Skip to content

Login Error Cleanup

When a user tries to login to WordPress and enters the username or password incorrectly, WordPress reports back specific information about what was wrong (The username field is empty, The password field is empty, Invalid username, Incorrect password). This plugin hides all of these error messages with a generic “ERROR” message, thus preventing some information from being sent to an attacker. It is also a little less friendly for users, but on a blog with only a single individual needing to login, that may be acceptable.

This plugin does not modify any system settings. It only rewrites the error message when there is a problem logging in. I have tested LEC on WordPress versions 2.33 through 2.8.


  1. Download LEC to the plugins directory under wp-content of your blog.
  2. Unzip the file.
  3. Activate the plugin on your plugins page.
  4. (Optional) I suggest you subscribe to my RSS feed so you can stay informed about any updates to LEC.


  1. Deactivate the plugin on your plugins page.
  2. Delete lec.php from your plugins directory, under wp-content of your blog directory.

If you discover any problems, or have any suggestions on improving LEC, please contact me.


Using LEC is free, you do not have to pay me anything. If you find it useful, and you’d like to pay me, any (or all!) of the following would be greatly appreciated:


  • April 3, 2008: Version 0.9. Initial release.


  1. […] This can be helpful to an attacker if they are trying to guess usernames and/or passwords. Login Error Cleanup simply returns the message “Error” if the combination submitted is not […]

  2. George McBarnes says:

    I have been looking for something like this. I like when people makes it more difficult for possible attackers to gain access to a page. Good job, mister!