WordPress is a great tool and you can hack all sorts of functionality into it, but have you ever thought about using it as a user authentication database for content on your server that is outside the realm of WordPress? Maybe a wiki or media server application that you only want your registered WordPress users to access.

There are some really awesome authentication tools built right into WordPress that you can use verify a username and password within your WordPress install. You can even look at that user’s specific capabilities to determine if they get access or not based on their role or capabilities.

In the following example, I use PHP’s ability to present the user with a basic HTTP authentication dialog box, and then it’s authenticated against the WordPress database.


Only thing I haven’t done is set a cookie that keeps them logged in across browser sessions.

This works great if you’ve got an application that has a rewrite to a single index.php file to serve everything, or else put it into a header file that gets served on every page (above any HTML output since it sends our HTTP headers).

And remember: this security is only as good as WordPress security–which is to say “not very secure” but it sure beats an internal non-password protected server that anyone could access simply by plugging into your physical network and browsing around.