Have you ever noticed what happens if you enter the wrong password when logging into WordPress?
WordPress will then show you the following error message:
“ERROR: The password you entered for username ### is incorrect.”
In other words, WordPress uses this to announce that the username was correct. This information is dangerous if it falls into the hands of hackers. They then know that they only have to find the right password. This is much easier than having to determine the correct username and password combination.
To turn off the login error message, open your WP theme’s functions.php file.
On the one hand, you can do this by changing the file via your FTP access.
Alternatively – and much easier – you can simply open this file via WordPress itself.
To do this, go to Design in the menu bar and then to the Theme Editor menu item. Select the “Theme Functions (functions.php)” file in the “Theme Files” bar on the right.
Now add the following line in this document:
add_filter('login_errors', create_function('$a', "return null;"));
Just be careful not to break any sections of code. The best thing to do is simply add the line to the top of the document – then there will be no problems. In the file it looks like this:
When you’re done, be sure to click Update File at the bottom of the page to save the changes.
By the way: You can save yourself this detour if you have installed and activated the Limit Login Attempts Reloaded plugin from step 5. If the login fails, you will get the following message:
The message “ERROR: Wrong username or password” does not reveal whether the username, password or both were wrong. If you have already installed the plugin anyway, you can safely save yourself the trouble of switching off the error message when logging in via the functions.php file.