Most of the people ignore the login page of their WordPress websites, which may result in the brute force attack. If you monitor your website using a security plugin, you can realize how many brute force attack attempts take place every year.
By default, WordPress tries to give some hint to recover the password and the username, and many people don’t bother it that much.
But if you ask an advanced WordPress user, it’s an enormous deal; the website can be hacked by guessing the email address or the username.
You should understand the concept of the login hints and how to hide them. In this tutorial, you’re going to learn everything, which can help you secure your website.
I know when my friend was trying to log in, and luckily guessed the username because of the hints were given by WordPress, it doesn’t happen often, but you should take every possible step to harden your website’s security.
How do You See these Login Hints
Whenever you type a wrong username of the email, WordPress displays a message that your username is invalid.
ERROR: Invalid Username. Lost Your Password?
This is the actual error you see.
But when you type the wrong password, you see a different error message.
ERROR: The password you have entered for the username themedemo is incorrect. Lost Your Password?
Do you realize what does an error message reflect? It means your username is correct, but the password is wrong, which gives a hint, that you have guessed the correct username.
I know it’s a hit and trial method, but it’s possible that a hacker can guess the username or the email address in a few trials.
That’s why it’s always recommended to use a potent combination of username and password. Many WordPress users neglect such a bit of advice and face the fatal.
How Can You Disable or Edit a Login Error
You should be joyful; you can edit or completely remove a login error message using the functions.php file. You need to create a function, which can target the default WordPress login error message codex.
I hope you know; you can find the functions.php file from your WordPress admin panel by navigating to Appearance>>Editor and Theme Function(functions.php) from the vertical navigation bar.
But many WordPress experts or even the web hosting companies disable file editing from the admin panel, so you should always follow the cPanel method.
Follow the steps.
Step 1
, where all of your website’s data is available.
Step 2
Step 3
You can see all the inactive or active theme currently downloaded on your website.
Of course, you want to edit your presently using WordPress theme, search for the functions.php file, right-click to edit.
Step 4
You can see tons of coding lines on a new page. You don’t need to fret.
functionnew_wordpress_errors(){ return'Wrong Login Details.'; } add_filter( 'login_errors', 'new_wordpress_errors' );
Now, if you try to log in, you get “Wrong Login Details.” as an error message, you can edit this message and display anything you wish.
You can quickly notice that the second line of the above-written code is returning the value of a login error message.
Congrats, you have successfully added one more security layer to your WordPress website.
I Hope You Can Easily Locate the functions.php File
Before you make any changes, it’s essential to back up your website and its database. Sometimes, when you paste the code, you can unknowingly break the website.
If you don’t want to back up the whole website, you should at least back up the WordPress theme you use.
Even though you edit the login hints, you should always use a plugin to limit the login attempts so that no one can hint and try more than a few times, setting the login attempts to three is effective.
Conclusion
Numbers of websites get hacked every year, and it’s vital to take the initiative to spread the word about security awareness.
For a newbie, security of a site may not be a concern, but once they put some time into the design and the content, it’s essential to take a few steps further.
Add the code as mentioned earlier and secure your login page.
Check out these top 3 WordPress hosting services:
- Click here to get the best wordpress hosting specialized for wordpress.