HTTP Header Authentication for Application Passwords

Allows sending application passwords using HTTP headers instead of basic authentication

Author:Cameron Jones (profile at
WordPress version required:5.6.1
WordPress version tested:5.8
Plugin version:1.0.1
Added to WordPress repository:25-03-2021
Last updated:10-07-2021
Rating, %:0
Rated by:0
Plugin URI:
Total downloads:730
plugin download
Click to start download

Use HTTP headers for application passwords instead of basic authentication. Perfect for those sites already protected by basic auth.

Username header: X-WP-USERNAME
Password header: X-WP-PASSWORD

Note that at this point the plugin doesn’t actually remove the basic authentication validation for application passwords, but checks the HTTP headers at a higher priority.