A major drawback of the current WordPress login form is that it informs the user which part of the login information he/she has gotten wrong. For instance, if the username is correct and the password wrong, WordPress informs the user about it. This makes it easier to use brute force login as the hacker has a clear idea of whether he/she needs to change the username or password.
This issue can be resolved by entering this line of code into your WordPress theme’s functions.php file:
1
2
3
4
| function failed_login () { return 'the login information you have entered is incorrect.’}add_filter ( 'login_errors', 'failed_login' ); |
No comments:
Post a Comment