authenticate filter-hookWP 2.8.0

Filters whether a set of user login credentials are valid.

A WP_User object is returned if the credentials authenticate a user. WP_Error or null otherwise.

Usage

add_filter( 'authenticate', 'wp_kama_authenticate_filter', 10, 3 );

/**
 * Function for `authenticate` filter-hook.
 * 
 * @param null|WP_User|WP_Error $user     WP_User if the user is authenticated. WP_Error or null otherwise.
 * @param string                $username Username or email address.
 * @param string                $password User password
 *
 * @return null|WP_User|WP_Error
 */
function wp_kama_authenticate_filter( $user, $username, $password ){

	// filter...
	return $user;
}
$user(null|WP_User|WP_Error)
WP_User if the user is authenticated. WP_Error or null otherwise.
$username(string)
Username or email address.
$password(string)
User password

Changelog

Since 2.8.0 Introduced.
Since 4.5.0 $username now accepts an email address.

Where the hook is called

wp_authenticate()
authenticate
wp-includes/pluggable.php 620
$user = apply_filters( 'authenticate', null, $username, $password );

Where the hook is used in WordPress

wp-includes/default-filters.php 476
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
wp-includes/default-filters.php 477
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
wp-includes/default-filters.php 478
add_filter( 'authenticate', 'wp_authenticate_application_password', 20, 3 );
wp-includes/default-filters.php 479
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
wp-includes/user.php 93
add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );