How to Remove the Error Message Invalid username on WordPress Login Screen


We had discussed alot about WordPress security tips and enough tutorials on how to shape up your WordPress blog. The one thing which i insist more when using WordPress is, it is an open source platform so there are alot of chances for hackers to exploit the WordPress software. You shouldn’t be giving space for them to exploit the hole. Here is a basic method to prevent attackers to get access into your WordPress admin dashboard.

You might have noticed this on your blog, when you enter your username and password to login into your WordPress dashboard, while entering your username or password information wrongly, it indicates an error message saying ‘Invalid username’ or ‘Invalid password’.

Now what I feel is, why should we give space for some one who wants to enter into your WordPress dashboard by letting them know about what is wrong, either username or password. Some jerks randomly enter username & password by guessing it out and we shouldn’t let them know whether the username or password is wrong.

If you’re getting my point what exactly is, Suppose if he enters the password correct, then it indicates that Only username is wrong. So why should we give a space for that ? Here is a simple trick to hide the error information which generates when a username or password is wrong.

When a third party user enters an unavailable username, a message appears stating “Error: Invalid username”. This of course reveals that the username is non-existent and becomes one less permutation that needs to be checked.

By this way it gives bruteforce attackers a clue that there isn’t username of wordpress user. In order to keep this from happening, you need to add this code to your functions.php file.

add_filter('login_errors', create_function('$a', "return null;"));

This filter will remove the standard WordPress error by displaying nothing when a login is incorrect.

How To Remove Message : Invalid username on WordPress ?

1. Go to WordPress dashboard

2. Click Appearance > Editor

3. Click the functions.php file

4. Add the below code as shown in the picture

add_filter('login_errors', create_function('$a', "return null;"));

5. Save the file

6. Logout WordPress and try out by entering a wrong username/password

For a limited time I'm sharing some select Tips and Tricks and How-To Guides for FREE.


  1. while using BuddyPress.. if they put wrong password.. it is directing to WORDPRESS LOGIN page.. (like above page).. how to solve this..

  2. Pankaj Gupta says:

    That’s a good tutorial to secure our wordpress login form. Thanks for this tutorial. :)

  3. Really very useful tutorial. Can I remove that rectangle also?

  4. DeputyCIO says:

    Thank you,

    You’re the only one who took the time to do screen captures and tell us where exactly to put this line of code. Everybody else keeps copying each other’s information.

  5. DeputyCIO says:

    Don’t mean to spam you with comments, but I believe it would be more elegant to show “Invalide username or password” message. Would you know how to do that (if it’s simple)?

    Thanks again.

Speak Your Mind