Prevent Brute Force Attacks by Removing Login Hints from Login Page

Prevent Brute Force Attacks by Removing Login Hints from Login Page

You may not realize it, but perhaps your website is being targeted with brute force attacks. That’s a common cyberattack that many websites suffer from. If you install a plugin, you can see a report on it.

And the worse part is your WordPress website helps the hackers when they’re attacking your website. That’s because when someone tries to recover the password or username, WordPress gives them certain hints. This is a security vulnerability since the hacker may guess the login credentials. So you should prevent it from happening.

In this article, learn how to remove login hints from the login page in WordPress.

Disable the Login Error Message

When you visit the admin login page and enter a correct username but wrong password, you see an error message that reads “The password you entered for the username XYZ is incorrect.” As you can see, WordPress confirms the username in full. So the hacker gains the insight that there’s a username with XYZ on your website.

You need to disable this message in the login page. Here are the steps to take:
  • Log in to your cPanel account
  • Open File Manager from under the Files section
  • From the left-hand side panel, open the wp-content folder
  • Then on the right-hand side panel, find and open the themes folder
  • Inside of the folder, you’re going to find all the active and inactive themes. Select the theme folder which you’re currently using
  • Find the functions.php file. Right-click on it to start editing
  • At the end of the code in this file, copy and paste the following code:
return'Wrong Login Details.';
add_filter( 'login_errors', 'new_wordpress_errors' );
Save the file and exit
Now logout and try logging back in with the correct username but with the wrong password. You should no longer see that message.

What the code you added did was created a function that targeted the default error message. Then, it replaced with the new error message. In this case, “Wrong Login Details” is the new message. You can personalize the message and include you own words.

So that’s how you prevent error message from displaying the username. It’s recommended that create a backup of your website before editing the core files. This ensures you can recover your website in case something goes wrong.

For further assistance, contact the support team.
First release
Last update
0.00 star(s) 0 ratings

More resources from kumkumsharma