It is important to remove error messages when logging into because it makes your website vulnerable to hackers. The error message displayed will either disclose if the username or password was invalid. With this information, Hackers can identify which field authentication they answered correctly. ie:
- If they entered the wrong username it will return “Error: Invalid Username”
- If they get your username correct, it will return “Error: Invalid Password”
So then they will start the process to hack youradmin password to gain access into your website.
The solution: Enhance yourby totally removing the error message from the WordPress login form.
Tutorial for WordPressTheme:
1. Login to your WordPress administrator backend
2. On the left navigation bar, click on “Thesis”, “Custom File Editor”
3. In the “Thesis Custom File Editor”, click on the drop down and select “custom_functions.php”. Click on the ‘Edit selected file’
4. Take a back of this file, either by copy all and paste into notepad, or use FTP to save the file locally on your computer. The file is located in:
5. Append a line of code to the bottom of the custom_functions.php file :
//remove error messages from WordPress login page add_filter('login_errors',create_function('$a', "return null;"));
6. Click on Save.
Refresh your WordPress login page and you will no longer see an error message displayed if an incorrect username or password was entered. Instead a blank message will be shown.
Note: if you are not using Thesis Theme, add the code to your theme root folder file functions.php.