WordPress Application Passwords

Ever since the 4.4 WordPress release laid down the scaffolding for the REST API there has been a need for easy user authentication.  Users needed to access the REST API without having to use their own admin login passwords as well as the ability to stop access with a specific password if it became compromised.  One such solution is the WordPress Application Passwords plugin.


WordPress Application passwords is an on-going open source project aimed at trying to make the user authentication process easier for the WordPress REST API.  With this plugin installed, as well as the WordPress REST API, you will be able to create multiple passwords for each user to access REST API endpoints on your site.  All of the features are listed below (as of 2/7/2016):

  • Creation of user application passwords
  • Revoke individual passwords
  • Revoke all passwords
  • View when each password was used last and from what IP

How Does This Help Me?

As WordPress becomes more and more like a Headless CMS, you will start to see third-party applications and services leveraging the WordPress infrastructure.  This means that more and more companies will be creating software that sits on top of WordPress and uses its REST API to perform all actions.  Since there are some private endpoints and functions within the REST API, some requests must be authenticated from by a user and this is where the WordPress Application Passwords plugin comes into play.  Like I said earlier this plugin will create a workflow for developers and site owners to mange their passwords used to access the WordPress REST API.

At the time of writing this post the plugin is going through the process of trying to get into core WordPress.  So please help out and contribute any little bit that you canned hopefully we will see this merged into core where so that everyone can benefit 🙂

Leave a Reply