Hide WordPress login error messages

WordPress has a few grey areas as far as security is concerned. Hackers often take control of WordPress websites using the log-in error message which tells whether the username and passwords are correct or not. If you get to know the username, it is one step easier to gain unauthorised access. The message that says “Invalid username” helps hackers to find the correct username and password.

For better security of your WordPress website or blog, you might want to hide the log-in error messages that WordPress shows when you try to log in with wrong username and/or password. Paste this code in the functions.php file of your WordPress theme.

add_filter('login_errors', create_function('$a', "return null;"));