Last Chance: Cyber Monday 40% OFF



Tackle WordPress weaknesses and fortify your website Learn more

Application Passwords are passwords to be used by automated processes like programs, service, other websites, scripts etc. They are not intended for and cannot be used by users to interactively login to your WordPress website. Application passwords can be used (as an alternative to the regular user password) to authenticate against the REST API or the legacy XML-RPC API. This can be usefull for the following reasons:

  • Preventing mandatory updates to scripts / services when the users changes their password. (the application password does not change when the user changes his/her password)
  • Having the ability to easily grant and revoke access to specific applications
  • Enabling mandatory two factor authentication or ReCaptcha on users accounts (Additional steps in the authentication process are incompatible with the REST API & XML-RPC API authentication)

Users can generate Application Passwords via their Profile page (Users -> Profile), via the WordPress Backend. By default, all user roles are able to create application passwords linked to their user account.

Generate Application passwords via the User Profile Page
Generate Application passwords via the User Profile Page

For sites that don’t utilize Application Passwords, Really Simple SSL offers the possibility to prevent the usage and further generation of Application Passwords. If you allow application passwords, be aware that changing a users standard password is not enough the disable their access to their account, they would still be able to access the REST API & XML-RPC API with their application passwords. (You would need to revoke those too).

Table of Contents

Peter Tak

Peter Tak

Security Officer at Really Simple Plugins

Read More

Advanced Security

Tackle WordPress weaknesses and fortify your website. New hardening features!


Want to know the in and outs of security jargon? Get to know our features.

Premium support will offer assistance in 24 hours. If you need help, or have any questions just contact our awesome support team/

Related articles