By default, WordPress and plugins like Paid Memberships Pro display detailed login error messages such as:

“The password you entered for the username [email protected] is incorrect.”

While helpful for legitimate users, this kind of feedback can unintentionally tip off attackers that a specific username or email exists on your site.

For example, if someone enters an existing email with the wrong password, the error confirms the account is valid, handing useful intel to bots or bad actors.

This code recipe helps you lock that down by replacing all login errors with a single, generic message:

“There was an error with the login details provided. Please try again.”

With this change in place, login feedback becomes neutral, offering no clues about whether the issue was the username, email, or password. It’s a simple but effective way to tighten your site’s security without affecting usability.

Featured image for code recipe 'Customize Login Error Messages to Boost Account Security'

Table of contents

How It Works

This code uses the WordPress gettext filter to swap default login error messages with more generic responses. The gettext filter allows you to modify default text across your site without touching the core files.

In this example, we use that gettext filter to replace specific login error messages from WordPress and Paid Memberships Pro.

Instead of showing errors that reveal the presence of a username or email address, we display a single, user-friendly message: “Your login information is incorrect. Please try again.”

This update adds an extra layer of security by not revealing whether the issue is with the username, email, or password.

Related: How to Stop Spam on Your Paid Memberships Pro Membership Site

Screenshots: Before and After

Screenshot of a login error message revealing email/username
Before recipe: the existence of an email address is revealed in the error message.
Screenshot of a customized login error message obscuring personal details
After recipe: a generic error message is shown that does not reveal existing user account information.

The Code Recipe

Adding the Recipe to Your Website

You can add this recipe to your site by creating a custom plugin or using the Code Snippets plugin available for free in the WordPress repository. Read this companion article for step-by-step directions on either method.

How to Customize This Code Recipe

Update lines 19, 27, 31, and 35 with your preferred custom message. In this example, all error messages are replaced with the generic phrase: “There was an error with the login details provided. Please try again.”

Kim White

Author: Kim White

Kim White is a Technical Support Engineer here at PMPro. She has a great intuition for unraveling information and coming up with a solution. She’s been building and maintaining websites for over 25 years and enjoys helping people make the most of their WordPress membership sites. Kim also organizes her local WordPress WordCamp and Meetup.

View more articles by Kim White »

Free Course: Membership Site Development—The Basics

Develop a deeper understanding of membership site development in this beginner-level course. Learn how to make your site work better, save yourself time and money, and improve your site's performance.

Take Free Course Now
Featured Image for Membership Site Development Course: The Basics


Was this article helpful?
YesNo