DISCLAIMER: this post is older than one year and may not be up to date with latest WordPress version.

By default, when you (or someone else) fail to login on your wp-admin, WordPress displays an error message. While those messages might be useful, they can also be used by hackers to track their progress. Here is a nice tip to prevent WordPress from displaying login errors.

Paste the following line of code into your functions.php file:

add_filter('login_errors', create_function('$a', "return null;"));

Once you saved the file, WordPress will not display any login error messages anymore.

Thanks to WP Tuts for the tip!

7 Comments

  1. Very nice. How could I insert my own HTML & PHP where it says “return null;”?

  2. Can you just use the return false function as the callback?

    add_filter(‘login_errors’, __return_false());

  3. Just noticed that this piece of code is exactly the same as this other tip:

    http://www.wprecipes.com/wordpress-security-hide-login-error-messages

  4. Thanks to find out this solution here. I appreciate this post that I have solved my my login error by putting this simple code!
    Thanks.

  5. @Adam, you’re right. Sorry! But 3,5 years and more than 150 posts later I just failed to remember 😉

  6. Nikhil Naik

    Will this be of any use when taking “Brute Force prevention” into consideration?

  7. I just read that – Brute-force attackers never attacks the site using computer system but using botnets. Hence, This might not be of that good use. There is focus-making javascript on the bottom of the page source which still gives a clue what was wrong — login or password. Any automated tool will know it.

Leave a Comment

Your email address will not be published. Required fields are marked *