Change and Hide wp-admin Path with WP Ghost

WP Admin Security
Table of Contents

What is wp-admin path in WordPress?

The wp-admin path is the default administrative URL for WordPress websites. It grants access to the WordPress dashboard, where users manage content, install plugins, and make website configurations.

By default, this path is located at https://domain.com/wp-admin.

By following these steps, you can increase the hack-prevention security of your WordPress website and prevent unauthorized access by hacker bots.

Why is it essential to secure the wp-admin Path?

  • Default target for attackers: Hackers and bots frequently scan websites for the default wp-admin path to launch brute-force attacks or exploit vulnerabilities. Since it’s well-known, leaving it unchanged makes your site an easier target.
  • Brute-Force Protection: Changing and hiding the wp-admin path adds a layer of security by preventing unauthorized users from quickly locating the login page. This reduces the risk of brute-force attacks, where attackers repeatedly try to guess your username and password.
  • Hacker Bots attacks: Many hacking bots are programmed to target the default wp-admin path. By renaming and hiding it, you make your website less visible to these automated threats.

How to Secure wp-admin with WP Ghost

Activate Safe Mode or Ghost Mode

  1. Access your WordPress dashboard after installing and activating the WP Ghost plugin.
  2. Go to WP Ghost > Change Paths > Level of Security.
  3. Select Safe Mode or Ghost Mode. Safe Mode provides basic protection, while Ghost Mode offers more advanced security features.
Activate Safe Mode or Ghost Mode

Changing wp-admin Path

Changing the wp-admin path refers to modifying the default URL used to access the WordPress admin dashboard. While using the default wp-admin path is generally secure since it is only visible to logged-in users, hiding the wp-admin path becomes crucial for protecting against bots and attacks.

However, it’s important to note that not all servers are compatible with custom wp-admin paths in the WordPress dashboard, so server configuration considerations should be taken into account when making such changes.

  1. Go to WP Ghost > Change Paths > Admin Security.
  2. Enter your desired custom name for the wp-admin path in the provided field. For example, you can use “customadmin” or any other name.
  3. Click the Save button to apply the changes.

Note! Select a custom name that is not easily guessable to improve security.

Changing wp-admin Path

Note! WP Ghost does not physically change the paths on your server. It uses rewrite rules to prevent any functionality errors.

Hide wp-admin Path

When you enable the Hide wp-admin option in the WP Ghost plugin, the wp-admin path becomes invisible and inaccessible to non-logged-in users in WordPress. Only users with proper login credentials will have permission to access the wp-admin path and WordPress dashboard.

By hiding the wp-admin path, you increase the security of your WordPress site, protecting it from unauthorized access and brute-force attacks. Take advantage of this powerful feature to keep your website safe and secure.

  1. Go to WP Ghost > Change Paths > Admin Security.
  2. Switch on the option Hide “wp-admin” to enable the hiding of the wp-admin path in frontend for not logged users.
  3. Click the Save button to apply the changes.
Hide wp-admin Path
Show 404 error on wp-admin path

Hiding the wp-admin Path from Non-Admin Users

By default, the wp-admin path is visible for all WordPress logged users.

With this option enabled, non-admin users will not have permission to access the wp-admin path, providing an additional layer of security for your website.

Hiding the wp-admin Path from Non-Admin Users

However, WP Ghost offers you the option to show the wp-admin path only for site administrators.

  1. Go to WP Ghost > Change Paths > Admin Security.
  2. Switch on the option “Hide ‘wp-admin’ from Non-Admin Users” so only website administrators can access the wp-admin path.
  3. Click the Save button to apply the changes.
Hiding the wp-admin Path from Non-Admin Users

Running a Security Check

  1. Go to WP Ghost > Security Check.
  2. Click the Start Scan button to initiate the security check.
  3. The security check will scan your website and verify if the wp-admin path is properly hidden.
Running a Security Check

Congratulations! You have successfully learned how to change and hide the wp-admin path with WP Ghost plugin.

Troubleshooting

Admin Dashboard Not Working Properly After wp-admin Change

In some cases, changing the wp-admin path may cause compatibility issues with specific server configurations or plugins. If you encounter any functionality issues after changing the wp-admin path, here are a few steps to troubleshoot:

Use the default wp-admin path

If you experience backend issues, first revert to the original wp-admin path. Then, activate the option to hide the wp-admin path from non-logged-in users.

Default wp admin path
Check Plugin Compatibility

Some plugins may rely on the default wp-admin path and may not function properly with a custom path. Temporarily deactivate other plugins and activate them individually to identify which one is causing the issue.

If you find a conflicting plugin, consider contacting its developer for assistance or exploring alternative plugins that are compatible with custom wp-admin paths.

Consult with your Web Hosting Provider

They may be able to provide insights into any server configurations or limitations that could be affecting the functionality of custom wp-admin paths.

Nginx Servers (e.g., WP Engine) and Path Redirection

Servers like WP Engine handle custom wp-admin paths differently using path redirection instead of mapping. This difference can cause WP Ghost to be unable to identify calls to the custom wp-admin path.

If you are using a WP Engine or similar Nginx server and experiencing issues with custom wp-admin paths, consider using the default wp-admin path and hiding it from non-logged-in users.

Can't Log in Via wp-admin as I am Redirected To the Front Page

If you are experiencing difficulties logging into your WordPress site through the wp-admin path, it may be due to the customized wp-admin path and activating the Hide “wp-admin” option in the WP Ghost plugin.

When you enable the “Hide wp-admin” option in the plugin’s settings, it hides the wp-admin path for better security. However, if you have customized your wp-admin path and the option is active, it can prevent you from redirecting the page to the login page using the traditional wp-admin path.

To resolve this issue and be able to login by accessing the default wp-admin path:

  • Go to WP Ghost > Change Paths > Admin Security.
  • Switch off Hide “wp-admin”.
  • Save the changes.

By turning off the Hide “wp-admin” option, you should now be able to access the login page by accessing the wp-admin path. The user will be redirected to the login page if the user is not logged in.

The New Admin Path Is Redirected To Front Page

If the new admin path redirects to the front page when you are not logged in, it’s due to the customized wp-admin path and activating the Hide the New Admin Path option in the WP Ghost plugin.

Hide the New Admin Path

When you enable the Hide New Admin Path option in the plugin’s settings, access to the custom path is hidden for better security. However, if you have customized your wp-admin path and the option is active, it can prevent you from accessing the backend using the changed admin path.

To resolve this issue and regain access to the login page through accessing the custom admin path:

  • Go to WP Ghost > Change Paths > Admin Security.
  • Switch off Hide the New Admin Path.
  • Save the changes.
Switch off Hide the New Admin Path

By turning off the Hide “wp-admin” option, you should now be able to access wp-admin path. The user will be redirected to the login page if the user is not logged in.

The New Admin Path Is Redirected To Front Page When Logged In

If you are logged in as an administrator on WordPress and still can’t access the new admin path set in WP Ghost, this typically occurs when a valid browser session is not established for the custom admin path.

For the custom admin path to work, WP Ghost attempts to create a browser session on it as soon as the path is changed. A re-login might be necessary if the session creation fails due to server configurations.

If no session exists on the custom admin path, WordPress considers it invalid and redirects all calls to the home page. The issue may arise from server settings or compatibility problems with other security plugins.

Note! WP Ghost also creates a session on the default /wp-admin path to ensure accessibility if the plugin is deactivated.

Solutions

Re-login to WordPress Dashboard

The re-logged in will create a session for both the default and custom admin paths.

  • To regain access to the WordPress dashboard, navigate to the default admin URL: https://domain.com/wp-admin.
  • Log out of your website and log in again so that WP Ghost will create a session for the custom admin path, too.
Check for Server Configuration Issues

Some server settings may interfere with WP Ghost’s functionality:

  • Clear your server and WordPress cache. Cached configurations may prevent the custom path from working.
  • Verify that the .htaccess file or NGINX configuration supports the custom admin path.
  • Verify with the website host if the server configuration allows custom admin paths.
Deactivate Other Security Plugins

Conflicts with other security plugins might cause the custom admin path to malfunction:

  • Temporarily deactivate other security-related plugins.
  • Re-login or use another browser to test the custom admin path again.
  • If the issue is resolved, identify the conflicting plugin and configure it to work alongside WP Ghost.
Use the Default /wp-admin Path

If the custom admin path remains inaccessible after troubleshooting:

  • Temporarily revert to the default /wp-admin path from WP Ghost > Change Paths > Admin Security to manage your site.
  • Keep WP Ghost enabled for its other security features while investigating the root cause.
Tagged: