How to Turn Off Login Hints in WordPress Error Messages

One of our users recently inquired about how to eliminate login suggestions in WordPress. When a user enters an erroneous username or password on the login page, WordPress displays an error message by default. These error messages can be used to figure out a user’s login, email address, or password. We’ll teach you how to hide login suggestions in WordPress login error messages in this post.

What Is the Meaning of Login Hints in WordPress Login Error Messages?

If a user provides an erroneous username during login, WordPress displays this error message.

ERROR: Username is incorrect. Have you forgotten your password?

If a user types the proper username but not the correct password, WordPress displays the following message:

ERROR: The password for the username johnsmith you supplied is invalid. Have you forgotten your password?

If someone is attempting to guess your username, this error message indicates that they have been successful.

Since WordPress 4.5, you may log in to your WordPress site using your email address rather than your username. These login tips might help ensure that you’re logging into your admin account with a certain email address.

This is probably not a huge deal for most WordPress users. However, for those concerned about privacy and security, this might be an issue.

For your admin account’s security, you should always use unique usernames and strong passwords. For more information on how to handle passwords in WordPress, see our beginner’s guide.

If you’d rather just follow written instructions, check out our step-by-step guide on how to eliminate login suggestions in WordPress login error messages.

Using WordPress to Hide Login Hints

Simply paste the code below into the functions.php file of your theme or a site-specific plugin.

function no_wordpress_errors(){
  return 'Something is wrong!';
add_filter( 'login_errors', 'no_wordpress_errors' );

This code adds your custom message to login failures as a filter. This will override WordPress’s default login errors.

If a user types in an invalid username, password, or email address, WordPress will merely display the message “Something is wrong” with no more information.

While this code can mask login failures, it won’t protect you from more sophisticated hacking or brute-force assaults.

All of our websites are protected by Sucuri against typical security threats. Sucuri has a website firewall that can prevent any malicious activity from entering your website. See how secure assisted us in preventing 450,000 WordPress assaults in only three months.

We hope you found this post useful in removing login clues from WordPress login problem messages.

Leave a Reply