Purpose

Handles authentication-related flows: login, logout, registration, password reset, and admin email confirmation.

Flow

• Loads WordPress via wp-load.php and enforces SSL if required.
• Determines the $action (login, logout, lostpassword, resetpass, register, etc.).
• Renders the login header/footer wrappers.
• Routes to the appropriate handler:
  • Login: validates credentials, calls wp_signon(), sets auth cookies, redirects.
  • Logout: calls wp_logout() and redirects.
  • Lost password: calls retrieve_password() and sends reset email.
  • Reset password: validates key, calls reset_password().
  • Register: calls register_new_user() (when enabled).
  • Admin email confirmation / user request confirmation.

Key functions called

• Login: validates credentials, calls wp_signon(), sets auth cookies, redirects.
• Logout: calls wp_logout() and redirects.
• Lost password: calls retrieve_password() and sends reset email.
• Reset password: validates key, calls reset_password().
• Register: calls register_new_user() (when enabled).
• Admin email confirmation / user request confirmation.

Hooks fired

• Login: validates credentials, calls wp_signon(), sets auth cookies, redirects.
• Logout: calls wp_logout() and redirects.
• Lost password: calls retrieve_password() and sends reset email.
• Reset password: validates key, calls reset_password().
• Register: calls register_new_user() (when enabled).
• Admin email confirmation / user request confirmation.