With Two-Step Authentication active on your WordPress.com account, you can generate a custom password for specific third-party applications you wish to authorize. This guide will show you how to generate a new password for third-party apps accessing your account.
There may be some apps that connect to your WordPress.com account that don’t yet fully support two-step authentication. The most common are Jabber apps used to subscribe to WordPress.com blogs.
You can generate unique passwords for these apps (e.g., you can have a different password on your phone and tablet). You can then disable individual passwords and lock applications out of your account to prevent others from accessing your sites.
With Two-Step Authentication active, you can generate a custom password for each third-party application you authorize to use your WordPress.com account. You can revoke access for an individual application if you ever need to.
You can use the following steps to create an application password:
- Click on your profile at https://wordpress.com/me.
- On the side, select the Security menu option.
- Select “Two-Step Authentication,” which must be enabled.
- Scroll down to the “Application passwords” section.
- Click the “Add new application password” button.
- Give the application a name—you’re the only one who will see this name, so call it whatever you’d like—and click the “Generate Password” button.
- WordPress.com will create a unique 16-character password that you can copy and paste the next time you log in to your account on that device. The application will remember this password so you don’t need to.
This section of the guide applies to sites with the WordPress.com Business and Commerce plan, and the legacy Pro plan. If you have a Business plan, make sure to activate it. For sites on the Free, Personal, and Premium plans, upgrade your plan to access this feature.
If your site has a plugin-enabled plan and you have activated the site’s hosting features, you will use the following steps to create a new application password for a specific site on your account:
- In your site’s dashboard, navigate to Users → Profile.
- Scroll down to the “Application Passwords” section:
- Type a descriptive name for the new application you’ll be connecting. Use something that you’ll remember.
- Click the “Add New Application Password” button to generate a new password. Take note of the password; it will not be displayed on the screen in the future:
The “Application passwords” section of your Two-Step Authentication page will maintain a list of all the applications for which you’ve generated passwords. You can revoke access for a specific application for any reason, including if any of your devices are lost or stolen.
- Click on your profile at https://wordpress.com/me.
- On the side, select the Security menu option.
- Select “Two-Step Authentication,” which must be enabled.
- Scroll down to the “Application passwords” section.
- Click the X next to the application you want to revoke access for.
- The application will no longer have access to your account.
You can revoke access for an individual application if you ever need to. Follow these steps to revoke an Application:
This section of the guide applies to sites with the WordPress.com Business and Commerce plan, and the legacy Pro plan. If you have a Business plan, make sure to activate it. For sites on the Free, Personal, and Premium plans, upgrade your plan to access this feature.
- In your site’s dashboard, navigate to Users → Profile.
- Scroll down to the “Application Passwords” section.
- Click the “Revoke” button next to the application you want to remove access for or click “Revoke all application passwords” to remove access to all applications:
