Yes, we are talking about the login hints which is showing on our WordPress admin login page while we login with wrong credentials. Just go through your WordPress login page and try login with wrong details. You will find some ideas in the form of login errors showing above the form.

These errors will guide you about the problem which resists you to login in your WordPress admin. Just look at the image which is indicating that username is correct, just need to guess password.It means that 50% of the work has been completed by hacker.

In the same way they are guiding and showing information to the hackers which are trying to crack your login credentials. These login hints are like this:

ERROR: Invalid username: It is providing the information that your username which you are using to login is not present in the list of users.

ERROR: The password you entered for the username admin is incorrect: It is providing the information that username which you are using to login is correct, you just need to guess the password.

Now, as we have discussed above that these hinds are guiding us to put correct information, at the same time these are dangerous for us because they are guiding the hackers as well. So, in this case it is better to hide or disable these hints to make it harder for hacker.

To disable these errors, best way to replace them with a common message. Just Copy the below mentioned code and paste it in your functions.php file:

function disable_wordpress_loginerrors(){
  return 'Oops Login Error !';
}
add_filter( 'login_errors', 'disable_wordpress_loginerrors' );

After putting the above code in your functions.php file of your current theme there is a common message will show up “Oops Login Error !”. This message will show up for every login error. It is a general message which is not providing any hint or information to the hackers. It will only inform us that something is wrong.

Just look at the image, your error will show up exactly like that. In this you can easily edit the message of your choice by editing the “Oops Login Error !” message mentioned in above code.

In above code we are using “login_errors” filter and a callback function with it. “login_errors” is a default WordPress filter which is used to modify the error messages that are displayed above the login form.

In this way we are one step closer to the secure WordPress website.

Be aware, be updated and stay secure 🙂