The wp_authenticate_user filter hook is used to perform additional validation/authentication any time a user logs in to WordPress.
This hook should return either a WP_User() object or, if generating an error, a WP_Error() object.
The basic usage is as follows...
add_filter('wp_authenticate_user', 'myplugin_auth_login',10,2); function myplugin_auth_login ($user, $password) { //do any extra validation stuff here return $user; }
This hook passes two parameters, $user and $password (plaintext). In order to generate an error on login, you will need to return a new WP_Error() object.
The wp_authenticate_user hook is located in /wp-includes/user.php
within wp_authenticate_username_password()
Return to Plugin API/Filter Reference