Is there an security risk with using wp_signon function?
You should first filter to check for valid user credentials wp_authenticate_username_password
You should first filter to check for valid user credentials wp_authenticate_username_password
an easy way is to redirect form submitter // when form is submitted : wp_redirect($your_post_url . ‘&submitform=1’); exit; Then you can just test if “submitform” is defined to display what you want : // test submitform url setting : if (isset($_GET[‘submitform’])) echo ‘<div class=”successmessage”><p>’ . __(‘Your Success message.’) . ‘</p></div>’; endif;