In most cases, no. WP Ghost writes its rewrite rules automatically when the .htaccess file is writable by the web server. You save your settings in WP Ghost > Change Paths, and WP Ghost updates .htaccess itself, no manual editing required. You only need to write code manually if .htaccess isn’t writable (because of strict file permissions or hosting restrictions). In that case, WP Ghost shows you the exact rules to copy in the WP Ghost > Change Paths notification bar, and you paste them into .htaccess using FTP, your hosting File Manager, or a WordPress plugin like Htaccess File Editor – Safely Edit Htaccess File. Note: this applies to Apache and LiteSpeed servers. Nginx uses hidemywp.conf instead, and Windows IIS uses web.config, both typically require hosting-provider assistance.
When You Don’t Need to Edit .htaccess Manually
On a standard Apache or LiteSpeed installation with default file permissions (644 for .htaccess), WP Ghost handles everything automatically. When you save settings in WP Ghost > Change Paths, WP Ghost writes the necessary rewrite rules to .htaccess on your behalf. You never see or touch the file.
This is the default experience for the vast majority of users on shared hosting, VPS hosting, and most managed WordPress hosts running Apache or LiteSpeed.
When You Need to Write the Rules Manually
If WP Ghost shows a notification saying “.htaccess not writable” or similar, it means the file has permissions set in a way that prevents WP Ghost’s PHP process from writing to it. This can happen in a few specific scenarios:
- You’ve intentionally set
.htaccessto read-only (444) as a security hardening step to prevent attackers from modifying it. - Your hosting provider locks down
.htaccesspermissions by default for security reasons. - File ownership mismatch between the web server user and the file owner, the PHP process can’t modify files it doesn’t own.
In these cases, you have three options: temporarily change permissions to save WP Ghost settings, paste the rules manually, or use a plugin.
Three Ways to Handle Non-Writable .htaccess
Option 1: Temporarily Change Permissions to 644
This is the KB-recommended approach if you’ve intentionally set .htaccess to read-only. Before making changes to WP Ghost settings (changing paths, switching modes, etc.), temporarily revert the permissions to 644 with chmod 644 .htaccess or via FTP/cPanel. After saving your WP Ghost changes, set it back to 444. This is documented in the Change .htaccess Permission to Read Only guide.
Option 2: Copy the Rules Manually
If you can’t or don’t want to change file permissions:
- In WP Ghost, go to Change Paths and save your settings. A notification bar appears with the exact rewrite rules WP Ghost needs.
- Copy the rules from the notification.
- Access
.htaccessvia FTP (FileZilla, Cyberduck), cPanel File Manager, or SSH. - Paste the rules into
.htaccess(at the top of the file, above the# BEGIN WordPressblock). - Save the file and reload your site to test.
Option 3: Use a WordPress Plugin to Edit .htaccess
If you don’t have server access, the Htaccess File Editor – Safely Edit Htaccess File plugin on wordpress.org lets you edit .htaccess from the WordPress admin. Install it, paste the WP Ghost rules, save, and then remove the plugin once you’re done configuring WP Ghost if you don’t need ongoing access.
Other Server Types: Nginx and IIS
The .htaccess file is specific to Apache and LiteSpeed servers. Other server types work differently:
| Server | Config File | Does WP Ghost Write Automatically? |
|---|---|---|
| Apache, LiteSpeed, OpenLiteSpeed | .htaccess | Yes, if writable |
| Nginx | hidemywp.conf | No, requires your host to include it in Nginx config |
| Windows IIS | web.config | On most IIS configurations, no, rules must be copied manually |
For Nginx, the setup involves downloading the hidemywp.conf file from your WordPress root directory and asking your hosting provider to add it to the Nginx configuration. For Windows IIS, see Setup WP Ghost on Windows IIS Server. For all supported server types, see the Hosting and Server Types overview.
Frequently Asked Questions
Do I have to write code in .htaccess for WP Ghost?
Not usually. On Apache and LiteSpeed servers with default file permissions, WP Ghost writes the necessary rewrite rules to .htaccess automatically when you save your settings. You only need to paste the rules manually if .htaccess isn’t writable by WP Ghost, typically because of strict permissions (like 444) or hosting restrictions.
Why isn’t my .htaccess writable?
Common reasons: you or your host set the file to read-only (444) for security, the file ownership doesn’t match the web server user, or your hosting provider restricts .htaccess modifications. Check the KB guide Make Sure .htaccess is Working with AllowOverride All for Apache configuration requirements.
Where do I paste the WP Ghost rules in .htaccess?
WP Ghost’s rules should go at the top of the file, above the # BEGIN WordPress and # END WordPress block. WP Ghost writes them this way automatically when it has write access. If you later add or change WP Ghost settings, you’ll need to update the rules each time, or see WP Ghost > Advanced > Compatibility > Add Rewrites in WordPress Rules Section for an alternate placement inside the WordPress block.
Can I use a plugin instead of FTP to edit .htaccess?
Yes. The Htaccess File Editor plugin on wordpress.org lets you edit .htaccess from the WordPress admin without needing FTP access. Install it, paste the WP Ghost rules into your .htaccess, and save. You can remove the Htaccess File Editor plugin after you’re done configuring WP Ghost if you don’t need ongoing access to the file.
What if I’m on Nginx instead of Apache?
Nginx doesn’t use .htaccess. Instead, WP Ghost generates a hidemywp.conf file in your WordPress root directory that your hosting provider needs to include in the Nginx server configuration. This typically requires contacting support on managed hosts like Kinsta, WP Engine, or WPMUDEV. See the Hosting and Server Types guide for host-specific instructions.
Do I need to update .htaccess every time I change WP Ghost settings?
Only if you change path-related settings (custom admin path, login path, wp-content path, etc.), since those affect the rewrite rules. Non-path settings like firewall options, brute force protection, and 2FA don’t require .htaccess updates. If .htaccess is writable, WP Ghost updates it automatically every time paths change.
Does WP Ghost modify WordPress core files?
No. .htaccess is part of your site’s server configuration, not a WordPress core file. WP Ghost writes rewrite rules to .htaccess (or hidemywp.conf on Nginx, or web.config on IIS), but never modifies WordPress core files. Deactivating WP Ghost removes its rules from .htaccess automatically.