By default, WP Ghost only applies custom paths on the frontend for non-logged-in visitors and bots, the admin dashboard keeps the original WordPress paths. This is deliberate: it protects your site from scanners while keeping full compatibility with page builders, admin tools, and plugins that rely on default paths. To also apply custom paths inside the admin backend, add define('HMW_ALWAYS_CHANGE_PATHS', true); to your wp-config.php file, then go to WP Ghost > Change Paths and click Save. This is an advanced option: back up your site first and verify everything works after enabling, because some plugins and themes may break if they depend on default WordPress admin paths.
Who Should Use This Option (And Who Shouldn’t)
Before you enable admin-backend path changes, understand what it actually does and whether you need it. This is not a security-level decision, it is a compatibility decision. WP Ghost’s default behavior (frontend-only path changes for non-logged-in users) already blocks the automated bots and scanners that target WordPress sites. Admin-backend path changes add an extra layer of CMS concealment from logged-in administrators, which matters only in specific scenarios.
| Scenario | Should You Enable Admin Path Changes? |
|---|---|
| Standard WordPress site, no unusual compliance requirements | No. Defaults protect you from all automated attacks. |
| You use Elementor, Divi, WPBakery, Beaver Builder, or Brizy | No. Page builders rely on default paths for live editing. |
| You have page builder conflicts or suspect compatibility issues | No. Admin path changes will likely make them worse. |
| High-security membership site where even authenticated users shouldn’t see WordPress paths | Yes, with caution, back up first and test thoroughly. |
| You want maximum CMS concealment regardless of authentication status | Yes, but be prepared to troubleshoot. |
| You’re an agency hiding WordPress from client dashboards | Maybe. Test on staging first. |
For most sites, the default configuration is correct. The frontend is what bots scan, and the frontend is already protected. Admin-side path changes solve a narrow problem that only some sites have.
Before You Enable This Option
Admin path changes interact with more WordPress internals than frontend changes do. Take these precautions first:
- Create a full backup of your site. Both files and database. If anything breaks, you can restore quickly without data loss.
- Test on a staging site first if possible. Most hosts (SiteGround, WP Engine, Kinsta, Cloudways, etc.) offer one-click staging. Enable the option there and verify page builders, settings screens, and third-party plugins still work.
- Know how to reach your
wp-config.phpfile. You will need FTP, SFTP, SSH, or your hosting File Manager to add the constant. If the admin dashboard breaks after enabling, you also need to be able to revert via file access. - Be ready to troubleshoot. Plugins that hardcode default paths (some older plugins, some custom-developed ones) may break. Identify which plugins your site depends on most and plan to test them.
How to Change Paths in the Admin Dashboard
- Use an FTP client (like FileZilla, Cyberduck, or WinSCP) or your hosting control panel’s File Manager to access your site’s files.
- Open the
wp-config.phpfile in the root directory of your WordPress installation (the same folder containing/wp-admin/,/wp-content/, and/wp-includes/). - Insert the following line of code anywhere before the line that says
/* That's all, stop editing! Happy publishing. */:
define('HMW_ALWAYS_CHANGE_PATHS', true);- Save the changes and upload the file back to the server (if using FTP).
- Return to your WordPress admin dashboard and go to WP Ghost > Change Paths.
- Click the Save button to apply the changes.
- Test thoroughly: navigate through the admin dashboard, open the Plugins screen, try editing a post, visit your settings screens. Verify nothing breaks.
For additional context and alternative configurations, see the Change Paths in Admin Dashboard guide.
Related Option: Change Paths for Logged Users (Frontend)
There’s a separate option you may actually want first, especially for WooCommerce stores and membership sites: Change Paths for Logged Users. This applies custom paths on the frontend for logged-in users (customers viewing products, members browsing content), not inside the admin dashboard.
| Option | Where It Applies | Who Sees Custom Paths |
|---|---|---|
| Default (nothing enabled) | Frontend only | Non-logged-in visitors and bots |
| Change Paths for Logged Users | Frontend only | Non-logged-in visitors + logged-in users (customers, members) |
HMW_ALWAYS_CHANGE_PATHS constant | Frontend + admin backend | Everyone including administrators |
To enable frontend path changes for logged-in users (without touching the admin backend), go to WP Ghost > Tweaks > Change Options and switch on Change Paths for Logged Users. Full guide at Change Paths for Logged Users. This is usually a better first step than admin-backend changes.
Troubleshooting After Enabling
If the admin dashboard breaks or a plugin stops working after enabling admin path changes:
Clear all caches. WordPress caching plugin, CDN cache, server cache, and your browser’s cache. Cached admin pages may reference old path URLs until refreshed.
Check your page builder. If you use Elementor, Divi, WPBakery, Beaver Builder, or Brizy and something breaks in the editor, this constant is the most likely cause. Remove the define('HMW_ALWAYS_CHANGE_PATHS', true); line from wp-config.php to revert.
Resave permalinks. Go to Settings > Permalinks and click Save Changes (no need to modify anything) to refresh rewrite rules.
Revert via wp-config.php. If you can’t access the admin at all, open wp-config.php via FTP and delete the line you added. Refresh the admin, it should work again.
Emergency disable. If WP Ghost itself is the problem, see the emergency disable guide or rename the plugin folder via FTP to deactivate it instantly.
Frequently Asked Questions
How can I change the paths in the admin dashboard?
Add define('HMW_ALWAYS_CHANGE_PATHS', true); to your wp-config.php file (before the “That’s all, stop editing” line), save the file, then go to WP Ghost > Change Paths in the WordPress admin and click Save. Back up your site first and test thoroughly, since some plugins and page builders may not be compatible with admin-side path changes.
Why are admin paths not changed by default?
Because the admin dashboard is only accessed by logged-in administrators, not by bots or scanners. The automated attacks that WP Ghost blocks are all aimed at the frontend (where bots probe for /wp-login.php, /wp-content/plugins/, plugin readmes, etc.). Keeping original paths in the admin keeps maximum compatibility with page builders, WordPress core, and plugins, while frontend path changes already provide the full security benefit.
Will this break my page builder?
Very likely, yes. Page builders like Elementor, Divi, WPBakery, Beaver Builder, and Brizy rely on default WordPress paths during editing and preview. Admin path changes can break their live preview, drag-and-drop editing, and template rendering. If you use any page builder, do not enable this option, or test carefully on a staging site first.
Do I actually need this for good security?
For the vast majority of sites, no. WP Ghost’s default configuration (frontend-only path changes for non-logged-in visitors) already blocks all automated attacks. Bots never log in, so they always see your custom paths. Admin-side changes only add concealment from logged-in users who view their own page source, which is rarely a real threat.
How do I undo this if something breaks?
Open wp-config.php via FTP or File Manager and delete the line define('HMW_ALWAYS_CHANGE_PATHS', true);. Save the file. The admin dashboard returns to using default WordPress paths immediately. No data is lost, your WP Ghost settings and site configuration are preserved.
Is there a less risky alternative?
Yes. If your goal is to change paths for logged-in users (customers, members) rather than administrators working in the backend, use WP Ghost > Tweaks > Change Options > Change Paths for Logged Users. This extends frontend path changes to authenticated users without touching the admin dashboard. It’s a much safer option that covers most membership-site and e-commerce use cases.
Does WP Ghost modify WordPress core files?
No. Even with admin path changes enabled via the HMW_ALWAYS_CHANGE_PATHS constant, WP Ghost still uses URL rewrite rules and WordPress filters. No files are moved, renamed, or modified. Removing the constant from wp-config.php restores default admin paths instantly.