You have to take two scenarios into account because they behave little differently. Copy both of these code blocks to your functions.php
file. Code about errors is below, make sure to read comments.
1. Login failed – username and password was provided but something was incorrect
add_action( 'wp_login_failed', 'login_failed_wrong_data' );
function login_failed_wrong_data( $user ) {
// Get the URL user came from, a.k.a that same login page
$referrer = $_SERVER['HTTP_REFERER'];
// Check that we're not on the default login page + other things
if( ! empty( $referrer ) && ! strstr( $referrer,'wp-login' ) && !strstr( $referrer,'wp-admin' ) && $user != null ) {
// Check if we don't already have a failed login attempt
if( ! strstr( $referrer, '?login=failed' ) ) {
// Redirect to same login page and append a query string
wp_redirect( $referrer . '?login=failed' );
}
else {
// Redirect to same login page
wp_redirect( $referrer );
}
}
exit;
}
2. Login failed – username and/or password was not provided at all
add_action( 'authenticate', 'login_failed_no_data' );
function login_failed_no_data( $user ) {
// Get the URL user came from, a.k.a that same login page
$referrer = $_SERVER['HTTP_REFERER'];
$error = false;
// Check if inputs are empty - these have to match with your input "name" attributes
if( $_POST['log'] == '' || $_POST['pwd'] == '') {
$error = true;
}
// Check that we're not on the default login page + other things
if( ! empty( $referrer ) && ! strstr( $referrer,'wp-login' ) && ! strstr( $referrer, 'wp-admin' ) && $error ) {
// Make sure we don't already have a failed login attempt
if( ! strstr( $referrer, '?login=failed' ) ) {
// Redirect to same login page and append a query string
wp_redirect( $referrer . '?login=failed' );
}
else {
// Redirect to same login page
wp_redirect( $referrer );
}
exit;
}
}
Updated error message as shortcode:
// Add this to functions.php
add_shortcode( 'loginerror', 'myErrorShortcode' );
function myErrorShortcode() {
if( isset( $_GET['login'] ) && $_GET['login'] == 'failed' ) {
// Start "recording"
ob_start(); ?>
<div id="login-error">
<p>Your login attempt was not successful. Please try again.</p>
</div> <?php
// Return result
return ob_get_clean();
}
}
//How to use
[loginerror]
I suggest to do some research and try something yourself next time before asking from community.