Created
December 7, 2020 12:06
-
-
Save paulgoodchild/569a5cb3828774664d9cf07397de8876 to your computer and use it in GitHub Desktop.
WordPress: How to set that a request may use Application Password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* WordPress (5.6+) allows the use of Application Passwords when authenticating logins. | |
* However, only certain requests are considered to be requests from an "Application". Officially, these are | |
* XML-RPC and REST API requests. | |
* | |
* However, you may customize this to ensure that authenticated requests from your service | |
* (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process. | |
* | |
* To achieve this, you make use of the filter: application_password_is_api_request | |
*/ | |
add_filter( 'application_password_is_api_request', function ( $isApiRequest ) { | |
// Insert your logic here. | |
// E.g. the originating IP address is from your application server | |
if ( $_SERVER[ 'REMOTE_ADDR' ] === 'is.my.ip.address') { | |
$isApiRequest = true; | |
} | |
// Always return $isApiRequest | |
return (bool)$isApiRequest; | |
} ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment