Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

WordPress Login Customization for External Authentication

Where … is handling the final true/false call returns in its traditional login concept?

The login process starts in the wp-login.php WordPress file around line 625:

$user = wp_signon('', $secure_cookie);

The wp_signon() function is from the wp-includes/user.php file.

/**
 * Authenticate user with remember capability.
 *
 * The credentials is an array that has 'user_login', 'user_password', and
 * 'remember' indices. If the credentials is not given, then the log in form
 * will be assumed and used if set.
 *
 * The various authentication cookies will be set by this function and will be
 * set for a longer period depending on if the 'remember' credential is set to
 * true.
 *
 * @since 2.5.0
 *
 * @param array $credentials Optional. User info in order to sign on.
 * @param bool $secure_cookie Optional. Whether to use secure cookie.
 * @return object Either WP_Error on failure, or WP_User on success.
 */
function wp_signon( $credentials="", $secure_cookie="" ) {
    if ( empty($credentials) ) {
        if ( ! empty($_POST['log']) )
            $credentials['user_login'] = $_POST['log'];
        if ( ! empty($_POST['pwd']) )
            $credentials['user_password'] = $_POST['pwd'];
        if ( ! empty($_POST['rememberme']) )
            $credentials['remember'] = $_POST['rememberme'];
    }

    if ( !empty($credentials['remember']) )
        $credentials['remember'] = true;
    else
        $credentials['remember'] = false;

    // TODO do we deprecate the wp_authentication action?
    do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));

    if ( '' === $secure_cookie )
        $secure_cookie = is_ssl();

    $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials);

    global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
    $auth_secure_cookie = $secure_cookie;

    add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);

    $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);

    if ( is_wp_error($user) ) {
        if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
            $user = new WP_Error('', '');
        }

        return $user;
    }

    wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
    do_action('wp_login', $user->user_login, $user);
    return $user;
}

I’m not an expert on this topic, but it looks like you have two choices.

1) Rewrite the wp_authenticate() function located in the wp-includes/pluggable.php.

All the functions in wp-includes/pluggable.php, check to see if the function already exists before creating the function, so you can add the rewritten function in a theme or a plugin and it will replace the default wp_authenticate() function.

2) Add your layer to ‘wp_login’ action hook located near the end of the function.

The ‘wp_login’ action occurs after WordPress is done with all authentication. Use it like this.

add_action( 'wp_login', 'my_external_authentication', 10, 2 );
/**
 * @return object Either WP_Error on failure, or WP_User on success.
 */
function my_external_authentication( $user_login, $user ) {
    // Add external authentication here.
}

Related Posts:

  1. WordPress auto login after registration not working
  2. My custom page template with is_user_logged_in() does not detect that I’m logged in
  3. Authenticate with a Rails app?
  4. How do you manage your pages or functions that require logged-in users?
  5. Need to use WordPress page as authentication for different service
  6. Is there a way to call via javascript if a user is logged-in on a static html file?
  7. The same session information for peer users on two different WordPress servers
  8. Check for empty username or password on login
  9. Securely log in a user without a password using a link?
  10. How to track all users logged into a site?
  11. How to authenticate/verify login credentials & check for user meta without logging in?
  12. Replacing the WordPress password validation
  13. Allow up to 5 Concurrent Login Sessions
  14. Why does is_user_logged_in() return false after redirect from another site?
  15. Pre-populate Username Field
  16. How to keep track of user logins?
  17. Get user info outside WordPress
  18. Authenticate user using Hashed Password in MySQL Query and C#
  19. How can I secure a WordPress blog using OpenID from a single provider?
  20. Is it possible to get a user with just the password field?
  21. get_userdata by username
  22. Redirect after login based on user role (custom login page)
  23. Check for user meta data at Login
  24. Redirect User to Homepage if no other redirect is specified
  25. Use phpbb user database for WordPress
  26. WordPress to use Drupal users’ credentials
  27. Share user table from WP with Drupal
  28. How can I allow password reset based on logins containing the @ character?
  29. A way to count logged in users and display count?
  30. stop login if user_status equal zero
  31. WordPress Authentication Middleware
  32. How do i make my wordpress website private?
  33. Redirect user to login before viewing custom post
  34. Change the user_login at registration
  35. Max no of simultaneous active sessions for a single user
  36. Rest API code to get ID of current user not working: get_current_user_id() gives 0
  37. When I try to login in wordpress it is showing “USER Doesn’t Exists”
  38. Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
  39. Redirect subscribers to last viewed page after log-in
  40. wordpress disable login for unverified user
  41. Reset Password policy
  42. Rewrite Rules and Login Issue
  43. How can I authenticate user credentials against a WordPress instance?
  44. Is possible to allow user to login with different role?
  45. OAuth 2 and saving the authenticated user
  46. Use WordPress Login for a non-wordpress site
  47. Allow users to create post without logging in?
  48. Does wordpress support natively the concept of logging-in users? (not admins, but users of the website)
  49. New user form rejected because “passwords don’t match”—but there’s only one password field
  50. Is there any action /filter hook I can use to disable login for some user role?
  51. WordPress REST Api: update user
  52. How to check User Role and redirect to specific page according to Role when login in WordPress?
  53. REST API: wp_get_current_user not working on second call
  54. Display video on homepage for users who have not logged in
  55. How can i login with user’s password in WordPress being an admin?
  56. Delete a user from frontend
  57. Check if user is logged in via JS? [duplicate]
  58. Use members from 1 site on another one
  59. Can I edit the database to change a login?
  60. how redirect users to custom login page when “login to reply” is clicked? [duplicate]
  61. User(s) already exists show error please provide a valid username
  62. wp_generate_password sets password but can’t login using created password
  63. add class to element if user is not logged in [closed]
  64. How to verify which WordPress user requested the API in ASP .NET Core?
  65. Restricting wordpress login sessions for a web app
  66. How to allow access based on the user meta flag
  67. Authentication between two different sites using the WordPress login cookie
  68. Use WP cookie to authentificate user on an external app
  69. How can I display Only the first Array/Object?
  70. How to connect wordpress user with my own APP user?
  71. How to change default username field after login
  72. Disable emails for new user registration
  73. WP users cant reset password
  74. $user_login is not working if author has only 1 post
  75. Specific Content on pages based on user
  76. user and usermeta table not found
  77. throttle/limit a logged in user’s http requests to specific page on a per day basis
  78. custom login form, guide me
  79. Changing user_login ends current session
  80. Current User Seeing Another Logged In User Info
  81. Redirect based on log-in status per JavaScript
  82. Integrating Facebook Registration (and Login) on a WordPress page
  83. How-To: Get meta data from the users last order in woocommerce
  84. WordPress C# User Login
  85. WordPress – Security Question at Login from User’s Meta Data
  86. determine active user browser at the same time
  87. Cant edit profile from frontend
  88. Login and register by API
  89. Unable to retrieve Users (Not logged in) through WP Rest API
  90. Allow Html pages for users with specific roles
  91. Will users still be able to log in if I change host?
  92. wp_authenticate_username_password not authenticating properly when pass username and password
  93. redirect to my login page if not logged in
  94. What is an Endpoint?
  95. If the current user is an administrator or editor
  96. Can I programmatically login a user without a password?
  97. Editor can create any new user except administrator
  98. How do I add a field on the Users profile? For example, country, age etc
  99. How do I display logged-in username IF logged-in?
  100. How to allow an user role to create a new user under a role which lower than his level only?
Categories users Tags api, authentication, login, users, web-services
How to write: $wpdb->update having WHERE NOT value pair in the array
show shortcodes in editor

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress