Skip to content

Document application password logins#698

Merged
kasparsd merged 5 commits intomasterfrom
document-application-password-logins
Jul 3, 2025
Merged

Document application password logins#698
kasparsd merged 5 commits intomasterfrom
document-application-password-logins

Conversation

@kasparsd
Copy link
Collaborator

@kasparsd kasparsd commented Jul 3, 2025

What?

Document the Two Factor behaviour for logins over REST API and XML-RPC.

Why?

Follow-up to #697.

How?

  • Document the two_factor_user_api_login_enable filter in README.
  • Add a notice to user profile settings about requiring application passwords for logins over REST API and XML-RPC.

Testing Instructions

Screenshots or screencast

Add a notice to user profile to encourage the use of application passwords:

notice

Changelog Entry

Added - New feature.
Changed - Existing functionality.
Deprecated - Soon-to-be removed feature.
Removed - Feature.
Fixed - Bug fix.
Security - Vulnerability.

Added - document the two_factor_user_api_login_enable filter.

kasparsd
kasparsd commented Jul 3, 2025
View reviewed changes
class-two-factor-core.php

<?php if ( function_exists( 'wp_is_application_passwords_available_for_user' ) && wp_is_application_passwords_available_for_user( $user ) ) : ?>
<p>
<?php esc_html_e( 'Authentication for REST API and XML-RPC must use application passwords (defined above) instead of your regular password.', 'two-factor' ); ?>
Copy link
Collaborator Author

@kasparsd kasparsd Jul 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joostdekeijzer @jeffpaul Do you have any comments on this wording?

I considered placing this within application passwords area or the actual password field but eventually decided to collocate with the two-factor instructions.

Copy link
Member

@jeffpaul jeffpaul Jul 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy seems fine to me, location as well; both can iterate if we get any pointed community feedback on either; otherwise :shipit:

@kasparsd kasparsd requested a review from jeffpaul July 3, 2025 14:29
@kasparsd kasparsd self-assigned this Jul 3, 2025
@kasparsd kasparsd merged commit c34df2f into master Jul 3, 2025
54 checks passed
@kasparsd kasparsd deleted the document-application-password-logins branch July 3, 2025 16:28
@jeffpaul jeffpaul added this to the 0.14.0 milestone Jul 3, 2025
@kasparsd kasparsd mentioned this pull request Jul 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffpaul jeffpaul Awaiting requested review from jeffpaul

Assignees

@kasparsd kasparsd

Labels

None yet

Projects

None yet

Milestone

0.14.0

Development

Successfully merging this pull request may close these issues.

2 participants

@kasparsd @jeffpaul