WP Ghost is compatible with Advanced Access Manager (AAM) with one adjustment. AAM is a user access management plugin that controls backend access rights, restricts content by user role, and protects media files from unauthorized access. AAM’s media file protection uses .htaccess rewrite rules that reference wp-content/uploads. When WP Ghost changes the uploads path, you need to update AAM’s rewrite rules to match. This is a one-time edit.
Why AAM Needs WP Ghost Configuration
AAM’s media file protection feature adds rewrite rules to .htaccess that intercept requests to files in wp-content/uploads. These rules check whether the current user has permission to access the requested file. When WP Ghost changes the uploads path (for example, from wp-content/uploads to storage), AAM’s rules stop matching because they still reference the original path. The fix is to update the path in AAM’s .htaccess rules to match your WP Ghost custom uploads path.
Update the AAM .htaccess Rules
AAM adds the following rewrite rules to your .htaccess file to protect media uploads. You need to change the wp-content/uploads path to match your WP Ghost custom uploads path.
Original AAM rules (default WordPress uploads path):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png|svg|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|xlsx|psd)$
RewriteCond %{REQUEST_URI} wp-content/uploads/(.*)$
RewriteRule . /index.php?aam-media=1 [L]
</IfModule>Updated rules (with your WP Ghost custom uploads path):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|png|svg|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|xlsx|psd)$
RewriteCond %{REQUEST_URI} storage/(.*)$
RewriteRule . /index.php?aam-media=1 [L]
</IfModule>Replace storage with whatever custom uploads path you set in WP Ghost > Change Paths > WP Core Security. For example, if your custom uploads path is media, use media/(.*)$ instead.
To make this change:
- Open your
.htaccessfile via FTP, File Manager, or SSH. - Find the AAM rewrite block (starts with
# BEGIN AAMor the<IfModule mod_rewrite.c>block containingaam-media=1). - Replace
wp-content/uploadswith your custom WP Ghost uploads path. - Save the file.
Important: If you change your WP Ghost uploads path later, you need to update the AAM .htaccess rules again to match. This is a manual step – WP Ghost doesn’t automatically update third-party rewrite rules.
Apache and LiteSpeed only. This .htaccess adjustment only applies to Apache and LiteSpeed servers. Nginx doesn’t use .htaccess files, so AAM’s media protection on Nginx requires a different configuration (check AAM’s documentation for Nginx-specific rules).
Verify the Setup
- Log out of WordPress or open an incognito window.
- Try to access a media file that AAM should be restricting (a file limited to specific user roles).
- Confirm you get a 403 Forbidden or redirect instead of the file content.
- Log in as a user with permission and confirm you can access the same file.
- Check the page source to confirm WP Ghost is still showing custom paths (search for
wp-content/uploads– it should NOT appear).
Troubleshooting
Restricted media files are accessible to everyone
AAM’s rewrite rule isn’t matching your custom uploads path. Open .htaccess and confirm the path in the RewriteCond line matches exactly what WP Ghost is using. Check the exact path at WP Ghost > Change Paths > WP Core Security > Custom uploads Path.
Media files return 404 errors
The AAM rewrite rule may be conflicting with WP Ghost’s rewrite rules. Check the order of rules in .htaccess – the AAM block should be placed after WP Ghost’s rules. Re-save WP Ghost settings to restore the correct rule order if needed.
AAM media protection stopped working after changing WP Ghost paths
You changed your WP Ghost uploads path but didn’t update the AAM .htaccess rules. Open .htaccess, find the AAM block, and update the path to match your new custom uploads path.
Locked out after configuration
Use the Safe URL parameter to bypass WP Ghost temporarily. If that doesn’t work, see the Emergency Disable guide to recover access via FTP.
Frequently Asked Questions
Do other AAM features need adjustments?
No. The only AAM feature that needs adjustment is the media file protection (the .htaccess rewrite rules for uploads). AAM’s user role management, content access control, backend restrictions, and other features work with WP Ghost without any changes.
Will WP Ghost update the AAM rules automatically?
No. WP Ghost only manages its own rewrite rules. Third-party plugin rules in .htaccess need to be updated manually when you change WP Ghost paths. This is a one-time adjustment unless you change your uploads path later.
Does WP Ghost modify WordPress core files?
No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks for application-level changes. No core files are modified.
Related Tutorials
WP Ghost path configuration and compatibility:
- WP Ghost and Really Simple SSL – Another .htaccess rule order compatibility guide.
- Change .htaccess to Read Only – Lock .htaccess after configuring both plugins.
- Compatible Plugins List – All plugins tested with WP Ghost.
- Emergency Disable – Recovery via FTP if needed.