Skip to content

Document application password logins#698

Merged
kasparsd merged 5 commits intomasterfrom
document-application-password-logins
Jul 3, 2025
Merged

Document application password logins#698
kasparsd merged 5 commits intomasterfrom
document-application-password-logins

Conversation

@kasparsd
Copy link
Collaborator

@kasparsd kasparsd commented Jul 3, 2025

What?

Document the Two Factor behaviour for logins over REST API and XML-RPC.

Why?

Follow-up to #697.

How?

  • Document the two_factor_user_api_login_enable filter in README.
  • Add a notice to user profile settings about requiring application passwords for logins over REST API and XML-RPC.

Testing Instructions

Screenshots or screencast

Add a notice to user profile to encourage the use of application passwords:

notice

Changelog Entry

Added - New feature.
Changed - Existing functionality.
Deprecated - Soon-to-be removed feature.
Removed - Feature.
Fixed - Bug fix.
Security - Vulnerability.

Added - document the two_factor_user_api_login_enable filter.
kasparsd
kasparsd commented Jul 3, 2025
View reviewed changes
class-two-factor-core.php

<?php if ( function_exists( 'wp_is_application_passwords_available_for_user' ) && wp_is_application_passwords_available_for_user( $user ) ) : ?>
<p>
<?php esc_html_e( 'Authentication for REST API and XML-RPC must use application passwords (defined above) instead of your regular password.', 'two-factor' ); ?>
Copy link
Collaborator Author

@kasparsd kasparsd Jul 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joostdekeijzer @jeffpaul Do you have any comments on this wording?

I considered placing this within application passwords area or the actual password field but eventually decided to collocate with the two-factor instructions.
Copy link
Member

@jeffpaul jeffpaul Jul 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy seems fine to me, location as well; both can iterate if we get any pointed community feedback on either; otherwise :shipit:
@kasparsd kasparsd requested a review from jeffpaul July 3, 2025 14:29
@kasparsd kasparsd self-assigned this Jul 3, 2025
@kasparsd kasparsd merged commit c34df2f into master Jul 3, 2025
54 checks passed
@kasparsd kasparsd deleted the document-application-password-logins branch July 3, 2025 16:28
@jeffpaul jeffpaul added this to the 0.14.0 milestone Jul 3, 2025
@kasparsd kasparsd mentioned this pull request Jul 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@kasparsd @jeffpaul