Skip to content

Instantly share code, notes, and snippets.

Created December 7, 2020 12:06
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save paulgoodchild/569a5cb3828774664d9cf07397de8876 to your computer and use it in GitHub Desktop.
WordPress: How to set that a request may use Application Password
* WordPress (5.6+) allows the use of Application Passwords when authenticating logins.
* However, only certain requests are considered to be requests from an "Application". Officially, these are
* XML-RPC and REST API requests.
* However, you may customize this to ensure that authenticated requests from your service
* (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process.
* To achieve this, you make use of the filter: application_password_is_api_request
add_filter( 'application_password_is_api_request', function ( $isApiRequest ) {
// Insert your logic here.
// E.g. the originating IP address is from your application server
if ( $_SERVER[ 'REMOTE_ADDR' ] === '') {
$isApiRequest = true;
// Always return $isApiRequest
return (bool)$isApiRequest;
} );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment