Automatically login user by username in wordpress

Automatically login user by username in wordpress

by

How to Automatically Log in a User by Username in WordPress

Manually logging in users can be time-consuming, especially when working with custom authentication systems, third-party integrations, or auto-login functionalities. In this guide, we’ll explore how to automatically log in a user using their username in WordPress.

Why Use Automatic Login in WordPress?

There are various scenarios where auto-login can be helpful:
Single Sign-On (SSO): Automatically log in users from an external system.
Membership Websites: Seamless access for premium users.
Custom Authentication: Allow users to log in without needing passwords.
User Experience Improvement: Reduce friction for returning users.

PHP Code to Automatically Log in a User by Username

Use the following PHP snippet to automatically log in a user using their username in WordPress.

Step 1: Add the Code in functions.php or a Custom Plugin

$loginusername = 'username'; // Replace with the actual username
$current_user_data = get_user_by('login', $loginusername);

if ($current_user_data) {
$user_id = $current_user_data->ID;

// Log in as this user
wp_set_current_user($user_id, $loginusername);
wp_set_auth_cookie($user_id);
do_action('wp_login', $loginusername, $current_user_data);

// Redirect to the homepage after logging in
wp_redirect(site_url());
exit;
}

Explanation of the Code:

  1. Get user data: get_user_by('login', $loginusername) fetches user details based on the username.
  2. Check if user exists: If the user exists, retrieve their User ID.
  3. Set current user: wp_set_current_user() logs in the user.
  4. Authenticate user: wp_set_auth_cookie() sets the authentication cookie.
  5. Trigger login action: do_action('wp_login', $loginusername, $current_user_data) executes WordPress login hooks.
  6. Redirect user: wp_redirect(site_url()) redirects the user to the homepage.

Where to Use This Code?

  • functions.php – If you want auto-login under specific conditions.
  • Custom Plugin – If you need this functionality across different themes.
  • Custom Login Page – Implement inside a login page template.

Example: Trigger Auto Login on a Specific URL

You can trigger the auto-login by appending a query parameter to your website URL.

if (isset($_GET['autologin']) && $_GET['autologin'] == '1') {
$loginusername = 'username'; // Replace with dynamic username if needed
$current_user_data = get_user_by('login', $loginusername);

if ($current_user_data) {
$user_id = $current_user_data->ID;
wp_set_current_user($user_id, $loginusername);
wp_set_auth_cookie($user_id);
do_action('wp_login', $loginusername, $current_user_data);
wp_redirect(site_url('/dashboard')); // Redirect to a custom page
exit;
}
}

🔹 Now, visiting https://yourwebsite.com?autologin=1 will log in the predefined user.

SEO Considerations for Auto-Login

Auto-login can impact security and SEO if misused. Follow these best practices:
🛡️ Use Secure Authentication: Never expose login credentials in URLs.
🔑 Restrict Access: Only enable auto-login for trusted users or systems.
🔐 Use Encrypted Tokens: Instead of a static username, use a secure authentication token.

Secure Token-Based Auto-Login

For better security, replace the username with an encrypted token.

if (isset($_GET['token'])) {
$token = sanitize_text_field($_GET['token']);
$user_id = validate_token_and_get_user_id($token); // Custom function to validate token

if ($user_id) {
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id);
do_action('wp_login', $user_id);
wp_redirect(site_url('/dashboard'));
exit;
}
}

🔹 Use a custom function validate_token_and_get_user_id($token) to verify tokens securely.

Final Thoughts

Automatically logging in users enhances UX, reduces login friction, and improves integrations with external systems. However, ensure security by avoiding direct username-based logins in public URLs. Instead, use tokens, cookies, or OAuth for a secure auto-login system.