Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WordPress: How to set that a request may use Application Password
<?php
/**
* WordPress (5.6+) allows the use of Application Passwords when authenticating logins.
* However, only certain requests are considered to be requests from an "Application". Officially, these are
* XML-RPC and REST API requests.
*
* However, you may customize this to ensure that authenticated requests from your service
* (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process.
*
* To achieve this, you make use of the filter: application_password_is_api_request
*/
add_filter( 'application_password_is_api_request', function ( $isApiRequest ) {
// Insert your logic here.
// E.g. the originating IP address is from your application server
if ( $_SERVER[ 'REMOTE_ADDR' ] === 'is.my.ip.address') {
$isApiRequest = true;
}
// Always return $isApiRequest
return (bool)$isApiRequest;
} );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment