云策 WordPress 开发者社区

函数文档

wp_insert_user()

查看官方原文 ↗
💡 云策文档标注

概述

wp_insert_user() 是 WordPress 核心函数,用于向数据库插入新用户或更新现有用户。它接受一个包含用户数据的数组、对象或 WP_User 对象作为参数,并返回新创建用户的 ID 或 WP_Error 对象。

关键要点

  • 函数主要用于创建或更新用户,通过 $userdata 参数传递用户信息,如 user_login、user_email、user_pass 等。
  • 当 $userdata 中包含 'ID' 字段时,函数执行更新操作;否则执行创建操作。
  • 创建新用户时,user_pass 字段是必需的,否则会触发警告并强制密码重置流程。
  • 更新现有用户时,user_pass 需要手动哈希处理(例如使用 wp_hash_password()),而创建新用户时密码会自动哈希。
  • 函数包含多个过滤器(如 pre_user_login、pre_user_email)和动作钩子(如 user_register、profile_update),允许开发者在用户创建或更新前后进行自定义操作。
  • 参数 $userdata 支持 meta_input 字段(自 5.9.0 版本起),用于添加自定义用户元数据。
  • 返回值为整数(用户 ID)或 WP_Error 对象,需检查返回值以处理错误情况。

代码示例

$userdata = array(
    'user_login' => 'login_name',
    'user_pass'  => 'password123',
    'user_email' => 'user@example.com',
    'role'       => 'subscriber'
);
$user_id = wp_insert_user( $userdata );
if ( ! is_wp_error( $user_id ) ) {
    echo "User created: " . $user_id;
}

注意事项

  • user_login 不能为空,且长度不能超过 60 个字符;user_nicename 长度不能超过 50 个字符。
  • user_url 长度限制为 100 个字符,超限可能导致错误。
  • role 字段应使用小写字符串,否则可能无效。
  • show_admin_bar_front 等字段接受字符串字面量(如 'true' 或 'false'),而非布尔值。
  • 在 Multisite 环境中,spam 字段仅用于标记用户为垃圾用户。
  • 使用 wp_slash() 对 $userdata 进行转义,以避免安全问题,特别是在密码包含特殊字符时。
📄 原文内容

Inserts a user into the database.

Description

Most of the $userdata array fields have filters associated with the values. Exceptions are ‘ID’, ‘rich_editing’, ‘syntax_highlighting’, ‘comment_shortcuts’, ‘admin_color’, ‘use_ssl’, ‘user_registered’, ‘user_activation_key’, ‘spam’, and ‘role’. The filters have the prefix ‘pre_user_’ followed by the field name. An example using ‘description’ would have the filter called ‘pre_user_description’ that can be hooked into.

Parameters

$userdataarray|object|WP_Userrequired
An array, object, or WP_User object of user data arguments.

  • ID int
    User ID. If supplied, the user will be updated.
  • user_pass string
    The plain-text user password for new users.
    Hashed password for existing users.
  • user_login string
    The user’s login username.
  • user_nicename string
    The URL-friendly user name.
  • user_url string
    The user URL.
  • user_email string
    The user email address.
  • display_name string
    The user’s display name.
    Default is the user’s username.
  • nickname string
    The user’s nickname.
    Default is the user’s username.
  • first_name string
    The user’s first name. For new users, will be used to build the first part of the user’s display name if $display_name is not specified.
  • last_name string
    The user’s last name. For new users, will be used to build the second part of the user’s display name if $display_name is not specified.
  • description string
    The user’s biographical description.
  • rich_editing string
    Whether to enable the rich-editor for the user.
    Accepts 'true' or 'false' as a string literal, not boolean. Default 'true'.
  • syntax_highlighting string
    Whether to enable the rich code editor for the user.
    Accepts 'true' or 'false' as a string literal, not boolean. Default 'true'.
  • comment_shortcuts string
    Whether to enable comment moderation keyboard shortcuts for the user. Accepts 'true' or 'false' as a string literal, not boolean. Default 'false'.
  • admin_color string
    Admin color scheme for the user. Default 'fresh'.
  • use_ssl bool
    Whether the user should always access the admin over https. Default false.
  • user_registered string
    Date the user registered in UTC. Format is ‘Y-m-d H:i:s’.
  • user_activation_key string
    Password reset key. Default empty.
  • spam bool
    Multisite only. Whether the user is marked as spam.
    Default false.
  • show_admin_bar_front string
    Whether to display the Admin Bar for the user on the site’s front end. Accepts 'true' or 'false' as a string literal, not boolean. Default 'true'.
  • role string
    User’s role.
  • locale string
    User’s locale. Default empty.
  • meta_input array
    Array of custom user meta values keyed by meta key.
    Default empty.

Return

int|WP_Error The newly created user’s ID or a WP_Error object if the user could not be created.

Source

function wp_insert_user( $userdata ) {
	global $wpdb;

	if ( $userdata instanceof stdClass ) {
		$userdata = get_object_vars( $userdata );
	} elseif ( $userdata instanceof WP_User ) {
		$userdata = $userdata->to_array();
	}

	// Are we updating or creating?
	if ( ! empty( $userdata['ID'] ) ) {
		$user_id       = (int) $userdata['ID'];
		$update        = true;
		$old_user_data = get_userdata( $user_id );

		if ( ! $old_user_data ) {
			return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) );
		}

		// Slash current user email to compare it later with slashed new user email.
		$old_user_data->user_email = wp_slash( $old_user_data->user_email );

		// Hashed in wp_update_user(), plaintext if called directly.
		$user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
	} else {
		$update = false;

		if ( empty( $userdata['user_pass'] ) ) {
			wp_trigger_error(
				__FUNCTION__,
				__( 'The user_pass field is required when creating a new user. The user will need to reset their password before logging in.' ),
				E_USER_WARNING
			);

			// Set the password as an empty string to force the password reset flow.
			$userdata['user_pass'] = '';
		}

		// Hash the password.
		$user_pass = wp_hash_password( $userdata['user_pass'] );
	}

	$sanitized_user_login = sanitize_user( $userdata['user_login'], true );

	/**
	 * Filters a username after it has been sanitized.
	 *
	 * This filter is called before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $sanitized_user_login Username after it has been sanitized.
	 */
	$pre_user_login = apply_filters( 'pre_user_login', $sanitized_user_login );

	// Remove any non-printable chars from the login string to see if we have ended up with an empty username.
	$user_login = trim( $pre_user_login );

	// user_login must be between 0 and 60 characters.
	if ( empty( $user_login ) ) {
		return new WP_Error( 'empty_user_login', __( 'Cannot create a user with an empty login name.' ) );
	} elseif ( mb_strlen( $user_login ) > 60 ) {
		return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) );
	}

	if ( ! $update && username_exists( $user_login ) ) {
		return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
	}

	/**
	 * Filters the list of disallowed usernames.
	 *
	 * @since 4.4.0
	 *
	 * @param array $usernames Array of disallowed usernames.
	 */
	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );

	if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) {
		return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) );
	}

	/*
	 * If a nicename is provided, remove unsafe user characters before using it.
	 * Otherwise build a nicename from the user_login.
	 */
	if ( ! empty( $userdata['user_nicename'] ) ) {
		$user_nicename = sanitize_user( $userdata['user_nicename'], true );
	} else {
		$user_nicename = mb_substr( $user_login, 0, 50 );
	}

	$user_nicename = sanitize_title( $user_nicename );

	/**
	 * Filters a user's nicename before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $user_nicename The user's nicename.
	 */
	$user_nicename = apply_filters( 'pre_user_nicename', $user_nicename );

	// Check if the sanitized nicename is empty.
	if ( empty( $user_nicename ) ) {
		return new WP_Error( 'empty_user_nicename', __( 'Cannot create a user with an empty nicename.' ) );
	} elseif ( mb_strlen( $user_nicename ) > 50 ) {
		return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) );
	}

	$user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login ) );

	if ( $user_nicename_check ) {
		$suffix = 2;
		while ( $user_nicename_check ) {
			// user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix.
			$base_length         = 49 - mb_strlen( $suffix );
			$alt_user_nicename   = mb_substr( $user_nicename, 0, $base_length ) . "-$suffix";
			$user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $alt_user_nicename, $user_login ) );
			++$suffix;
		}
		$user_nicename = $alt_user_nicename;
	}

	$raw_user_email = empty( $userdata['user_email'] ) ? '' : $userdata['user_email'];

	/**
	 * Filters a user's email before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $raw_user_email The user's email.
	 */
	$user_email = apply_filters( 'pre_user_email', $raw_user_email );

	/*
	 * If there is no update, just check for `email_exists`. If there is an update,
	 * check if current email and new email are the same, and check `email_exists`
	 * accordingly.
	 */
	if ( ( ! $update || ( ! empty( $old_user_data ) && 0 !== strcasecmp( $user_email, $old_user_data->user_email ) ) )
		&& ! defined( 'WP_IMPORTING' )
		&& email_exists( $user_email )
	) {
		return new WP_Error( 'existing_user_email', __( 'Sorry, that email address is already used!' ) );
	}

	$raw_user_url = empty( $userdata['user_url'] ) ? '' : $userdata['user_url'];

	/**
	 * Filters a user's URL before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $raw_user_url The user's URL.
	 */
	$user_url = apply_filters( 'pre_user_url', $raw_user_url );

	if ( mb_strlen( $user_url ) > 100 ) {
		return new WP_Error( 'user_url_too_long', __( 'User URL may not be longer than 100 characters.' ) );
	}

	$user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered'];

	$user_activation_key = empty( $userdata['user_activation_key'] ) ? '' : $userdata['user_activation_key'];

	if ( ! empty( $userdata['spam'] ) && ! is_multisite() ) {
		return new WP_Error( 'no_spam', __( 'Sorry, marking a user as spam is only supported on Multisite.' ) );
	}

	$spam = empty( $userdata['spam'] ) ? 0 : (bool) $userdata['spam'];

	// Store values to save in user meta.
	$meta = array();

	$nickname = empty( $userdata['nickname'] ) ? $user_login : $userdata['nickname'];

	/**
	 * Filters a user's nickname before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $nickname The user's nickname.
	 */
	$meta['nickname'] = apply_filters( 'pre_user_nickname', $nickname );

	$first_name = empty( $userdata['first_name'] ) ? '' : $userdata['first_name'];

	/**
	 * Filters a user's first name before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $first_name The user's first name.
	 */
	$meta['first_name'] = apply_filters( 'pre_user_first_name', $first_name );

	$last_name = empty( $userdata['last_name'] ) ? '' : $userdata['last_name'];

	/**
	 * Filters a user's last name before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $last_name The user's last name.
	 */
	$meta['last_name'] = apply_filters( 'pre_user_last_name', $last_name );

	if ( empty( $userdata['display_name'] ) ) {
		if ( $update ) {
			$display_name = $user_login;
		} elseif ( $meta['first_name'] && $meta['last_name'] ) {
			$display_name = sprintf(
				/* translators: 1: User's first name, 2: Last name. */
				_x( '%1$s %2$s', 'Display name based on first name and last name' ),
				$meta['first_name'],
				$meta['last_name']
			);
		} elseif ( $meta['first_name'] ) {
			$display_name = $meta['first_name'];
		} elseif ( $meta['last_name'] ) {
			$display_name = $meta['last_name'];
		} else {
			$display_name = $user_login;
		}
	} else {
		$display_name = $userdata['display_name'];
	}

	/**
	 * Filters a user's display name before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $display_name The user's display name.
	 */
	$display_name = apply_filters( 'pre_user_display_name', $display_name );

	$description = empty( $userdata['description'] ) ? '' : $userdata['description'];

	/**
	 * Filters a user's description before the user is created or updated.
	 *
	 * @since 2.0.3
	 *
	 * @param string $description The user's description.
	 */
	$meta['description'] = apply_filters( 'pre_user_description', $description );

	$meta['rich_editing'] = empty( $userdata['rich_editing'] ) ? 'true' : $userdata['rich_editing'];

	$meta['syntax_highlighting'] = empty( $userdata['syntax_highlighting'] ) ? 'true' : $userdata['syntax_highlighting'];

	$meta['comment_shortcuts'] = empty( $userdata['comment_shortcuts'] ) || 'false' === $userdata['comment_shortcuts'] ? 'false' : 'true';

	$admin_color         = empty( $userdata['admin_color'] ) ? 'fresh' : $userdata['admin_color'];
	$meta['admin_color'] = preg_replace( '|[^a-z0-9 _.-@]|i', '', $admin_color );

	$meta['use_ssl'] = empty( $userdata['use_ssl'] ) ? '0' : '1';

	$meta['show_admin_bar_front'] = empty( $userdata['show_admin_bar_front'] ) ? 'true' : $userdata['show_admin_bar_front'];

	$meta['locale'] = isset( $userdata['locale'] ) ? $userdata['locale'] : '';

	$compacted = compact( 'user_pass', 'user_nicename', 'user_email', 'user_url', 'user_registered', 'user_activation_key', 'display_name' );
	$data      = wp_unslash( $compacted );

	if ( ! $update ) {
		$data = $data + compact( 'user_login' );
	}

	if ( is_multisite() ) {
		$data = $data + compact( 'spam' );
	}

	/**
	 * Filters user data before the record is created or updated.
	 *
	 * It only includes data in the users table, not any user metadata.
	 *
	 * @since 4.9.0
	 * @since 5.8.0 The `$userdata` parameter was added.
	 * @since 6.8.0 The user's password is now hashed using bcrypt by default instead of phpass.
	 *
	 * @param array    $data {
	 *     Values and keys for the user.
	 *
	 *     @type string $user_login      The user's login. Only included if $update == false
	 *     @type string $user_pass       The user's password.
	 *     @type string $user_email      The user's email.
	 *     @type string $user_url        The user's url.
	 *     @type string $user_nicename   The user's nice name. Defaults to a URL-safe version of user's login.
	 *     @type string $display_name    The user's display name.
	 *     @type string $user_registered MySQL timestamp describing the moment when the user registered. Defaults to
	 *                                   the current UTC timestamp.
	 * }
	 * @param bool     $update   Whether the user is being updated rather than created.
	 * @param int|null $user_id  ID of the user to be updated, or NULL if the user is being created.
	 * @param array    $userdata The raw array of data passed to wp_insert_user().
	 */
	$data = apply_filters( 'wp_pre_insert_user_data', $data, $update, ( $update ? $user_id : null ), $userdata );

	if ( empty( $data ) || ! is_array( $data ) ) {
		return new WP_Error( 'empty_data', __( 'Not enough data to create this user.' ) );
	}

	if ( $update ) {
		if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) {
			$data['user_activation_key'] = '';
		}
		$wpdb->update( $wpdb->users, $data, array( 'ID' => $user_id ) );
	} else {
		$wpdb->insert( $wpdb->users, $data );
		$user_id = (int) $wpdb->insert_id;
	}

	$user = new WP_User( $user_id );

	if ( ! $update ) {
		/** This action is documented in wp-includes/pluggable.php */
		do_action( 'wp_set_password', $userdata['user_pass'], $user_id, $user );
	}

	/**
	 * Filters a user's meta values and keys immediately after the user is created or updated
	 * and before any user meta is inserted or updated.
	 *
	 * Does not include contact methods. These are added using `wp_get_user_contact_methods( $user )`.
	 *
	 * For custom meta fields, see the 'insert_custom_user_meta' filter.
	 *
	 * @since 4.4.0
	 * @since 5.8.0 The `$userdata` parameter was added.
	 *
	 * @param array $meta {
	 *     Default meta values and keys for the user.
	 *
	 *     @type string   $nickname             The user's nickname. Default is the user's username.
	 *     @type string   $first_name           The user's first name.
	 *     @type string   $last_name            The user's last name.
	 *     @type string   $description          The user's description.
	 *     @type string   $rich_editing         Whether to enable the rich-editor for the user. Default 'true'.
	 *     @type string   $syntax_highlighting  Whether to enable the rich code editor for the user. Default 'true'.
	 *     @type string   $comment_shortcuts    Whether to enable keyboard shortcuts for the user. Default 'false'.
	 *     @type string   $admin_color          The color scheme for a user's admin screen. Default 'fresh'.
	 *     @type int|bool $use_ssl              Whether to force SSL on the user's admin area. 0|false if SSL
	 *                                          is not forced.
	 *     @type string   $show_admin_bar_front Whether to show the admin bar on the front end for the user.
	 *                                          Default 'true'.
	 *     @type string   $locale               User's locale. Default empty.
	 * }
	 * @param WP_User $user     User object.
	 * @param bool    $update   Whether the user is being updated rather than created.
	 * @param array   $userdata The raw array of data passed to wp_insert_user().
	 */
	$meta = apply_filters( 'insert_user_meta', $meta, $user, $update, $userdata );

	$custom_meta = array();
	if ( array_key_exists( 'meta_input', $userdata ) && is_array( $userdata['meta_input'] ) && ! empty( $userdata['meta_input'] ) ) {
		$custom_meta = $userdata['meta_input'];
	}

	/**
	 * Filters a user's custom meta values and keys immediately after the user is created or updated
	 * and before any user meta is inserted or updated.
	 *
	 * For non-custom meta fields, see the 'insert_user_meta' filter.
	 *
	 * @since 5.9.0
	 *
	 * @param array   $custom_meta Array of custom user meta values keyed by meta key.
	 * @param WP_User $user        User object.
	 * @param bool    $update      Whether the user is being updated rather than created.
	 * @param array   $userdata    The raw array of data passed to wp_insert_user().
	 */
	$custom_meta = apply_filters( 'insert_custom_user_meta', $custom_meta, $user, $update, $userdata );

	$meta = array_merge( $meta, $custom_meta );

	if ( $update ) {
		// Update user meta.
		foreach ( $meta as $key => $value ) {
			update_user_meta( $user_id, $key, $value );
		}
	} else {
		// Add user meta.
		foreach ( $meta as $key => $value ) {
			add_user_meta( $user_id, $key, $value );
		}
	}

	foreach ( wp_get_user_contact_methods( $user ) as $key => $value ) {
		if ( isset( $userdata[ $key ] ) ) {
			update_user_meta( $user_id, $key, $userdata[ $key ] );
		}
	}

	if ( isset( $userdata['role'] ) ) {
		$user->set_role( $userdata['role'] );
	} elseif ( ! $update ) {
		$user->set_role( get_option( 'default_role' ) );
	}

	clean_user_cache( $user_id );

	if ( $update ) {
		/**
		 * Fires immediately after an existing user is updated.
		 *
		 * @since 2.0.0
		 * @since 5.8.0 The `$userdata` parameter was added.
		 *
		 * @param int     $user_id       User ID.
		 * @param WP_User $old_user_data Object containing user's data prior to update.
		 * @param array   $userdata      The raw array of data passed to wp_insert_user().
		 */
		do_action( 'profile_update', $user_id, $old_user_data, $userdata );

		if ( isset( $userdata['spam'] ) && $userdata['spam'] !== $old_user_data->spam ) {
			if ( '1' === $userdata['spam'] ) {
				/**
				 * Fires after the user is marked as a SPAM user.
				 *
				 * @since 3.0.0
				 *
				 * @param int $user_id ID of the user marked as SPAM.
				 */
				do_action( 'make_spam_user', $user_id );
			} else {
				/**
				 * Fires after the user is marked as a HAM user. Opposite of SPAM.
				 *
				 * @since 3.0.0
				 *
				 * @param int $user_id ID of the user marked as HAM.
				 */
				do_action( 'make_ham_user', $user_id );
			}
		}
	} else {
		/**
		 * Fires immediately after a new user is registered.
		 *
		 * @since 1.5.0
		 * @since 5.8.0 The `$userdata` parameter was added.
		 *
		 * @param int   $user_id  User ID.
		 * @param array $userdata The raw array of data passed to wp_insert_user().
		 */
		do_action( 'user_register', $user_id, $userdata );
	}

	return $user_id;
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘illegal_user_logins’, array $usernames )

Filters the list of disallowed usernames.

apply_filters( ‘insert_custom_user_meta’, array $custom_meta, WP_User $user, bool $update, array $userdata )

Filters a user’s custom meta values and keys immediately after the user is created or updated and before any user meta is inserted or updated.

apply_filters( ‘insert_user_meta’, array $meta, WP_User $user, bool $update, array $userdata )

Filters a user’s meta values and keys immediately after the user is created or updated and before any user meta is inserted or updated.

do_action( ‘make_ham_user’, int $user_id )

Fires after the user is marked as a HAM user. Opposite of SPAM.

do_action( ‘make_spam_user’, int $user_id )

Fires after the user is marked as a SPAM user.

apply_filters( ‘pre_user_description’, string $description )

Filters a user’s description before the user is created or updated.

apply_filters( ‘pre_user_display_name’, string $display_name )

Filters a user’s display name before the user is created or updated.

apply_filters( ‘pre_user_email’, string $raw_user_email )

Filters a user’s email before the user is created or updated.

apply_filters( ‘pre_user_first_name’, string $first_name )

Filters a user’s first name before the user is created or updated.

apply_filters( ‘pre_user_last_name’, string $last_name )

Filters a user’s last name before the user is created or updated.

apply_filters( ‘pre_user_login’, string $sanitized_user_login )

Filters a username after it has been sanitized.

apply_filters( ‘pre_user_nicename’, string $user_nicename )

Filters a user’s nicename before the user is created or updated.

apply_filters( ‘pre_user_nickname’, string $nickname )

Filters a user’s nickname before the user is created or updated.

apply_filters( ‘pre_user_url’, string $raw_user_url )

Filters a user’s URL before the user is created or updated.

do_action( ‘profile_update’, int $user_id, WP_User $old_user_data, array $userdata )

Fires immediately after an existing user is updated.

do_action( ‘user_register’, int $user_id, array $userdata )

Fires immediately after a new user is registered.

apply_filters( ‘wp_pre_insert_user_data’, array $data, bool $update, int|null $user_id, array $userdata )

Filters user data before the record is created or updated.

do_action( ‘wp_set_password’, string $password, int $user_id, WP_User $old_user_data )

Fires after the user password is set.

Uses Description
wp_trigger_error()wp-includes/functions.php

Generates a user-level error/warning/notice/deprecation message.
WP_User::__construct()wp-includes/class-wp-user.php

Constructor.
sanitize_user()wp-includes/formatting.php

Sanitizes a username, stripping out unsafe characters.
sanitize_title()wp-includes/formatting.php

Sanitizes a string into a slug, which can be used in URLs or HTML attributes.
wp_hash_password()wp-includes/pluggable.php

Creates a hash of a plain text password.
wp_get_user_contact_methods()wp-includes/user.php

Sets up the user contact methods.
username_exists()wp-includes/user.php

Determines whether the given username exists.
email_exists()wp-includes/user.php

Determines whether the given email exists.
clean_user_cache()wp-includes/user.php

Cleans all user caches.
update_user_meta()wp-includes/user.php

Updates user meta field based on user ID.
add_user_meta()wp-includes/user.php

Adds meta data to a user.
wpdb::update()wp-includes/class-wpdb.php

Updates a row in the table.
wpdb::insert()wp-includes/class-wpdb.php

Inserts a row into the table.
__()wp-includes/l10n.php

Retrieves the translation of $text.
_x()wp-includes/l10n.php

Retrieves translated string with gettext context.
wp_slash()wp-includes/formatting.php

Adds slashes to a string or recursively adds slashes to strings within an array.
wp_unslash()wp-includes/formatting.php

Removes slashes from a string or recursively removes slashes from strings within an array.
get_userdata()wp-includes/pluggable.php

Retrieves user info by user ID.
is_multisite()wp-includes/load.php

Determines whether Multisite is enabled.
apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.
do_action()wp-includes/plugin.php

Calls the callback functions that have been added to an action hook.
get_option()wp-includes/option.php

Retrieves an option value based on an option name.
wpdb::get_var()wp-includes/class-wpdb.php

Retrieves one value from the database.
wpdb::prepare()wp-includes/class-wpdb.php

Prepares a SQL query for safe execution.
WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 20 moreShow less

Used by Description
WP_REST_Users_Controller::create_item()wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

Creates a single user.
edit_user()wp-admin/includes/user.php

Edit user settings based on contents of $_POST
wp_update_user()wp-includes/user.php

Updates a user in the database.
wp_create_user()wp-includes/user.php

Provides a simpler way of inserting a user into the database.

Changelog

Version Description
5.9.0 The meta_input field can be passed to $userdata to allow addition of user meta data.
5.3.0 The spam field can be passed to $userdata (Multisite only).
4.7.0 The locale field can be passed to $userdata.
3.6.0 The aim, jabber, and yim fields were removed as default user contact methods for new installations. See wp_get_user_contact_methods() .
2.0.0 Introduced.

User Contributed Notes

  1. Skip to note 11 content


    Brent Leavitt


    You must log in to vote on the helpfulness of this noteVote results for this note: 13You must log in to vote on the helpfulness of this note

    The wp_insert_user function requires an array (or object) of user data to create the user. The full array version of $userdata is as follows: 

    $userdata = array(
	'ID' 					=> 0, 	//(int) User ID. If supplied, the user will be updated.
	'user_pass'				=> '', 	//(string) The plain-text user password.
	'user_login' 			=> '', 	//(string) The user's login username.
	'user_nicename' 		=> '', 	//(string) The URL-friendly user name.
	'user_url' 				=> '', 	//(string) The user URL.
	'user_email' 			=> '', 	//(string) The user email address.
	'display_name' 			=> '', 	//(string) The user's display name. Default is the user's username.
	'nickname' 				=> '', 	//(string) The user's nickname. Default is the user's username.
	'first_name' 			=> '', 	//(string) The user's first name. For new users, will be used to build the first part of the user's display name if $display_name is not specified.
	'last_name' 			=> '', 	//(string) The user's last name. For new users, will be used to build the second part of the user's display name if $display_name is not specified.
	'description' 			=> '', 	//(string) The user's biographical description.
	'rich_editing' 			=> '', 	//(string|bool) Whether to enable the rich-editor for the user. False if not empty.
	'syntax_highlighting' 	=> '', 	//(string|bool) Whether to enable the rich code editor for the user. False if not empty.
	'comment_shortcuts' 	=> '', 	//(string|bool) Whether to enable comment moderation keyboard shortcuts for the user. Default false.
	'admin_color' 			=> '', 	//(string) Admin color scheme for the user. Default 'fresh'.
	'use_ssl' 				=> '', 	//(bool) Whether the user should always access the admin over https. Default false.
	'user_registered' 		=> '', 	//(string) Date the user registered. Format is 'Y-m-d H:i:s'.
	'show_admin_bar_front' 	=> '', 	//(string|bool) Whether to display the Admin Bar for the user on the site's front end. Default true.
	'role' 					=> '', 	//(string) User's role.
	'locale' 				=> '', 	//(string) User's locale. Default empty.

);

  2. Skip to note 12 content


    Ivan Shulev


    You must log in to vote on the helpfulness of this noteVote results for this note: 7You must log in to vote on the helpfulness of this note

    Example

    Below is an example showing how to insert a new user with the website profile field filled.

    $website = "<a href="http://example.com&quot" rel="nofollow ugc">http://example.com"</a>;;
$userdata = array(
    'user_login' =>  'login_name',
    'user_url'   =>  $website,
    'user_pass'  =>  NULL // When creating an user, `user_pass` is expected.
);

$user_id = wp_insert_user( $userdata ) ;

// On success.
if ( ! is_wp_error( $user_id ) ) {
    echo "User created : ". $user_id;
}

  5. Skip to note 15 content


    Joe Nuts


    You must log in to vote on the helpfulness of this noteVote results for this note: 5You must log in to vote on the helpfulness of this note

    My man Gregory got 10 downvotes because he used the inappropriate function to hash a password but I feel like people might have missed his point about the password needing to be hashed manually when updating a user using wp_insert_user() instead of wp_update_user().

    “Hashed in wp_update_user() , plaintext if called directly.” – line 1760.

    So the correct usage would be smth like:

    $existing_user_id = wp_insert_user( array(

	/**
     * The existing user id
     */
    'ID' 		 =>  $existing_user_id,

    /**
     * I think you need to supply the user login though i'm not too sure,
     * When i tried this without passing in user_login it gave me errors idk why
     * User login won't change tho as usernames in wordpress are permanent
     */
    'user_login' =>  $user_login,

    /**
     * Hash the new password when updating an existing user using built in hashing function
     */
    'user_pass'  =>  wp_hash_password( $new_password ),

) ) ;

  6. Skip to note 16 content


    DVHOST_CLOUD


    You must log in to vote on the helpfulness of this noteVote results for this note: 2You must log in to vote on the helpfulness of this note

    Below is an example showing how to insert a new user.

    $data = array(
    'user_login'           => 'login_name', // the user's login username.
    'user_pass'	           => 'login_password', // not necessary to hash password ( The plain-text user password ).
    'show_admin_bar_front' => false // display the Admin Bar for the user 'true' or 'false'
);
 
$user_id = wp_insert_user( $data );
 
if ( ! is_wp_error( $user_id ) ) {
	
    echo "User ID : ". $user_id;
	
}

  7. Skip to note 17 content


    serge.k


    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note

    $userdata must be escaped. You will not be able to login to account created this way:

    $userdata = array(
	'user_login' => 'test',
	'user_pass' => "123'456",
	'user_email' => 'test@example.com',
);
wp_insert_user( $userdata );

    here is the correct code:

    wp_insert_user( wp_slash( $userdata ) );

    P.S. Tested on WP 5.5.3

  8. Skip to note 18 content


    Anonymous User


    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note

    user_login can’t be empty
    When I typed 

            $userdata = array(
            'user_email'            => $email,   
            'first_name'            => $fname,  
            'last_name'             => $lname,  
            'role'                  => 'subscriber',
        );

    the function returned
    WP_Error Object ( [errors] => Array ( [empty_user_login] => Array ( [0] => Cannot create a user with an empty login name. ) ) [error_data] => Array ( ) [additional_data:protected] => Array ( ) )

  10. Skip to note 20 content


    gioni


    You must log in to vote on the helpfulness of this noteVote results for this note: -11You must log in to vote on the helpfulness of this note

    If you decided to use wp_insert_user() for updating existing users, you have to encode password with md5 function. Probably this is a bug.

    // Tested with version WP 4.5
$userdata = array(
	'ID' => $user_id, // ID of existing user
	'user_login' =>  'login_name',
	'user_pass'  =>  md5($new_password) // no plain password here!
); 

$user_id = wp_insert_user( $userdata ) ;