Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Disable Login Hints in WordPress Login Error Messages

Want to disable login hints in WordPress login error messages?

By default, the WordPress login page shows an error message when someone types in the wrong username or password. However, these error messages can help hackers guess your username, email address, or password.

In this article, we will show you how to disable login hints in WordPress login error messages, and keep your website safe.

How to disable login hints in WordPress login error messages

What Are Login Hints in WordPress Login Error Messages?

Every time someone tries to log into your site using the wrong username or password, WordPress will show an error message on the login screen.

If this person typed in the wrong username or email address, then WordPress shows the following error: ‘The username is not registered on this site. If you are unsure of your username, try your email address instead.’

The login hint in WordPress login error messages

This may be helpful for genuine users, but it also lets any hackers know that they are typing in the wrong username.

If you type in the right username but the wrong password, then WordPress will show a different error: ‘The password you entered for the username is incorrect. Lost your password?’

A password hint in the WordPress login error message

If someone is trying to guess your username, then this error message confirms that they have guessed it successfully. Now they just need to guess or steal your password.

WordPress website owners can also log into their site using an email address instead of their username. This means that a hacker could type in different email addresses, to try and figure out which address you’re using for your WordPress account.

As soon as the hacker guesses the right email address, WordPress will switch over to the ‘The password you entered for the username is incorrect’ error.

To protect your WordPress blog or site against hackers, you should always use a unique username and a strong password for your account.

If you’ve added other WordPress users or authors to your site, then you may also want to use a WordPress plugin to force your users to create a strong password.

While these steps are a great start, the login hints can still help hackers break into your site. With that in mind, let’s look at how you can hide the login hints in WordPress login error messages.

To make it easy, we have created a video tutorial on how to disable login hints in WordPress login error messages.

Subscribe to WPBeginner

If you prefer text instructions, then you can follow our step by step tutorial on how to remove login hints from the WordPress error messages.

Hiding Login Hints in WordPress

The easiest way to disable login hints in WordPress login error messages is by pasting some code into WordPress.

You can add the following code snippet to the bottom of your site’s functions.php file or by using a code snippets plugin like WPCode (recommended). Using the code snippets plugin is easiest for beginners.

function no_wordpress_errors(){
  return 'Something is wrong!';
}
add_filter( 'login_errors', 'no_wordpress_errors' );

This code tells WordPress to show a custom message instead of the default login error. In the sample code above, we’re using ‘Something is wrong!’ as our error message.

You can change this line to show any message that you want. For example, here we’re using ‘Your username or password is incorrect’ as our error message:

 return 'Your username or password is incorrect';

If you’re editing your functions.php file or using the code snippets plugin, then don’t forget to save your changes.

If you’ve created a site-specific plugin, then you’ll need to install and activate your site-specific plugin. If you need help, then see our guide on how to install a WordPress plugin.

Once you’ve done that, it’s a good idea to test your new error message. To do this test, simply head over to your website’s login page and type in a wrong username, password, or email. Then, click on the ‘Log In’ button.

WordPress will now show your new error message without giving you any hints.

How to disable the login hints in the WordPress login error

While this code will disable login hints in WordPress, it won’t protect you from more advanced attempts or brute force attacks.

The easiest way to stop hackers from getting into your site is with a WordPress security plugin. We use Sucuri to protect all our websites against common security threats.

Sucuri comes with a website firewall that can stop suspicious internet users from even reaching your site. For more information, see how Sucuri helped us block 450,000 WordPress attacks in 3 months.

We hope this article helped you learn how to hide login hints from WordPress login error messages. You may also want to see our guide on how to get a free SSL certificate, and our expert pick of the best WordPress plugins for business websites.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

18 CommentsLeave a Reply

  1. Hello how can i translate the code above in different languages? I need it for the woocommerce login for the customers.

    • You would want to change the ‘Something is wrong!’ text to the text you want but if you want the text to change into multiple languages, that would require a bit more coding than we would have for a beginner article. In that case you would want to take a look at multilingual plugins.

      Admin

    • As long as the code is working on the desktop version you would want to reach out to WPTouch to let them know about that issue to take a look.

      Admin

  2. Well it is easy to know the username if it is right, as when entered correct username and the wrong password, the username field does not get blank even after getting the ‘something is wrong’ warning. Which clearly is a hint the yes this is the correct username. Is there any way to make the username field blank in this scenario. Please help.

  3. Is there a way to change the text of the error message on the lostpassword page that says by default, “Please enter your username or email address. You will receive a link to create a new password via email.”?

    I can’t seem to find any material on the subject

    • I was wondering the same thing. Why can’t we just change the wording of the error message instead of adding a function that might be overwritten with the next update?

  4. The only thing is that when you enter a correct username and an incorrect password, it gives a message “something is wrong” but you can see the username, which confirms it in case you have guessed it. I don´t know if this happens in WordPress 4.5. Is there any way of leaving the username field blank even though it´s correct? Thank you

  5. I am curious to find out what blog system you’re using? I’m having some small security issues with my latest website and I would like to find something more safeguarded. Do you have any solutions?

  6. I am truly thankful to the owner of this web page who has shared this enormous article at at this time.

  7. WP Simple Firewall or Shield gives you the ability to hide the login menu, lock down the Dashboard and it comes with Sucuri and Brute Attack prevention. It is a free plugin, use it in conjunction with a password manager, so you don’t forget or misplace your passwords. I use Lastpass, which is also free. Shield replaced six security plugins and sped up my website.

  8. Is there a help line in Australia as I have forgotten my user name for logon being a little old it is a problem

    • G’day Phillip, sorry mate no help line. Try going through whoever hosts your website, they should be able to help you out. Once reset use a password manager like Lastpass, you only have to remember one password. WRITE IT DOWN; did I say write it down because if you don’t, WRITE IT DOWN you’ll really will be up the creek, without a paddle.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.