Title: Sitewide Basic Authentication and Application Password Causing Issues
Last modified: December 3, 2020

---

# Sitewide Basic Authentication and Application Password Causing Issues

 *  Resolved [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/)
 * Hello,
 * I’ve been testing my sites out with the WP 5.6 RC2 release (using the staging
   version of each site). Some background: All my staging sites are protected with
   site wide basic auth so only my team and myself can access them.
 * Anyway, on one particular site I’ve noticed that when I submit a contact form(
   provided by the Contact Form 7 plugin) as an anonymous user I get a 401 invalid_username
   response. This seems to be due to the rest api using the info in my basic auth
   header for an application password (it doesn’t even make it to the Contact Form
   7’s API route before failing). Is there a way to stop application passwords from
   automatically using the basic auth information or do I have to disable application
   passwords entirely?
 * Thank you
    -  This topic was modified 5 years, 5 months ago by [chexwarrior](https://wordpress.org/support/users/chexwarrior/).
    -  This topic was modified 5 years, 5 months ago by [chexwarrior](https://wordpress.org/support/users/chexwarrior/).
      Reason: grammar lol

Viewing 11 replies - 1 through 11 (of 11 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13742425)
 * I recommend asking at that plugin’s dedicated [support forum](https://wordpress.org/support/plugin/contact-form-7/)
   so the plugin’s developers can help you with this.
 *  Thread Starter [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13742525)
 * I don’t believe the plugin is at fault, when I debug the request it doesn’t even
   make it to the plugins code, it actually fails in authentication.
 *  Thread Starter [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13742542)
 * I guess what I’d like to discuss is whats the best way to handle this? It seems
   like Application Passwords purposefully uses Basic Auth headers for authentication,
   in which case a site setup like my staging site is going to have issues whenever
   an anonymous user triggers an API request.
    -  This reply was modified 5 years, 5 months ago by [chexwarrior](https://wordpress.org/support/users/chexwarrior/).
 *  [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * (@timothyblynjacobs)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13745795)
 * [@chexwarrior](https://wordpress.org/support/users/chexwarrior/) thanks for testing!
   I’m sorry you’re running into that issue. Could you give me a bit more information
   about how your staging site is protected by Basic Auth?
 * Is it implemented via a WordPress Plugin? Handled at the NGINX/Apache server 
   level? Provided by your host? etc…
 * Thanks!
 *  Thread Starter [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13745868)
 * Hi [@timothyblynjacobs](https://wordpress.org/support/users/timothyblynjacobs/),
   it is implemented via NGINX.
 *  [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * (@timothyblynjacobs)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13745874)
 * Thanks [@chexwarrior](https://wordpress.org/support/users/chexwarrior/). We’re
   working thru a solution.
 *  Thread Starter [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13745879)
 * Very much appreciated, thank you!
 *  [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * (@timothyblynjacobs)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13746170)
 * A ticket has been created if you’d like to follow along: [https://core.trac.wordpress.org/ticket/51939](https://core.trac.wordpress.org/ticket/51939)
 * You can also disable App Passwords since they won’t be usable when your site 
   is behind Basic Auth.
 * `add_filter( 'wp_is_application_passwords_available', '__return_false' )`
 *  Thread Starter [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13746243)
 * Thank you very much for your attention!
 *  [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * (@timothyblynjacobs)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13746709)
 * No problem [@chexwarrior](https://wordpress.org/support/users/chexwarrior/). 
   We have a patch available for testing if you’re interested: [https://github.com/WordPress/wordpress-develop/pull/790/files](https://github.com/WordPress/wordpress-develop/pull/790/files)
 * If you are able to test and confirm it fixes your issue that’d be great!
 *  Thread Starter [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * (@chexwarrior)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13746806)
 * [@timothyblynjacobs](https://wordpress.org/support/users/timothyblynjacobs/) 
   Confirming that this fixes my issue!

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Sitewide Basic Authentication and Application Password Causing Issues’
is closed to new replies.

 * In: [Alpha/Beta/RC](https://wordpress.org/support/forum/alphabeta/)
 * 11 replies
 * 3 participants
 * Last reply from: [chexwarrior](https://wordpress.org/support/users/chexwarrior/)
 * Last activity: [5 years, 5 months ago](https://wordpress.org/support/topic/sitewide-basic-authentication-and-application-password-causing-issues/#post-13746806)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics