Title: auth_redirect
Published: April 25, 2014
Last modified: February 24, 2026

---

# auth_redirect()

## In this article

 * [Description](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#description)
 * [Source](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#changelog)
 * [User Contributed Notes](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#user-contributed-notes)

[ Back to top](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#wp--skip-link--target)

Checks if a user is logged in, if not it redirects them to the login page.

## 󠀁[Description](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#description)󠁿

When this code is called from a page, it checks to see if the user viewing the page
is logged in.
If the user is not logged in, they are redirected to the login page.
The user is redirected in such a way that, upon logging in, they will be sent directly
to the page they were originally trying to access.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#source)󠁿

    ```php
    function auth_redirect() {
    	$secure = ( is_ssl() || force_ssl_admin() );

    	/**
    	 * Filters whether to use a secure authentication redirect.
    	 *
    	 * @since 3.1.0
    	 *
    	 * @param bool $secure Whether to use a secure authentication redirect. Default false.
    	 */
    	$secure = apply_filters( 'secure_auth_redirect', $secure );

    	// If https is required and request is http, redirect.
    	if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
    		if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
    			wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
    			exit;
    		} else {
    			wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
    			exit;
    		}
    	}

    	/**
    	 * Filters the authentication redirect scheme.
    	 *
    	 * @since 2.9.0
    	 *
    	 * @param string $scheme Authentication redirect scheme. Default empty.
    	 */
    	$scheme = apply_filters( 'auth_redirect_scheme', '' );

    	$user_id = wp_validate_auth_cookie( '', $scheme );
    	if ( $user_id ) {
    		/**
    		 * Fires before the authentication redirect.
    		 *
    		 * @since 2.8.0
    		 *
    		 * @param int $user_id User ID.
    		 */
    		do_action( 'auth_redirect', $user_id );

    		// If the user wants ssl but the session is not ssl, redirect.
    		if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
    			if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
    				wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
    				exit;
    			} else {
    				wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
    				exit;
    			}
    		}

    		return; // The cookie is good, so we're done.
    	}

    	// The cookie is no good, so force login.
    	nocache_headers();

    	if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) {
    		$redirect = wp_get_referer();
    	} else {
    		$redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
    	}

    	$login_url = wp_login_url( $redirect, true );

    	wp_redirect( $login_url );
    	exit;
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/pluggable.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/pluggable.php#L1276)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/pluggable.php#L1276-L1346)

## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#hooks)󠁿

 [do_action( ‘auth_redirect’, int $user_id )](https://developer.wordpress.org/reference/hooks/auth_redirect/)

Fires before the authentication redirect.

 [apply_filters( ‘auth_redirect_scheme’, string $scheme )](https://developer.wordpress.org/reference/hooks/auth_redirect_scheme/)

Filters the authentication redirect scheme.

 [apply_filters( ‘secure_auth_redirect’, bool $secure )](https://developer.wordpress.org/reference/hooks/secure_auth_redirect/)

Filters whether to use a secure authentication redirect.

## 󠀁[Related](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#related)󠁿

| Uses | Description | 
| [wp_redirect()](https://developer.wordpress.org/reference/functions/wp_redirect/)`wp-includes/pluggable.php` |

Redirects to another page.

  | 
| [wp_validate_auth_cookie()](https://developer.wordpress.org/reference/functions/wp_validate_auth_cookie/)`wp-includes/pluggable.php` |

Validates authentication cookie.

  | 
| [wp_login_url()](https://developer.wordpress.org/reference/functions/wp_login_url/)`wp-includes/general-template.php` |

Retrieves the login URL.

  | 
| [is_ssl()](https://developer.wordpress.org/reference/functions/is_ssl/)`wp-includes/load.php` |

Determines if SSL is used.

  | 
| [force_ssl_admin()](https://developer.wordpress.org/reference/functions/force_ssl_admin/)`wp-includes/functions.php` |

Determines whether to force SSL used for the Administration Screens.

  | 
| [wp_get_referer()](https://developer.wordpress.org/reference/functions/wp_get_referer/)`wp-includes/functions.php` |

Retrieves referer from ‘_wp_http_referer’ or HTTP referer.

  | 
| [nocache_headers()](https://developer.wordpress.org/reference/functions/nocache_headers/)`wp-includes/functions.php` |

Sets the HTTP headers to prevent caching for the different browsers.

  | 
| [set_url_scheme()](https://developer.wordpress.org/reference/functions/set_url_scheme/)`wp-includes/link-template.php` |

Sets the scheme for a URL.

  | 
| [get_user_option()](https://developer.wordpress.org/reference/functions/get_user_option/)`wp-includes/user.php` |

Retrieves user option that can be either per Site or per Network.

  | 
| [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to a filter hook.

  | 
| [do_action()](https://developer.wordpress.org/reference/functions/do_action/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to an action hook.

  |

[Show 6 more](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#)

| Used by | Description | 
| [WP_Customize_Manager::setup_theme()](https://developer.wordpress.org/reference/classes/wp_customize_manager/setup_theme/)`wp-includes/class-wp-customize-manager.php` |

Starts preview and customize theme.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#changelog)󠁿

| Version | Description | 
| [1.5.0](https://developer.wordpress.org/reference/since/1.5.0/) | Introduced. |

## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#user-contributed-notes)󠁿

 1.   [Skip to note 3 content](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#comment-content-2843)
 2.    [Jeroen Rotty](https://profiles.wordpress.org/jeroenrotty/)  [  8 years ago  ](https://developer.wordpress.org/reference/functions/auth_redirect/#comment-2843)
 3.  [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F%23comment-2843)
     Vote results for this note: 1[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F%23comment-2843)
 4.  Require a user to log in in order to view a page:
 5.      ```php
         if ( !is_user_logged_in() ) {
            auth_redirect();
         }
         ```
     
 6.   [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F%3Freplytocom%3D2843%23feedback-editor-2843)
 7.   [Skip to note 4 content](https://developer.wordpress.org/reference/functions/auth_redirect/?output_format=md#comment-content-4791)
 8.    [awayshops](https://profiles.wordpress.org/awayshops/)  [  5 years ago  ](https://developer.wordpress.org/reference/functions/auth_redirect/#comment-4791)
 9.  [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F%23comment-4791)
     Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F%23comment-4791)
 10. There is a bug with this code. Parameters are not preserved. If the page the user
     was originally trying to load, required parameters, upon redirect after successful
     login, the page is loaded WITHOUT the parameters.
 11.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F%3Freplytocom%3D4791%23feedback-editor-4791)

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fauth_redirect%2F)
before being able to contribute a note or feedback.