Location: PHPKode > scripts > Better WP Security > better-wp-security/inc/auth.php
<?php

if ( ! function_exists( 'wp_authenticate' ) ) {


	/**
	 * Replace WordPress built-in authentication function
	 * 
	 * Replaces WP authentication function to allow for logging
	 * login errors and removing messages if needed
	 *
	 * @param string $username user name
	 * @param string $password user submitted password
	 *
	 * @return object 	WordPress user object
	 *
	 */
	function wp_authenticate( $username, $password ) {
	
		global $bwps, $bwpsoptions;
		
		//if away mode is currently restricting login return to homepage
		if ( $bwps->checkaway() ) {
		
			wp_redirect( get_option( 'siteurl' ) );
			
		}
	
		$username = sanitize_user( $username );
		$password = trim( $password );
	
		$user = apply_filters( 'authenticate', null, $username, $password );
		
		//if they're locked out due to too many bad logins display an error
		if ( $bwpsoptions['ll_enabled'] == 1 && $bwps->checklock( $username ) ) {
		
			do_action( 'wp_login_failed', $username );
					
			return  new WP_Error( 'incorrect_password', __( '<strong>ERROR</strong>: We are sorry , your ability to login has been suspended due to too many recent failed login attempts. Please try again later.', $bwps->hook ) );
					
		}

		//if there is no valud user object
		if ( $user == null ) {
		
			if( $bwpsoptions['ll_enabled'] == 1 ) {
				$bwps->logevent( '1' );
			}
			$user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username or incorrect password.' ) );
			
		}

		$ignore_codes = array( 'empty_username', 'empty_password' );
		
		
		//log if bad logins
		if ( isset( $_POST['wp-submit'] ) && $bwpsoptions['ll_enabled'] == 1 && is_wp_error( $user ) ) {
		
			$bwps->logevent( '1', $username );
			
		} elseif ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
		
			if ( $bwpsoptions['ll_enabled'] == 1 ) {
				$bwps->logevent( '1', $username );
			}
			do_action( 'wp_login_failed', $username );
			
		}

		return $user; //returns user object or error message
		
	}
	
}
Return current item: Better WP Security