Yes, every WP Ghost setting is fully reversible. Deactivate the plugin from the WordPress Plugins page and all custom paths revert to WordPress defaults instantly, /wp-admin, /wp-login.php, /wp-content, and every other URL is restored. Delete the plugin afterwards and it is gone without a trace, like it was never installed. WP Ghost never modifies WordPress core files, so deactivation cannot break anything and there is no cleanup required.
Why WP Ghost Is Fully Reversible
WP Ghost works through server rewrite rules (.htaccess on Apache, hidemywp.conf on Nginx) and WordPress hooks. It does not rename your plugin folders, move your theme files, or edit any WordPress core file. When the plugin is deactivated, the rewrite rules stop being applied and WordPress immediately serves content from the default paths again. This is a design choice: a hack prevention plugin should never put your site at risk of breaking during cleanup, so WP Ghost uses reversible mechanisms only.
How to Fully Revert WP Ghost
Step 1. Deactivate WP Ghost
Go to the WordPress Plugins page, find WP Ghost, and click Deactivate. The moment you click, path rewrites stop and every default WordPress URL works again. Your login path returns to /wp-login.php, your admin path returns to /wp-admin, /wp-content is visible at its default location, and all firewall and brute force rules are disabled.
Step 2. Delete WP Ghost (Optional)
If you want to remove WP Ghost completely, click Delete next to the deactivated plugin. This removes all plugin files and cleans up its settings from the database. The site is now exactly as it was before you installed WP Ghost.
Step 3. Clear Your Caches
Clear your WordPress cache plugin, CDN cache (Cloudflare, BunnyCDN, etc.), and server cache. Cached pages may still reference your old custom paths until caches refresh. This is the only step that can cause brief visible changes, clearing caches fixes it immediately.
What Changes and What Stays
| Item | After Deactivation | After Full Deletion |
|---|---|---|
| Custom login URL | Reverts to /wp-login.php | Reverts to /wp-login.php |
| Custom wp-admin URL | Reverts to /wp-admin | Reverts to /wp-admin |
| Custom wp-content and plugin/theme paths | Revert to defaults | Revert to defaults |
| 7G/8G Firewall rules | Disabled | Removed completely |
| Brute force protection | Disabled | Removed completely |
| 2FA for users | Disabled | Removed completely |
| Security headers | Removed from responses | Removed from responses |
| WP Ghost settings in database | Preserved (can reactivate) | Deleted |
| WordPress content (posts, pages, users) | Untouched | Untouched |
| WordPress core files | Untouched | Untouched |
| Theme and plugin folders | Untouched | Untouched |
Partial Reverts, When You Only Want to Undo Some Changes
Sometimes you do not want to deactivate the whole plugin, just undo specific changes. WP Ghost includes partial rollback options:
Reset paths to default. Go to WP Ghost > Change Paths > Level of Security and select Default. This clears all custom paths and disables path security while keeping other WP Ghost features active (firewall, 2FA, brute force protection).
Pause for 5 minutes. On the WordPress Plugins page, click Pause 5 Minutes next to WP Ghost. All features are temporarily disabled for 5 minutes so you can troubleshoot a conflict without fully deactivating. WP Ghost reactivates automatically when the timer expires.
Restore a backup. If you exported your WP Ghost settings before making changes, go to WP Ghost > Backup/Restore and upload the backup file. This rolls back to the exact configuration from when you created the backup.
What If I Cannot Access the Dashboard?
If a configuration issue has locked you out of WordPress, you have three ways to recover without dashboard access:
Safe URL. Use the SAFE URL generated during Safe Mode or Ghost Mode activation to bypass WP Ghost for one session. It is stored in the text file you downloaded during setup, and in your WP Ghost Dashboard under Connected Sites.
wp-config.php constant. Add define( 'HMW_DISABLE', true ); to your wp-config.php file via FTP. WP Ghost is fully disabled until you remove the line.
FTP plugin rename. Rename the WP Ghost plugin folder via FTP (for example from hide-my-wp to hide-my-wp-disabled). WordPress treats this as a missing plugin and deactivates it automatically, restoring all default paths.
Full recovery steps in How to Disable WP Ghost in Case of an Error.
Frequently Asked Questions
Will deactivating WP Ghost break my site?
No. Deactivation is designed to be safe: all custom paths revert to defaults, firewall rules stop being applied, and WordPress serves content exactly as it did before WP Ghost was installed. No broken URLs, no 404 errors, no login issues on the default WordPress URLs.
Do my settings get lost if I deactivate?
No. Deactivating WP Ghost keeps your settings in the database. If you reactivate later, all your custom paths, firewall rules, and other configurations are restored. Only full deletion removes the settings from the database.
What about search engine indexing?
If search engines indexed your custom paths (for media files, for example), those URLs may return 404 after deactivation because the custom paths no longer exist. WP Ghost handles this automatically when it is active by 301-redirecting old paths. After deactivation, you may want to resubmit your sitemap to Google Search Console so search engines re-crawl the default paths.
Do I need to edit .htaccess manually after deactivation?
No. WP Ghost automatically removes its rewrite rules from .htaccess (Apache) or hidemywp.conf (Nginx) during deactivation. You should not need to edit any server configuration file manually. If you ever see leftover WP Ghost rules, re-save any WordPress permalink settings and WordPress will regenerate the .htaccess cleanly.
Is there any data left behind after I delete WP Ghost?
No. Full deletion removes plugin files from the server and cleans up all WP Ghost entries from the WordPress options table and any dedicated log tables. The site is exactly as it was before you installed WP Ghost.
Can I reverse specific features while keeping WP Ghost active?
Yes. Every feature in WP Ghost is controlled by its own toggle. Turn off just the features you no longer want (for example, disable 2FA but keep path security). Or load a different preset at WP Ghost > Change Paths to roll back to a simpler configuration. See the Best Practice guide for feature-by-feature guidance.
Does WP Ghost modify WordPress core files?
No. WP Ghost never touches, moves, or renames any file or folder on your server. All path security works through server rewrite rules and WordPress hooks. This is why full reversal is possible, there is nothing to clean up, nothing to restore, nothing that can break. Deactivating WP Ghost returns your site to its exact pre-WP Ghost state instantly.