Title: 2FA Application Password Last modified: March 1, 2024 --- # 2FA Application Password * Resolved [TxGirl](https://wordpress.org/support/users/nuttyhiker/) * (@nuttyhiker) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/) * I have 2FA enabled, but use IFTTT and it can not longer connect to my site because of that. It needs an application password, but I am not seeing anywhere to generate this? Viewing 10 replies - 1 through 10 (of 10 total) * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17471369) * Hi [@nuttyhiker](https://wordpress.org/support/users/nuttyhiker/), * Reading the [Application Passwords: Integration Guide](https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/) on **Make WordPress Core** will answer your question (and more ;-)). * +++ To prevent any confusion, I’m not SolidWP +++ * Thread Starter [TxGirl](https://wordpress.org/support/users/nuttyhiker/) * (@nuttyhiker) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17471753) * That actually didn’t answer my question at all. I don’t have that option under the Edit User page like it suggests. The 2FA is an option from this specific plugin and there is no option to generate a application password. * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17471847) * Hi [@nuttyhiker](https://wordpress.org/support/users/nuttyhiker/), * Application Passwords is a WordPress Core feature. * There should be an **Application Passwords** section right after the **Account Management** section in the user profile page. For the features’ UI to fully function it does (by default) require HTTPS (except on a local env). * However there are also plugins out there that by default disable the WordPress Core Application Passwords feature… * To enable the Application Passwords feature add the line below to the active theme `functions.php` file: * ```wp-block-code add_filter( 'wp_is_application_passwords_available', '__return_true' ); ``` - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). * Thread Starter [TxGirl](https://wordpress.org/support/users/nuttyhiker/) * (@nuttyhiker) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17472301) * It is definitely not there nor have I ever seen that. I do have a SSL cert installed so my site renders https. I do not have any plugins installed that would disable that unless this plugin does that. I added that code to my functions file but again it doesn’t do anything. Looking at the comments at the link you sent it appears WP never added this function to the core like was expected? * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17472704) * Hi [@nuttyhiker](https://wordpress.org/support/users/nuttyhiker/), * The **Application Passwords** feature was initially made available as a plugin, but ever since the release of WordPress 5.6 it is part of WordPress Core. * The UI rendering of the Application Passwords feature in the user profile page starts at line #767 ( WordPress 6.4.3) of the [wp-admin/user-edit.php ](https://github.com/WordPress/WordPress/blob/6.4-branch/wp-admin/user-edit.php#L767) file with: * ```wp-block-code ``` * Thread Starter [TxGirl](https://wordpress.org/support/users/nuttyhiker/) * (@nuttyhiker) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17472727) * Well, I don’t know what to tell you. It’s not there nor has it ever been. I have never seen that option in the user profile. When I place your code in my child’s theme functions file, it still does not show in the user profile. I have Set New Password, Logout Everywhere, and Configure 2FA within the user profile. * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17473197) * Hi [@nuttyhiker](https://wordpress.org/support/users/nuttyhiker/), * Ok, so let’s break this down. There are 2 conditions which when met will cause the beginning of the Application Password section to get rendered. Since there is nothing related to Application Passwords rendered both conditions are not met. Let’s start with the easy one, the second condition: * ```wp-block-code ! wp_is_application_passwords_supported(); // Equals: // false === wp_is_application_passwords_supported(); ``` * Since your site has a SSL cert installed this function returns true. So indeed this condition is not met. * So that means to get the beginning of the Application Password section rendered, the first condition must be met: * ```wp-block-code wp_is_application_passwords_available_for_user( $user_id ); // Equals: // true === wp_is_application_passwords_available_for_user( $user_id ); ``` * This function starts with 3 conditions and ends with a filter: * ```wp-block-code if ( ! wp_is_application_passwords_available() ) { return false; } if ( ! is_object( $user ) ) { $user = get_userdata( $user ); } if ( ! $user || ! $user->exists() ) { return false; } return apply_filters( 'wp_is_application_passwords_available_for_user', true, $user ); ``` * When the first or third condition is met, a boolean false value is returned. So one of these conditions may evaluate to true, return a false value and thus cause the Application Passwords section not to render. The first condition is: * ```wp-block-code ! wp_is_application_passwords_available(); // Equals: // false === wp_is_application_passwords_available(); ``` * Since the site has a SSL cert installed this function returns true. So this condition is not met. * The third condition checks the user data. Basically if the user data is invalid the third condition evaluates to true and a false value is returned. * Since my iPad battery is running out of juice I’ll save this post now and continue in another post … - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17473322) * Ok, switched from the iPad to my laptop 😉 * So the only way to get a true value returned is the last option, the **wp_is_application_passwords_available_for_user** filter. Note the filter defaults to a true value. This is because by default all users can make use of application passwords. * Conclusion is that you have to get passed 2 conditions to reach the filter that is the only chance for returning a true value. On a site with a SSL cert installed, odds are against the Application Passwords section getting rendered 😉 - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17477947) * Hi [@nuttyhiker](https://wordpress.org/support/users/nuttyhiker/), * > I do not have any plugins installed that would disable that unless this plugin > does that. * Turns out the Solid Security plugin hooks into the **wp_is_application_passwords_available_for_user** filter when the 2FA feature is enabled … (I was not aware of that). * You have to navigate to Security > Settings > User Groups and, under section Two Factor, enable the **Application Passwords** toggle for the right group ( user(s)). * Hope this finally deals with the issue 😉 - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). - This reply was modified 2 years, 2 months ago by [nlpro](https://wordpress.org/support/users/nlpro/). * Thread Starter [TxGirl](https://wordpress.org/support/users/nuttyhiker/) * (@nuttyhiker) * [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17479001) * That works! Thank you! Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘2FA Application Password’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=2980272) * [Solid Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) * 10 replies * 2 participants * Last reply from: [TxGirl](https://wordpress.org/support/users/nuttyhiker/) * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/2fa-application-password/#post-17479001) * Status: resolved