Configure Plesk so Apache handles all content (instead of Nginx serving static files), then set WP Ghost’s server type to Apache for full .htaccess support. By default, Plesk uses Nginx as a reverse proxy in front of Apache, with Nginx serving static files directly. This setup lets WP Ghost write rewrite rules to .htaccess as it normally would on Apache, but Nginx bypasses .htaccess for static files – which means custom paths for plugins, themes, and uploads won’t work. Switching Plesk to full Apache mode lets WP Ghost’s path security work consistently across all file types.
Plesk uses a hybrid Nginx + Apache setup by default. Nginx handles incoming requests and serves static files (images, CSS, JS) directly for performance, while passing PHP requests to Apache. This is fast, but it creates a problem for path security plugins: .htaccess rewrite rules only apply to requests Apache handles. When Nginx serves static files directly, it bypasses .htaccess entirely. The result: WP Ghost can change wp-login.php and admin paths, but custom paths for /wp-content/plugins/, /wp-content/themes/, and /wp-content/uploads/ won’t be applied to static assets.
The solution is to disable Nginx static file serving so all requests go through Apache, which then processes .htaccess for every request. This costs some performance compared to Nginx-served static files, but ensures complete path security.
Performance trade-off: Apache is slower than Nginx for serving static files. If your site has heavy traffic and many static assets, consider using a caching plugin (WP Rocket, LiteSpeed Cache) or a CDN (Cloudflare, BunnyCDN) to offload static file serving. The CDN serves static files while WP Ghost’s path security still works through Apache.
With these settings, all requests – both static and dynamic – flow through Apache, which processes .htaccess on every request. Nginx still acts as the front-facing reverse proxy but no longer bypasses Apache for any file type.
For the official Plesk documentation on these settings, see Apache and Nginx Settings in Plesk.
After Plesk is configured, tell WP Ghost to use Apache rules instead of Nginx rules.
WP Ghost will now write rewrite rules in Apache .htaccess format and apply them to your WordPress root. Make sure your WordPress directory has AllowOverride All set so Apache processes the .htaccess rules. See Set AllowOverride All on Apache for details.
After completing both steps, verify everything works correctly:
/wp-login.php should return 404./wp-content/plugins/ and /wp-content/themes/.Verify all three Plesk checkboxes are set correctly: Proxy mode ON, Smart static files processing OFF, Serve static files directly by nginx OFF. If any of those is wrong, Nginx will still bypass Apache for some files. Also confirm WP Ghost’s Server type is set to Apache, not Nginx.
This is expected – Apache is slower than Nginx for static files. Mitigate by enabling a caching plugin (WP Rocket, LiteSpeed Cache, W3 Total Cache) or putting your site behind a CDN like Cloudflare or BunnyCDN. The CDN serves static files from edge servers while WP Ghost’s path security still works through Apache for the origin.
Apache must have AllowOverride All set for your WordPress directory. In Plesk, go to Websites & Domains > Apache & nginx Settings > Additional directives for HTTP/HTTPS and add: <Directory /var/www/vhosts/yoursite.com/httpdocs>AllowOverride All</Directory>. Replace the path with your actual document root.
This usually means the uploads path was changed in WP Ghost but Apache isn’t applying the rewrite rule. Double-check that AllowOverride All is enabled, that .htaccess exists in your WordPress root, and that WP Ghost has been re-saved after switching to Apache mode.
Only if you want full path security including plugin paths, theme paths, and uploads paths. If you only need to change the login path and admin path, the default Plesk Nginx+Apache setup works fine. This guide is for users who want WP Ghost’s complete path security to apply consistently across all file types.
It depends on your traffic and asset size. Small sites with caching plugins often see no noticeable difference. High-traffic sites with many images may see slower static file delivery. Adding a CDN (Cloudflare, BunnyCDN, KeyCDN) eliminates the performance difference because the CDN serves static files from the edge instead of your origin server.
Yes. Go back to Websites & Domains > Apache & nginx Settings and re-enable the static file serving options. Then change WP Ghost’s Server type back to Nginx if needed. The change is reversible at any time.
Yes. WP Ghost is fully compatible with WooCommerce on Plesk in Apache mode. Cart, checkout, and product pages all work normally.
No. WP Ghost writes rewrite rules to .htaccess on Apache (a config file, not a core file) and uses WordPress hooks for application-level changes. No core files are modified. Deactivating WP Ghost restores all defaults instantly.
Server configuration for WP Ghost:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…