How to Disable Login Hints in WordPress Login Error Messages

What Are Login Hints in WordPress Login Error Messages

During login, WordPress shows this error message when a user enters incorrect username

ERROR: Invalid username. Lost your password?

If someone enters correct username with wrong password, then WordPress shows this message:

ERROR: The password you entered for the username johnsmith is incorrect. Lost your password?

If someone is trying to guess your username, then this error message confirms that they have successfully guessed it.

Since WordPress 4.5, you can also login to your WordPress site using email address instead of username. These login hints can also confirm that you are using a particular email address for your admin account.

For most WordPress users this is probably not a big issue. But for people who are cautious about privacy and security, this could be a problematic thing.

For better security, you should always use unique usernames and strong passwords for your admin account. 

Hiding Login Hints in WordPress

Simply add the following code to your theme’s functions.php file or a site-specific plugin.

Tables can't be imported directly. Please insert an image of your table which can be found here.

1 2 3 4

This code adds your custom message as a filter to login errors. This will override default WordPress login errors.

Now if someone enters incorrect username, password, or email, WordPress would simply show the error ‘Something is wrong’ without giving any hints.

While this code can hide login errors, it cannot save you from more sophisticated hacking attempts or brute force attacks.

Was this article helpful?
0 out of 0 found this helpful