Exciting News! Flipper Code is now WePlugins! Same commitment to excellence, brand new identity.

How to use authenticate filter in WordPress

Sandeep Kumar Mishra
Sandeep Kumar Mishra
July 12, 2022
5 minutes read

authenticate filter

The ‘authenticate’ hook is used for implementing a customized authentication method, allowing you to replace the default WordPress login checks. For instance, if you authenticate a user from an external dataset or a third-party API, this hook can be used.

To use authenticate filter, first you have to register it using add_filter. You can write this code into functions.php of your activated theme or in a custom WordPress Plugin.

We at WePlugins ( formerly Flipper Code), always prefer to create a custom WordPress Plugin while using hooks so nothing breaks when you update your WordPress Theme in the future.

In the below live example, we have defined a function modify_authenticate_defaults which takes 3 parameters and we registered using add_filter. The first parameter authenticate is name of the hook, The second parameter modify_authenticate_defaults is name of the function which need to be called, third parameter is the priority of calling the hook if same hook is used multiple times and the last parameter is the number of arguments (if any) to be passed in the registered function.

Sometime, you have to remove a registered hook so you can use remove_filter to remove authenticate filter.


    Below are the 3 parameters are required to use this hook.

  • $user : (null|WP_User|WP_Error) WP_User if the user is authenticated. WP_Error or null otherwise.
  • $username : (string) Username or email address.
  • $password : (string) User password

Live Example

Below is an example how you can use this hook.

                        function modify_authenticate_defaults($user, $username, $password) { 
                            // Update the $user variable according to your website requirements and return this variable. You can modify the $user variable conditionally too if you want.

                            return $user; 
                        // add the filter
                        add_filter( "authenticate", "modify_authenticate_defaults", 10, 3 );

External API Authentication Example

function custom_external_api_authentication($user, $username, $password) {
    // Your logic to authenticate user via an external API
    // Set $user to WP_User on success or WP_Error on failure
    return $user;

add_filter('authenticate', 'custom_external_api_authentication', 10, 3);

Custom Database Authentication Example

function custom_database_authentication($user, $username, $password) {
    global $wpdb;

    // Your custom database authentication logic
    // Set $user to WP_User on success or WP_Error on failure
    return $user;

add_filter('authenticate', 'custom_database_authentication', 10, 3);

Two-Factor Authentication Integration Example

function custom_two_factor_authentication($user, $username, $password) {
    // Your logic to integrate two-factor authentication
    // Set $user to WP_User on success or WP_Error on failure
    return $user;

add_filter('authenticate', 'custom_two_factor_authentication', 10, 3);

To remove a hook callback, use the example below.

remove_filter( "authenticate", "modify_authenticate_defaults", 10, 3 );

Please make sure provide the same callback function name, priority and number of arguments while removing the hook callback.

WePlugins is a Premium WordPress Plugins development company and integrating new functionalites into WordPress sites in form of custom WordPress Plugins since 2012. If you’re having any trouble using this hook, please contact our WordPress Development Team and we’d be happy to assist you.

Explore the latest in WordPress

Trying to stay on top of it all? Get the best tools, resources and inspiration sent to your inbox every Wednesday.