Created
April 9, 2025 06:17
-
-
Save onepoint0/2f1861f9ae05eb1c947f7fa8b42529e2 to your computer and use it in GitHub Desktop.
Change Wordpress User Login & Registration Error messages to avoid User Enumeration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| add_filter('woocommerce_process_registration_errors', 'clario_override_registration_error_messages', 999,4); | |
| // woocommerce_process_registration_errors fires before the username and email already exist check (so in a sense it is too early), | |
| // however once these checks happen, the code immediate throws an error and returns so no later hooks are available to handle | |
| // changing the error messages | |
| function clario_override_registration_error_messages($errors,$username, $password, $email) { | |
| if ( username_exists( $username ) ) { | |
| $errors->add( 'username_exists', __( 'An account with this email or username already exists. Please try another or reset your password.', 'woocommerce' ) ); | |
| } | |
| if ( email_exists( $email ) ) { | |
| $errors->add( 'email_exists', __( 'An account with this email or username already exists. Please try another or reset your password.', 'woocommerce' ) ); | |
| } | |
| return $errors; | |
| } | |
| // many resources say use the login_errors hook for this but it only gives you access to the error message and not the error codes. | |
| // you would have to parse the message and be relying on it not changing in future for any level of granular control. wp_login_failed | |
| // gives you access to the whole error object and works for both WooCommerce my account login and wp-admin login | |
| add_action( 'wp_login_failed', 'clario_override_login_error_messages', 10, 2 ); | |
| function clario_override_login_error_messages( $username, $error ) { | |
| // error_log(print_r($error,true)); error_log(print_r($error->get_error_codes(),true)); | |
| // put whichever errors you like in here! | |
| $mmx_errors = [ | |
| 'invalid_username' => 'Incorrect credentials, please check your login details and try again.', | |
| 'incorrect_password' => 'Incorrect credentials, please check your login details and try again.', | |
| 'invalid_email' => 'Incorrect credentials, please check your login details and try again.', | |
| ]; | |
| $codes = $error->get_error_codes(); | |
| foreach ($codes as $code) { | |
| if (array_key_exists($code,$mmx_errors)) { | |
| // error_log(print_r('key exists... change error',true)); | |
| $error->remove($code); | |
| $error->add($code,$mmx_errors[$code]); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment