You should not use create_function(). Otherwise, while trying to close one potential security hole (too much information in WordPress login error messages), you may be inadvertently opening another, more dangerous security hole – the internal use of eval() inside the create_function() underlying code.
Instead, you need to rewrite the code that uses create_function() to use an anonymous function (aka closure) in its place. This article provides an example: Fix For “Function create_function() is deprecated” In PHP 7.2
So, in your above code, this line:
add_filter('login_errors', create_function('$a', "return 'Error: Incorrect login details. Try again';"));Should be replaced with something like this:
add_filter('login_errors', function($a){ return 'Error: Incorrect login details. Try again'; });I didn’t test my above code though. But I think it should work. Or at least, it should give any reader a guideline on how to avoid using create_function().
There’s more info about create_function() here.