Introducing Miniloop Agents: AI agents that connect to your appsRead more
Miniloop
AgentsWorkflowsIntegrationsScheduled WorkflowsAI Web ScraperBest AI for MarketingMarketing AutomationCold EmailLead RoutingFor StartupsAppsToolsBlogPricing
Sign inContact sales
Sign in
Guides

How to Create a WordPress Application Password

Last updated April 1, 2026

WordPress Application Passwords let you access the WordPress REST API securely. Here's how to create one.

Requirements

  • WordPress 5.6 or later
  • Admin access to your WordPress site
  • HTTPS enabled on your site (required for Application Passwords)

Step 1: Access Your Profile

  1. Log in to your WordPress admin dashboard
  2. Go to Users > Profile (or click your name in the top right)
  3. Scroll down to the Application Passwords section

Step 2: Create an Application Password

  1. In the Application Passwords section, enter a name (e.g., "My Integration")
  2. Click Add New Application Password
  3. WordPress will generate a 24-character password with spaces
  4. Copy the password immediately

Important: This password is shown only once. Copy it before closing the page. The spaces are part of the format but most APIs accept it with or without spaces.

Your API URL

Your WordPress REST API is at:

https://your-site.com/wp-json/wp/v2/

Replace your-site.com with your actual domain.

Authentication Format

Use Basic Authentication with:

  • Username: Your WordPress username
  • Password: The Application Password you created

What Can You Do with the WordPress API?

  • Create posts: Publish blog posts programmatically
  • Manage content: Update pages, posts, and custom post types
  • Upload media: Add images and files to the media library
  • Manage users: Create and update user accounts

Troubleshooting

"Application Passwords" section not showing

  • Update WordPress to version 5.6 or later
  • Make sure your site uses HTTPS (required for security)
  • Check if a security plugin is disabling Application Passwords

"401 Unauthorized" error

  • Verify you're using the correct WordPress username
  • Check the Application Password was copied correctly (with or without spaces)
  • Ensure Basic Auth is being sent properly in your API request

"403 Forbidden" error

  • Verify your WordPress user has permission for the action
  • Check if a security plugin is blocking API access

Automate Your WordPress Workflows

Once you have your Application Password, you can connect WordPress to Miniloop to automate content publishing, blog management, and media uploads using natural language. Describe what content you need, and Miniloop handles the rest.

Frequently Asked Questions

Is Application Password the same as my login password?

No, Application Passwords are separate from your login password. They're specifically for API access and can be revoked independently without changing your main password.

Can I create multiple Application Passwords?

Yes, you can create as many as you need. It's good practice to create separate passwords for different applications so you can revoke access individually.

How do I revoke an Application Password?

Go to Users > Profile, scroll to Application Passwords, and click Revoke next to the password you want to remove.

Why does my site need HTTPS?

Application Passwords only work over HTTPS because sending passwords over unencrypted HTTP would be a security risk. Most hosts offer free SSL certificates via Let's Encrypt.