I’m working on a WordPress website and I need to create a separate PHP application that runs on a subdomain. The main challenge I’m facing is getting the logged-in user information from WordPress into my custom PHP app.
I attempted to load the WordPress core by including the wp-load.php file in my subdomain application and then tried this approach:
wp_get_current_user();
echo 'Welcome back ' . $user_data->user_login;
However, this method doesn’t seem to work at all. The user information just won’t show up.
What would be the best way to access WordPress authentication data from an external PHP script that’s hosted on the same server but different subdomain? I really need to identify which user is currently logged into the main WordPress site.
you could also hit the WordPress db directly from your subdomain app. i’ve done this by querying wp_usermeta for active sessions and matching them against browser data. more complex than cookies or APIs, but it works. just use the same db credentials and validate sessions properly.
This is a cookie domain issue. WordPress auth cookies get set for the main domain only - subdomains can’t access them by default. I hit this same problem building a custom dashboard on a subdomain. You need to share cookies across subdomains. Add this to your wp-config.php: define(‘COOKIE_DOMAIN’, ‘.yourdomain.com’); That leading dot is key - it lets all subdomains use the cookies. Users will need to log out and back in after you make this change. Once that’s done, wp_get_current_user() should work fine. Just double-check you’re including wp-load.php with the right path from your subdomain app. I’ve used this setup for 2+ years across multiple WordPress projects without issues.
Try using WordPress REST API with auth tokens instead of cookies. I had the same issue building a reporting tool on a different subdomain - cookies are unreliable across domains even when configured right. Create a custom endpoint on your main WordPress site that returns user data, then authenticate with application passwords or JWT tokens. Way more secure and doesn’t rely on cookie sharing. Just make AJAX calls from your subdomain to grab user info when you need it. REST API gives you better control over exposed data and works no matter how your domains are set up. Much easier to maintain than loading WordPress core files directly.