Out of the box, like most login forms WordPress will display error messages when entering incorrect login details. The error messages are too specific and can give away information to people trying to hack into your WordPress admin. For example:
ERROR: The password you entered for the username admin is incorrect
The above tells anyone that the username ‘admin’ exists. So a hacker could initiate a brute-force attack to crack the password, then bam your site is compromised!
To stop WordPress giving away this information and displaying any errors on the login form, copy and paste the below code into your functions.php file:
add_filter( 'login_errors', create_function( '$a', 'return null;' ) );