WP 5.6 App Passwords Feature

  • Resolved ocbroadband

    (@ocbroadband)


    4 years, 3 months ago

    Is there anything being addressed surrounding this new feature?

    Version 5.6

    REST API authentication with Application Passwords #REST API authentication with Application Passwords
    Thanks to the API’s new Application Passwords authorization feature, third-party apps can connect to your site seamlessly and securely. This new REST API feature lets you see what apps are connecting to your site and control what they do. I’ve read a few other articles that this potentially opens up some penetration options for malicious activity?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Jelena

    (@jmisic)

    Hi,

    Thanks for your question.

    We’ve added support for WordPress 5.6’s new Application Passwords feature in the latest Shield release 10.1.5.

    In this blog post, we explain what it is, whether there are any security risks, and how Shield has been adapted:
    https://onedollarplugin.com/blog/wordpress-application-passwords

    Hope this helps.

    Jelena

    Thread Starter ocbroadband

    (@ocbroadband)

    Thanks Jelena. So based on that article, with the ‘non-pro’ version of shield, it will not have the ability to disable that functionality? Kind of leaves a potential security hole if not.

    Plugin Author Paul

    (@paultgoodchild)

    Hi,

    With respect to Application Passwords, there is no difference between free and pro

    Could you elaborate on what the security hole is in some details please?

    You’ve been blocked by the Shield plugin
    Time remaining on black list: 1440 minutes
    You tripped the security plugin defenses a total of 10 times making you a suspect.
    If you believe this to be in error, please contact the site owner and quote your IP address below.
    Your IP address: 165.16.17.130

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WP 5.6 App Passwords Feature’ is closed to new replies.