WordPress sites are notoriously lacking when it comes to security because of the default configurations. For example, you are running a WP site with some content and the default login page is accessed by http://example.com/wp-login.php or http://example.com/wp-admin/
Also Read: Change Default Display Name in WordPress
When an invalid username or password is entered, by default WordPress displays a detailed error message stating whether the username is invalid or the password entered for the username was wrong. Such a detailed message can provide a useful hint to the hacker/attacker.
But with the help of following code, which you need to put in your theme’s functions.php can easily change all login error messages to something else which you want to show. (Pastebin Link)
* Change Login Error (Powered by yeahhub.com)
return ‘Whoopsie! Please check again.’;
add_filter( ‘login_errors’, ‘no_wordpress_errors’ );