PublishPress Capabilities v2.45: Control Access for AI Tools Using Application Passwords

BySteve Burge

PublishPress Capabilities 2.45.0 adds a new setting for sites that use WordPress Application Passwords.

Lots of AI tools use Application Passwords to manage your WordPress site.

On the positive side, they are really easy to use. They’re just like an API Key. You grab the password, and you’re good to go.

On the negative side, they get complete access to do ANYTHING on your site. If you give an Application Password to an AI tool, they become an Administrator. They can delete posts, plugins, themes, users. They have complete control over your site.

In this release of PublishPress Capabilities, you can treat Application Passwords like users. You cab lock them down. You don’t have to trust them with your whole site.

  • Maybe you only want your AI tool to edit posts.
  • Maybe you want your AI tool to create new posts, but not edit existing posts.
  • Maybe you want your AI tool to only manage Tags and Categories.

That’s the problem we’re solving with this release.

Feature highlights

Control capabilities for Application Passwords: A new setting lets you control when users authenticate with WordPress Application Passwords.

Control capabilities for Application Passwords

After updating, review the plugin settings and look for the new Application Password capability option. Enable it if your site uses mobile apps, automation tools, custom integrations, or other services that authenticate with WordPress Application Passwords. You’ll find this option by going to Capabilities > Settings > Capabilities and enabling “Application password capabilities”.

Application Password capability option

Other improvements and fixes

  • More reliable admin styling: Admin styles now load from a real CSS file, avoiding a logged in cookie error in some environments.
  • Cleaner Admin Menus screen: Checkbox colors on the Admin Menus screen have been corrected.
  • Font family default: The font family dropdown now includes a clearer “Default” option.
  • Multisite role sync fixes: Role syncing across sites is more reliable, including fixes for localhost header warnings, blank screens, and a fatal error during “Sync Role to All Sites”.
  • Dependency maintenance: A Dependabot triage workflow was added to help manage dependency updates.
PublishPress Capabilities icon

The Best Plugin to Control Your WordPress Users

PublishPress Capabilities enables you to customize what users see in every area of WordPress from editing posts and pages to admin menus, profile pages.

Get the Capabilities plugin

  • Steve is the founder of PublishPress. He's been working with open source software for over 20 years. Originally from the UK, he now lives in Sarasota in the USA. This profile is generated by the PublishPress Authors plugin.

Leave a Reply

Your email address will not be published. Required fields are marked *