In this simple tutorial we’ll show you how to hide login errors on the wp-login.php section of your site. The reason for doing this if you try and login using the correct username, but with a wrong password, a message is displayed showing: “Error:Incorrect Password.” This gives a hacker the information that the username is part of the wordpress system – so they only have to crack its password.
The same applies vice versa – if the username is incorrect it displays “Error:Invalid Username”. This reveals that the username is non-existent and lets a hacker know he needs to find the right username.
In order to keep this from happening, you need to add this code to your functions.php file:
add_filter(‘login_errors’, create_function(‘$a’, “return null;”));
This filter will remove the standard WordPress error by displaying nothing when a login is incorrect. Which if you’re running a personal blog – works perfectly as its unlikely you’ll ever forget the login. However if you’re running a magazine style site with many contributors/editors/admins then you may want to think twice before implementing this solution.
Written by Helen Clough – WordPress fan and IT guru at Integral IT, a company who assist businesses with IT Support in Yorkshire and the UK.