Application Passwords allows you to use the WordPress REST API and legacy XML-RPC API with generated per-application passwords, rather than building either an oAuth flow or passing your normal account password along with the request.
Generated application passwords only work for API requests, such as the REST API or XML-RPC API, and can not be used to log into the traditional wp-admin interface.
This is a spinoff of the main Two-Factor Authentication plugin, found at https://github.com/georgestephanis/two-factor/, and active development happens on GitHub: https://github.com/georgestephanis/application-passwords/
- Download the zip file.
- Log into WordPress, hover over Plugins, and click Add New.
- Click on the Upload Plugin button.
- Select the zip file you downloaded.
- Click Install Plugin.
Base64 encoding is UNSAFE method used by large number of naive application programmers hoping to „obscure“ the plain text password as it travels across the network. Base64 encoding lacks any form of cryptographic algorithm so it fails to protect sensitive information, as result Base64 vulnerability is the root of multiple security breaches. Both the user’s ID and password are completely exposed. Using Base64 is no more secure than converting a secret from English into French. Stupid or Careless programmers (as opposed to uneducated) still use Base64 in many networks and end-user applications with no regard as to the damage they created. Simply web search „base64 vulnerability“ to see how badly you wrecked the security using it. Cheers!
Currently using this plugin to authenticate with my website while using the Event Espresso 4 mobile apps, which uses the WP API to pull events into the apps.
Mitwirkende & Entwickler
„Application Passwords“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt.Mitwirkende