WordPress at a glance
filter is not described

authenticate filter-hook . WP 2.8.0

Filters whether a set of user login credentials are valid.

A WP_User object is returned if the credentials authenticate a user. WP_Error or null otherwise.


add_filter( 'authenticate', 'filter_function_name_3527', 10, 3 );
function filter_function_name_3527( $user, $username, $password ){
	// filter...

	return $user;
WP_User if the user is authenticated. WP_Error or null otherwise.
Username or email address.
User password


Since 2.8.0 Introduced.
Since 4.5.0 $username now accepts an email address.

Where the hook is called

wp-includes/pluggable.php 539
$user = apply_filters( 'authenticate', null, $username, $password );

Where in WP core the hook is used

wp-includes/default-filters.php 426
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
wp-includes/default-filters.php 427
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
wp-includes/default-filters.php 428
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
wp-includes/user.php 93
add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );