Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

I need to find which is the file that checks the DB for correct login (username, password)

wp_authenticate_username_password in wp-includes/user.php and wp_check_password in pluggable.php

I would advise against meddling with these though unless you’re removing the wordpress user authentification and putting your own in, e.g. http://wordpress.org/extend/plugins/simple-ldap-login/. For the best part, not using the admin username, making the first account a non super admin, not using wp_ database prefix, putting salt values in wp-config.php and setting up your folder permissions/htaccess correctly would do you far more good.

If a hacker has access to your encrypted password hashes, you’ve already lost the battle.

Related Posts:

  1. How can I password protect a WordPress site without requiring users to log in?
  2. How to invalidate `password reset key` after being used
  3. Is there any way to rename or hide wp-login.php?
  4. Increase of failed login attempts, brute force attacks? [closed]
  5. Check for correct username on custom login form
  6. How to fake a WordPress login?
  7. Brute force attack?
  8. Add Confirm Password field in wp-login.php Password Reset page
  9. Receiving “This content cannot be displayed in a frame” error on login page
  10. How to customise wp-login.php only for users who are setting a password for the first time?
  11. Give visitor access to password protected page/post via external script
  12. Send reset password link to user from custom lost password form
  13. Websites defaced by uploading script using theme editor
  14. Make wordpress admin failed login attempt return 401
  15. How can I retrieve the username and password from my WordPress installation?
  16. password protect individual pages
  17. Problem with logging in WP users automatically
  18. WordPress login urls
  19. How to determine if a user has not changed default generated password
  20. Store brute-force IP addresses
  21. Right practice to edit WP reset password email
  22. How to create a private login page for admin.?
  23. WordPress Security – How to block alternative WordPress access
  24. Protecting WordPress login page
  25. wp-admin folder, brute force, and password protection
  26. Sniffing wordpress user’s credentials
  27. Private page protected with username and password
  28. reset password link redirect to login page
  29. Password protect media attachment – share across guests
  30. Password reset – Disabled for LDAP accounts
  31. Why wp_update_user doesn’t update user_activation_key on users with apostrophes in their email?
  32. Forgot Password/ Password Reset Page does not exist
  33. Correct passwords keep appearing as incorrect
  34. disable site_url redirect in wp-login.php
  35. Forgot password needs to redirect from wp-login to a custom page
  36. Reset Password policy
  37. How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
  38. Does WordPress (or a plugin) reveal login credentials to admin?
  39. Is wp_login_form secure on a non secure page?
  40. How to password-protect everything except the logo
  41. WordPress login security
  42. Why isn’t the login page rate limited by default?
  43. Is there anyway to get the inputted password string from the login form?
  44. Input sanitation
  45. How to Prevent Brute Force Attack on WordPress
  46. Password not resetting on wordpress?
  47. Advice on redirect to lock site from unauthorized users
  48. autocomplete=”off” WordPress Login
  49. WordPress not logged in locally with correct username and password
  50. wordpress login without password just email address (NO 2 factor authentication with email)
  51. Where is the php file, that does the checks for login information?
  52. Error on WordPress Login
  53. Access log “POST /wp-login.php HTTP/1.0” 400
  54. Can I protect a type of content site-wide with a single password?
  55. Password recovery URL has error – but not found in code or db
  56. force login loophole
  57. Temporally disable password to login with empty password?
  58. How to create separate login for authors/moderators/subscribers?
  59. Login form does not store/remember/suggest users password
  60. WordPress password reset not working
  61. New user password confirmation sending wrong URL
  62. Locked out of WordPress admin area [closed]
  63. Global login to password protected pages
  64. Disable / Remove Password for Login WordPress
  65. How to password protect pages in WordPress
  66. Site is not loading after relogin attempts on SSL
  67. Chosen user password in registration is not being accepted on Login
  68. Some crawlers/bots attempting to login with very good guesses. How?
  69. User login without username, only password
  70. wp_lostpassword_url not escaped
  71. Hide wp-login.php but not the widget
  72. Trouble logging in and/or changing password
  73. Cannot login with correct username and password anymore
  74. How login is possible, if I deny login page via nginx?
  75. Cant login, Password MUST be reset error, after reset
  76. Log in a user upon password reset?
  77. Customize From and email address on password reset
  78. Custom Log In Screen – Disable password recovery [duplicate]
  79. Show reCaptcha on Custom Frontend Login & Register Form [closed]
  80. Problems with is_user_logged_in() | Function in WP
  81. Is the login encrypted before it is sent? If so how to do I encrypt it the same way?
  82. What speaks against using a custom login.php / register.php to wordpress?
  83. Login fail with no error
  84. wordpress/woocommerce login url not redirecting correctly
  85. Log in with email but no password
  86. Get WordPress login functions without printing anything
  87. Allow login only for one account from one device
  88. Create a login page which redirects to a specific page?
  89. how to add social login option in wordpress
  90. Avoiding accidentally creating a second account at “Or log in with your existing social profile”
  91. How user should automatically activated and go for login?
  92. How to lock WordPress front-end with login and password?
  93. Disabling the login form and redirect users on logout without headers sent php warning
  94. Webpage not found upon entering wrong username and password on custom login form?
  95. User not logged first time I open the homepage
  96. WordPress Login Box horizontal at the top.
  97. How to limit user to login only once per session
  98. How to resolve these findings from security audit
  99. Warning-session start errors and cannot login to administer
  100. make a login system for site visitors
Categories login Tags login, password, security
save radio button selection in post-meta on submit
WP Query and multiple pages

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress