-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #16 from angelxmoreno/docs/application-password
created Application password article
- Loading branch information
Showing
7 changed files
with
65 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # WordPress Application Passwords | ||
|
|
||
| ## What are Application Passwords | ||
|
|
||
| WordPress Application Passwords are a valuable feature that enhances the security of your website while simplifying the | ||
| process of connecting third-party services. Available for WordPress sites running version 5.6 or higher, Application | ||
| Passwords empower users to generate unique and dedicated passwords specifically for integrating external applications. | ||
|
|
||
| By implementing Application Passwords, WordPress provides an additional layer of security by ensuring that users don't | ||
| need to share their main account credentials with external services. This means that even if one of the application | ||
| passwords is compromised, the potential impact is limited to that specific service or application. It greatly reduces | ||
| the risk of unauthorized access to the main account and safeguards sensitive data. | ||
|
|
||
| Generating application passwords is a straightforward process, conveniently accessible from the Edit Profile screen. | ||
| Users can easily create and manage their application passwords without the need for complex configurations or external | ||
| plugins. This built-in functionality streamlines the integration of third-party services and allows users to maintain | ||
| granular control over the permissions granted to each application. | ||
|
|
||
| With WordPress Application Passwords, website owners and administrators can confidently expand the functionality of | ||
| their sites by seamlessly connecting with trusted external services, such as mobile apps, plugins, or custom-developed | ||
| applications. The simplified process ensures a smoother user experience and encourages secure and efficient | ||
| integrations, reinforcing the overall security posture of WordPress-powered websites. | ||
|
|
||
| ## Application Password Format | ||
|
|
||
| Application Passwords are 24 characters in length and generated using the wp_generate_password() function. These | ||
| passwords do not contain special characters and consist only of uppercase letters, lowercase letters, and numbers. This | ||
| combination provides over 142 bits of entropy, making them cryptographically secure. | ||
|
|
||
| When presented to users for input in an application, the passwords are chunked and displayed in an easily readable | ||
| format, like this: | ||
|
|
||
| ```text | ||
| abcd EFGH 1234 ijkl MNOP 6789 | ||
| ``` | ||
|
|
||
| Users can choose to include or exclude the spaces when entering the password into an application. If spaces are | ||
| included, they will be stripped out before the password is hashed and verified. | ||
|
|
||
| !!! note | ||
|
|
||
| For more information take a look at the artile [Application Passwords: Integration Guide](https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/) | ||
|
|
||
| # How to Generate Application Passwords in WordPress | ||
|
|
||
| 1. Log in to your WordPress site with an admin user account | ||
|  | ||
|
|
||
| 2. Navigate to Users > Profile. | ||
|  | ||
|
|
||
| 3. Navigate to the section labeled as "Application Passwords" further down the page. | ||
|  | ||
|
|
||
| 4. In the "New Application Password Name" field, provide a meaningful description for your application password. This | ||
| field is intended for internal reference only and assists in identifying the purpose or association of your | ||
| application password. | ||
|  | ||
|
|
||
| 5. To generate your password, click on the "Add New Application Password" button. Remember to promptly copy and securely | ||
| store your password in a safe location, as application passwords cannot be recovered once you leave this screen. It | ||
| is strongly recommended to generate a separate application password for each app you connect with to maintain optimal | ||
| security. | ||
|  |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+27.8 KB
docs/misc/img/application-passwords/3-application-password-heading.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters