WP Ghost Temporary Logins – Create Passwordless WordPress Access
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
Create passwordless, time-limited login URLs for developers, clients, and team members using WP Ghost’s (formerly Hide My WP Ghost) Temporary Logins feature. No passwords shared, no accounts to remember to delete.
When you need to give someone access to your WordPress dashboard, the traditional approach is to create a user account, share the password, and delete the account when the work is done. The problem is that “delete the account later” rarely happens on time. Research shows that 8% of WordPress sites are hacked due to weak or stolen passwords, and dormant admin accounts are one of the most common attack vectors.
WP Ghost’s Temporary Logins feature solves this by generating a unique URL that grants dashboard access with a specific user role. No password is created, no password is shared, and the access expires automatically after the time you set. When the link expires, the account is disabled without any action from you.
This tutorial covers the full WP Ghost > Temporary Logins panel: activation, default settings, creating new temporary logins, and managing existing ones.
Why Temporary Logins Are Safer Than Shared Passwords
Every shared password is a permanent security risk until it is changed. A developer who received your admin password six months ago still has access unless you changed it. Temporary Logins eliminate this entire problem.
| Shared passwords (risky) | Temporary Logins (secure) |
|---|---|
| Password can be reused on other accounts | No password exists to leak or reuse |
| You must remember to delete the account | Access expires automatically |
| One password for everyone | Each person gets a unique, trackable URL |
| No way to revoke access instantly | Click the lock icon to revoke immediately |
| Password saved in browsers and emails | URL is useless after expiration |
Temporary Logins create standard WordPress user accounts with an expiration mechanism managed by WP Ghost. No core files are modified. The login URL is the credential. No one types a password, no password is saved in a browser, and no password can be leaked or reused on other accounts.
How to Set Up Temporary Logins
Activate the Feature
Temporary Logins is not active by default. You need to enable it first.
Go to WP Ghost > Overview > Features. Switch on Temporary Logins in the features list. Click Start Feature Setup to access the settings page.
Once activated, Temporary Logins appears as its own item in the WP Ghost main menu at WP Ghost > Temporary Logins.
Configure Default Settings
Set the defaults that apply to every new temporary login you create. These can be overridden individually when you create each login.
Default User Role – the user role assigned to new temporary accounts. Select from the dropdown (Subscriber, Editor, Administrator, etc.). Use the least-privileged role that accomplishes the task. A developer who needs to edit code needs Administrator. A content editor needs Editor. A client reviewing the site needs Subscriber.
Default Redirect After Login – the page the temporary user sees after logging in. Set this to the Dashboard, a specific admin page, or a frontend page depending on what the user needs to access.
Default Expire Time – how long temporary accounts remain active. The timer starts after the user’s first access on your site.
Delete Temporary Users on Plugin Uninstall – when enabled, WP Ghost automatically deletes all temporary user accounts if you uninstall the plugin. This prevents orphaned accounts from remaining on your site.
Settings you make for individual temporary logins override these defaults
Each temporary login you create can have its own role, redirect, and expiration time. The defaults here are just starting values to save time when creating multiple logins.
Create a Temporary Login
Go to WP Ghost > Temporary Logins and click Add New Temporary Login.
Fill in the details for the new temporary user:
Email (required) – the email address for the temporary user. Each temporary login must have a unique email address.
First Name and Last Name – optional but recommended for tracking who has access.
User Role – the WordPress role assigned to this user. Overrides the default setting.
Redirect After Login – where this user lands after clicking the login URL. Overrides the default setting.
Expire Time – how long before this temporary account is automatically disabled. The timer starts after the user’s first access. Overrides the default setting.
Language – the language the user sees in the WordPress dashboard.
Click Create to save the new temporary login. WP Ghost generates a unique login URL that you can copy and share with the recipient.
Share the URL over a secure channel like encrypted email or a direct message. Do not post it publicly. The URL acts as a credential, so treat it like a password while it is active.
Manage Temporary Logins
All your temporary logins are listed in WP Ghost > Temporary Logins. For each temporary login, WP Ghost shows the user’s name and email, the role assigned to them, the date of their last login, and the expiry duration.
Each temporary login has four management actions available in the Options column:
Copy the Login URL
Click the link icon to copy the temporary login URL to your clipboard. Share this URL with the person who needs access.
Lock or Unlock Access
Click the lock icon to instantly revoke access before the expiration time. The temporary login is disabled immediately. The user cannot log in even if they have the URL. Click the lock icon again to unlock and restore access.
Edit a Temporary Login
Click the edit icon to change the user’s role, redirect page, expiration time, or other details. Click Save User after making your changes.
Delete a Temporary Login
Click the X icon to permanently delete the temporary user account from your WordPress site. This removes the account entirely, not just the access.
Troubleshooting
Temporary Login URL Redirects to the Home Page
This is usually caused by another security plugin deleting the session that WP Ghost created. Clear your cache plugin’s cache, server cache (Varnish, Redis), and CDN cache. Try accessing the URL in a different browser or incognito mode to rule out browser-level caching.
If caching is not the issue, check for plugin conflicts. Create a staging site and test with only WP Ghost active, then enable your other plugins one by one to identify which plugin is interfering with the temporary login session.
Also verify the Redirect After Login setting for the temporary user. Edit the temporary account and try setting it to Dashboard to redirect to the admin dashboard after login.
If you have lost access or something broke, check the emergency disable guide, use the rollback settings, or add a constant in wp-config.php to disable WP Ghost temporarily.
Frequently Asked Questions
Is sharing a temporary login URL secure?
The URL acts as a credential with a built-in expiration. It is more secure than sharing a password because it cannot be reused after expiration, can be revoked instantly with the lock icon, and does not expose any password that could be reused on other accounts. Share it over a secure channel like encrypted email or a direct message rather than posting it publicly.
What happens when a temporary login expires?
The account is disabled automatically. The URL stops working, the user cannot log in, and any active session is ended. The account record stays in your Temporary Logins list so you can see the history, but the user has no access. You can delete the expired account or re-enable it by editing the expiration.
What user role should I assign?
Use the least-privileged role that accomplishes the task. A developer who needs to install plugins or edit code needs Administrator. A content editor needs Editor. A client reviewing the site needs Subscriber or a custom role. Never give Administrator access unless the person specifically needs plugin, theme, or settings access.
Can I create multiple temporary logins at the same time?
Yes. Each temporary login is independent with its own email, role, expiration, and unique URL. You can have as many active temporary logins as you need simultaneously.
Does WP Ghost modify WordPress core files?
No. Temporary Logins creates standard WordPress user accounts with an additional expiration mechanism managed by WP Ghost. No core files are modified. Disabling the feature or uninstalling WP Ghost removes all temporary accounts if the delete-on-uninstall option is enabled.
Related Tutorials
Strengthen your access control and login security:
Two-Factor Authentication – add a second verification step to your login process with code, email, or passkeys.
Brute Force Attack Protection – protect login forms with reCAPTCHA and attempt limits.
Change and Hide the wp-admin Path – move your admin dashboard to a custom URL.
Change and Hide the Login Path – move your login page to a custom URL.
Activate Security Tweaks – configure login redirects and login page design.
Firewall and Geo Security – whitelist your team’s IPs and configure access control.
Website Security Check – run a complete security audit.
