WordPress Security: Login error message

Learn how to change the default WordPress login error message to make it more difficult for people wanting to hack into you site to find a valid username/password pair

Why change the WordPress login error message

When a user wants to log into WordPress and provides incorrect login information, the system usually points out to the user which of the provided information is incorrect. If a user provides a username that doesn’t exists the error message would be “Invalid username”. In case the username is correct but the password isn’t, the message is “The password you entered for the username xxx is incorrect.”. Now that seems very helpful to know what is wrong, where is the problem?

The problem is, that it’s helpful. It’s helpful not just for the user but also for people who want to crack into your system. With the situation described above, crackers can easily look for an existing username first and then look for the password for this username. Without the information above, crackers would have to look for both at the same time which is considerably more difficult (requires a lot more attempts) than the default setting.

How to change the login error message

The login error message can be changed very easily in the function.php script simply by adding the following code:

function ws_new_login_error_message(){
    return 'Login failed due to wrong username and/or password';
add_filter('login_errors', 'ws_new_login_error_message');

When entering false login information now, it isn’t possible anymore to tell from the error message whether the entered username or the entered password is wrong.





Share this Article

About the Author

Wolfgang GeigerHi, I'm Wolfgang, the founder, director and developer behind Wohok Solutions. Passionate about web development from an early age, I have built websites for more than half of my life. I have degrees in both, Computing and Business Management and I am fluent in German, English and Mandarin. Based in Hong Kong, I help companies in the city and around the world to improve their business through technology.

Get in Touch

Do you have any comments or questions? Get in touch, I'd love to hear from you!