apply_filters( 'wp_authenticate_user', WP_User|WP_Error $user, string $password )

Filters whether the given user can be authenticated with the provided password.


$user WP_User|WP_Error
WP_User or WP_Error object if a previous callback failed authentication.
$password string
Password to check against the user.

Top ↑

More Information

This hook should return either a WP_User() object or, if generating an error, a WP_Error() object.

Top ↑


File: wp-includes/user.php. View all references

$user = apply_filters( 'wp_authenticate_user', $user, $password );

Top ↑


Version Description
2.5.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    Contributed by Sanjeev Aryal

    Example Code:

     * Check User Status.
     * @param $user WP_User Object
    function check_status( WP_User $user ) {
    	$status = get_user_meta( $user->ID, 'user_status' );
    	if ( 1 !== (int) $status ) {
    		$message = esc_html__( 'User not verified.', 'text-domain');
    		return new WP_Error( 'user_not_verified', $message );
        return $user;
    add_filter( 'wp_authenticate_user', 'check_status' );
  2. Skip to note 2 content
    Contributed by Collins Mbaka

    A basic usage example

    add_filter('wp_authenticate_user', 'myplugin_auth_login',10,2);
    function myplugin_auth_login ($user, $password) {
         //do any extra validation stuff here
         return $user;

    This hook passes two parameters, $user and $password (plaintext). In order to generate an error on login, you will need to return a new WP_Error() object.

You must log in before being able to contribute a note or feedback.