I’ve recently integrated WordPress to my website and I’ve been trying to find out the correct way to replace WordPress’ authentication system with the one on my website.
My website already has a user database, and the user is authenticated through PHP sessions.
My goal is simply to remove WordPress’ integrated register/login form, and make it so users already logged in to my website have access to WordPress functionalities simply through session_start() (and privileges check). I wouldn’t be using WordPress’ user database.
Most informations I found on this topic are mostly about integrating an external database to WordPress, like the plugin External Database Authentication Reloaded, but very few on how to actually change the way WordPress checks if user is logged in before granting him access.
I would like to properly understand how to allow users logged in my website to get the same privileges as if they were also logged into my WordPress (by checking if $_SESSION['simple_auth'] == true)
I understand that this question has already been asked; I’ve done some research, but I’m mostly looking for advice on how to do this (or why I should not do this), and some guidelines that might help me.
3 Answers
WordPress’s authentication system is made up of pluggable functions, which means that you can write a plugin that has a function named, say, wp_authenticate(), and your site will use your wp_authenticate() function instead of the native WordPress one.
Your comment about is_user_logged_in() (on your original post) is obviated by the fact that is_user_logged_in() calls the pluggable wp_get_current_user(), meaning that you can write your own wp_get_current_user() and control is_user_logged_in() that way.
So you should be able to write an authentication system for WordPress that will use your pre-existing user database.
References
is_user_logged_in()- Pluggable functions
- WordPress code reference
