When you try to log into WordPress site with an incorrect username or password, it will immediately show an error message indicating that the information that you have entered is incorrect. This type of message is generally called as login hints. These login hints may pose a threat to your site as they may help someone to guess your login credentials if they’re smart enough.
If someone enters a correct username but enters an incorrect password, the error message shows something like the below one.
By looking at the above image, you can easily say that someone who is trying to guess your username has successfully guessed it. Also, with the new updates of WordPress, users can now log into their admin area with their email as well. Thus a login hint like the above one will give a huge advantage to the attackers. So, to protect your WordPress site, you need to disable or modify the login hints. In case you are wondering, here is how you can disable login hints in WordPress.
Hide Login Hints Using a Simple Code Snippet
To disable the login hints, all you have to do is add a simple code snippet. To do that, log into your WordPress site’s FTP account. Now, find and open the file
functions.php. It should be in
Once the file has been opened, copy the below code snippet and paste it at the bottom of the file. Alternatively, you can also add the below code snippet in your site-specific plugin so that the change will stay intact even if you change the theme in future.
// Remove WordPress Login Hints
return 'Cannot log you in, try again!';
add_filter( 'login_errors', 'no_wordpress_login_hints' );
This code simply adds a custom message to the WordPress login page replacing usual login hints. The message only appears when a user enters incorrect login details. If you want to customize the error message then you can easily do that by simply modifying the sentence between quotes in the second line of the code.
That’s all there is to do. You’ve successfully disabled login hints in WordPress. From this point forward, your custom message will be shown instead of the regular WordPress error message.
Even though this method helps you prevent the login hints from giving unnecessary info, it won’t help to protect your site from potential hacking attempts or brute force attack. You may need to go for other solutions in terms of WordPress site security.
That’s all for now. We hope that this article has been useful to you. If you like this article, then do check out the things you can do to protect WordPress admin area. Also, feel free to post any thoughts, questions, and feedback regarding how to disable login hints in WordPress in the comments section below.