Customize WP Ghost Cookie Name (HMWP_LOGGED_IN_COOKIE) in wp-config.php
March 19, 2024
This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.
Quick summary: You can change the default WP Ghost cookie prefix by adding the HMWP_LOGGED_IN_COOKIE constant to your wp-config.php file. This replaces the hmwp_logged_in_ prefix with any custom name you choose.
Why Customize the WP Ghost Cookie Name
WP Ghost uses its own cookies to detect whether a user is logged in. These cookies control when the plugin should apply path security rules versus when it should let a logged-in admin see the real WordPress dashboard. By default, the cookie prefix is hmwp_logged_in_.
There are a few reasons you might want to change this prefix. If you are running a white-labeled version of WP Ghost, the default “hmwp” prefix reveals the plugin’s identity in browser cookies. A custom prefix keeps everything consistent with your branding. You might also want to change it for compatibility reasons, if another plugin or custom code conflicts with the default cookie name, or simply to add another layer of uniqueness to your site’s fingerprint.
| Cookie Setting | Default (Predictable) | Custom (Secured) |
|---|---|---|
| Cookie prefix | hmwp_logged_in_ | my_custom_prefix_ |
| Reveals plugin identity | Yes – “hmwp” is identifiable | No – custom name hides the plugin |
| White-label friendly | No | Yes |
What the HMWP_LOGGED_IN_COOKIE Constant Does
The HMWP_LOGGED_IN_COOKIE constant overrides the default cookie prefix that WP Ghost uses for logged-in session detection. When you define this constant in wp-config.php, the plugin reads your custom value instead of the default hmwp_logged_in_ prefix.
This constant must be defined in wp-config.php because the plugin loads it early in the WordPress initialization process, before any admin settings are available. That is why it cannot be set from the WP Ghost dashboard – it needs to exist before the plugin even starts.
How to Change the Cookie Prefix
Step 1: Open wp-config.php
Connect to your site via FTP, SFTP, or your hosting file manager. Open the wp-config.php file located in your WordPress root directory.
Step 2: Add the Constant
Find the line that contains WP_DEBUG. Right after that line, add the following code:
define('HMWP_LOGGED_IN_COOKIE', 'my_logged_in_');Replace my_logged_in_ with whatever prefix you want. Use only lowercase letters, numbers, and underscores. End with an underscore to keep the cookie name readable.
Step 3: Save and Refresh
Save the wp-config.php file. Then do the following:
1. Go to WP Ghost > Change Paths and click Save to refresh the plugin settings.
2. Clear your browser cookies for your site (or open an incognito window).
3. Log out and log back in.
The new cookie prefix takes effect immediately. You can verify it by opening your browser’s Developer Tools (F12), going to the Application tab, and checking the Cookies section. You should see cookies starting with your custom prefix instead of hmwp_logged_in_.
Important Notes
This constant only changes the cookie prefix that WP Ghost creates. It does not affect WordPress core cookies like wordpress_logged_in_, which are managed by WordPress itself.
If you use a caching plugin, make sure your caching plugin is configured to exclude pages with cookies matching your new prefix. Most caching plugins already exclude pages where any login-related cookie is present, but double-check if you notice caching issues for logged-in users.
On multisite installations, this constant applies network-wide. Every site in the network will use the same custom cookie prefix.
Frequently Asked Questions
Can I set this from the WP Ghost dashboard instead?
No. The cookie prefix is loaded very early in the WordPress boot process, before the plugin’s admin interface is available. That is why it needs to be defined in wp-config.php as a PHP constant.
What happens if I remove the constant later?
WP Ghost falls back to the default hmwp_logged_in_ prefix. Existing sessions using the old custom cookie will not be recognized, so users will need to log in again.
Will this break my login if I type the prefix wrong?
No, it will not lock you out. If the constant has a typo, WP Ghost simply uses whatever value you provided as the cookie prefix. Your login still works – the cookie just has the “wrong” name. You can fix it anytime by editing wp-config.php again.
Does this affect the WordPress core cookies?
No. WordPress uses its own wordpress_logged_in_ cookies, which are completely separate. The HMWP_LOGGED_IN_COOKIE constant only controls the cookies that WP Ghost creates for its own logged-in detection logic.
Is this needed for white-label setups?
It is recommended. If you are using WP Ghost’s white-label feature, changing the cookie prefix removes the last visible trace of the “hmwp” branding from the browser. Combined with white-label plugin name and menu customization, this makes the plugin fully undetectable to your clients.
Does WP Ghost modify WordPress core files?
No. WP Ghost never modifies WordPress core files. This constant is added to wp-config.php, which is your site’s configuration file and is designed to hold custom constants. Removing the constant restores the default behavior instantly.
Related Tutorials
For more advanced configuration options and developer customizations, check these guides:
WP Ghost White Label – Fully rebrand the plugin with your own name, logo, and menu icon.
Change and Hide the wp-admin Path – Secure your admin dashboard URL, which works alongside the custom cookie prefix.
Change the WordPress Login Path – Custom login path that uses these cookies for session detection.
Preset Security Options – One-click security configurations for fast setup.
Advanced WP Security – All advanced configuration options including compatibility constants.
