WP Ghost is compatible with all major servers, hosting providers, and WordPress Multisite. There are two hosting environments where some features have limitations.
WordPress.com (Business plan)
Automattic does not allow customization of the wp-admin and wp-login.php paths on WordPress.com. WordPress.com uses Jetpack for login security and blocks changes to the admin and login paths at the server level. WP Ghost cannot override this restriction. However, you can still use WP Ghost on WordPress.com Business to change other paths (wp-content, plugins, themes, uploads, REST API), enable the firewall, activate brute force protection, set security headers, and use 2FA. Only the admin and login path changes are blocked.
Shared or unmanaged Nginx servers
On Nginx servers, WP Ghost generates a hidemywp.conf configuration file that must be included in the Nginx server block and the Nginx service must be restarted. On shared hosting where you don’t have access to the Nginx configuration file, path changes won’t work because Nginx doesn’t support .htaccess-style per-directory config files like Apache does.
To resolve this, either contact your hosting provider and ask them to include the hidemywp.conf file in your site’s Nginx configuration and restart the service, or switch to a hosting plan that provides Nginx config access (VPS, dedicated, or managed WordPress hosting with Nginx support). WP Ghost’s non-path features (firewall, brute force, 2FA, security headers) work on Nginx without config file changes.
For Nginx setup details, see How to Add Code in Nginx Config File. For server-specific configuration, see the Hosting and Server Types guide.