Login error message scan
What It Checks
This scanner checks if your WordPress login page displays specific error messages. Error messages displayed on the login page can provide useful information for attackers, helping them determine if a username exists or if they're getting closer to breaking in.
Why It Matters
Error messages displayed on the login page are useful information for an attacker: they should not be displayed, or at least, should be less specific. Specific error messages like "Invalid username" or "Incorrect password" help attackers understand which usernames exist on your site.
What You'll See
Good Status:
- You are currently not displaying login errors.
- Protection activated
Bad Status:
- Login errors should not be displayed.
How to Fix
Hide errors on login page to avoid being read by attackers. This can be done by activating the Login Errors Disclosure protection from the Sensitive Data module. Once activated, login errors will be hidden or replaced with generic messages that don't reveal whether a username exists.
Login Error Messages