I forgot my custom login URL. How do I recover access?

Check your WP Ghost Dashboard for the saved login URL. Use the Safe URL parameter to bypass path changes. Disable WP Ghost via FTP by renaming the plugin folder. Or add define('HMWP_DISABLE', true) to wp-config.php. All methods restore default login access.

I Forgot My Custom Login URL in WP Ghost. How Do I Recover?

Q: Can I find my custom login URL in the database?

Yes. Settings are stored in the hmwp_options entry in the WordPress options table. Access through phpMyAdmin as a last resort. Try FTP or wp-config.php methods first.

Q: How do I find my Safe URL if I never saved it?

You cannot retrieve it without dashboard access. Use FTP folder rename or wp-config.php constant to regain access, then find the Safe URL in WP Ghost > Advanced > Rollback Settings.

Q: Does WP Ghost modify WordPress core files?

No. All recovery methods work because WP Ghost uses runtime rewrite rules. Deactivating instantly restores all default paths.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

You have several ways to recover access. Check your WP Ghost Dashboard for the saved login URL and Safe URL. If you don’t have dashboard access, use the Safe URL parameter, disable WP Ghost via FTP, or add a constant to wp-config.php. You are never permanently locked out. Here is each method in order.

Method 1: Check Your WP Ghost Dashboard

If you have a WP Ghost Premium account, log in to your WP Ghost Dashboard at account.hidemywpghost.com. Your connected websites are listed there along with the custom login URL and Safe URL for each site. Copy the login URL and use it to access your site. This is the fastest recovery method if you have a Premium account.

Method 2: Use the Safe URL Parameter

Every WP Ghost installation generates a unique Safe URL parameter when you first configure the plugin. If you saved it (in a bookmark, password manager, or note), append it to any page on your site. For example: https://yourdomain.com/?disable=YOUR_SAFE_PARAM. This temporarily deactivates all WP Ghost path changes for that single request, allowing you to access the default /wp-login.php page and log in normally. WP Ghost reactivates on the next request without the parameter.

Method 3: Disable WP Ghost via FTP

If you don’t have your Safe URL either, connect to your server using FTP, SFTP, or your hosting’s File Manager. Navigate to /wp-content/plugins/ and rename the hide-my-wp folder to something else (like hide-my-wp-disabled). This deactivates the plugin entirely and restores all default WordPress paths. You can now log in at the standard /wp-login.php. After logging in, rename the folder back, reactivate the plugin from the Plugins page, and your previous settings are restored.

Method 4: Add a Constant to wp-config.php

If you prefer not to rename folders, open your wp-config.php file via FTP or File Manager and add this line before the /* That's all, stop editing! */ comment:

define('HMWP_DISABLE', true);

Save the file. WP Ghost is now disabled at runtime. Log in at /wp-login.php, go to WP Ghost > Change Paths > Login Security to find your custom login path, save it somewhere safe, then remove the constant from wp-config.php to re-enable WP Ghost.

For the complete step-by-step recovery guide with screenshots, see the Emergency Disable tutorial. For all recovery options including the Pause 5 Minutes feature and Rollback to Defaults, see the Rollback Settings tutorial.

Prevent This From Happening Again

After recovering access, take a moment to save your custom login URL and Safe URL in a secure location: a password manager, a secure note, or a physical backup. You can find both at WP Ghost > Advanced > Rollback Settings. Customize the Safe URL parameter to something memorable but unpredictable, and treat it like a password. These two URLs are your emergency keys. Having them saved means you can recover access in seconds instead of going through the FTP process.

Frequently Asked Questions

Will disabling WP Ghost via FTP delete my settings?

No. Renaming the plugin folder deactivates WP Ghost but preserves all your settings in the database. When you rename the folder back and reactivate the plugin, your previous configuration is restored automatically. Only deleting the plugin through the WordPress Plugins page removes saved settings.

Can I find my custom login URL in the database?

Yes, as a last resort. Your WP Ghost settings are stored in the hmwp_options entry in the WordPress options table. You can access it through phpMyAdmin or your hosting’s database manager. Look for the login path value in the serialized options array. This is more technical than the other methods, so try FTP or wp-config.php first.

How do I find my Safe URL if I never saved it?

If you never saved the Safe URL, you cannot retrieve it without dashboard access. Use Method 3 (FTP folder rename) or Method 4 (wp-config.php constant) to regain access. After logging in, go to WP Ghost > Advanced > Rollback Settings to find and save your Safe URL for future use.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and WordPress filters. No core files are modified. This is why all recovery methods work: deactivating or disabling WP Ghost instantly restores all default WordPress paths because nothing was permanently changed.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.