paulgoodchild/functions.php

## functions.php
<?php
/**
 * WordPress (5.6+) allows the use of Application Passwords when authenticating logins.
 * However, only certain requests are considered to be requests from an "Application". Officially, these are
 * XML-RPC and REST API requests.
 *
 * However, you may customize this to ensure that authenticated requests from your service
 * (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process.
 *
 * To achieve this, you make use of the filter: application_password_is_api_request
 */
add_filter( 'application_password_is_api_request', function ( $isApiRequest ) {

	// Insert your logic here.
	// E.g. the originating IP address is from your application server

	if ( $_SERVER[ 'REMOTE_ADDR' ] === 'is.my.ip.address') {
		$isApiRequest = true;
	}

	// Always return $isApiRequest
	return (bool)$isApiRequest;
} );
	<?php
	/**
	* WordPress (5.6+) allows the use of Application Passwords when authenticating logins.
	* However, only certain requests are considered to be requests from an "Application". Officially, these are
	* XML-RPC and REST API requests.
	*
	* However, you may customize this to ensure that authenticated requests from your service
	* (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process.
	*
	* To achieve this, you make use of the filter: application_password_is_api_request
	*/
	add_filter( 'application_password_is_api_request', function ( $isApiRequest ) {

	// Insert your logic here.
	// E.g. the originating IP address is from your application server

	if ( $_SERVER[ 'REMOTE_ADDR' ] === 'is.my.ip.address') {
	$isApiRequest = true;
	}

	// Always return $isApiRequest
	return (bool)$isApiRequest;
	} );