Join Carrie Dils for an in-depth discussion in this video Filtering login error messages, part of Advanced WordPress: Action and Filter Hooks.
- [Instructor] If you've ever entered an incorrect use name on a Word Press login page, you might have noticed that you get errors designed to hint at what was wrong. So for instance, if I've got a valid user name here, but an incorrect password, I get this error message that my password was wrong, but it's kind of confirming that the username 'carrie' is a valid user name, and just to prove that, let's go and just say 'carri' with no 'e' and when we do that, we get a separate error that says invalid username.
Now, you might consider that a small security risk, because at this point we've confirmed that we're working with a valid user name and if someone were trying to hack your site by brute force, they've already got half the information they need to log in. So what we want to do is customize that error message to not be so revealing. Going back to the wp-login.php page, around line 203, we can see that we're echoing this login error and part of that is this filter called 'login_errors' and the documentation here confirms that this is what filters the error messages displayed above the login form.
So we want to write a function that's got our custom error message and then add it to this filter. So let's start with our function. And I'll just call it cwpl_error_message. And I'm just going to return a value, 'cause remember filters only return values, they don't actually do things. And there's a more generic message.
'Well, that was not it!' now that we've got our function, we need to attach it to that filter we just looked at. Let's go back and make sure we got the spelling right. 'login_errors'... So we're going to say add_filter, 'login_errors', and then to that filter we want to add this custom function. And I'll write a little documentation here.
Now if we go back and enter a valid user name, I'll do an invalid password, hit Log in, and I see the message here, "that was not it!" Now, how about if we enter an incorrect user name. I still get that message, "that was not it". So at this point we were able to reach in to the Word Press code and change the data, the message that was being returned. As a quick aside here, if you didn't want to actually return a message and you just wanted absolutely nothing, you could just use this function return_null.
And if we refreshed that, it would just not put out any message at all. I'm going to go ahead and leave it here with our custom message, but just know that there is that function available as well, that return_null if you don't want to return any values on a filter. There are certainly more complex things you can do with filters, but here's a basic example of how you can write your custom function and return a value and then hook it in to any filter hook in Word Press.
- Actions and filters explained
- Identifying available hooks and filters
- Looking at load order
- Understanding callback functions
- Creating custom hooks
- Using third-party hooks
- Building a new WordPress plugin with filters and actions