Login WordPress Users From Another App

As a developer who works on both WordPress websites in addition to completely custom web apps, I often run into occasions where it is desirable to use WordPress to serve all the pages and blog posts that may be related to the particular web app, to avoid having to create a custom CMS. WordPress doesn’t get all of its popularity from nowhere; It does what it is designed to do very well, so there is no sense in trying to make my own CMS for these apps. One undesirable aspect to using WordPress as a CMS and a custom app for everything else, is the requirement to log into both apps; one login for WordPress, another when it comes time to jump into the web app.

The Solution

Luckily, like most all of WordPress, there are all sorts of functions to accomplish whatever it is that you may need to do, and the documentation is phenomenal in most cases. The function that solves my particular problem is wp_set_auth_cookie(). For the complete documentation on this function, you can check out the WordPress Codex, but to state it simply, you pass this function a WordPress User ID and it sets the user’s cookie so that WordPress think they logged in, just as WordPress core does when a user logs in using a username and password. The next time that user tries to access an area of WordPress that requires logging in, there will already be an auth cookie set, so the user is not prompted to login again. Generally, I set the WordPress cookie when the user is logging in to the custom web app (after they have provided valid credentials, of course), but it could in theory be done at any point before the user tries to access any part of WordPress that requires them to log in.

Since the wp_set_auth_cookie function requires that you pass the WordPress user id when calling it, I generally save the WordPress user ID along with the other user information in the web app, so make sure this information is easily available. For most of my apps, I generally will create a WordPress user right after creating a user in the app, so that things remain in sync. The inverse is also possible, but I generally don’t have users registering on the WordPress side of things.

Example Implementation


function my_app_login() {

    // First, Verify username and password are valid

    if ( $is_valid_login ) {

        // WordPress core must be loaded in order to call any functions
        require_once '<path_to_wordpress>/wp-load.php';
        wp_set_auth_cookie( $user_id ); //



The above is a fairly simple simple example, but it should work just like that. Notice that the wp-load.php file has to be included before you can call any of the WordPress functions.

Things To Keep In Mind

For this to work, your custom app and WordPress install need to be on the same server. This requirement comes from the necessity to load WordPress core in order to call the wp_set_auth_cookie function. It’s also worth noting that by default, WordPress core fires the wp_login action, to which the username and user object are passed. If you have plugins that do things when users are logging in, you may also need to fire this action, or you may experience some differences in behavior when users log in directly versus logging in through the custom app.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>