Exciting News! Flipper Code is now WePlugins! Same commitment to excellence, brand new identity.

How to use auth_cookie_bad_username action in WordPress

Sandeep Kumar Mishra
Sandeep Kumar Mishra
July 12, 2022
5 minutes read

auth_cookie_bad_username action

Fires if a bad username is entered in the user authentication process.

To use auth_cookie_bad_username action, first you have to register it using add_action. You can write this code into functions.php of your activated theme or in a custom WordPress Plugin.

We at WePlugins always prefer to create a custom WordPress Plugin while using hooks so nothing breaks when you update your WordPress Theme in the future.

In the below live example, we have defined a function execute_on_auth_cookie_bad_username_event which takes 1 parameter and we registered using add_action. The first parameter auth_cookie_bad_username is the name of the hook, the second parameter execute_on_auth_cookie_bad_username_event is the name of the function which needs to be called, the third parameter is the priority of calling the hook if the same hook is used multiple times and the last parameter is the number of arguments (if any) to be passed in the registered function.

Sometimes, you have to remove a registered hook so you can use remove_action to remove auth_cookie_bad_username action.

Parameters

    Below the 1 parameter is required to use this hook.

  • $cookie_elements: (string[]) Authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value.

    • username: (string) User’s username.
    • expiration: (string) The time the cookie expires as a UNIX timestamp.
    • token: (string) User’s session token used.
    • hmac: (string) The security hash for the cookie.
    • scheme: (string) The cookie scheme to use.

Live Example

do_action( 'auth_cookie_bad_username', string[] $cookie_elements )

Below is an example of how you can use this hook.

    function weplugins_execute_on_auth_cookie_bad_username_event($cookie_elements){
        // You can write code here to be executed when this action occurs in WordPress.
        // Use the parameters received in the function arguments & implement the required
        // additional custom functionality according to your website requirements.
    }
    // add the action
    add_action( "auth_cookie_bad_username", "weplugins_execute_on_auth_cookie_bad_username_event" , 10, 1);
    

To remove a hook callback, use the example below.

    remove_action( "auth_cookie_bad_username", "weplugins_execute_on_auth_cookie_bad_username_event", 10, 1 );
    

Please make sure to provide the same callback function name, priority, and number of arguments while removing the hook callback.

Example 1: Logging Bad Username Attempts

In this example, we will log every instance of a bad username attempt into the WordPress debug log.

    function weplugins_log_bad_username($cookie_elements) {
        if (defined('WP_DEBUG') && WP_DEBUG) {
            error_log('Bad username attempt: ' . print_r($cookie_elements, true));
        }
    }
    add_action('auth_cookie_bad_username', 'weplugins_log_bad_username', 10, 1);
    

Example 2: Notify Admin of Bad Username Attempts

This example sends an email to the admin whenever a bad username is entered.

    function weplugins_notify_admin_bad_username($cookie_elements) {
        $admin_email = get_option('admin_email');
        $subject = 'Bad Username Attempt';
        $message = 'A bad username attempt was made with the following details: ' . print_r($cookie_elements, true);
        wp_mail($admin_email, $subject, $message);
    }
    add_action('auth_cookie_bad_username', 'weplugins_notify_admin_bad_username', 10, 1);
    

Example 3: Redirect User After Bad Username

In this example, users are redirected to a custom page if they enter a bad username.

    function weplugins_redirect_on_bad_username($cookie_elements) {
        wp_redirect(home_url('/custom-bad-username-page'));
        exit;
    }
    add_action('auth_cookie_bad_username', 'weplugins_redirect_on_bad_username', 10, 1);
    

Access Premium WordPress Plugins

Contact Us

If you’re having any trouble using this hook or need any customization, please Contact Us. We’re happy to assist you!

Sandeep Kumar Mishra

Sandeep Kumar Mishra

Sandeep Kumar Mishra writes about WordPress and Artificial Intelligence, offering tips and guides to help you master your website and stay updated with the latest tech trends.

Explore the latest in WordPress

Trying to stay on top of it all? Get the best tools, resources and inspiration sent to your inbox every Wednesday.