Application Passwords
FreshSource: MainWP Application Passwords
WordPress-level credentials for HTTP Basic authentication, used by MCP Server and Abilities API.
Prerequisites
- MainWP Dashboard administrator access
- WordPress user account
- HTTPS enabled on Dashboard domain
Create Application Password
- Navigate to Dashboard > API Access > Application Passwords
- Enter a descriptive name (e.g., Claude Desktop, Zapier, Internal Script)
- Copy the generated password immediately
One-Time Display
The full password is shown only once. Copy it before closing the dialog.
Test Authentication
bash
curl -u "USERNAME:APPLICATION_PASSWORD" \
"https://your-dashboard.com/wp-json/wp-abilities/v1/abilities"Comparison with API Keys
| Feature | Application Passwords | API Keys |
|---|---|---|
| Auth method | HTTP Basic | Bearer Token |
| Used by | MCP Server, Abilities API | REST API v2 |
| Scope | WordPress-level | MainWP-specific |
| Rotation | Create new, revoke old | Same |
Security Best Practices
- Create separate credentials per tool
- Revoke unused passwords regularly
- Never share across systems
- Use dedicated API users for production