One of the biggest updates in WordPress 5.6 involves the REST API. While most users may not directly interact with this level of coding, it is a critical component for plugins and SaaS based services. Among many incremental upgrades is the addition of Application Passwords. In fact you may have seen application specific passwords already, Apple and Google web services have utilized application specific passwords for a while.
You don’t need an intergalactic bounty hunter to fight bad guys. iThemes Security Pro will secure and protect your WordPress sites from the wretched hive of scum and villainy across the internet! Prevent hacks, security breaches, malware and more. This is the way.
There is a great benefit to utilizing this service when connecting apps – security and control. Theoretically, you can limit access to elements of the greater application (WordPress site), and revoke access without jumping through a bunch of hoops. However our friends at Wordfence discovered an issue, WordPress 5.6 Introduces a New Risk to Your Site: What to Do: “Unfortunately, socially engineering a site administrator into granting application passwords to a malicious application is trivial. An attacker could trick a site owner into clicking a link requesting an application password, naming their malicious application whatever they wanted.” There is much more detail on the scope of the issue as well as how to disable this functionality if you are sure you won’t be using it.