When logging into WordPress, if you make any mistakes with your username or password, you may have noticed that the error messages WordPress provides are very specific. If you get your password wrong, you get a message that says, “The password you entered for the username Username is incorrect,” while if you get your username wrong, the message reads, “Invalid username.”
While this isn’t a huge deal, if somebody is trying to break into your site, WordPress confirms to them that they have correctly determined your username. (Usernames are revealed publicly in various places around a WordPress site, but for the security conscious, it is likely possible to prevent that, allowing you to keep your login credentials private.)
I’ve seen instructions for fixing WordPress’ login errors to not reveal too much information on a variety of sites, but all of them simply remove the whole damn error message. In other words, using their method, if you made a mistake logging in, you simply stay on the login page, with an empty alert box above the login form. That is simply unacceptable (and is very lazy on the part of whoever originally came up with that method).
A better solution is to drop the following into your
custom_functions.php file. You’ll of course want to modify the strings to match whatever language your login page may be presented in!
Join the Discussion