How to Improve WordPress Login Security

When you visit a WordPress Login page and enter wrong credentials you will get an error message. This error message will display which part of your credential is incorrect. Suppose you enter a wrong name or email it will display an invalid username error. When you enter a correct name but the wrong password then you will be able to see an error message saying the password you entered for the username is incorrect. Attackers might use this technique to find the correct username. You might be thinking how to stop showing hints in the form of errors. Well to do so and Improve WordPress Login Security you can set the custom error message for login errors.

Improve WordPress Login Security

How to Improve WordPress Login Security?

  • Login to your WordPress Website.
  • Go to Appearance which is located on left sidebar of your dashboard and open Editor.

WordPress Editor

  • From the right sidebar select theme functions file (functions.php).
  • Copy Paste the following code displayed below at the end of function.php file.

function no_wordpress_errors(){
  return 'You wont get any hint on this website';
}
add_filter( 'login_errors', 'no_wordpress_errors' );

Note: You can replace You won’t get any hint on this website with the custom message you want to display whenever someone enters incorrect credentials.

  • Click on update.
  • Log out from your website and check if it is working properly.

How to Display Custom Login Error Message using Filezilla?

  • Login to Filezilla.
  • Go to wp-content → themes → your theme name.

Increase WordPress Login Security

  • Scroll down to find function.php file.
  • Right-click on function.php and navigate to view/edit and click on it.
  • Scroll down till the end of file and copy paste the same code shown in the previous method.

Display Custom Login Error Message

  • Save and close the file.
  • A popup will be displayed on the screen saying a previously opened file has been changed. Do you want to upload this file back to the server? Click on yes.
  • Now whenever someone enters wrong credentials to login into your website they will see a message called you won’t get any hint on this website.

Note: You can also open your hosting account and can edit function file using file manager.

18 thoughts on “How to Improve WordPress Login Security

    1. You are most welcome.
      Let me know if you are having any difficulty in changing default error message with custom one.

  1. I am not using WordPress yet but was considering changing in the future so I appreciate the advice. I would rather know in advance then to experience trouble down the road.

  2. Despite using WordPress for long I never know there is a lot to think about the login security and these are some great ideas to make it more secured. Coming up with your own custom login error message will be a great solution for sure.

    1. You are most welcome. Let us know if you are having any difficulty, so that I can give you remote assistance.

Add Comment