path in the RewriteCond line matches exactly what WP Ghost is using. Check for typos, trailing slashes, or case sensitivity issues.
Media files return 404 errors
The custom path in the AAM rule does not match the actual path WP Ghost created. Go to WP Ghost > Change Paths > WP Core Security and note the exact custom uploads path. Update the AAM .htaccess rule to match exactly.
AAM media protection stopped working after changing WP Ghost paths
You changed the WP Ghost uploads path but forgot to update AAM’s .htaccess rules. Every time you change the uploads path in WP Ghost, repeat the .htaccess update for AAM.
Frequently Asked Questions
Do other AAM features need adjustments besides media protection?
No. Only AAM’s media file protection uses .htaccess rewrite rules that reference wp-content/uploads. Other AAM features (role management, content access, backend restrictions, API access control) work through WordPress hooks and are unaffected by WP Ghost’s path changes.
Will WP Ghost update the AAM rules automatically?
No. WP Ghost only manages its own rewrite rules. Third-party plugin rules need to be updated manually when you change WP Ghost paths. This is a one-time adjustment unless you change your uploads path later.
What if my server runs Nginx instead of Apache?
This .htaccess adjustment only applies to Apache and LiteSpeed servers. Nginx does not use .htaccess files, so AAM’s media protection on Nginx requires a different configuration. Check AAM’s documentation for Nginx-specific rules and use WP Ghost’s Nginx setup guide for path configuration.
Can I use AAM to restrict access to the WP Ghost settings page?
Yes. AAM can restrict which admin roles see the WP Ghost menu. This is useful on multisite or multi-admin sites where you want only the primary administrator to manage security settings.
Does WP Ghost modify WordPress core files?
No. WP Ghost writes rewrite rules to .htaccess and uses WordPress hooks. No core files are modified. Both WP Ghost and AAM operate through standard WordPress mechanisms.
Related Tutorials
Change the wp-content/uploads Path – set the custom uploads path that AAM rules need to reference.
Compatibility Plugins List – confirmed compatible plugins and themes.
Customize All WordPress Paths – full path-changing guide.
Nginx Server Setup – server configuration for Nginx-based deployments.
Website Security Check – verify your overall configuration.
