Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Plugin API/Filter Reference/wp authenticate user

This page is marked as incomplete. You can help Codex by expanding it.


The wp_authenticate_user filter hook is used to perform additional validation/authentication any time a user logs in to WordPress.


(object) (required) The WP_User() object of the user being edited, or a WP_Error() object if validation has already failed.
Default: WP_User
(string) (optional) The user's password (plain text).
Default: None


This hook should return either a WP_User() object or, if generating an error, a WP_Error() object.


The basic usage is as follows...

add_filter('wp_authenticate_user', 'myplugin_auth_login',10,2);
function myplugin_auth_login ($user, $password) {
     //do any extra validation stuff here
     return $user;

This hook passes two parameters, $user and $password (plaintext). In order to generate an error on login, you will need to return a new WP_Error() object.

Source File

The wp_authenticate_user hook is located in /wp-includes/user.php within wp_authenticate_username_password()


Filter Hooks

Return to Plugin API/Filter Reference