How To Hide WordPress Login Error Messages For Improved Security

WordPress being the most-used Content Management System worldwide, a lot of people are searching for holes in its security. Luckily, the WordPress development team is making an amazing job at keeping all of our blogs safe, as long as we keep downloading and installing upgrades.

Whenever someone (you or anyone else) tries to log into your WordPress blog but fails, WordPress displays an error message to let you know what just happened. While it may be useful for you, it may also give some information to potential blog hackers who are trying to break into your blog.

To improve your WordPress blog, an interesting step you can take is disabling these messages. To do so, simply paste the following code in the functions.php of your WordPress blog:

add_filter('login_errors',create_function('$a', "return null;"));

Stéphane Kerwer
Article written by Stéphane Kerwer (1995 Posts)
Bonjour from a french guy. My name is Stéphane Kerwer and Dukeo is my blog. I do most of the heavy lifting in here but from time to time, you may see some guest posts. To receive updates from Dukeo, follow us on Twitter or like us on Facebook.
If you enjoyed this article, Get email updates

3 Comments (Add one)

  1. Dave Clements

    Hi Sté,

    This is a nice little snippet. Do you know if it still shows the red box that surrounds the error, except with nothing inside it, or does it just bring up a fresh copy of the login page, looking no different than if you had not tried to log in at all?

    1. Sté Kerwer

      Yep, I know.

  2. Akash

    Yes, thats a helpful info. But my theme doesn’t have functions.php file. Instead it has theme-functions.php file.