You can use the pluggable function wp_authenticate to override the core.
https://developer.wordpress.org/reference/functions/wp_authenticate/
Important caution: Test this code on a sandbox before deploying live!
function wp_authenticate($username, $password) {
$username = sanitize_user($username);
$password = trim($password);
$user = apply_filters( 'authenticate', null, $username, $password );
if ( $user == null ) {
$user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username or incorrect password.' ) );
}
$ignore_codes = array( 'authentication_failed' );
if ( is_wp_error( $user ) && !in_array( $user->get_error_code(), $ignore_codes ) ) {
do_action( 'wp_login_failed', $username );
}
return $user;
}
add_action( 'init', 'wp_authenticate' );