This commit is contained in:
2026-07-02 15:54:39 -06:00
commit 9883323161
17470 changed files with 4470592 additions and 0 deletions
@@ -0,0 +1,18 @@
# Authentication (summary)
## Cookie authentication (in-dashboard / same-site)
- Standard for wp-admin and theme/plugin JS.
- Requires a REST nonce (`wp_rest`) sent as `X-WP-Nonce` header or `_wpnonce` param.
- If the nonce is missing, the request is treated as unauthenticated even if cookies exist.
## Application Passwords (external clients)
- Available in WordPress 5.6+.
- Use HTTPS + Basic Auth with the application password.
- Recommended over the legacy Basic Auth plugin.
## Auth plugins
- OAuth 1.0a or JWT plugins are common for external apps.
- Use only if required; follow plugin docs and security guidance.