WordPress Application Passwords improve security and make it easier to connect a third-party service (an application) with your website. Sites running WordPress version 5.6 or higher can easily generate application passwords for their user accounts on the Edit Profile screen.

This article covers what an application password is, why you want to use them over your admin password, and how to generate and use Application Passwords in WordPress to authenticate third-party applications and services.

Create WordPress Application Password for Authentication

What is an Application Password?

An application password is a securely generated key that can be used to authenticate REST API requests only. 

You cannot use an application password to log in to a WordPress site, this makes application passwords much more secure.

Should you use an Application Password?

Functionally speaking, application passwords make it easier for applications to do what they need to do with your WordPress site and make it harder for hackers or other malicious actors to do anything to your site.

Native support for application passwords in WordPress makes it easier for a single user (like you) to generate and use this authentication method in your third-party service. You do not need to create any additional user accounts in your WordPress site, nor do you need to manage different REST API permissions via custom code.

How to Generate an Application Password in WordPress

Generating an application password is done through your WordPress dashboard within your WordPress profile, please follow these steps below:

  1. Log in to your WordPress site with an admin user account (a user with the administrator role). Some Paid Memberships Pro REST API endpoints also support authentication for a user with the Membership Manager role.
  2. Navigate to Users > Profile. 
  3. Scroll down to the “Application Passwords” heading.
Add Application Password settings screen
Found on the Profile settings screen
  1. Enter a descriptive name for your application password in the “New Application Password Name” field. This field is for internal use only and helps you identify what your application password is connected to.
  2. Click the “Add New Application Password” button to create your password.
    1. Be sure to immediately copy and paste your password in a secure location. Application passwords cannot be retrieved after you exit this screen.
    2. Your user account can generate an unlimited number of application passwords.
    3. We recommend generating one password per third-party app you connect with. This way you can easily disable and delete a single password if you decide not to use that third-party application or find that your password has become compromised.
Make sure to copy your application password! You won't be able to see it after you leave this page.
Make sure to copy your new password! You won’t be able to see it after you leave this page.
  1. You may now use this password to authenticate with a third-party service or application that connects to your WordPress site via REST API.
List of application passwords
List of application passwords

The application password can be used to authenticate the Zapier app with your Paid Memberships Pro site. If you’re looking for ideas on how to automate your membership site with Zapier we have a dozen good starting points for you.