Clearing the login fields on incorrect credentials

  • Clearing the login fields on incorrect credentials

    I found this code snippet on the web to insert into my function.php file to customize the error message so that it is more secure:

    // custom the login error message
function customize_login_errors(){
    return 'The login credentials are incorrect.';
}
add_filter( 'login_errors', 'customize_login_errors' );

    Although, I have found a loophole.

    If the username is incorrect, the username input field gets clears along with the password. Perfect, just what I want. However, if I enter the username correctly, the field’s input remains upon entering an invalid password. Although, this is more secure than the default error message, it still let unwanted guests know if they have guessed a valid username.

    How do I take it a step further and clear both the username/email field upon entering invalid credentials?

    • This topic was modified 4 years, 1 month ago by rcorr.
Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    In your callback, collect the passed $errors object. If its has_errors() method returns true, assign an empty string to $_POST['log']. Untested, but it looks like it’d work.

Viewing 1 replies (of 1 total)
  • The topic ‘Clearing the login fields on incorrect credentials’ is closed to new replies.