I found this code snippet on the web to insert into my function.php
file to customize the error message so that it is more secure:
// custom the login error message
function customize_login_errors(){
return 'The login credentials are incorrect.';
}
add_filter( 'login_errors', 'customize_login_errors' );
Although, I have found a loophole.
If the username is incorrect, the username input field gets clears along with the password. Perfect, just what I want. However, if I enter the username correctly, the field’s input remains upon entering an invalid password. Although, this is more secure than the default error message, it still let unwanted guests know if they have guessed a valid username.
How do I take it a step further and
clear both the username/email and password fields
upon entering invalid credentials?
I would inject the following javascript snippet to the login page when the login fails!
Put this javascript into a file called, let's say,
custom_error_login.js
And then put the following snippet in your
functions.php
of your active child/theme and use the following hook to inject it to the login page after login fails!!!