By default, WordPress show too detailed error messages when someone enters incorrect username or password on the login page. These error messages can be used as a hint to guess a username, user email address, or password. In this article, we will show you how to disable login hints in WordPress login error messages.
Why should I disable
It improves privacy and security of the application. For example WordPress will throw “ERROR: Invalid username. Lost your password?” for invalid username and it throws “ERROR: The password you entered for the username arjun is incorrect. Lost your password?” for correct username with wrong combination of password. ..etc, this error message confirms that they have successfully guessed username….
Disable Login Error Hints
Add this code to your theme’s functions.php file, WordPress won’t specify where you made an error when attempting to log in:
function no_wordpress_errors(){
return 'Something is wrong!';
}
add_filter( 'login_errors', 'no_wordpress_errors' );
This will override default WordPress login errors, it makes it harder for attackers to guess username and password to gain access to your site.