Application Passwords

Application Passwords

Wordpress plugin

Install on Wordpress

App Details

⚠️ IMPORTANT: This plugin has been merged into WordPress core version 5.6 and doesn’t have to be installed separately. View the integration guide →

Use Application Passwords to authenticate users without providing their passwords directly. Instead, a unique password is generated for each application without revealing the user’s main password. Application passwords can be revoked for each application individually.

Important: Application Passwords can be used only for authenticating API requests such as REST API and XML-RPC, and they won’t work for regular site logins.

Contribute

Creating Application Password Manually

  1. Go the User Profile page of the user that you want to generate a new application password for. To do so, click Users on the left side of the WordPress admin, then click on the user that you want to manage.
  2. Scroll down until you see the Application Passwords section. This is typically at the bottom of the page.
  3. Within the input field, type in a name for your new application password, then click Add New.
    Note: The application password name is only used to describe your password for easy management later. It will not affect your password in any way. Be descriptive, as it will lead to easier management if you ever need to change it later.
  4. Once the Add New button is clicked, your new application password will appear. Be sure to keep this somewhere safe, as it will not be displayed to you again. If you lose this password, it cannot be obtained again.

Two Factor Support

Application Passwords can be used together with the Two Factor plugin as long as you bypass the API acccess restrictions added by the Two Factor plugin. Those protections disable API requests with password authentication for users with Two Factor enabled.

Use the two_factor_user_api_login_enable filter to allow API requests authenticated using an application passwords:

add_filter( 'two_factor_user_api_login_enable', function( $enable ) { // Allow API login when using an application password even with 2fa enabled. if ( did_action( 'application_password_did_authenticate' ) ) { return true; } return $enable; } ); 

This is not required if the user associated with the application password doesn’t have any of the Two Factor methods enabled.

Requesting Password for Application

To request a password for your application, redirect users to:

https://example.com/wp-admin/admin.php?page=auth_app 

and use the following GET request parameters to specify:

  • app_name (required) – The human readable identifier for your app. This will be the name of the generated application password, so structure it like … “WordPress Mobile App on iPhone 12” for uniqueness between multiple versions. If omitted, the user will be required to provide an application name.
  • success_url (recommended) – The URL that you’d like the user to be sent to if they approve the connection. Two GET variables will be appended when they are passed back — user_login and password — these credentials can then be used for API calls. If the success_url variable is omitted, a password will be generated and displayed to the user, to manually enter into your application.
  • reject_url (optional) – If included, the user will get sent there if they reject the connection. If omitted, the user will be sent to the success_url, with ?success=false appended to the end. If the success_url is omitted, the user will be sent to their dashboard.

Testing an Application Password

We use curl to send HTTP requests to the API endpoints in the examples below.

WordPress REST API

Make a REST API call to update a post. Because you are performing a POST request, you will need to authorize the request using your newly created base64 encoded access token. If authorized correctly, you will see the post title update to “New Title.”

curl --user "USERNAME:APPLICATION_PASSWORD" -X POST -d "title=New Title" https://LOCALHOST/wp-json/wp/v2/posts/POST_ID 

When running this command, be sure to replace USERNAME and APPLICATION_PASSWORD with your credentials (curl takes care of base64 encoding and setting the Authorization header), LOCALHOST with the hostname of your WordPress installation, and POST_ID with the ID of the post that you want to edit.

XML-RPC

Unlike the WordPress REST API, XML-RPC does not require your username and password to be base64 encoded. Send an XML-RPC request to list all users:

curl -H 'Content-Type: text/xml' -d '<methodCall><methodName>wp.getUsers</methodName><params><param><value>1</value></param><param><value>USERNAME</value></param><param><value>PASSWORD</value></param></params></methodCall>' https://LOCALHOST/xmlrpc.php 

In the above example, replace USERNAME with your username, PASSWORD with your new application password, and LOCALHOST with the hostname of your WordPress installation. This should output a response containing all users on your site.

Plugin History

This is a feature plugin that is a spinoff of the main Two-Factor Authentication plugin.

Pricing

Starting from $0 per month.

Check Out the Device Mockup Widget

By Common Ninja

Device MockupTry For Free!

App Info

Rating

Reviewers

31 reviews

Tags

application-passwords
authentication
rest-api
security
xml-rpc

Developed By

George Stephanis

Quick & Easy

Find the Best Wordpress plugins for you

Common Ninja has a large selection of powerful Wordpress plugins that are easy to use, fully customizable, mobile-friendly and rich with features — so be sure to check them out!

Testimonial

Testimonial plugins for Wordpress

Galleries

Galleries plugins for Wordpress

SEO

SEO plugins for Wordpress

Contact Form

Contact Form plugins for Wordpress

Forms

Forms plugins for Wordpress

Social Feeds

Social Feeds plugins for Wordpress

Social Sharing

Social Sharing plugins for Wordpress

Events Calendar

Events Calendar plugins for Wordpress

Sliders

Sliders plugins for Wordpress

Analytics

Analytics plugins for Wordpress

Reviews

Reviews plugins for Wordpress

Comments

Comments plugins for Wordpress

Portfolio

Portfolio plugins for Wordpress

Maps

Maps plugins for Wordpress

Security

Security plugins for Wordpress

Translation

Translation plugins for Wordpress

Ads

Ads plugins for Wordpress

Video Player

Video Player plugins for Wordpress

Music Player

Music Player plugins for Wordpress

Backup

Backup plugins for Wordpress

Privacy

Privacy plugins for Wordpress

Optimize

Optimize plugins for Wordpress

Chat

Chat plugins for Wordpress

Countdown

Countdown plugins for Wordpress

Email Marketing

Email Marketing plugins for Wordpress

Tabs

Tabs plugins for Wordpress

Membership

Membership plugins for Wordpress

popup

popup plugins for Wordpress

SiteMap

SiteMap plugins for Wordpress

Payment

Payment plugins for Wordpress

Coming Soon

Coming Soon plugins for Wordpress

Ecommerce

Ecommerce plugins for Wordpress

Customer Support

Customer Support plugins for Wordpress

Inventory

Inventory plugins for Wordpress

Video Player

Video Player plugins for Wordpress

Testimonials

Testimonials plugins for Wordpress

Tabs

Tabs plugins for Wordpress

Social Sharing

Social Sharing plugins for Wordpress

Social Feeds

Social Feeds plugins for Wordpress

Slider

Slider plugins for Wordpress

Reviews

Reviews plugins for Wordpress

Portfolio

Portfolio plugins for Wordpress

Membership

Membership plugins for Wordpress

Forms

Forms plugins for Wordpress

Events Calendar

Events Calendar plugins for Wordpress

Contact

Contact plugins for Wordpress

Comments

Comments plugins for Wordpress

Analytics

Analytics plugins for Wordpress

Common Ninja Apps

Some of the best Common Ninja plugins for Wordpress

Browse our extensive collection of compatible plugins, and easily embed them on any website, blog, online store, e-commerce platform, or site builder.

Device Mockup for Wordpress logo

Device Mockup

Show products, apps, or designs inside a clean device mockup that improves visualization, builds credibility, and helps visitors make confident decisions.

X Feed for Wordpress logo

X Feed

Show posts in an X feed that keeps updates visible, improves content discovery, and helps visitors stay engaged with your latest activity.

Flip Cards for Wordpress logo

Flip Cards

Use flip cards to present information interactively, improve visual design, and guide visitors toward clearer decisions that support conversions.

Social Media Links for Wordpress logo

Social Media Links

Use social media links with sticky buttons that keep your profiles visible, boost engagement, and help promote your content more effectively across your site.

WordPress Feed for Wordpress logo

WordPress Feed

Show WordPress posts with a WordPress feed that keeps content fresh, improves navigation, and helps visitors discover more of your site.

Multi-Row Image Slider for Wordpress logo

Multi-Row Image Slider

Showcase visuals with a multi row image slider that displays images in layered rows, improves design, and helps visitors explore content more easily.

Team Member Flip Cards for Wordpress logo

Team Member Flip Cards

Show your team with interactive team member flip cards that build trust, support transparency, and help visitors connect with the people behind your brand.

Comments for Wordpress logo

Comments

Add a comments system with replies, voting, and moderation to boost engagement and build an active community on your site.

Payment Button for Wordpress logo

Payment Button

Use a payment button for secure PayPal or Stripe checkout to simplify online payments and help increase sales.

Flip Card Builder for Wordpress logo

Flip Card Builder

Add interactive two-sided cards with flip effects to present front and back content in a compact, engaging format.

Slide-In Panel for Wordpress logo

Slide-In Panel

Slide in panel that appears from the top or bottom to highlight offers, capture attention, and guide visitors toward more conversions.

Image Hotspot for Wordpress logo

Image Hotspot

Add interactive image hotspots to your site to turn static visuals into clickable guided experiences that improve engagement.

More plugins

plugins You Might Like

Discover Apps By Platform

Discover the best apps for your website

WordPress
Wix
Shopify
Weebly
Webflow
Joomla
PrestaShop
Shift4Shop
WebsiteX5
MODX
Opencart
NopCommerce

Common Ninja Search Engine

The Common Ninja Search Engine platform helps website builders find the best site widgets, apps, plugins, tools, add-ons, and extensions! Compatible with all major website building platforms - big or small - and updated regularly, our Search Engine tool provides you with the business tools your site needs!

Multiple platforms