If you are using Single Sign On feature by Jetpack or using a social login plugin for WordPress, then it might be a good idea to disable login by username and password completely. This helps protecting your website from brute force attack and keeps your website safe from hackers.

To completely disable login by username and password, you can add the following snippet of code to your theme’s functions.php file, or to a functionality plugin:

add_action( 'login_init', function () {
   if ( isset( $_POST['log'] ) || isset( $_POST['user_login'] ) ) {
      die;
   }
} );

The code simply checks if the login form is submitted and then exit. This happens before any check for correct username/password, so it’s fast and uses little memory. Hackers will have no chance to brute force attack your website as all requests are stopped immediately without any processing.

Leave a Reply