HTTP Header Authentication for Application Passwords


Use HTTP headers for application passwords instead of basic authentication. Perfect for those sites already protected by basic auth.

Username header: X-WP-USERNAME
Password header: X-WP-PASSWORD

Note that at this point the plugin doesn’t actually remove the basic authentication validation for application passwords, but checks the HTTP headers at a higher priority.


There are no reviews for this plugin.

Contributors & Developers

“HTTP Header Authentication for Application Passwords” is open source software. The following people have contributed to this plugin.


“HTTP Header Authentication for Application Passwords” has been translated into 2 locales. Thank you to the translators for their contributions.

Translate “HTTP Header Authentication for Application Passwords” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Add bypass for wp_is_site_protected_by_basic_auth to allow users to generate passwords on sites already behind basic auth


  • Initial release