Stop showing unnecessary information on failed login attempts

Sometimes when you’re in a hurry and try to login to your WordPress website, you can misspell your own username or more likely your password. If that has happened, you had probably noticed that WordPress informed you about the login error.

The bad thing about this is that WordPress tells you if your username or your password is incorrect so you know which field to retype. Yeah, that’s a good thing for you so you don’t have to type the entire password again if you have misspelled your name, but it is also a good thing for a hacker who wants to enter your site.

If you leave everything as is, a hacker might guess a username (you have change default “admin” to something else, right?) and a password, and your WordPress could tell him that only the password is wrong. That’s almost like you have turned the key half way. If the hacker gets this info, he will be able to use brute force attack until he gets the correct password for that username. You can easily check this with Security Ninja which can help you with crucial security info.

While there are different ways of securing your WP login, in this article we will show you a function which will make changes to failed login attempts. Instead of telling you that username or the password is wrong, this function will tell that one of those fields are wrong so no one but you will know if that was username or the password.

  1. Open your functions.php file
  2. Copy and paste the following code:
  3. function wrong_login() {
    return 'Wrong username or password.';
    }
    add_filter('login_errors', 'wrong_login');
  4. Save changes

After you have made the changes, your WP site has just become a little bit safer. Don’t forget to remove WordPress version info and to hide folders from public.

Interested in adding an additional security step to your login? See how to limit access to your WordPress login page.

START YOUR OWN BLOG

This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

Leave a Reply

Your email address will not be published. Required fields are marked *