Function: sanitize_user

sanitize_user( string $username, boolean $strict )

Sanitizes a username, stripping out unsafe characters.

Removes tags, octets, entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, raw username (the username in the parameter), and the value of $strict as parameters for the \'sanitize_user' filter.


Name Type(s) Default Value Description
$username string

The username to be sanitized.

$strict boolean false

If set limits $username to specific characters. Default false.



The sanitized username, after passing through filters.

WordPress Developer Newsletter

Stay on top of the latest WordPress API changes, developer tool updates, security alerts and more.