Protect WordPress login: change the error message hint

Protect WordPress login: change the error message hint

If you want to log into the WordPress backend and maybe had a transposed number in your password, you will know this error message for sure. For those who either just remember everything perfectly or those who are smart enough to use a secure password manager, you can find an example on the screenshot. WordPress gives relatively detailed information about what exactly happened in the red marked Login Notice error message change.

Of course, if someone tries to guess your username, this error message will help them enormously. Since WordPress 4.5, you can also log into your WordPress backend using your email address. The warnings then even confirm that this e-mail, if guessed correctly, is correct. Now the potential attacker knows which e-mail address you use to log in and can take further steps to jeopardize your security and privacy. For most WordPress users, this risk is relatively small and not a major concern, but it could be more of a problem for people who are careful with their data.

Basically, of course, you should always use unique user names and particularly strong passwords for your WordPress backend. Use a good password generator and create a good mnemonic that may seem random at first, but makes sense to you personally.

But butter at the fishes.v

Previous post Secure login against brute force attacks Next post WordPress logout link (in the navigation or in the content)