The hook you will probably be most interesting in is wp_authenticate
.
Codex:
This action is located inside of wp_signon. In contrast to the wp_login action, it is executed before the WordPress authentication process.
That hook and wp-signon are defined in wp-incldues/user.php line 10
But wp-includes/pluggable.php has wp_authenticate()
and it can be overridden. It also provides a hook, authenticate
.
The Form
The log in form (the form itself) is defined in wp-includes/general-template.php line 402
You can hook the default $args
with login_form_defaults
filter hook defined on line 431
The default $args
for the form:
$defaults = array(
'echo' => true,
// Default 'redirect' value takes the user back to the request URI.
'redirect' => ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
'form_id' => 'loginform',
'label_username' => __( 'Username or Email Address' ),
'label_password' => __( 'Password' ),
'label_remember' => __( 'Remember Me' ),
'label_log_in' => __( 'Log In' ),
'id_username' => 'user_login',
'id_password' => 'user_pass',
'id_remember' => 'rememberme',
'id_submit' => 'wp-submit',
'remember' => true,
'value_username' => '',
// Set 'value_remember' to true to default the "Remember me" checkbox to checked.
'value_remember' => false,
);
With root/wp-login.php
You can enqueue scripts into the head via the action hook
do_action( 'login_enqueue_scripts' );
on line 90
Considerations
There are other internal functions, like wp_authenticate_username_password($user, $username, $password)
that follows wp_signon
on user.php, that may be expecting or passing a text password.
A note on $password
param in Codex of the wp_authenticate_user
filter found in wp_authenticate_username_password
:
$password
(string) (optional) The user’s password (plain text).
Hopefully wp_signon
mentioned off the top can satisfy what you’re after.