Home » Tutorial » Hiding Login Hints in WordPress Login Error Messages is Not Easy

Hiding Login Hints in WordPress Login Error Messages is Not Easy

Login Hints WordPress
Morshed Alam Updated

WordPress needs to focus more on security! Yes, that’s right. The WordPress login page provides a handful of information that can be really helpful for hackers. You can call them login hints.

What are login hints?

On the WordPress login page, if you type the wrong username or password, WordPress will tell you what you did wrong.

If you type the wrong username or email address, WordPress will tell you:

The username is not registered on this site. If you are unsure of your username, try your email address instead.

username not registered

It lets hackers know that they are typing the wrong username.

If you type the right username, but the wrong password, WordPress will tell you:

The password you entered for the username is incorrect. Lost your password?

password incorrect WordPress

Now, the hacker will know for sure that he got the username right. Half of the work is done! The only duty left is to figure out what the password is.

I wanted to disable these login hints in WordPress login error messages. So, I added the following code to my functions.php file:

function no_wordpress_errors(){
  $message = 'Your username or password is incorrect. <a href="'.esc_url(wp_lostpassword_url()).'">Lost your password?</a>';
  return $message;
}
add_filter( 'login_errors', 'no_wordpress_errors' );

Now it says, “Your username or password is incorrect. Lost your password?

login hints solution

Now, you may relax and say, “Well done! I’ve solved a big problem.”

Not really!

The problem still remains. Let me describe.

  1. If you enter the wrong username now, the error message won’t indicate it. But your cursor will do. What you entered in the username field will be gone, and your cursor will be blinking in the username field. That’s how your cursor will indicate that the username is incorrect.
  2. If you enter the right username but the wrong password, the cursor will be blinking on the password field. And what you entered in the username field won’t be gone; it’ll stay there. That’s how you’ll know that you have the username right.

This problem can be solved by using JavaScript. As I don’t know JavaScript well, I can’t give you a solution here. If you are an expert in JavaScript, solve this and let me know. Use the email address from our Contact page.

Thanks in advance.

Read more from Tutorial

Written by:

Morshed Alam
A teacher by profession, a traveler by passion and a netizen by choice.

Have you written on ThoughtMight?Write Today



Leave a Comment

Your email address will not be published. Required fields are marked *

Also Read

LiteSpeed Options Metabox

Hide LiteSpeed Options Metabox From Non-Admin

MailPoet

How to Remove MailPoet CSS

This Website Uses Only 109 Bytes of CSS & Looks Great on All Devices

This Website Uses Only 109 Bytes of CSS & Looks Great on All Devices

Enter Key

How to Disable Enter Key Without jQuery or Plugin

FOREIGN LANGUAGE SPAM

How to Automatically Trash Non-English Comments in WordPress

Exclude Zaraz Google Analytics From Login Url or WordPress Admin Area

Exclude Zaraz Google Analytics From Login URL or WordPress Admin Area