I have a custom application with thousands of users who already have a password stored. I would like to set up a self hosted wordpress site to accompany that application and to use the usernames and encrypted passwords that already exist in that database.
Is there a way to configure WordPress to not use the normal list of users, but instead to validate usernames and passwords against another database on another server?
We have a team of developers so if there was a way to write code to hook into the login process this would be acceptable. Does anyone have experience with this, or have any suggestions of where to look?
Investigating the filter
authenticate
, we can find that it is called inside the functionwp_authenticate
, which is a pluggable function.That means that it can be replaced by one of our own making.
This is the original function, plus a marked entry point:
The test was done creating a
wp_authenticate
function inside a Must Use plugin. On that entry point, I put the following:The table
wp_my_users
is a simple test table, password is even plain text.The matter is how build the
$user
object completely based on a custom table. Or if it is feasible or advisable…Because in this test the ID of the users is the same, so we are giving back (
get_user_by
) to WordPress a user from its own tablewp_users
, but with credentials checked in a custom tablewp_my_users
.Notes:
This answer doesn’t goes beyond the analysis and hacking of the function
wp_authenticate
. No consideration is done about security, password management nor thewp_usermeta
table.For reference, this is the content of
$user
:Actually you can bypass login mechanism of wordpress by login user automatically (after they succesfuly passed with credentials from another website for example) with this function: wp_set_auth_cookie($user_id);
for example with this you do login admin (user with id = 1)
so you can create user in wordpress with specified user privileges and then as user log with another credentials you can log him as this “placeholder” user.
Simplest method
I think this plugin External Database Authentication fits your needs. From there you might enable already logged-in users setting the cookie when they login just using
wp_set_auth_cookie
as @Roman says.