Title: wp_update_user Published: April 25, 2014 Last modified: February 24, 2026 --- # wp_update_user( array|object|WP_User $userdata ): int|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿 ## In this article * [Description](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#description) - [See also](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#see-also) * [Parameters](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#source) * [Hooks](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#hooks) * [Related](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#changelog) * [User Contributed Notes](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#user-contributed-notes) [ Back to top](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#wp--skip-link--target) Updates a user in the database. ## 󠀁[Description](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#description)󠁿 It is possible to update a user’s password by specifying the ‘user_pass’ value in the $userdata parameter array. If current user’s password is being updated, then the cookies will be cleared. ### 󠀁[See also](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#see-also)󠁿 * [wp_insert_user()](https://developer.wordpress.org/reference/functions/wp_insert_user/): For what fields can be set in $userdata. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#parameters)󠁿 `$userdata`array|object|[WP_User](https://developer.wordpress.org/reference/classes/wp_user/) required An array of user data or a user object of type stdClass or [WP_User](https://developer.wordpress.org/reference/classes/wp_user/). ## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#return)󠁿 int|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) The updated user’s ID or a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) object if the user could not be updated. ## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#source)󠁿 ```php function wp_update_user( $userdata ) { if ( $userdata instanceof stdClass ) { $userdata = get_object_vars( $userdata ); } elseif ( $userdata instanceof WP_User ) { $userdata = $userdata->to_array(); } $userdata_raw = $userdata; $user_id = isset( $userdata['ID'] ) ? (int) $userdata['ID'] : 0; if ( ! $user_id ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } // First, get all of the original fields. $user_obj = get_userdata( $user_id ); if ( ! $user_obj ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } $user = $user_obj->to_array(); // Add additional custom fields. foreach ( _get_additional_user_keys( $user_obj ) as $key ) { $user[ $key ] = get_user_meta( $user_id, $key, true ); } // Escape data pulled from DB. $user = add_magic_quotes( $user ); if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass ) { // If password is changing, hash it now. $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] ); /** This action is documented in wp-includes/pluggable.php */ do_action( 'wp_set_password', $plaintext_pass, $user_id, $user_obj ); /** * Filters whether to send the password change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. */ $send_password_change_email = apply_filters( 'send_password_change_email', true, $user, $userdata ); } if ( isset( $userdata['user_email'] ) && $user['user_email'] !== $userdata['user_email'] ) { /** * Filters whether to send the email change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. */ $send_email_change_email = apply_filters( 'send_email_change_email', true, $user, $userdata ); } clean_user_cache( $user_obj ); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge( $user, $userdata ); $user_id = wp_insert_user( $userdata ); if ( is_wp_error( $user_id ) ) { return $user_id; } $blog_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $switched_locale = false; if ( ! empty( $send_password_change_email ) || ! empty( $send_email_change_email ) ) { $switched_locale = switch_to_user_locale( $user_id ); } if ( ! empty( $send_password_change_email ) ) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $pass_change_text = __( 'Hi ###USERNAME###, This notice confirms that your password was changed on ###SITENAME###. If you did not change your password, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $pass_change_email = array( 'to' => $user['user_email'], /* translators: Password change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Password Changed' ), 'message' => $pass_change_text, 'headers' => '', ); /** * Filters the contents of the email sent when the user's password is changed. * * @since 4.3.0 * * @param array $pass_change_email { * Used to build wp_mail(). * * @type string $to The intended recipients. Add emails in a comma separated string. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - `###USERNAME###` The current user's username. * - `###ADMIN_EMAIL###` The admin email in case this was unexpected. * - `###EMAIL###` The user's email address. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * @type string $headers Headers. Add headers in a newline (\r\n) separated string. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $pass_change_email = apply_filters( 'password_change_email', $pass_change_email, $user, $userdata ); $pass_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###SITEURL###', home_url(), $pass_change_email['message'] ); wp_mail( $pass_change_email['to'], sprintf( $pass_change_email['subject'], $blog_name ), $pass_change_email['message'], $pass_change_email['headers'] ); } if ( ! empty( $send_email_change_email ) ) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, NEW_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_change_text = __( 'Hi ###USERNAME###, This notice confirms that your email address on ###SITENAME### was changed to ###NEW_EMAIL###. If you did not change your email, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $email_change_email = array( 'to' => $user['user_email'], /* translators: Email change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Email Changed' ), 'message' => $email_change_text, 'headers' => '', ); /** * Filters the contents of the email sent when the user's email is changed. * * @since 4.3.0 * * @param array $email_change_email { * Used to build wp_mail(). * * @type string $to The intended recipients. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - `###USERNAME###` The current user's username. * - `###ADMIN_EMAIL###` The admin email in case this was unexpected. * - `###NEW_EMAIL###` The new email address. * - `###EMAIL###` The old email address. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * @type string $headers Headers. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $email_change_email = apply_filters( 'email_change_email', $email_change_email, $user, $userdata ); $email_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $userdata['user_email'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] ); wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $blog_name ), $email_change_email['message'], $email_change_email['headers'] ); } if ( $switched_locale ) { restore_previous_locale(); } // Update the cookies if the password changed. $current_user = wp_get_current_user(); if ( $current_user->ID === $user_id ) { if ( isset( $plaintext_pass ) ) { /* * Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. * If it's greater than this, then we know the user checked 'Remember Me' when they logged in. */ $logged_in_cookie = wp_parse_auth_cookie( '', 'logged_in' ); /** This filter is documented in wp-includes/pluggable.php */ $default_cookie_life = apply_filters( 'auth_cookie_expiration', ( 2 * DAY_IN_SECONDS ), $user_id, false ); wp_clear_auth_cookie(); $remember = false; $token = ''; if ( false !== $logged_in_cookie ) { $token = $logged_in_cookie['token']; } if ( false !== $logged_in_cookie && ( (int) $logged_in_cookie['expiration'] - time() ) > $default_cookie_life ) { $remember = true; } wp_set_auth_cookie( $user_id, $remember, '', $token ); } } /** * Fires after the user has been updated and emails have been sent. * * @since 6.3.0 * * @param int $user_id The ID of the user that was just updated. * @param array $userdata The array of user data that was updated. * @param array $userdata_raw The unedited array of user data that was updated. */ do_action( 'wp_update_user', $user_id, $userdata, $userdata_raw ); return $user_id; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/user.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/user.php#L2676) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/user.php#L2676-L2923) ## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#hooks)󠁿 [apply_filters( ‘auth_cookie_expiration’, int $length, int $user_id, bool $remember )](https://developer.wordpress.org/reference/hooks/auth_cookie_expiration/) Filters the duration of the authentication cookie expiration period. [apply_filters( ’email_change_email’, array $email_change_email, array $user, array $userdata )](https://developer.wordpress.org/reference/hooks/email_change_email/) Filters the contents of the email sent when the user’s email is changed. [apply_filters( ‘password_change_email’, array $pass_change_email, array $user, array $userdata )](https://developer.wordpress.org/reference/hooks/password_change_email/) Filters the contents of the email sent when the user’s password is changed. [apply_filters( ‘send_email_change_email’, bool $send, array $user, array $userdata )](https://developer.wordpress.org/reference/hooks/send_email_change_email/) Filters whether to send the email change email. [apply_filters( ‘send_password_change_email’, bool $send, array $user, array $userdata )](https://developer.wordpress.org/reference/hooks/send_password_change_email/) Filters whether to send the password change email. [do_action( ‘wp_set_password’, string $password, int $user_id, WP_User $old_user_data )](https://developer.wordpress.org/reference/hooks/wp_set_password/) Fires after the user password is set. [do_action( ‘wp_update_user’, int $user_id, array $userdata, array $userdata_raw )](https://developer.wordpress.org/reference/hooks/wp_update_user/) Fires after the user has been updated and emails have been sent. ## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#related)󠁿 | Uses | Description | | [switch_to_user_locale()](https://developer.wordpress.org/reference/functions/switch_to_user_locale/)`wp-includes/l10n.php` | Switches the translations according to the given user’s locale. | | [restore_previous_locale()](https://developer.wordpress.org/reference/functions/restore_previous_locale/)`wp-includes/l10n.php` | Restores the translations according to the previous locale. | | [wp_specialchars_decode()](https://developer.wordpress.org/reference/functions/wp_specialchars_decode/)`wp-includes/formatting.php` | Converts a number of HTML entities into their special characters. | | [wp_hash_password()](https://developer.wordpress.org/reference/functions/wp_hash_password/)`wp-includes/pluggable.php` | Creates a hash of a plain text password. | | [wp_parse_auth_cookie()](https://developer.wordpress.org/reference/functions/wp_parse_auth_cookie/)`wp-includes/pluggable.php` | Parses a cookie into its components. | | [wp_clear_auth_cookie()](https://developer.wordpress.org/reference/functions/wp_clear_auth_cookie/)`wp-includes/pluggable.php` | Removes all of the cookies associated with authentication. | | [wp_set_auth_cookie()](https://developer.wordpress.org/reference/functions/wp_set_auth_cookie/)`wp-includes/pluggable.php` | Sets the authentication cookies for a given user ID. | | [wp_mail()](https://developer.wordpress.org/reference/functions/wp_mail/)`wp-includes/pluggable.php` | Sends an email, similar to PHP’s mail function. | | [wp_get_current_user()](https://developer.wordpress.org/reference/functions/wp_get_current_user/)`wp-includes/pluggable.php` | Retrieves the current user object. | | [add_magic_quotes()](https://developer.wordpress.org/reference/functions/add_magic_quotes/)`wp-includes/functions.php` | Walks the array while sanitizing the contents. | | [_get_additional_user_keys()](https://developer.wordpress.org/reference/functions/_get_additional_user_keys/)`wp-includes/user.php` | Returns a list of meta keys to be (maybe) populated in [wp_update_user()](https://developer.wordpress.org/reference/functions/wp_update_user/) . | | [clean_user_cache()](https://developer.wordpress.org/reference/functions/clean_user_cache/)`wp-includes/user.php` | Cleans all user caches. | | [wp_insert_user()](https://developer.wordpress.org/reference/functions/wp_insert_user/)`wp-includes/user.php` | Inserts a user into the database. | | [get_user_meta()](https://developer.wordpress.org/reference/functions/get_user_meta/)`wp-includes/user.php` | Retrieves user meta field for a user. | | [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` | Retrieves the translation of $text. | | [get_userdata()](https://developer.wordpress.org/reference/functions/get_userdata/)`wp-includes/pluggable.php` | Retrieves user info by user ID. | | [home_url()](https://developer.wordpress.org/reference/functions/home_url/)`wp-includes/link-template.php` | Retrieves the URL for the current site where the front end is accessible. | | [do_action()](https://developer.wordpress.org/reference/functions/do_action/)`wp-includes/plugin.php` | Calls the callback functions that have been added to an action hook. | | [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` | Calls the callback functions that have been added to a filter hook. | | [get_option()](https://developer.wordpress.org/reference/functions/get_option/)`wp-includes/option.php` | Retrieves an option value based on an option name. | | [is_wp_error()](https://developer.wordpress.org/reference/functions/is_wp_error/)`wp-includes/load.php` | Checks whether the given variable is a WordPress Error. | | [WP_Error::__construct()](https://developer.wordpress.org/reference/classes/wp_error/__construct/)`wp-includes/class-wp-error.php` | Initializes the error. | [Show 17 more](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#) [Show less](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#) | Used by | Description | | [WP_REST_Users_Controller::create_item()](https://developer.wordpress.org/reference/classes/wp_rest_users_controller/create_item/)`wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php` | Creates a single user. | | [WP_REST_Users_Controller::update_item()](https://developer.wordpress.org/reference/classes/wp_rest_users_controller/update_item/)`wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php` | Updates a single user. | | [get_password_reset_key()](https://developer.wordpress.org/reference/functions/get_password_reset_key/)`wp-includes/user.php` | Creates, stores, then returns a password reset key for user. | | [wp_install()](https://developer.wordpress.org/reference/functions/wp_install/)`wp-admin/includes/upgrade.php` | Installs the site. | | [edit_user()](https://developer.wordpress.org/reference/functions/edit_user/)`wp-admin/includes/user.php` | Edit user settings based on contents of $_POST | | [wp_xmlrpc_server::wp_editProfile()](https://developer.wordpress.org/reference/classes/wp_xmlrpc_server/wp_editprofile/)`wp-includes/class-wp-xmlrpc-server.php` | Edits user’s profile. | [Show 1 more](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#) [Show less](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#) ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#changelog)󠁿 | Version | Description | | [2.0.0](https://developer.wordpress.org/reference/since/2.0.0/) | Introduced. | ## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#user-contributed-notes)󠁿 1. [Skip to note 5 content](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#comment-content-923) 2. [hearvox](http://hearingvoices.com) [ 10 years ago ](https://developer.wordpress.org/reference/functions/wp_update_user/#comment-923) 3. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-923) Vote results for this note: 8[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-923) 4. **Example showing how to update a user’s website profile field:** 5. ```php $user_id, 'user_url' => $website ) ); if ( is_wp_error( $user_data ) ) { // There was an error; possibly this user doesn't exist. echo 'Error.'; } else { // Success! echo 'User profile updated.'; } ?> ``` 6. [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%3Freplytocom%3D923%23feedback-editor-923) 7. [Skip to note 6 content](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#comment-content-916) 8. franztt [ 10 years ago ](https://developer.wordpress.org/reference/functions/wp_update_user/#comment-916) 9. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-916) Vote results for this note: 4[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-916) 10. “If current user’s password is being updated, then the cookies will be cleared.”** AND AN EMAIL WILL BE SEND !!!** It sent an email to 50 users !!! **Be more explicit!** 11. * Also, users receive an email notification when their email is changed using [wp_update_user()](https://developer.wordpress.org/reference/functions/wp_update_user/). * [tolkodelo](https://profiles.wordpress.org/tolkodelo/) [6 years ago](https://developer.wordpress.org/reference/functions/wp_update_user/#comment-3457) * +1 Please be clear about sending notifications when email or password is updated… To prevent sending automatic notification, add this before update or insert user. add_filter(‘send_email_change_email’, ‘__return_false’); add_filter(‘ send_password_change_email’, ‘__return_false’); * [clnumendo](https://profiles.wordpress.org/clnumendo/) [5 years ago](https://developer.wordpress.org/reference/functions/wp_update_user/#comment-5043) 12. [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%3Freplytocom%3D916%23feedback-editor-916) 13. [Skip to note 7 content](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#comment-content-6638) 14. [Imran Fakhrul](https://profiles.wordpress.org/imranwp/) [ 3 years ago ](https://developer.wordpress.org/reference/functions/wp_update_user/#comment-6638) 15. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-6638) Vote results for this note: 1[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-6638) 16. This function won’t work to update `user_login` field as WordPress does not let modify it. 17. [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%3Freplytocom%3D6638%23feedback-editor-6638) 18. [Skip to note 8 content](https://developer.wordpress.org/reference/functions/wp_update_user/?output_format=md#comment-content-6426) 19. [asmitta](https://profiles.wordpress.org/asmitta/) [ 3 years ago ](https://developer.wordpress.org/reference/functions/wp_update_user/#comment-6426) 20. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-6426) Vote results for this note: -2[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%23comment-6426) 21. **An example showing how to update a user_meta field (for example, ‘wpdocs_free_offers_left’) with a [WP_User](https://developer.wordpress.org/reference/classes/wp_user/) object.** 22. ```php $user = wp_get_current_user(); $free_offers = $user->free_offers_left; update_user_meta( $user->ID, 'wpdocs_free_offers_left', $free_offers-- ); $update = wp_update_user( $user ); if ( is_int( $update ) ) { // Success echo "Update done"; } else { // is WP_error echo "Update failed"; } ``` 23. [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F%3Freplytocom%3D6426%23feedback-editor-6426) You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_update_user%2F) before being able to contribute a note or feedback.