Your code has some problems:
- You are using deprecated function
get_user_by_email
- You are using wrong hook
wp_authenticate
You can this plugin https://wordpress.org/plugins/wp-email-login/
or
Your can use this code
function wpsc_authenticate_user_by_email( $user, $username, $password ) {
// Bailout
if( ! is_frontend_login_form() ){
return $user;
}
$login_page = strtok( $_SERVER["HTTP_REFERER"], '?' );
//check for valid inputs
if( $username == "" || $password == "" ) {
wp_redirect( $login_page . "?login=empty" );
exit;
}
// get user by email
if ( is_email( $username ) ) {
$user = get_user_by( 'email', $username );
// validate user
if ( $user && wp_check_password( $password, $user->user_pass, $user->ID ) ) {
return $user;
}else{
wp_redirect( $login_page . '?login=failed' );
exit;
}
}else{
wp_redirect( $login_page . '?login=failed' );
exit;
}
return $user;
}
add_filter( 'authenticate', 'wpsc_authenticate_user_by_email', 1, 3 );
Define conditions in is_frontend_login_form()
to check if user is coming from your frontend form or not.