Action wp_login_failed not working if only one field is filled out

2 comments

1. Add this filter to change how blank username/password is treated:

   add_filter( 'authenticate', 'custom_authenticate_username_password', 30, 3);
   function custom_authenticate_username_password( $user, $username, $password )
   {
       if ( is_a($user, 'WP_User') ) { return $user; }
   
       if ( empty($username) || empty($password) )
       {
           $error = new WP_Error();
           $user  = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
   
           return $error;
       }
   }
   

   And then your original redirect on wp_login_failed will work with blank username/password as well.

   Log in to Reply

2. The problem lies with the function wp_authenticate() (found in the file pluggable.php)

   You have 2 options.

   • hack the wordpress core (not advised!)
   • write your own plugin that overrides wp_authenticate() (this is merely deleting a few characters in an if statement).

   Log in to Reply