By default, WordPress displays error messages when a user enters incorrect login credentials. These messages can reveal whether the username or password is wrong, which may help attackers guess valid accounts. On ruachost.com, you can disable these login hints and replace them with a generic message to improve security.
Why Disable Login Hints?
-
Prevents attackers from knowing if a username exists.
-
Reduces brute‑force attack success rates.
-
Enhances user confidence with consistent error messages.
Steps to Disable Login Hints
-
Log in to WordPress with an administrator account.
-
In the dashboard, go to Appearance → Theme Editor.
-
From the right‑hand column, select the functions.php file of your active theme (or child theme).
-
Add the following code snippet at the end of the file:
// Disable WordPress login error hints function wp_remove_login_hint() { return 'You are not allowed on this website'; } add_filter('login_errors', 'wp_remove_login_hint'); -
Click Update File to save changes.
-
Log out and test the login page → Incorrect credentials will now display the custom message instead of revealing hints.
Important Notes
-
Always back up your theme files before editing.
-
Consider using a child theme to preserve changes during updates.
-
You can customize the error message to suit your site’s tone.
-
Combine this with other security measures (CAPTCHA, two‑factor authentication, strong passwords).
