W3cubDocs

/WordPress

apply_filters( 'authenticate', null|WP_User|WP_Error $user, string $username, string $password )

Filters whether a set of user login credentials are valid.

Description

A WP_User object is returned if the credentials authenticate a user. WP_Error or null otherwise.

Parameters

$user

(null|WP_User|WP_Error) WP_User if the user is authenticated. WP_Error or null otherwise.

$username

(string) Username or email address.

$password

(string) User password

More Information

The authenticate filter hook is used to perform additional validation/authentication any time a user logs in to WordPress.

The wp_authenticate_user filter can also be used if you want to perform any additional validation after WordPress’s basic validation, but before a user is logged in.

The default authenticate filters in /wp-includes/default-filters.php

add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );
add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );

Source

File: wp-includes/pluggable.php

View on Trac

Changelog

Version Description
4.5.0 $username now accepts an email address.
2.8.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/hooks/authenticate