# How to Create an Application Password for WordPress > Application passwords let third-party apps connect to WordPress via the REST API without sharing your login. Here URL: https://agilitywriter.ai/guide/application-password-for-wordpress/ Last-Modified: 2024-03-28 Guides # How to create an application password for WordPress Application passwords let third-party apps connect to WordPress via the REST API without sharing your login. Here's how to create and manage them. Updated March 28, 2024 ![Adding a new WordPress application password](/images/guides/add-new-application-password.jpg) An application password lets a third-party app connect to your WordPress site through the REST API without you sharing your main login. WordPress powers tens of millions of sites, and these passwords keep external access limited and safe. **Key points:** application passwords are a limited, secure way for services to reach your site via the REST API; create a unique one per service to control access; and document and review them regularly. ## What an application password is An application password is a unique, randomly generated key used to connect third-party services to your WordPress site securely. Unlike your normal login, it only grants the access you allow. For example, to connect a scheduling tool like Hootsuite, you create a dedicated application password instead of sharing your login. That limits the tool’s access, and a breach on its side can’t be used to control your site. It also lets you track API requests per app, which makes troubleshooting easier. You can use one with Agility Writer’s Post to WordPress feature [/help/article-history/ →](/help/article-history/) . ## Step-by-step: generate an application password 1. Confirm your site runs WordPress 5.6 or higher, where this feature is built in. 2. Log in to your WordPress dashboard and go to **Users** in the left sidebar. 3. Click the user you want to generate a password for. 4. On the Edit Profile screen, scroll to the **Application Passwords** section. ![Adding a new WordPress application password](/images/guides/add-new-application-password.jpg) 5. Enter a descriptive name in **New Application Password Name**, such as “My Third-Party App”. 6. Click **Add New** to generate the password. 7. Copy the generated password right away, since WordPress won’t show it again. ![Copying the generated WordPress application password](/images/guides/copy-application-password.jpg) 8. Paste the password into your third-party service to authenticate. 9. Repeat for any other user accounts that need their own passwords. ## Why application passwords help **Better security:** a third-party app’s access is restricted to the permissions you set, so even if that service is breached, the credentials can’t log into your site directly. **More control:** you decide which apps connect and what they can touch. A plugin that needs user data gets a password scoped to that, and nothing more. With native support, you can create as many passwords as you need without new user accounts or custom REST API code. ## Wrapping up Creating an application password is a small step that meaningfully improves your site’s security and your control over third-party access. _This article was written in Advanced Mode, fact-checked, and polished with Grammarly._ Got Questions? ## Frequently Asked Questions What WordPress version do I need? WordPress 5.6 or higher, where application passwords are natively supported. What is an application password? A unique, randomly generated key that lets a third-party service connect to your site through the REST API, without exposing your main login. Its access is limited to the permissions you grant. Why use a separate password per service? It limits each app's access, lets you track API requests per service for easier troubleshooting, and means a breach at one service can't be used to log into your site. ## Related Guides ### AI Detection vs Helpful Content — Two Different Tests Marketers conflate two distinct concerns. Here's what each test measures, and when to use Anti-AI Detection style vs G-Smart Optimizer. [AI Detection vs Helpful Content — Two Different Tests →](/guide/ai-detection-vs-helpful-content-two-different-tests/) ### What Is AI Writing Fluff? How to Detect & Remove It Definition of fluff vs filler vs hedging, detection heuristics, and the unfluff workflow Agility Writer uses to ship trim AI drafts. [What Is AI Writing Fluff? How to Detect & Remove It →](/guide/ai-writing-fluff/) ### How to craft the perfect blog title A blog title is the first thing readers see. Here are the best practices for compelling, SEO-friendly headlines, and the common mistakes to avoid. [How to craft the perfect blog title →](/guide/crafting-the-perfect-blog-title/) ### Gaining Topical Authority Fast Through AI Writing How AI-assisted topical clusters become the fastest path to topical authority in 2026 — with a concrete before/after example. [Gaining Topical Authority Fast Through AI Writing →](/impact/gaining-website-topical-authority-fast-through-ai-writing/) ## Ready to put this into practice? Try Agility Writer for $1. 5 credits, cancel anytime. Try Agility Writer for $1 [https://app.agilitywriter.ai/register →](https://app.agilitywriter.ai/register)