Using WordPress ‘wp_login’ PHP action

The wp_login WordPress PHP action fires after a user has successfully logged in, allowing you to execute custom code upon user login.


function your_function($user_login, $user) {
    // your custom code here
add_action('wp_login', 'your_function', 10, 2);


  • $user_login (string): The username of the logged-in user.
  • $user (WP_User): The WP_User object of the logged-in user.

More information

See WordPress Developer Resources: wp_login


Redirecting user to a custom page after login

Redirects the user to a custom page after logging in.

function redirect_after_login($user_login, $user) {
    // Redirect to custom page
add_action('wp_login', 'redirect_after_login', 10, 2);

Log user login events

Log user login events for later analysis.

function log_user_login($user_login, $user) {
    // Log login event
    error_log("User $user_login logged in at " . current_time('mysql'));
add_action('wp_login', 'log_user_login', 10, 2);

Send a welcome email after login

Sends a welcome email to the user upon their first login.

function send_welcome_email($user_login, $user) {
    // Check if user meta 'welcome_email_sent' is not set
    if (!get_user_meta($user->ID, 'welcome_email_sent', true)) {
        // Send welcome email
        wp_mail($user->user_email, 'Welcome to our website!', 'Thank you for joining us!');

        // Update user meta to avoid sending email again
        update_user_meta($user->ID, 'welcome_email_sent', true);
add_action('wp_login', 'send_welcome_email', 10, 2);

Show a custom admin notice after login

Displays a custom admin notice for the user after they log in.

function display_custom_admin_notice($user_login, $user) {
    // Set a transient to show the custom admin notice
    set_transient("custom_admin_notice_$user_login", true, 60);
add_action('wp_login', 'display_custom_admin_notice', 10, 2);

function show_custom_admin_notice() {
    // Check if the transient is set and show the notice
    if (get_transient("custom_admin_notice_" . wp_get_current_user()->user_login)) {
        echo '<div class="notice notice-success is-dismissible"><p>Welcome back!</p></div>';

        // Delete the transient after showing the notice
        delete_transient("custom_admin_notice_" . wp_get_current_user()->user_login);
add_action('admin_notices', 'show_custom_admin_notice');

Limit login attempts

Limit the number of login attempts for a user in a certain time frame.

In this example, we limit the number of login attempts for a user to 5. If the user exceeds this limit, they will be logged out and asked to try again later. The login attempts count will reset after 1 hour.

function limit_login_attempts($user_login, $user) {
    // Get login attempts count
    $login_attempts = (int) get_user_meta($user->ID, 'login_attempts', true);

    // If attempts exceed limit, log out the user and reset the count
    if ($login_attempts >= 5) {
        update_user_meta($user->ID, 'login_attempts', 0);
        wp_die('You have exceeded the allowed login attempts. Please try again later.');
    } else {
        // Increase login attemptscount and update user meta
update_user_meta($user->ID, 'login_attempts', $login_attempts);

    // Reset login attempts count after a certain time (e.g., 1 hour)
    wp_schedule_single_event(time() + 3600, 'reset_login_attempts', array($user->ID));
add_action('wp_login', 'limit_login_attempts', 10, 2);

function reset_login_attempts($user_id) {
// Reset login attempts count
update_user_meta($user_id, 'login_attempts', 0);
add_action('reset_login_attempts', 'reset_login_attempts', 10, 1);