wp_authenticate( string $username, string $password )

Authenticate a user, confirming the login credentials are valid.

Contents

Description Description

Parameters Parameters

$username

(string) (Required) User's username or email address.

$password

(string) (Required) User's password.

Top ↑

Return Return

(WP_User|WP_Error) WP_User object if the credentials are valid, otherwise WP_Error.

Top ↑

Source Source

File: wp-includes/pluggable.php

521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
function wp_authenticate( $username, $password ) {
    $username = sanitize_user( $username );
    $password = trim( $password );
 
    /**
     * Filters whether a set of user login credentials are valid.
     *
     * A WP_User object is returned if the credentials authenticate a user.
     * WP_Error or null otherwise.
     *
     * @since 2.8.0
     * @since 4.5.0 `$username` now accepts an email address.
     *
     * @param null|WP_User|WP_Error $user     WP_User if the user is authenticated.
     *                                        WP_Error or null otherwise.
     * @param string                $username Username or email address.
     * @param string                $password User password
     */
    $user = apply_filters( 'authenticate', null, $username, $password );
 
    if ( $user == null ) {
        // TODO what should the error message be? (Or would these even happen?)
        // Only needed if all authentication handlers fail to return anything.
        $user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username, email address or incorrect password.' ) );
    }
 
    $ignore_codes = array( 'empty_username', 'empty_password' );
 
    if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
        /**
         * Fires after a user login has failed.
         *
         * @since 2.5.0
         * @since 4.5.0 The value of `$username` can now be an email address.
         *
         * @param string $username Username or email address.
         */
        do_action( 'wp_login_failed', $username );
    }
 
    return $user;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
4.5.0 $username now accepts an email address.
2.5.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/l10n.php: __()

Retrieve the translation of $text.
wp-includes/formatting.php: sanitize_user()

Sanitizes a username, stripping out unsafe characters.
wp-includes/pluggable.php: authenticate

Filters whether a set of user login credentials are valid.
wp-includes/pluggable.php: wp_login_failed

Fires after a user login has failed.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/plugin.php: do_action()

Execute functions hooked on a specific action hook.
wp-includes/load.php: is_wp_error()

Check whether variable is a WordPress Error.
wp-includes/class-wp-error.php: WP_Error::__construct()

Initialize the error.
Show 3 more uses Hide more uses

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/deprecated.php: user_pass_ok()

Check that the user login name and password is correct.
wp-includes/user.php: wp_signon()

Authenticates and logs a user in with ‘remember’ capability.
wp-includes/pluggable-deprecated.php: wp_login()

Checks a users login information and logs them in if it checks out. This function is deprecated.
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::login()

Log user in.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.