The auth_cookie_bad_username WordPress PHP action is triggered when a bad username is entered during the user authentication process.
Usage
add_action('auth_cookie_bad_username', 'your_custom_function', 10, 1);
function your_custom_function($cookie_elements) {
// your custom code here
}
Parameters
$cookie_elements(string[]): An array containing the authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value. The array includes:username(string): User’s username.expiration(string): The time the cookie expires as a UNIX timestamp.token(string): User’s session token used.hmac(string): The security hash for the cookie.scheme(string): The cookie scheme to use.
More information
See WordPress Developer Resources: auth_cookie_bad_username
Examples
Log failed login attempts
Logs failed login attempts with bad usernames.
add_action('auth_cookie_bad_username', 'log_failed_login_attempts', 10, 1);
function log_failed_login_attempts($cookie_elements) {
$log_file = 'failed_login_attempts.txt';
$username = $cookie_elements['username'];
$timestamp = date('Y-m-d H:i:s');
$log_message = "Failed login attempt for username '{$username}' at {$timestamp}\n";
error_log($log_message, 3, $log_file);
}
Display a custom error message
Displays a custom error message for failed login attempts with bad usernames.
add_action('auth_cookie_bad_username', 'display_custom_error_message', 10, 1);
function display_custom_error_message($cookie_elements) {
wp_die('Invalid username. Please check your input and try again.');
}
Increment failed login counter
Increments a counter for failed login attempts with bad usernames.
add_action('auth_cookie_bad_username', 'increment_failed_login_counter', 10, 1);
function increment_failed_login_counter($cookie_elements) {
$counter = get_option('failed_login_counter', 0);
$counter++;
update_option('failed_login_counter', $counter);
}
Send notification email
Sends a notification email when there is a failed login attempt with a bad username.
add_action('auth_cookie_bad_username', 'send_notification_email', 10, 1);
function send_notification_email($cookie_elements) {
$to = '[email protected]';
$subject = 'Failed Login Attempt';
$message = 'A failed login attempt has occurred with a bad username: ' . $cookie_elements['username'];
wp_mail($to, $subject, $message);
}
Block IP after multiple failed attempts
Blocks an IP address after a specified number of failed login attempts with bad usernames.
add_action('auth_cookie_bad_username', 'block_ip_after_failed_attempts', 10, 1);
function block_ip_after_failed_attempts($cookie_elements) {
$ip = $_SERVER['REMOTE_ADDR'];
$ip_attempts = get_transient('failed_attempts_' . $ip) ?: 0;
$ip_attempts++;
if ($ip_attempts >= 5) {
// Block the IP address
wp_die('Too many failed login attempts. Your IP has been temporarily blocked.');
} else {
// Update the failed attempts count
set_transient('failed_attempts_' . $ip, $ip_attempts, 3600);
}
}