apply_filters( 'wp_authenticate_user', WP_User|WP_Error $user, string $password )

Filters whether the given user can be authenticated with the provided $password.

Parameters

$user: (WP_User|WP_Error) WP_User or WP_Error object if a previous callback failed authentication.
$password: (string) Password to check against the user.

Used By
Used By	Description
wp-includes/user.php: wp_authenticate_username_password()	Authenticate a user, confirming the username and password are valid.
wp-includes/user.php: wp_authenticate_email_password()	Authenticates a user using the email and password.

Changelog
Version	Description
WP-2.5.0	Introduced.