You should not use create_function()
. Otherwise, while trying to close one potential security hole (too much information in WordPress login error messages), you may be inadvertently opening another, more dangerous security hole – the internal use of eval()
inside the create_function()
underlying code.
Instead, you need to rewrite the code that uses create_function()
to use an anonymous function (aka closure) in its place. This article provides an example: Fix For “Function create_function() is deprecated” In PHP 7.2
So, in your above code, this line:
add_filter('login_errors', create_function('$a', "return 'Error: Incorrect login details. Try again';"));
Should be replaced with something like this:
add_filter('login_errors', function($a){ return 'Error: Incorrect login details. Try again'; });
I didn’t test my above code though. But I think it should work. Or at least, it should give any reader a guideline on how to avoid using create_function()
.
There’s more info about create_function()
here.