No. When you connect via FTP or your hosting File Manager, your WordPress files and folders look exactly the same as before WP Ghost was installed. The /wp-content/, /wp-includes/, /wp-admin/, and all other default directories stay exactly where WordPress expects them. WP Ghost works entirely through server rewrite rules and WordPress filters, it creates virtual paths that visitors and bots see, without moving, renaming, or modifying a single file on disk. The practical benefit: deactivating WP Ghost restores all default paths instantly, and your WordPress site won’t break if you remove the plugin.
Virtual Paths vs Physical Paths: What Actually Happens
There are two ways to change WordPress paths: physically rename folders on the server (which requires matching code edits and can break things), or create virtual paths through rewrite rules (which only affects what URLs visitors see, without touching the files themselves). WP Ghost uses the second approach exclusively.
| What You See | Via FTP | In Page Source / Browser |
|---|---|---|
| Folder structure | Default WordPress layout (wp-content, wp-includes, wp-admin, etc.) | Your custom paths |
| plugins folder | /wp-content/plugins/ | Your custom path, like /your-name/plugins/ or hidden directory names |
| Deactivate WP Ghost | Nothing changes, files stay put | Default paths restored instantly |
| WordPress core files | Untouched, never modified | URLs rewritten at request time only |
Your FTP file tree is unchanged. Your page source shows custom paths to visitors, bots, and scanners.
Why This Approach Matters
No risk of breaking WordPress. Physical file renames require matching edits in wp-config.php and can conflict with plugins that hardcode default paths. Virtual paths through rewrite rules don’t touch any files, so WordPress continues to find everything exactly where it expects.
Safe to deactivate. If you ever need to disable WP Ghost (for troubleshooting, or if you move hosts), deactivating the plugin removes the rewrite rules and your site returns to default WordPress behavior immediately. No manual cleanup, no “undo” procedure, no data loss.
Full compatibility with your host’s backup and migration tools. Because the file structure is standard, any backup plugin, migration tool, or hosting backup system sees a normal WordPress installation. Restoring a backup doesn’t require any special WP Ghost configuration.
Works with other security plugins and host firewalls. WP Ghost’s rewrite rules operate at the request-handling level, so malware scanners, firewall plugins like Wordfence, and hosting-level security (Cloudflare, host firewalls, etc.) all continue to see and scan the real files at their standard locations.
Where WP Ghost Actually Writes Rules
The rewrite rules go into your server’s configuration file, which depends on your server type:
- Apache, LiteSpeed, and OpenLiteSpeed servers: rules are written to
.htaccess. - Nginx servers: rules are written to a
hidemywp.conffile (requires server-level inclusion, see hosting-specific guides).
These are small text config files that control URL routing, they don’t move or rename any WordPress files. If you deactivate WP Ghost, the rules are removed and routing returns to defaults.
Frequently Asked Questions
Does WP Ghost make my website invisible on FTP?
No. Your WordPress files and folders are visible in FTP exactly as they are on any standard WordPress site. WP Ghost doesn’t hide files from FTP, it creates virtual paths through server rewrite rules so that the URLs visible to visitors, bots, and scanners don’t reveal your WordPress structure. The files themselves stay in place.
Will my site break if I deactivate WP Ghost?
No. Because no files or folders are physically moved or renamed, deactivating WP Ghost removes the rewrite rules and your WordPress site returns to default paths instantly. Everything continues to work normally at the default URLs.
Can my host’s backup system back up my site normally?
Yes. Your host sees a standard WordPress file structure, so any backup plugin or hosting-level backup tool works without special configuration. Restoring from a backup also works normally, the restored WordPress installation will use default paths until WP Ghost is activated again.
Does WP Ghost work with other security plugins like Wordfence?
Yes. WP Ghost is designed to work alongside other security tools like Wordfence, Solid Security, and Sucuri. Because WP Ghost doesn’t alter the files themselves, malware scanners and file integrity monitors continue to see and scan the real WordPress files at their standard locations without any interference.
Where does WP Ghost save its rewrite rules?
On Apache, LiteSpeed, and OpenLiteSpeed servers, the rules are written to .htaccess. On Nginx servers, they’re written to a hidemywp.conf file that must be included in your Nginx configuration by the hosting provider. These are small config files that affect URL routing, not file storage.
Does WP Ghost modify WordPress core files?
No. WP Ghost never modifies, moves, or renames any WordPress core file. All path changes are handled through URL rewrite rules and WordPress filters at runtime. Deactivating WP Ghost removes the rules and restores all default paths instantly.