WP Automator
WordPress Setup

How to Generate App Password

Step-by-step guide to creating WordPress application passwords

Application passwords provide a secure way for WP Automator to connect to your WordPress site without exposing your main account password.

What are Application Passwords?

Application passwords are:

  • Secure: 24-character passwords specifically for API access
  • Revocable: Can be deleted anytime without affecting your main password
  • Isolated: Each app gets its own password
  • WordPress Native: Built into WordPress 5.6+

Compatibility: Application passwords require WordPress 5.6 or higher. If you're on an older version, consider updating WordPress first.

Prerequisites

Before generating an app password, ensure:

  • WordPress 5.6 or higher installed
  • Admin or Editor access to WordPress
  • HTTPS enabled on your site (recommended)
  • Two-factor authentication disabled (or configured to allow app passwords)

Step-by-Step Guide

Login to WordPress Admin

  1. Navigate to your WordPress admin URL: https://yoursite.com/wp-admin
  2. Enter your username and password
  3. Click "Log In"

Once logged in:

  1. Click on Users in the left sidebar
  2. Select Profile (or Your Profile)
  3. Scroll down to find the Application Passwords section

Create New Application Password

  1. In the New Application Password Name field, enter: WP Automator
  2. Click the Add New Application Password button
  3. WordPress will generate a 24-character password

Important: Copy this password immediately! WordPress will only show it once. You cannot retrieve it later.

Copy and Save the Password

The generated password will look like:

xxxx xxxx xxxx xxxx xxxx xxxx
  1. Click the password to select it
  2. Copy it to your clipboard (Ctrl+C or Cmd+C)
  3. Store it securely (password manager recommended)

Add to WP Automator

  1. Go to WP Automator dashboard
  2. Navigate to Sites → Add New Site
  3. Paste the app password in the App Password field
  4. Complete the site setup

Managing Application Passwords

View Existing Passwords

In your WordPress profile, you'll see a list of all application passwords:

  • Name: The application name you provided
  • Created: When the password was generated
  • Last Used: Last time the password was used
  • Last IP: IP address that last used the password

Revoke a Password

To remove an application password:

  1. Find the password in the list
  2. Click Revoke next to it
  3. Confirm the action

The application will immediately lose access to your site.

Revoke All Passwords

In case of security concerns:

  1. Click Revoke All Application Passwords
  2. Confirm the action
  3. All applications will lose access
  4. Generate new passwords as needed

Security Best Practices

Do's

  • Use HTTPS: Always use SSL/TLS for your WordPress site
  • Unique Names: Give each application a descriptive name
  • Regular Audits: Review active passwords monthly
  • Immediate Revocation: Remove passwords for unused applications
  • Secure Storage: Use a password manager to store app passwords

Don'ts

  • Don't Share: Never share application passwords
  • Don't Reuse: Generate unique passwords for each application
  • Don't Expose: Never commit passwords to version control
  • Don't Ignore: Act on suspicious "Last Used" entries
  • Don't Use Main Password: Never use your main WordPress password

Troubleshooting

Application Passwords Section Missing

Possible causes:

  • WordPress version below 5.6
  • Feature disabled by hosting provider
  • Plugin conflict

Solutions:

  1. Update WordPress to latest version
  2. Contact hosting support
  3. Check if security plugins are blocking the feature
  4. Verify your hosting environment supports application passwords

Password Not Working

Check these:

  • Correct username (not email)
  • Password copied completely (all 24 characters)
  • No extra spaces before/after password
  • Site URL includes correct protocol (https://)
  • User has appropriate permissions

Two-Factor Authentication Issues

If you use 2FA:

  1. Some 2FA plugins block app passwords
  2. Check plugin settings for app password support
  3. Consider using a 2FA plugin that supports app passwords
  4. Temporarily disable 2FA to test

Alternative Authentication Methods

If application passwords aren't available:

Basic Authentication Plugin

  1. Install a Basic Auth plugin
  2. Configure credentials
  3. Not recommended for production

JWT Authentication

  1. Install JWT Auth plugin
  2. More complex setup
  3. Good for advanced users

OAuth 2.0

  1. Most secure option
  2. Complex implementation
  3. Best for enterprise

Recommendation: Application passwords are the best balance of security and ease of use for WP Automator.

Frequently Asked Questions

Q: Are application passwords secure? A: Yes, they're specifically designed for API access and can be revoked anytime without affecting your main account.

Q: Can I use the same app password for multiple sites? A: No, each WordPress site needs its own app password. Generate unique passwords for each site.

Q: What permissions does WP Automator need? A: WP Automator needs Editor or Administrator level permissions to create and publish content.

Q: How often should I rotate app passwords? A: We recommend rotating passwords every 90 days or immediately if you suspect any security issues.

Next: Learn about Setting Permalinks for optimal compatibility.

Last updated on

Requirements

What you actually need to use WP Automator

Finding Your Username

Locate your WordPress username for API authentication

On this page

What are Application Passwords?
Prerequisites
Step-by-Step Guide
Login to WordPress Admin
Navigate to Your Profile
Create New Application Password
Copy and Save the Password
Add to WP Automator
Managing Application Passwords
View Existing Passwords
Revoke a Password
Revoke All Passwords
Security Best Practices
Do's
Don'ts
Troubleshooting
Application Passwords Section Missing
Password Not Working
Two-Factor Authentication Issues
Alternative Authentication Methods
Basic Authentication Plugin
JWT Authentication
OAuth 2.0
Frequently Asked Questions
How to Generate App Password | WP Automator