這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

Application Passwords

外掛說明

This is a feature plugin that is a spinoff of the main Two-Factor Authentication plugin, found at https://github.com/georgestephanis/two-factor/.

With Application Passwords you are able to authenticate a user without providing that user’s password directly, instead you will use a base64 encoded string of their username and a new application password.

Creating a New Application Password

  1. Go the User Profile page of the user that you want to generate a new application password for. To do so, click Users on the left side of the WordPress admin, then click on the user that you want to manage.
  2. Scroll down until you see the Application Passwords section. This is typically at the bottom of the page.
  3. Within the input field, type in a name for your new application password, then click Add New.
    Note: The application password name is only used to describe your password for easy management later. It will not affect your password in any way. Be descriptive, as it will lead to easier management if you ever need to change it later.
  4. Once the Add New button is clicked, your new application password will appear. Be sure to keep this somewhere safe, as it will not be displayed to you again. If you lose this password, it cannot be obtained again.

Testing an Application Password

WordPress REST API

This test uses the technologies listed below, but you can use any REST API request.

  • WordPress REST API
  • cURL
  • Mac OSX or Linux
  • A Mac or Linux terminal
  • Local development environment (e.g. MAMP, XAMPP, DesktopServer, Vagrant) running on localhost
  1. Now that you have your new password, you will need to base64 encode it using a terminal window as well as your username to use it with the REST API.
    The command you will use is as follows:
    shell
    echo -n "USERNAME:PASSWORD" | base64

    Within this, you will replace USERNAME:PASSWORD with your username and newly generated application password. For example:
    shell
    echo -n "admin:mypassword123" | base64

  2. Once your username and password are base64 encoded, you are now able to make a simple REST API call using the terminal window to update a post. Because you are performing a POST request, you will need to authorize the request using your newly created base64 encoded access token. If authorized correctly, you will see the post title update to “New Title.”
    shell
    curl --header "Authorization: Basic ACCESS_TOKEN" -X POST -d "title=New Title" http://LOCALHOST/wp-json/wp/v2/posts/POST_ID}

    When running this command, be sure to replace ACCESS_TOKEN with your newly generated access token, LOCALHOST with the location of your local WordPress installation, and POST_ID with the ID of the post that you want to edit.

XML-RPC

This test uses the technologies listed below, but you can use any XML-RPC request.

  • XML-RPC enabled within WordPress
  • cURL
  • Mac OSX or Linux
  • A Mac or Linux terminal
  • Local development environment (e.g. MAMP, DesktopServer, Vagrant) running on localhost

Once you have created a new application password, it’s time to send a request to test it. Unlike the WordPress REST API, XML-RPC does not require your username and password to be base64 encoded. To begin the process, open a terminal window and enter the following:
shell
curl -H 'Content-Type: text/xml' -d '<methodCall><methodName>wp.getUsers</methodName><params><param><value>1</value></param><param><value>USERNAME</value></param><param><value>PASSWORD</value></param></params></methodCall>' LOCALHOST

In the above example, replace USERNAME with your username, and PASSWORD with your new application password. This should output a response containing all users on your site.

螢幕擷圖

  • In your user profile screen, by default it will just be a field to create a new Application Password.
  • After at least one Application Password for you account exists, you'll see a table displaying them, allowing you to view usage and revoke them as desired.

安裝方式

  1. Download the zip file.
  2. Log into WordPress, hover over Plugins, and click Add New.
  3. Click on the Upload Plugin button.
  4. Select the zip file you downloaded.
  5. Click Install Plugin.
  6. Activate.

常見問題集

Installation Instructions
  1. Download the zip file.
  2. Log into WordPress, hover over Plugins, and click Add New.
  3. Click on the Upload Plugin button.
  4. Select the zip file you downloaded.
  5. Click Install Plugin.
  6. Activate.

使用者評論

Awesomeness

This is freakin awesome. I'm using it as a dependency in a new plugin I'm making. I finally got it working, and it seems easier to use than OAuth. All these millions of WordPress sites are going to start getting connected together in new ways. This is a great first step.

It works nicely!

It is very convenient to generate & revoke passwords from within the user profile page... thanks to the dev!
閱讀全部 18 則使用者評論

參與者及開發者

Application Passwords 外掛為開源軟體。以下人員為這個外掛做出了重大貢獻。

參與者

將 Application Passwords 外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄