Your custom admin path redirects to the homepage because the Hide the New Admin Path option is active in WP Ghost. This is intended behavior: the custom admin URL only opens for already-authenticated users. If you are not logged in, WP Ghost redirects you to the front page so bots cannot find the admin area by guessing the path. To reach the dashboard, log in through your custom login URL first, then the admin path works normally.
Why This Redirect Is a Feature, Not a Bug
The whole point of changing /wp-admin to a custom path is to hide the admin area from bots scanning for default WordPress endpoints. But a custom path alone is only half the defense. If the custom URL still responds with a login form to anyone who types it in, the moment someone leaks it or a scanner guesses it, your admin area is exposed again. Hide the New Admin Path closes that gap by redirecting every non-authenticated visitor to the homepage, which looks exactly like hitting a normal page. There is no clue that the URL has special meaning.
This creates a two-step authentication flow. Step one: log in through your custom login path. Step two: the custom admin path now works because you have a valid session. Bots that guess the admin URL see a homepage and move on. You see your dashboard.
Default WordPress vs WP Ghost with Hide Admin Path
| Scenario | Default WordPress | WP Ghost with Hide New Admin Path |
|---|---|---|
| Bot visits /wp-admin | Gets the login form | Gets the homepage, sees nothing |
| Bot guesses your custom admin URL | N/A (no custom path) | Gets the homepage, sees nothing |
| You visit the custom admin URL logged out | N/A | Homepage (by design) |
| You visit the custom admin URL logged in | N/A | Dashboard loads normally |
| How you log in | /wp-login.php | Through your custom login path first |
The Right Way to Use It: Log In First
This is the intended workflow when Hide the New Admin Path is active. Open your custom login URL (for example yourdomain.com/my-login), enter your credentials, and you are taken straight to the dashboard. After that first login, bookmarking or visiting the custom admin path works as expected because the session cookie is in place. If the path stops working later, you probably just got logged out, head back to the custom login URL and log in again.
If You Want the Admin Path to Redirect to Login Instead
Some users prefer the classic WordPress behavior where hitting /wp-admin redirects to the login page if you are not authenticated. You can keep your custom admin path and get that behavior by switching off Hide the New Admin Path:
- Go to WP Ghost > Change Paths > Admin Security.
- Switch off Hide the New Admin Path.
- Click Save.
With the option off, the custom admin path redirects non-authenticated visitors to your login page instead of the homepage. After logging in, you get to the dashboard automatically. You lose a small amount of stealth (the URL now behaves like a recognizable login entry point), but many workflows are simpler this way. If you leave this off, make sure your login URL is changed to a custom path and that brute force protection is active.
Still Redirecting to the Homepage After Logging In?
If you logged in through the custom login URL but the custom admin path still sends you to the homepage, that is a different problem: no valid browser session exists for the custom admin path yet. This usually happens after changing the admin path or on servers with unusual session handling. The fix is simple: log out of WordPress entirely, then log back in through the custom login URL. That triggers WP Ghost to create sessions for both the default and custom admin paths. Full details in the admin path redirects when logged in troubleshooting guide.
If You Cannot Log In At All
If neither the custom admin path nor the custom login URL works, use the Safe URL parameter to temporarily bypass WP Ghost and regain dashboard access. From there you can review your path settings and re-save them. If Safe URL does not help either, follow the emergency disable guide to deactivate WP Ghost via FTP, get back in, and reconfigure from a clean state.
Frequently Asked Questions
Why does my custom wp-admin redirect to the homepage?
Because Hide the New Admin Path is active. WP Ghost sends non-authenticated visitors to the homepage so bots cannot use the custom URL to find your admin area. Log in through your custom login path first, then the admin URL will open your dashboard.
Is this the same as locking me out?
No. You have not been locked out, the admin URL just behaves differently when you are logged out. You can always reach the dashboard by logging in through your custom login URL (for example yourdomain.com/my-login). That is the intended entry point. The custom admin path is a shortcut for authenticated sessions, not a login form.
Should I keep Hide the New Admin Path enabled?
Yes, for maximum security. It is the recommended setting and adds an extra layer on top of the custom admin URL. If you prefer convenience over that extra layer, turn it off and the admin path will redirect to login instead. Both setups are still far safer than default WordPress because your actual admin and login URLs are custom.
Can bots still find my admin area with this option on?
Not through URL scanning. Even if a bot types in the exact custom admin URL, it gets the homepage with no hint that the URL has special meaning. Combined with a custom login path, a hidden /wp-admin, and brute force protection, you reduce the automated attack surface to near zero.
What is the difference between this FAQ and the “redirects when logged in” one?
Different problems with similar symptoms. This FAQ covers the expected redirect to the homepage when you are not logged in, which is normal behavior. The other guide covers the case where you are logged in but the custom admin path still redirects, which is a session issue and requires a log out and log back in to fix.
Does this option work on all server types?
Yes, on Apache, LiteSpeed, and Nginx. Some Nginx servers (like WP Engine) can have quirks with custom admin paths due to how they handle internal URL rewriting. If you run into session issues specifically on Nginx, consider using the default /wp-admin path and enabling Hide wp-admin instead. See the Nginx setup guide for details.
Does WP Ghost modify WordPress core files?
No. WP Ghost uses server-level rewrite rules and WordPress filters to handle the admin path redirect. No core files are modified. Deactivating WP Ghost restores the default /wp-admin behavior instantly.