WordPress Application Password

Application Passwords provide a secure way for external applications (like mobile apps, desktop clients, or other services) to authenticate with your WordPress site without needing your primary password. This feature was introduced in WordPress 5.6.

Here are the steps to generate one:

  1. Log in to your WordPress Dashboard: Go to your WordPress site’s login page (usually yourwebsite.com/wp-admin) and log in with the username and password for the user you want to create the application password for.
  2. Navigate to your Profile: In the left-hand administration menu, hover over “Users” and click on “Profile”.
  3. Scroll down to the “Application Passwords” section: On the Profile page, scroll down until you find the section titled “Application Passwords”.
    • Note: If you don’t see this section, it might mean your WordPress version is older than 5.6, or the feature has been disabled by a plugin or theme.
  4. Enter a New Application Password Name: In the field provided under the “Application Passwords” heading, enter a descriptive name for the application password. This name helps you remember which application or service this password is for (e.g., “Mobile App”, “Desktop Sync”, “Third-Party Service”).
  5. Click “Add New Application Password”: After entering the name, click the button labeled “Add New Application Password”.
  6. Copy the Generated Password: WordPress will immediately generate a long, unique password. This password will be displayed on the screen only once. It is crucial to copy this password immediately and store it securely. You will not be able to see it again after you leave or refresh the page.
  7. Use the Application Password: Provide this generated password (along with the username of the user you created it for) to the external application or service that needs to connect to your WordPress site.
  8. Manage Application Passwords (Optional): In the “Application Passwords” section, you will see a list of all generated application passwords for this user, along with the name you gave them and the last time they were used. You can revoke (delete) any application password at any time by clicking the “Revoke” button next to it. This immediately disables that password.

Remember to treat application passwords with the same level of security as your regular password. Only provide them to trusted applications and revoke them if they are no longer needed or if you suspect they have been compromised.