wp_login_url()WP 2.7.0

Retrieves the login URL.

Used By: wp_loginout()
Hooks from the function


String. The login URL. Not HTML-encoded.


wp_login_url( $redirect, $force_reauth );
Path to redirect to on log in.
Default: ''
Whether to force reauthorization, even if a cookie is present.
Default: false



#1 Basic usage

echo wp_login_url(); // https://wp-kama.com/wp-login.php
<a href="<?= wp_login_url() ?>" title="Login">Log in</a>

#2 Authorize and Redirect to Current Page

<a href="<?= wp_login_url( get_permalink() ); ?>">Login</a>

Note that if the request is a 404, get_permalink() will return false, so you may want to grab the actual URL instead.

A scenario where it could be useful to still redirect to your current URL even if it was a 404, would be if the current URL was a private post, and your user was not yet logged-in – hence ended up on a 404.

In that case, if you show them a login link, they should be redirected back to the current URL (i.e. the private post), so that they finally can access it.

<?php $current_url = home_url( $GLOBALS['wp']->request ); ?>
<a href="<?= esc_url( wp_login_url( $current_url )  ); ?>"><?php _e( 'Log in' ) ?></a>

#3 Authorize and go to the home page:

<a href="<?= wp_login_url( home_url() ) ?>" title="Login">Log in</a>


Since 2.7.0 Introduced.

wp_login_url() code WP 6.3

function wp_login_url( $redirect = '', $force_reauth = false ) {
	$login_url = site_url( 'wp-login.php', 'login' );

	if ( ! empty( $redirect ) ) {
		$login_url = add_query_arg( 'redirect_to', urlencode( $redirect ), $login_url );

	if ( $force_reauth ) {
		$login_url = add_query_arg( 'reauth', '1', $login_url );

	 * Filters the login URL.
	 * @since 2.8.0
	 * @since 4.2.0 The `$force_reauth` parameter was added.
	 * @param string $login_url    The login URL. Not HTML-encoded.
	 * @param string $redirect     The path to redirect to on login, if supplied.
	 * @param bool   $force_reauth Whether to force reauthorization, even if a cookie is present.
	return apply_filters( 'login_url', $login_url, $redirect, $force_reauth );