By default WordPress shows error messages when someone enters incorrect username and password on the log in page. There error messages can be used to guess a user’s username, user email address and password. This article will show how to disable those error messages.
What Are Login Hints in WordPress Login Error Messages
During login, WordPress shows this error message when a user enters incorrect username
If someone enters correct username with wrong password, then WordPress shows this message:
So if this error is shown it means that someone has successfully guessed your username.
Since WordPress 4.5, you can also login to your WordPress site using email address instead of username. These login hints can also confirm that you are using a particular email address for your admin account.
This can be a big problem for those users who are concerned about privacy and security.
For better security, you should always use unique usernames and strong passwords for your admin account. See our guide on the best way to manage passwords for WordPress beginners.
Hiding Login Hints in WordPress
Simply add the following code to your theme’s functions.php file or a site-specific plugin.
|2||return ‘Something is wrong!’;|
|4||add_filter( ‘login_errors’, ‘no_wordpress_errors’ );|
This code adds your custom message as a filter to login errors. This will override default WordPress login errors.
Now if someone enters incorrect username, password, or email, WordPress would simply show the error ‘Something is wrong’ without giving any hints.
This code will only hide the error message but won’t save you from any hacking attempts.
Use Sucuri to protect all our websites against common security threats. Sucuri comes with a website firewall that can block any suspicious activity from reaching to your site. See how sucuri helped us block 450,000 WordPress attacks in 3 months.