Application Password Disable

  • Resolved lechon

    (@lechon)


    4 years, 1 month ago

    Hello,

    I have disabled the Application Passwords Feature as part of the security package from Wordfence.

    How do I kwow if it’s working and it’s fully disabled?

    Is there a direct URL path that I can use to see if returns a 403 or 404 response?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @lechon, thanks for your question.

    Application passwords can usually be created and managed in the WordPress > Users > Profile page. If you toggle the Wordfence > All Options > Disable WordPress application passwords checkbox and hit SAVE, you will see the feature appear/disappear on the profile page. That is the most basic check.

    You could always go one step further and create an application password, make a note of it, then disable them in Wordfence. Afterwards, attempt to connect an application that uses the REST API or XML-RPC using this password. The expected behaviour would be for the application to fail when connecting rather than succeeding despite the application password itself being a valid one.

    There’s more information on how WordPress uses application passwords (mostly focused on application development, but there is an overview on how they work) here: https://make.www.ads-software.com/core/2020/11/05/application-passwords-integration-guide/

    Thanks,

    Peter.

    Thread Starter lechon

    (@lechon)

    Hi @wfpeter

    Thank you so much for the information and feedback.

    Best regards,

    Plugin Support wfpeter

    (@wfpeter)

    Hi @lechon, no problem at all! If you have any Wordfence questions in future, please start a new topic and we’ll be glad to help you out.

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Application Password Disable’ is closed to new replies.