Application Passwords


Application Passwords allows you to use the WordPress REST API and legacy XML-RPC API with generated per-application passwords, rather than building either an oAuth flow or passing your normal account password along with the request.

Generated application passwords only work for API requests, such as the REST API or XML-RPC API, and can not be used to log into the traditional wp-admin interface.

This is a spinoff of the main Two-Factor Authentication plugin, found at, and active development happens on GitHub:


  • In your user profile screen, by default it will just be a field to create a new Application Password.
  • After at least one Application Password for you account exists, you'll see a table displaying them, allowing you to view usage and revoke them as desired.


  1. Download the zip file.
  2. Log into WordPress, hover over Plugins, and click Add New.
  3. Click on the Upload Plugin button.
  4. Select the zip file you downloaded.
  5. Click Install Plugin.
  6. Activate.


100% Unsafe using Base64

Base64 encoding is UNSAFE method used by large number of naive application programmers hoping to „obscure“ the plain text password as it travels across the network. Base64 encoding lacks any form of cryptographic algorithm so it fails to protect sensitive information, as result Base64 vulnerability is the root of multiple security breaches. Both the user’s ID and password are completely exposed. Using Base64 is no more secure than converting a secret from English into French. Stupid or Careless programmers (as opposed to uneducated) still use Base64 in many networks and end-user applications with no regard as to the damage they created. Simply web search „base64 vulnerability“ to see how badly you wrecked the security using it. Cheers!

Lies alle 2 Rezensionen

Mitwirkende & Entwickler

„Application Passwords“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt.