If someone enters incorrect username or password on the login page, WordPress gives a hint telling if either the username resp. e-mailaddress is wrong or the password. If someone is trying to guess your username, then this error message confirms that it is successfully guessed. This is totally needles. There are two more possible messages telling that either the username or the password field was left empty. Those messages do not worsen security but are also entirely useless. This code snippet prevents WordPress from giving any hints on incorrect logins.