There are lots of plugins that you can use to password protect different parts of…
Passwords. It’s hard to remember all of them for every application you use. However, it can only become more challenging if you use only super-secure passwords that are long. And let’s face it, eliminate any possibility of learning them by the heart through mnemonics.
The task can get even more daunting when you need a password for each user on your WordPress site. Especially when it comes to REST API and XML-RPC procedures. But a plugin could help you take care of that if you know a bit of coding. Let us introduce you to Application Passwords.
What is Application Passwords?
Application Passwords is a simple WordPress plugin that has recently been integrated with the WordPress core. Also, vital information is that this plugin is a spin-off of the Two-Factor Authentication plugin. So if you’re using that one, you’d be glad to hear that Application Passwords has Two-Factor support.
However, if you’re not fully updated or want to see what integration could do for you, this is the review for you.
You can use this plugin to authenticate your users without giving out passwords directly. Instead, Application Passwords can generate a unique password for each application without revealing the user’s primary password. This application can also revoke all of the passwords created this way on an individual application basis.
But let’s not get things confused. This plugin does not work for regular site logins. It only works for authenticating API requests, mainly REST APIs and XML-RPCs. Furthermore, if you are not familiar with what these are, we will go through them roughly.
How Does It Work?
Creating the Password
After you install the plugin, you can set applications manually straight from the dashboard. To create an application password, All you have to do is navigate to “Users” and locate the user for whom you wish to create a new password. You can find the “Users” menu located on the left side of your WP admin on the main menu. Open the user’s profile and get ready to start.
The process is quite simple, and there’s not much fuss to process.
Once on the desired user profile, scroll down until you see the “Application Passwords” section. Usually, you can find it located on the button of the page, so scroll to the end, and there it’ll be.
Once the input field opens, type in a new for your application password. It’s good to be descriptive here, especially if you’re likely to have quite a few of these, as it will make management more manageable in the other process. The name is there just for you, and won’t affect the password itself, so don’t worry about it too much. However, it will help if you want to change it at some point as you’ll know which one you need to edit precisely.
The Password Pop-Up
When you click the “Add New” button, a pop-up will appear on your screen displaying your new password. Make sure to write it down and keep it somewhere else for safety, as this only shows up once and not again. So, make sure you don’t lose it. If you do, there is no way you can get it again through this plugin.
Also, to view the list of passwords you’ve created as well as potentially revoke them, you’ll have to consult the display table. This table will find its place under your profile. Here you’ll be able to monitor the usage and revoke any passwords you wish.
There is also a “Lat Used” column that tracks the usage of the password in question. However, it is only accurate within 24 hours. The main goal of creating usage tracking was so that WordPress wouldn’t be writing to the database on every usage, only if it’s a new day. However, this application is a handy feature as it can help you pinpoint the passwords that are no longer in use. Also, that way, you can safely revoke them.
You can also use Application Passwords in conjunction with the Two Factor plugin if you bypass the API restrictions put in place by the Two-Factor plugin. These protections disable API requests for users with two-factor authentication enabled.
The official WordPress listing comes with a full tutorial on making these two plugins work in unison with a bit of coding. So, if you have no idea what you’re doing with code and still wish to use both, it is not unsolvable. We’d strongly suggest you find someone who does to help you out. Read through the whole tutorial here.
Integration with WordPress
Considering this plugin got added to the core quite recently, you don’t have to install the plugin on its own. You can integrate it with WordPress and get over with it.
If you updated WordPress installation to the 5.6 version, it’s not recommended you install this plugin separately. There won’t be any bugs if you do, but there’s just no need for it. The same goes for those that had this plugin installed before updating. You don’t have to delete it, but at least deactivate it.
If you happen to be interested in its integration and want to know more about the process and what exactly to do, consult this detailed integration guide.
Costs, Caveats, Etc.
However, most WordPress users do not need to install it separately anymore.
Being recently included in the core, you can be sure that it is safe to use.
It’s pretty handy and can genuinely help out in user management. But, it is certainly not a must, at least not anymore.