W3cubDocs

/WordPress

apply_filters( ‘authenticate’, null|WP_User|WP_Error $user, string $username, string $password )

Filters whether a set of user login credentials are valid.

Description

A WP_User object is returned if the credentials authenticate a user.
WP_Error or null otherwise.

Parameters

$usernull|WP_User|WP_Error: WP_User if the user is authenticated.
WP_Error or null otherwise.
$usernamestring: Username or email address.
$passwordstring: User password.

More Information

The authenticate filter hook is used to perform additional validation/authentication any time a user logs in to WordPress.

The wp_authenticate_user filter can also be used if you want to perform any additional validation after WordPress’s basic validation, but before a user is logged in.

The default authenticate filters in /wp-includes/default-filters.php

add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );
add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );

Source

$user = apply_filters( 'authenticate', null, $username, $password );

View all references View on Trac View on GitHub

Changelog

Version	Description
4.5.0	`$username` now accepts an email address.
2.8.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/hooks/authenticate