The authenticate filter hook is used to perform additional validation/authentication any time a user logs in to WordPress.
The wp_authenticate_user filter can also be used if you want to perform any additional validation after WordPress’s basic validation, but before a user is logged in.
The default authenticate filters in /wp-includes/default-filters.php
function wpdocs_authenticate_user( $user, $username, $password ) {
if ( empty( $username ) || empty( $password ) ) {
$error = new WP_Error();
$user = new WP_Error( 'authentication_failed', __( 'ERROR: Invalid username or incorrect password.' ) );
return $error;
}
return $user;
}
add_filter( 'authenticate', 'wpdocs_authenticate_user', 10, 3 );
Goes nicely with:
public function wpdocs_login_form_failed( $username ) {
// append some information (login=failed) to the URL
wp_redirect( home_url() . '/?login=failed' );
exit;
}
add_action( 'wp_login_failed', 'wpdocs_login_form_failed' );
if ( $user == null ) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username, email address or incorrect password.' ) );
}
You must log in before being able to contribute a note or feedback.
==Examples==
The basic usage is as follows…
This hook passes three parameters, $user, $username and $password. In order to generate an error on login, you will need to return a WP_Error object.
Goes nicely with:
… or simply return null.
WordPress will assign a standard WP_Error object: