wp_authenticate() WordPress Function

The wp_authenticate function is used by the WordPress login process to authenticate a user's credentials. This function will check the username and password against the WordPress database and return either a WP_User object on success or a WP_Error object on failure.

wp_authenticate( string $username, string $password ) #

Authenticate a user, confirming the login credentials are valid.

Contents

Parameters

$username

(string)(Required)User's username or email address.

$password

(string)(Required)User's password.

Top ↑

Return

(WP_User|WP_Error) WP_User object if the credentials are valid, otherwise WP_Error.

Top ↑

More Information

  • This is a plugabble function, which means that a plug-in can override this function.
  • Not to be confused with the wp_authenticate action hook.

Top ↑

Source

File: wp-includes/pluggable.php

	function wp_authenticate( $username, $password ) {
		$username = sanitize_user( $username );
		$password = trim( $password );

		/**
		 * Filters whether a set of user login credentials are valid.
		 *
		 * A WP_User object is returned if the credentials authenticate a user.
		 * WP_Error or null otherwise.
		 *
		 * @since 2.8.0
		 * @since 4.5.0 `$username` now accepts an email address.
		 *
		 * @param null|WP_User|WP_Error $user     WP_User if the user is authenticated.
		 *                                        WP_Error or null otherwise.
		 * @param string                $username Username or email address.
		 * @param string                $password User password
		 */
		$user = apply_filters( 'authenticate', null, $username, $password );

		if ( null == $user ) {
			// TODO: What should the error message be? (Or would these even happen?)
			// Only needed if all authentication handlers fail to return anything.
			$user = new WP_Error( 'authentication_failed', __( '<strong>Error</strong>: Invalid username, email address or incorrect password.' ) );
		}

		$ignore_codes = array( 'empty_username', 'empty_password' );

		if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes, true ) ) {
			$error = $user;

			/**
			 * Fires after a user login has failed.
			 *
			 * @since 2.5.0
			 * @since 4.5.0 The value of `$username` can now be an email address.
			 * @since 5.4.0 The `$error` parameter was added.
			 *
			 * @param string   $username Username or email address.
			 * @param WP_Error $error    A WP_Error object with the authentication failure details.
			 */
			do_action( 'wp_login_failed', $username, $error );
		}

		return $user;
	}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/l10n.php:__()

Retrieve the translation of $text.

wp-includes/formatting.php:sanitize_user()

Sanitizes a username, stripping out unsafe characters.

wp-includes/pluggable.php:authenticate

Filters whether a set of user login credentials are valid.

wp-includes/pluggable.php:wp_login_failed

Fires after a user login has failed.

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

wp-includes/plugin.php:do_action()

Calls the callback functions that have been added to an action hook.

wp-includes/load.php:is_wp_error()

Checks whether the given variable is a WordPress Error.

wp-includes/class-wp-error.php:WP_Error::__construct()

Initializes the error.

Show 3 more usesHide more uses

Top ↑

Used By

Used By
Used ByDescription
wp-includes/deprecated.php:user_pass_ok()

Check that the user login name and password is correct.

wp-includes/user.php:wp_signon()

Authenticates and logs a user in with ‘remember’ capability.

wp-includes/pluggable-deprecated.php:wp_login()

Checks a users login information and logs them in if it checks out. This function is deprecated.

wp-includes/class-wp-xmlrpc-server.php:wp_xmlrpc_server::login()

Log user in.

Top ↑

Changelog

Changelog
VersionDescription
4.5.0$username now accepts an email address.
2.5.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.

Show More