Add these two blocks of code to functions.php
or make a plugin. Everything should be self explanatory with comments.
You could also use jQuery Validate plugin to check username, password via ajax and have these 2 blocks of code for backup if user has disabled JS.
These two blocks of code should cover all possible failed login scenarios:
- both inputs are blank
- one input is blank
- both inputs are incorrect
- one of the inputs is incorrect
//Login failed - username and password entered but incorrect
add_action( 'wp_login_failed', 'damn_login_failed' );
function damn_login_failed( $user ) {
$referrer = $_SERVER['HTTP_REFERER'];
//Make sure we don't already have a failed login attempt to prevent double query string
if ( ! strstr( $referrer, '?login=failed' ) ) {
//Redirect to CURRENT page and append a querystring of login failed
wp_redirect( $referrer . '?login=failed' );
}
else {
wp_redirect( $referrer );
}
exit;
}
//Login failed - no username and password entered
add_action( 'authenticate', 'damn_login_blank' );
function damn_login_blank( $user ) {
if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
$referrer = $_SERVER['HTTP_REFERER'];
}
else {
$referrer="";
}
$error = false;
//Check your username and password inputs - these might be different if you changed them - 'log' is the name attribute of username and 'pwd' for password, just change to whatever you have
if( isset( $_POST['log'] ) && $_POST['log'] == '' || isset( $_POST['pwd'] ) && $_POST['pwd'] == '' ) {
$error = true;
}
//Check that we're not on the default login page
if ( ! empty( $referrer ) && ! strstr( $referrer,'wp-login' ) && ! strstr( $referrer, 'wp-admin' ) && $error ) {
//Make sure we don't already have a failed login attempt to prevent double query string
if ( ! strstr( $referrer, '?login=failed' ) ) {
//Redirect to CURRENT page and append a querystring of login failed
wp_redirect( $referrer . '?login=failed' );
}
else {
wp_redirect( $referrer );
}
exit;
}
}