How to Check if User is Logged In WordPress (PHP Function)

To check if a user is logged in to WordPress, use the built-in is_user_logged_in() function. It returns true for logged-in visitors and false for everyone else, so you can show, hide, or redirect content based on whether someone is signed in.

That single function handles most cases. The parts that trip people up are where you can safely call it and why it sometimes returns false on a cached page or over the REST API. This guide covers the function, the related user functions, and how to avoid those gotchas.

To use these snippets you’ll need to be comfortable with PHP. If you are editing a theme, we recommend creating a child theme first so your changes survive theme updates. You can also add the code with a custom plugin or the Code Snippets plugin.

Key Takeaways
  • is_user_logged_in() returns true for logged-in visitors and false for everyone else.
  • Only call it on the init hook or later. It returns false if called too early, because it lives in WordPress’ pluggable.php.
  • On cached pages, and on REST requests sent without a nonce, it can return false even for a logged-in user.
  • Use current_user_can() when access depends on a role or permission, not just on being logged in.
  • WordPress also adds a logged-in body class you can target with CSS, with no PHP required.

Check if a User is Logged In

Here’s an example using the is_user_logged_in() function to display a logout link for logged-in users and a login link for everyone else.

<?php
if ( is_user_logged_in() ) {
echo 'Welcome, logged in user. <a href="'.wp_logout_url().'">Click here to logout</a>.';
}else{
echo 'Please login by <a href="'.wp_login_url().'">clicking here</a>.'
}

You can use this in your theme’s functions.php to add functionality for logged-in users. It also works in your theme template files such as index.php, archive.php, and single.php.

One important rule: only call is_user_logged_in() inside a hook like init or later. The function lives in WordPress’ pluggable.php, which loads after plugins, so calling it too early (at the top of functions.php or on plugins_loaded) returns false even for a logged-in user.


Redirect Logged-Out Visitors to a Login Page

A common use is to lock a page so only logged-in users can see it. WordPress gives you two clean ways to do this.

Use auth_redirect() to send visitors to the default WordPress login screen and return them to the page afterward:

// Force login on a specific page
add_action( 'template_redirect', function () {
	if ( is_page( 'members' ) && ! is_user_logged_in() ) {
		auth_redirect(); // sends to wp-login, then back here
	}
} );

Or use wp_safe_redirect() when you want to send them to your own custom login page instead. Always follow it with exit;:

// Send logged-out visitors to a custom login page
add_action( 'template_redirect', function () {
	if ( is_page( 'members' ) && ! is_user_logged_in() ) {
		wp_safe_redirect( home_url( '/login/' ) );
		exit;
	}
} );

Check if the Current User is an Administrator

If you want to run code only for admins, use the current_user_can() function. Passing current_user_can('manage_options') in an if statement checks whether the current user has admin-level permissions.

<?php
if( current_user_can('administrator') ) {
echo 'This will display for WordPress admins only.';
};

You can also target a specific capability instead of a whole role.

This is useful if you have created custom roles on your site. There are plenty of WordPress capabilities to target in your if statement. For example, manage_options is good for targeting admins, while edit_posts is good for targeting editors.

<?php
if( current_user_can('manage_options') ) {
echo 'This user can manage WordPress options. (Settings Page)';
};

Other User Functions Worth Knowing

Depending on what you need, a few related functions are often a better fit than is_user_logged_in():

  • get_current_user_id() returns the current user’s ID, or 0 if nobody is logged in. It is the lightest-weight way to check for a logged-in user.
  • wp_get_current_user() returns the full WP_User object, so you can read the user’s name, email, roles, and more.
  • current_user_can( 'capability' ) checks what a user is allowed to do, not just whether they are logged in. Reach for this whenever access depends on a role or permission.

The key distinction: being logged in is not the same as being authorized. If an action should be limited to certain roles, use current_user_can() rather than a plain logged-in check.


Why is_user_logged_in() Returns False When You Don’t Expect It

If the function is returning false for a user you know is logged in, it is almost always one of these three causes:

  • It runs too early. As noted above, is_user_logged_in() is not available until the init hook. Calling it at the top of functions.php or on an early hook like plugins_loaded returns false. Wrap it in a hook.
  • The page is cached. Full-page caches (WP Rocket, LiteSpeed, NGINX, Cloudflare) serve a static HTML snapshot that was generated for a logged-out visitor, so any PHP branch behind is_user_logged_in() gets frozen into that page. Most cache plugins skip the cache for logged-in users automatically by detecting the login cookie, which is why members areas still work. For per-user content on a page that stays cached for everyone, handle it client-side instead (see the CSS method below) or with an uncached REST request.
  • A REST request has no nonce. Over the REST API, a logged-in browser session is only recognized if the request sends a valid nonce in the X-WP-Nonce header. Without it, WordPress treats the request as logged out and the function returns false.

Change Your Site’s Styling for Logged-In Users with CSS

If you don’t want to use PHP, you can change the styling of your site with CSS when a user is logged in. WordPress adds the class logged-in to the body tag whenever someone is signed in.

For example, the snippet below changes the background color of the site for logged-in users.

/* Change the background color for logged in users */
body.logged-in {
background-color: #BEBEBE
}

This logged-in body class is also the reliable way to show or hide member-only interface elements on cached pages, since it is read in the browser rather than baked into the cached HTML by PHP.


In addition to using is_user_logged_in() in your theme and functions.php, you can include it in a custom WordPress plugin for the same effect.

Picture of Andy Feliciotti

Andy Feliciotti

Andy has been a full time WordPress developer for over 15 years. Through his years of experience has built 100s of sites and learned plenty of tricks along the way. Found this article helpful? Buy Me A Coffee

9 Responses

  1. if( current_user_can('administrator') )

    is incorrect.

    current_user_can checks for a capability, not a role. For example:

    if( current_user_can('edit_posts') ) { }

    if( current_user_can('manage_options') ) { }

    Etc

    1. Thanks for the tip, I do agree that targeting a capability may be better but if you export the user’s capabilities using “get_userdata( get_current_user_id() )->allcaps” “administrator” is one of the ones assigned to an admin so the snippet works.

    1. You can use the code above in a PHP function to hide anything you want but if you aren’t too familiar with PHP using CSS might be easier. WordPress by default adds a class of “logged-in” to the body of the page so you can target an attribute for hiding using.
      body.logged-in .yourclassname {display:none!important};

  2. what if the user has logged in and is immediately directed to the landing page? If you haven’t logged in yet, you will be directed to the login page

    1. You could add a conditional statement and use the wp_redirect function to redirect. If your function is before html output it’ll instantly redirect. If it’s after html output (for example in body content of theme html) you can also try a javascript redirect but it’ll have a delay before moving the user. Hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Tips Monthly
Get the latest from SmartWP to your inbox.