Login Errors Disclose

What It Does

WordPress login error messages can reveal whether a username exists or not. For example, "Invalid username" vs "Incorrect password" tells attackers which usernames are valid. This module replaces all login error messages with generic messages that don't reveal information about valid usernames.

Why It Matters

When attackers want to hack into a WordPress site, they search for all available information.

Disclosing version numbers and other sensitive information makes it easier for attackers to find vulnerabilities.

How to Use

Activate this module in the Sensitive Data section of SecuPress settings.

Once activated, the module works automatically and provides protection for your website.

If you encounter any issues after activation, you can temporarily deactivate the module. The module will automatically remove its protection rules when deactivated.