How to use auth_cookie_bad_hash action in WordPress

auth_cookie_bad_hash action

Fires if a bad authentication cookie hash is encountered.

To use the auth_cookie_bad_hash action, first you have to register it using add_action. You can write this code into functions.php of your activated theme or in a custom WordPress Plugin.

We at WePlugins always prefer to create a custom WordPress Plugin while using hooks so nothing breaks when you update your WordPress Theme in the future.

In the below live example, we have defined a function weplugins_execute_on_auth_cookie_bad_hash_event which takes 1 parameter and we registered using add_action. The first parameter auth_cookie_bad_hash is the name of the hook, the second parameter weplugins_execute_on_auth_cookie_bad_hash_event is the name of the function which needs to be called, the third parameter is the priority of calling the hook if the same hook is used multiple times, and the last parameter is the number of arguments (if any) to be passed in the registered function.

Sometimes, you have to remove a registered hook so you can use remove_action to remove auth_cookie_bad_hash action.

Parameters

Below the 1 parameter is required to use this hook.

• $cookie_elements: (string[]) Authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value.
  • ‘username’ (string) User’s username.
  • ‘expiration’ (string) The time the cookie expires as a UNIX timestamp.
  • ‘token’ (string) User’s session token used.
  • ‘hmac’ (string) The security hash for the cookie.
  • ‘scheme’ (string) The cookie scheme to use.

Live Example

do_action( 'auth_cookie_bad_hash', string[] $cookie_elements )

Below is an example of how you can use this hook.

Example 1: Basic Usage

This example demonstrates the basic usage of the auth_cookie_bad_hash action.

    function weplugins_execute_on_auth_cookie_bad_hash_event($cookie_elements) {
        // You can write code here to be executed when this action occurs in WordPress. 
        // Use the parameters received in the function arguments & implement the required additional custom functionality according to your website requirements.
    }
    // add the action
    add_action( "auth_cookie_bad_hash", "weplugins_execute_on_auth_cookie_bad_hash_event" , 10, 1);
    

Example 2: Logging the Event

This example shows how to log the event when a bad authentication cookie hash is encountered.

    function weplugins_log_bad_auth_cookie($cookie_elements) {
        error_log('Bad auth cookie encountered for user: ' . $cookie_elements['username']);
    }
    add_action( "auth_cookie_bad_hash", "weplugins_log_bad_auth_cookie", 10, 1);
    

Example 3: Custom Notification

In this example, an email notification is sent to the admin when a bad authentication cookie hash is encountered.

    function weplugins_notify_admin_on_bad_cookie($cookie_elements) {
        $to = get_option('admin_email');
        $subject = 'Bad Auth Cookie Detected';
        $message = 'A bad auth cookie was detected for user: ' . $cookie_elements['username'];
        wp_mail($to, $subject, $message);
    }
    add_action( "auth_cookie_bad_hash", "weplugins_notify_admin_on_bad_cookie", 10, 1);
    

To remove a hook callback, use the example below.

    remove_action( "auth_cookie_bad_hash", "weplugins_execute_on_auth_cookie_bad_hash_event", 10, 1 );
    

Please make sure to provide the same callback function name, priority, and number of arguments while removing the hook callback.

Contact Us

If you’re having any trouble using this hook or need customization, please Contact Us. We’d be happy to assist you.