I have released a new WordPress plugin today Login Error Cleanup. When you attempt to login to a WordPress account, you are given fairly specific error messages if you enter the username or password incorrectly. This can be helpful to an attacker if they are trying to guess usernames and/or passwords. This plugin simply returns the message “Error” if the combination submitted is not valid.
This plugin is generally only going to be useful for people running a blog that only has a few authors. “Security by obscurity” is generally not the greatest security method, but it has its place. You would want to use this plugin if the default WP super user is not the regular and expected “admin” user login, and your day to day blogging and commenting is done as a regular author user. If your admin user is not “admin,” an attacker will have a more difficult time hacking and cracking your WordPress. If anything, automated attacks would be much more likely to fail.