Solution:
This is the code I use. Replace 1 == 1 with your conditions!
add_filter( 'authenticate', 'my_validate_login_form', 10, 3 );
function my_validate_login_form( $user, $username, $password ) {
/**
* If the username or password are not sent we do nothing (and return $user)
* This way we avoid errors to be shown before the user clicks the button to log in
*/
if ( ! isset( $username ) || '' == $username || ! isset( $password ) || '' == $password ) {
return $user;
}
// Check if the conditions are true and show an error and cancel further processing if they are
if ( 1 == 1 ) {
remove_action( 'authenticate', 'wp_authenticate_username_password', 20 );
remove_action( 'authenticate', 'wp_authenticate_email_password', 20 );
$user = new WP_Error( 'denied', '<strong>ERROR</strong>: My awesome error here.' );
return $user;
}
// Return $user to allow wordpress to check password and username
return $user;
}