To check if a user is logged in to WordPress, use the built-in is_user_logged_in() function. It returns true for logged-in visitors and false for everyone else, so you can show, hide, or redirect content based on whether someone is signed in.
That single function handles most cases. The parts that trip people up are where you can safely call it and why it sometimes returns false on a cached page or over the REST API. This guide covers the function, the related user functions, and how to avoid those gotchas.
To use these snippets you’ll need to be comfortable with PHP. If you are editing a theme, we recommend creating a child theme first so your changes survive theme updates. You can also add the code with a custom plugin or the Code Snippets plugin.
is_user_logged_in()returns true for logged-in visitors and false for everyone else.- Only call it on the
inithook or later. It returns false if called too early, because it lives in WordPress’ pluggable.php. - On cached pages, and on REST requests sent without a nonce, it can return false even for a logged-in user.
- Use
current_user_can()when access depends on a role or permission, not just on being logged in. - WordPress also adds a
logged-inbody class you can target with CSS, with no PHP required.
Check if a User is Logged In
Here’s an example using the is_user_logged_in() function to display a logout link for logged-in users and a login link for everyone else.
| <?php | |
| if ( is_user_logged_in() ) { | |
| echo 'Welcome, logged in user. <a href="'.wp_logout_url().'">Click here to logout</a>.'; | |
| }else{ | |
| echo 'Please login by <a href="'.wp_login_url().'">clicking here</a>.' | |
| } |
You can use this in your theme’s functions.php to add functionality for logged-in users. It also works in your theme template files such as index.php, archive.php, and single.php.
One important rule: only call is_user_logged_in() inside a hook like init or later. The function lives in WordPress’ pluggable.php, which loads after plugins, so calling it too early (at the top of functions.php or on plugins_loaded) returns false even for a logged-in user.
Redirect Logged-Out Visitors to a Login Page
A common use is to lock a page so only logged-in users can see it. WordPress gives you two clean ways to do this.
Use auth_redirect() to send visitors to the default WordPress login screen and return them to the page afterward:
// Force login on a specific page
add_action( 'template_redirect', function () {
if ( is_page( 'members' ) && ! is_user_logged_in() ) {
auth_redirect(); // sends to wp-login, then back here
}
} );
Or use wp_safe_redirect() when you want to send them to your own custom login page instead. Always follow it with exit;:
// Send logged-out visitors to a custom login page
add_action( 'template_redirect', function () {
if ( is_page( 'members' ) && ! is_user_logged_in() ) {
wp_safe_redirect( home_url( '/login/' ) );
exit;
}
} );
Check if the Current User is an Administrator
If you want to run code only for admins, use the current_user_can() function. Passing current_user_can('manage_options') in an if statement checks whether the current user has admin-level permissions.
| <?php | |
| if( current_user_can('administrator') ) { | |
| echo 'This will display for WordPress admins only.'; | |
| }; |
You can also target a specific capability instead of a whole role.
This is useful if you have created custom roles on your site. There are plenty of WordPress capabilities to target in your if statement. For example, manage_options is good for targeting admins, while edit_posts is good for targeting editors.
| <?php | |
| if( current_user_can('manage_options') ) { | |
| echo 'This user can manage WordPress options. (Settings Page)'; | |
| }; |
Other User Functions Worth Knowing
Depending on what you need, a few related functions are often a better fit than is_user_logged_in():
get_current_user_id()returns the current user’s ID, or0if nobody is logged in. It is the lightest-weight way to check for a logged-in user.wp_get_current_user()returns the fullWP_Userobject, so you can read the user’s name, email, roles, and more.current_user_can( 'capability' )checks what a user is allowed to do, not just whether they are logged in. Reach for this whenever access depends on a role or permission.
The key distinction: being logged in is not the same as being authorized. If an action should be limited to certain roles, use current_user_can() rather than a plain logged-in check.
Why is_user_logged_in() Returns False When You Don’t Expect It
If the function is returning false for a user you know is logged in, it is almost always one of these three causes:
- It runs too early. As noted above,
is_user_logged_in()is not available until theinithook. Calling it at the top of functions.php or on an early hook likeplugins_loadedreturnsfalse. Wrap it in a hook. - The page is cached. Full-page caches (WP Rocket, LiteSpeed, NGINX, Cloudflare) serve a static HTML snapshot that was generated for a logged-out visitor, so any PHP branch behind
is_user_logged_in()gets frozen into that page. Most cache plugins skip the cache for logged-in users automatically by detecting the login cookie, which is why members areas still work. For per-user content on a page that stays cached for everyone, handle it client-side instead (see the CSS method below) or with an uncached REST request. - A REST request has no nonce. Over the REST API, a logged-in browser session is only recognized if the request sends a valid nonce in the
X-WP-Nonceheader. Without it, WordPress treats the request as logged out and the function returnsfalse.
Change Your Site’s Styling for Logged-In Users with CSS
If you don’t want to use PHP, you can change the styling of your site with CSS when a user is logged in. WordPress adds the class logged-in to the body tag whenever someone is signed in.
For example, the snippet below changes the background color of the site for logged-in users.
| /* Change the background color for logged in users */ | |
| body.logged-in { | |
| background-color: #BEBEBE | |
| } |
This logged-in body class is also the reliable way to show or hide member-only interface elements on cached pages, since it is read in the browser rather than baked into the cached HTML by PHP.
In addition to using is_user_logged_in() in your theme and functions.php, you can include it in a custom WordPress plugin for the same effect.



9 Responses
if( current_user_can('administrator') )is incorrect.
current_user_can checks for a capability, not a role. For example:
if( current_user_can('edit_posts') ) { }if( current_user_can('manage_options') ) { }
Etc
Thanks for the tip, I do agree that targeting a capability may be better but if you export the user’s capabilities using “get_userdata( get_current_user_id() )->allcaps” “administrator” is one of the ones assigned to an admin so the snippet works.
how do i hide a certain page at the top of my header if a user is logged in and show it if they are logged out
You can use the code above in a PHP function to hide anything you want but if you aren’t too familiar with PHP using CSS might be easier. WordPress by default adds a class of “logged-in” to the body of the page so you can target an attribute for hiding using.
body.logged-in .yourclassname {display:none!important};how to check?
if($username != "username"){// my code
}
Let me know if this works
$currentusername = get_user_meta( wp_get_current_user()->ID, 'nickname', true );if($currentusername != "admin"){
echo "You are not Admin";
}
what if the user has logged in and is immediately directed to the landing page? If you haven’t logged in yet, you will be directed to the login page
You could add a conditional statement and use the wp_redirect function to redirect. If your function is before html output it’ll instantly redirect. If it’s after html output (for example in body content of theme html) you can also try a javascript redirect but it’ll have a delay before moving the user. Hope this helps!
here is the gist to adding class into the body tag for login and non login user
https://gist.github.com/raftaar1191/55fe297db0724e62883846b3ed31b543