Why Can’t I Login to WordPress via wp-admin?

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

If you can’t access your WordPress dashboard through the usual /wp-admin path, it’s almost certainly because WP Ghost is doing its job. The plugin hides the default wp-admin and wp-login.php paths so bots can’t find them. You need to use your custom login URL instead. This guide explains what happened, how to find your custom path, how to disable the hiding if you prefer, and what to do if you’re completely locked out.

Why Is /wp-admin Not Working Anymore?

When you activate WP Ghost and select Safe Mode or Ghost Mode, the plugin changes or hides the default WordPress login and admin paths. The Hide “wp-admin” option under WP Ghost > Change Paths > Admin Security blocks non-logged-in visitors from accessing /wp-admin directly. Instead of reaching the login page, you get a 404 error or a redirect to the front page.

This is intentional. The /wp-admin path is the most commonly targeted URL in brute force attacks. Every bot on the internet knows it exists on every WordPress site. Hiding it means those bots hit a dead end, which is exactly the point.

How Do I Access My Admin Dashboard Now?

Use your custom login URL. When you set up WP Ghost, it created a custom login path for your site. If you bookmarked it during setup, use that URL. The custom path looks something like yourdomain.com/your-custom-login. Once you log in through the custom path, you’ll have full access to the WordPress admin dashboard.

If you forgot your custom login URL, check your email. WP Ghost sends a notification with the new login path when you first save the settings. You can also check the WP Ghost Dashboard at account.hidemywpghost.com if you activated the plugin with your email.

Can I Allow wp-admin to Redirect to the Login Page Again?

Yes. If you want /wp-admin to redirect to your login page for non-logged-in users (the default WordPress behavior), you can switch off the hiding option:

Go to WP Ghost > Change Paths > Admin Security. Switch off Hide “wp-admin”. Click Save.

WP Ghost Admin Security settings showing the Hide wp-admin toggle in the Change Paths section

After saving, visitors who go to /wp-admin will be redirected to the login page (using your custom login path) if they’re not logged in. Keep in mind that this makes the /wp-admin path discoverable again, which reduces one layer of your hack prevention. The custom login path itself remains active either way.

What If I’m Completely Locked Out and Can’t Access Any Admin Page?

If you’ve forgotten your custom login path and can’t get into the dashboard at all, WP Ghost has a safe recovery method. You can temporarily disable the plugin without needing admin access:

Connect to your site via FTP or your hosting file manager. Navigate to /wp-content/plugins/. Rename the hide-my-wp folder to something like hide-my-wp-disabled. This deactivates the plugin and restores all default WordPress paths. You can now log in at the standard /wp-admin URL. Once logged in, rename the folder back to hide-my-wp, go to your Plugins page, and reactivate WP Ghost.

For the full emergency disable walkthrough including alternative methods, see the emergency disable guide.

Why Is wp-admin Redirecting to the Front Page Instead of a 404?

If /wp-admin redirects to your homepage rather than showing a 404, this typically means the Hide “wp-admin” option is active and the redirect behavior is set to redirect to a page rather than return a 404 error. You can change what happens when someone accesses a hidden path by going to WP Ghost > Tweaks > Redirects > Redirect Hidden Paths. Select 404 error for maximum security (makes the path look like it doesn’t exist) or choose a custom page for a branded error message.

If you’re logged in as an administrator and /wp-admin still redirects to the front page, the issue may be a browser session problem. Try clearing your browser cookies, logging in again through your custom login path, and then accessing the admin dashboard. On Nginx servers like WP Engine, consider using the default wp-admin path and hiding it from non-logged-in users rather than changing it to a custom name.

Frequently Asked Questions

Is hiding wp-admin really necessary for security?

Yes. The /wp-admin path is the single most targeted URL in automated WordPress attacks. Every brute force bot tries it. Hiding it eliminates the easiest entry point for attackers and forces them to find your custom login path, which automated scripts aren’t designed to do. Combined with brute force protection and two-factor authentication, your login page becomes extremely hard to compromise.

Can I still use wp-admin if I’m already logged in?

Yes. When you’re already logged into WordPress, /wp-admin works normally regardless of whether the Hide “wp-admin” option is active. The hiding only affects non-logged-in visitors and bots. Once authenticated, you have full dashboard access.

What if another security plugin is also changing the login path?

Using two plugins that both modify the login path can cause conflicts. If you’re running Wordfence or Solid Security alongside WP Ghost, disable the login path feature in the other plugin and let WP Ghost handle it. Always use only one plugin for login path customization.

I forgot my custom login URL. How do I find it without admin access?

Three options. First, check your email for the WP Ghost notification sent when you saved settings. Second, log in to the WP Ghost Dashboard at account.hidemywpghost.com where connected sites show the custom paths. Third, use the FTP method described above to temporarily disable the plugin, log in at the default /wp-admin, find your custom login path in the WP Ghost settings, write it down, and reactivate the plugin.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses server rewrite rules and WordPress filters to hide and redirect paths at runtime. No core files, theme files, or plugin files are modified, moved, or renamed. Deactivating WP Ghost restores all default WordPress paths instantly, including the standard /wp-admin and /wp-login.php.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.