Change incorrect password error message.
Support › MB User Profile › Change incorrect password error message.
- This topic has 3 replies, 3 voices, and was last updated 1 week, 1 day ago by
A..
-
AuthorPosts
-
June 9, 2024 at 11:09 AM #45626
Sam K
ParticipantHow can I change the error message for an incorrect password? If the user enters the wrong password, I don't want the error message to confirm that the email exists. I want it to say, "Incorrect email or password" instead of "Error: The password you entered for the email address [email protected] is incorrect."
Screenshot: https://bit.ly/4b2JdnG
I appreciate your help. Thank you!
June 10, 2024 at 8:26 PM #45629Peter
ModeratorHello Sam,
It is the default WordPress error message, located in the file wp-includes/user.php line 262 and there isn't a filter hook or option to change this message.
October 12, 2025 at 11:05 PM #49132A.
ParticipantI have the same concern as the original poster. I found many snippets online to change the default WP login errors, and they work for me on my usual sites. However, I recently noticed they do not work with MB User Profile messages for some reason. So if I user attempts to log in with the default WP login form, they will see the generic message my custom plugin writes, but if they make the same attempt using the login form created by MB User Profile's shortcode, then it reverts back to the default WP message.
Furthermore, the Falcon plugin has a security setting to
Disable detailed login errors: Show a general error message when the login is incorrect, not specifically whether the username or password is incorrect.But that works like the custom plugin I tried: only for the original WP login form/page.Meaning: if either a custom plugin or Falcon is used to change the login errors to a generic message, that will only work on WordPress' default login screen and will NOT work on the login form created by MB User Profile.
So this makes me think there is something in the MB User Profile code that is making the login form somehow skip the custom plugin or Falcon security override for error messages and display the original WP error messages instead.
I will keep investigating how that can be overridden too, but I thought to post here instead of creating a new topic in case anyone else researching this issue comes across it.
October 21, 2025 at 5:07 AM #49183ParticipantAfter a lot of trial and error, and consulting of AI, I finally got a working solution that will allow changing the default error message for incorrect password when using a Meta Box login form.
Quick recap:
1. The default WP form would display a specific and security concerning type message such asError: The password you entered for the username <user> is incorrect. Lost your password?which clearly indicates that username or email entered is correct, only the password is not.
2. The Falcon plugin will override that message if you turn on the security setting to "Disable detailed login errors".
3. But if you use the Meta Box user profile login form it won't be covered with Falcon's security setting.The usual filters for changing default WP login errors would not catch those outputted by the Meta Box login form. I tried many methods, it seems intercepting the translation string works - so it will replace “The password you entered for the username %s is incorrect.” with “Invalid username or email.” or similar text with the generic message.
However, I feel like this is not the right way to do it and it feels fragile, but
wp_authenticate_userandlogin_errorsfilters did not work with the Meta Box form when I tried it, and I needed a quick solution for this so opted for this temporary translation string fix.Can Meta Box be updated to allow for custom login related error messages or at least to adhere to the Falcon security setting? A long time has passed since the original post in this thread, perhaps the core code now has safer more robust methods that can be used for this essential security concern.
-
AuthorPosts
- You must be logged in to reply to this topic.