Remove Error Message on WP-login to increase security

Hackers and bots are more prevalent than ever. It is vitally important you protect your WordPress install from every type of potential attack.

One simple way hackers attempt to get into your install is via the login form. Most people stick with ‘admin’ as the default username for their admin account. This is bad.

Already, you have potentially given up half the security you should have. They only need to guess or run a script to solve your password and they’re in. You should always rename your admin username to something other than ‘admin’.

One small gripe with WordPress is that when logging in, if you get the username correct but incorrect password, WordPress error messages tell you which one is wrong. This gives hackers the knowledge that they have the correct username. All that’s left is your password.

You can hide this message, hiding the confirmation that they have the correct username or password, by simply adding this little snippet to your functions.php file:

// PRO - Remove error message on login screen - for added security
add_filter('login_errors',create_function('$a', "return null;"));

Useful post? Share it

One comment on “Remove Error Message on WP-login to increase security

  1. Attractive section of content. I just stumbled upon your
    website and in accession capital to assert that I acquire actually enjoyed account your blog posts.
    Any way I will be subscribing to your feeds and even I achievement you
    access consistently quickly.

Leave a Reply

Your email address will not be published. Required fields are marked *