apply_filters( ‘wp_authenticate_user’, WP_User|WP_Error $user, string $password )

Filters whether the given user can be authenticated with the provided password.


WP_User or WP_Error object if a previous callback failed authentication.
Password to check against the user.

More Information

This hook should return either a WP_User() object or, if generating an error, a WP_Error() object.


$user = apply_filters( 'wp_authenticate_user', $user, $password );



User Contributed Notes

  1. Skip to note 3 content

    Example Code:

     * Check User Status.
     * @param $user WP_User Object
    function check_status( WP_User $user ) {
    	$status = get_user_meta( $user->ID, 'user_status' );
    	if ( 1 !== (int) $status ) {
    		$message = esc_html__( 'User not verified.', 'text-domain');
    		return new WP_Error( 'user_not_verified', $message );
        return $user;
    add_filter( 'wp_authenticate_user', 'check_status' );
  2. Skip to note 4 content

    A basic usage example

    add_filter('wp_authenticate_user', 'myplugin_auth_login',10,2);
    function myplugin_auth_login ($user, $password) {
         //do any extra validation stuff here
         return $user;

    This hook passes two parameters, $user and $password (plaintext). In order to generate an error on login, you will need to return a new WP_Error() object.

You must log in before being able to contribute a note or feedback.