initial
This commit is contained in:
@@ -0,0 +1,18 @@
|
||||
# Authentication (summary)
|
||||
|
||||
## Cookie authentication (in-dashboard / same-site)
|
||||
|
||||
- Standard for wp-admin and theme/plugin JS.
|
||||
- Requires a REST nonce (`wp_rest`) sent as `X-WP-Nonce` header or `_wpnonce` param.
|
||||
- If the nonce is missing, the request is treated as unauthenticated even if cookies exist.
|
||||
|
||||
## Application Passwords (external clients)
|
||||
|
||||
- Available in WordPress 5.6+.
|
||||
- Use HTTPS + Basic Auth with the application password.
|
||||
- Recommended over the legacy Basic Auth plugin.
|
||||
|
||||
## Auth plugins
|
||||
|
||||
- OAuth 1.0a or JWT plugins are common for external apps.
|
||||
- Use only if required; follow plugin docs and security guidance.
|
||||
Reference in New Issue
Block a user