WordPress has evolved as the best Content Management Systems in past few years. It enables the users to develop their own website or blog and easily manage their content. It is considered as the most powerful CMS these days. Its long list of features has earned it a huge popularity among the developers.
WordPress offers a great flexibility and allows desired customization easily. It serves as the development platform for more than 22% of newly developed websites. The use of plugins and customized themes adds to its popularity. WordPress has made it easy to develop websites for those also who are not good at coding.
The users keep getting maximum out of WordPress. They keep trying some small changes in the code to make some changes in the design or disable some functionality and so much more. Here we are talking in regard to disabling the login hints in WordPress.
You can disable the login hints in WordPress with ease. In this article, we will see the example of its flexibility and well know how to disable the Login hints.
If a user enters the wrong username then the following error message is shown:
Invalid username. Lost your password?
If the user enters a wrong password then following error message is shown in wordPress:
The password you entered for “----” username is incorrect. Lost your Password?
Most of the wordPress users do not consider it a substantial issue and do not bother about it. But, those users who are concerned about the privacy and security give it a consideration.
These messages may give rise to a possible hacking attack. That is why it is always suggested to use uniqe and complex usernames.
As a normal user, we think that these messages are informative. They let us know where we are making the mistake while login. That is right but you can not deny the fact that it can provide important information to the hackers as well. It informs the hackers that which field “Username” or the “Password”, caused the error.
Moreover, If some one is trying to guess your username then the error message “The password you entered for “----” username is incorrect. Lost your Password?” displayed on entering the wrong password can confirm the username. It tells the hacker that the username used is correct just the password is wrong. In this way, it becomes a potential security concern.
However, you can avoid this kind of risks, you will need to sacrifice a small fraction of its user-friendly experience. There are two ways of avoiding it.
Hide the Error massage completely.
Customize the error message with your preferred massage.
This may be the best thing you can do to avoid any possible security breach cased by the login hints. WordPress allows you to completely hide these error massages. For that, all you need to do is add a few lines of code in your theme's function.php file.
Just go to your WordPress dashboard, click on appearance and then on the editor. Locate and open function.php file. Add the below-given code in the file and update.
add_filter('login_errors', create_function('$a', "return null;"));
This will enable you to hide the login error messages completely. Now if anyone enters wrong information for login, no error massage is shown after the login failure.
If you do not want to hide the error massage completely then you can also change the login error message with a customized error message. This may be any simple massage which does not indicate any specified reason for the login failure.
Add the code given below in the function.php file of your theme.
return 'Wrong Details Entered!';
add_filter( 'login_errors', 'no_wordpress_errors');
This helps to act as a filter to the default login errors and enables you to add a customized error message.
After doing that if someone enters wrong username or password then your customized message will be shown like in case of above code we have used 'Wrong Details Entered!', It will be shown as the error massage . You can choose your own preferred text.
Login errors are a common thing but if you keep them as such you may invite hackers for brute forcing. Moreover when it is said that a site is vulnerable to a hacking attack, it points to these small things which you are likely to ignore. You understand the importance of protecting your WordPress install from every type of potential attack. So, do not make it easy for the hackers to guess your username and password. Hiding the hints in WordPress error messages requires no difficult coding, lots of time or any specific plugin. It may not add some special security to your site but can avoid any direct hacking attempt.