I’m looking for a hook that can be used before WP reads the DB to authenticate the user’s login credentials, but can’t seem to find one anywhere. Does one exist?
I tried add_filter/action('authenticate', 'customcode', 30, 3), but this seems to execute as soon as the wp-login.php page is requested, rather than after the user hits login and the username/password is POST.
If you look at the code for wp-login.php both the login case and the default case run wp_signon(). The reason, so it seems to me, is to manage cases where a user already has a valid cookie for the site. So I don’t think there is a hook that fires only upon login, but it is pretty easy to compensate. The first hook along that login path and before authentication is the action hook wp_authenticate not authenticate (though that is a valid hook).
function customcode($username, $password ) {
if (!empty($username) && !empty($password)) {
// your code
}
}
add_action('wp_authenticate', 'customcode', 30, 2);