Skip to contentSkip to main navigation Skip to footer

How to Change Lost Password Path with Hide My WP Ghost Plugin

Hide My WP Ghost is a powerful WordPress security plugin that helps protect your website from potential threats and attacks.

One of its key features is the ability to change the lost-password path, which adds an extra layer of security to prevent spam emails and unauthorized password reset requests.

What is the WordPress Lost Password Path?

In WordPress, the lost password path refers to the URL or endpoint that users can access to reset their passwords if they have forgotten them. When a user forgets their password and needs to regain access to their account, they can initiate the password reset process by visiting the lost password path.

By default, the WordPress lost password path follows a specific URL pattern: wp-login.php?action=lostpassword. This means that the lost password page can be accessed by appending wp-login.php?action=lostpassword to the base URL of a WordPress website.

For example, if the base URL of a WordPress site is, the default lost password path would be

lost password path

On the lost password page, users are usually prompted to enter their username or email address associated with their account. WordPress then sends an email with a password reset link to the user’s registered email address. By clicking on the link provided in the email, users can create a new password and regain access to their accounts.

It’s important to note that the default lost password path, similar to the default login path (e.g., wp-login.php), is well-known to both legitimate users and potential attackers. This makes WordPress websites vulnerable to potential brute-force attacks or targeted password reset attacks.

To enhance security and protect against such attacks, it’s recommended to customize and secure the lost password path using security plugins like Hide My WP Ghost. By doing so, you can obscure the path and add an extra layer of protection to your WordPress website.

Why Is Securing The Lost Password Pathway Important?

Securing the lost password path is crucial for several reasons:

Preventing Brute-Force AttacksThe default WordPress lost-password path is predictable (e.g., wp-login.php?action=lostpassword), making it an easy target for attackers attempting to gain unauthorized access to user accounts through brute-force attacks. By customizing the lost password path, you make it harder for attackers to guess the login URL, thus reducing the risk of brute-force attacks.
Reducing Spam EmailsAttackers can exploit the default lost-password path to flood your website with numerous password reset requests, leading to an influx of spam emails. Changing the lost password path adds an extra layer of protection against such spammy activities, keeping your mailbox clutter-free and preventing potential email service issues.
Enhancing Website SecurityBy securing the lost password path, you improve your website’s overall security posture. Cybercriminals often target vulnerable WordPress sites, and any measure you take to obscure potential points of entry can significantly decrease the likelihood of successful attacks.
Protecting User AccountPassword reset requests could be initiated by genuine users who have forgotten their passwords. By securing the lost password path, you ensure that only legitimate users can access the password reset functionality, preventing malicious actors from attempting to take control of user accounts.
Staying Ahead of HackersAs the internet evolves, so do hacking techniques. Customizing the lost password path is a proactive measure to stay ahead of potential future threats. By implementing this security measure, you add an extra line of defense that helps protect your website against emerging attack vectors.
Maintaining Trust and ReputationWebsite security is paramount for maintaining the trust of your users and visitors. A compromised website can lead to data breaches and other security incidents, resulting in a damaged reputation and loss of credibility. By securing the lost password path and actively safeguarding your site, you demonstrate a commitment to user safety and data protection.

In this tutorial, we’ll guide you through the process of changing the lost-password path using Hide My WP Ghost.

Activate and Configure

Activate Safe Mode or Ghost Mode

Before you proceed to change the lost-password path, you need to ensure that either Safe Mode or Ghost Mode is activated. These modes will help hide the original WordPress paths and make your website’s login and security URLs less predictable, thereby reducing the risk of attacks.

To activate Safe Mode or Ghost Mode:

  1. After installing and activating the Hide My WP Ghost plugin, navigate to the WordPress dashboard.
  2. Locate the “Hide My WP” menu on the left-hand side and click on it.
  3. Go to Hide My WP > Change Paths > Lever Of Security.
  4. Choose either Safe Mode or Ghost Mode, depending on your preference.
  5. Click on “Save Settings” to enable the selected mode.

Access the Custom Lost Password Path Settings

Once you have activated Safe Mode or Ghost Mode, you can proceed to change the lost-password path.

change lost password path
  1. Navigate to Hide My WP > Change Paths > Login Security.
  2. Look for the “Custom Lost Password Path” option.

Change the Lost Password Path

Now, it’s time to customize the lost-password path to enhance your website’s security.

  1. In the “Custom Lost Password Path” box, enter the new name you wish to assign to the lost-password path.
  2. After entering the desired custom path, click on “Save Settings” to apply the changes.

Example: You can use something like “my-secure-reset” instead of the default “wp-login.php?action=lostpassword”.

Run a Security Check

After saving the new settings, it is essential to run a security check to ensure that the lost password path is successfully changed.

  1. Go to Hide My WP > Security Check.
  2. Click on “Run Full Security Check” to initiate the scan.


By utilizing the “change lost password path” function through the Hide My WP Ghost plugin, you enhance the security of your WordPress website with an added layer of protection.

This valuable feature actively combats spam emails and unapproved password reset attempts, effectively fortifying your site’s defenses against potential vulnerabilities and threats.

Stay proactive in safeguarding your online presence and keep your website secure with the powerful features offered by Hide My WP Ghost.

Troubleshooting and FAQs

While changing the lost password path using Hide My WP Ghost plugin is generally a straightforward and beneficial security measure, there may be instances where it could cause WordPress functionality issues.

If you encounter any problems after customizing the lost password path, here are some troubleshooting steps to help resolve the issues:

  1. Check for Typos or Incorrect Custom Path
    • Verify that you entered the custom lost password path correctly. Ensure there are no typos, extra spaces, or special characters that might be causing the problem.
    • Make sure the custom path is unique and does not conflict with existing URLs or slugs used by other plugins or WordPress core functionalities.
  2. Deactivate Hide My WP Ghost
    • Temporarily deactivate the Hide My WP Ghost plugin and check if the functionality issues persist. If the problems disappear after deactivation, it could indicate a conflict with another plugin or theme. In that case, try to identify the conflicting plugin and either find an alternative or seek support from the plugin developer.
    • How do I deactivate Hide My WP Ghost?
  3. Revert to Default Lost Password Path
    • If the issues persist even after ensuring there are no typos and deactivating other plugins, try reverting to the default lost password path provided by WordPress.
    • Go back to the Hide My WP Ghost settings and remove the custom path, then save the settings. This will restore the default lost password path.
  4. Clear Cache and Refresh Permalinks
    • After making changes to the lost password path or reverting to the default, clear any caching mechanisms you might have enabled, such as caching plugins or server-side caching.
    • Refresh your WordPress permalinks by going to Settings > Permalinks and clicking “Save Changes” to update the permalink structure.
  5. Update Hide My WP Ghost and WordPress
    • Ensure that you are using the latest versions of Hide My WP Ghost and WordPress. Outdated software can sometimes cause compatibility issues with other plugins or themes.
  6. Check for Plugin/Theme Conflicts
    • If the issues persist, there might be a conflict between Hide My WP Ghost and another plugin or your active theme. Temporarily switch to a default WordPress theme (e.g., Twenty Twenty-One) and disable all other plugins except Hide My WP Ghost to see if the functionality issues are resolved.
    • If the issues disappear, reactivate your theme and plugins one by one until you identify the one causing the conflict.
  7. Contact Support
    • If you have followed all the troubleshooting steps and are still experiencing functionality issues after changing the lost password path, reach out to the support team of Hide My WP Ghost or the WordPress community for further assistance.

Remember to proceed with caution when customizing important WordPress URLs, as improper changes could potentially lock you out of your website or cause unintended issues.

Always have a recent backup of your website before making significant changes to your website’s settings or configurations.