How to Disable Login Hints In WordPress

Some Web Applications have a tendency of revealing information which they are not supposed to reveal, this could be s a result of either the developer’s decision or some sort of misconfiguration WordPress tends to reveal information which isn’t necessary which is a result of design decision.

By Default, WordPress tends to show an error message which displays information whether the username or email entered in the login page is incorrect. This is mostly a security concern simply because the error message can be used as a hint to guess as username, email address and password.

This article will focus on showing you how you could disable the error message when someone enters incorrect credentials.

To begin with, the first scenario when someone enters an incorrect username and password the following piece of information is being displayed as shown below

The second scenario is when a user enters a valid username name but an incorrect password the following information is being displayed as shown below

As you can see from both the scenario’s WordPress is providing information whether the email or username is correct or incorrect which can be used by an attacker to perform a brute force attack on your web site. These login hints can also verify that you are using a particular email address for your admin account.

DISABLING LOGIN HINTS

In order to disable these hints in WordPress you will first have to login in the administrative page and then follow the following steps as shown below

First of all go to  Appearance –> Themes –> click on your theme –> theme functions (functions.php)

Then go to the end of the functions.php part and paste the below following code

Note: to change the error message on the part that is written return, just edit that part.

The code adds your custom message as your filter to login errors.

Now when you try to enter an incorrect username or password this is what you will get as an error message

Download How to Disable login Hints in WP

5 thoughts on “How to Disable Login Hints In WordPress

    1. Thank you so much for the kind words, I’m humbled by them, I really appreciate it, I created this blog to share such knowledge and help people not to be vulnerable, am sure there are people who you know would want to learn the same so please feel free to spread the word about my website to help keep other people aware

      Once again thank you very much!!

Leave a Reply

Your email address will not be published. Required fields are marked *