diff --git a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
index 6d3b050f6e..a241c2eaf5 100644
--- a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
+++ b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
@@ -137,7 +137,7 @@ class MetasploitModule < Msf::Exploit::Remote
     )
 
     if res && !res.redirect?
-      if res.code == 200
+      if res.code == 200 && res.body.include?('login_error')
         fail_with(Failure::NoAccess, 'WordPress username may be incorrect')
       elsif res.code == 400 && res.headers['Server'] =~ /^Apache/
         fail_with(Failure::NotVulnerable, 'HttpProtocolOptions may be Strict')