Whenever someone tries to login to your WordPress with the correct username and wrong password combination, the following message appears:
[alert style=”red”]ERROR: The password you entered for the username yourname is incorrect.[/alert]
It gives the hackers a clue that their entered username is correct, and that they simply need to crack its password.
And shows following error message when someone tried to login with wrong username:
[alert style=”red”]ERROR: Invalid email or username.[/alert]
It also gives the hackers a clue that there isn’t username of what they entered.
This simple error messages can cause a lot of problems to your WordPress. So, it’s better for you to hide these error messages. In order to keep this from happening, you need to add this code to your functions.php file:
add_filter('login_errors', create_function('$a', "return null;"));
This filter will replace the error message from the login page. The message will be replaced by an empty error box.