WordPress.com allows you to connect with third-party applications that extend your WordPress.com site in new and cool ways. This guide will explain how to safely connect to third-party sites and revoke access to these apps at any time.
In this guide
⚠️
Never give out your WordPress.com account password to any third-party service. You can grant access to third-party services without providing your password using the steps in this guide.
Many services provide an option to log in or connect to WordPress.com via a special button. The button will look different for different services. Here are some examples:
To securely connect your WordPress.com account to a third-party service:
- Visit the website or application that you want to connect to.
- Click the button or link asking you to connect to WordPress.com.
- Log in to your WordPress.com account if you are not already. You can verify you are on a secure WordPress.com connection by checking that the URL in your browser’s address bar starts with
https://public-api.wordpress.com. - Approve the application by clicking the “Authorize” button. If you have multiple websites in your account, you can select which site you would like to grant access to.
- You’re now connected!
To view a list of all the third-party services you have connected, take the following steps:
- Click on your profile at https://wordpress.com/me.
- On the side, select the Security menu option.
- At the bottom of the screen, select the “Connected Apps” option to view a list of all your connected applications.
- Click on any application to view more details about the connection. You can view the following information about each one:
- Application website: A link to learn more about the application.
- Authorized on: The date you authorized the connection.
- Access scope: If the app can access just one website, all websites in your account, or none (used for login only).
- Access permissions: Actions the app can take on your account and site.
At any time, you can remove any application’s access to your account by taking the following steps:
- Click on your profile at https://wordpress.com/me.
- On the side, select the Security menu option.
- At the bottom of the screen, select the “Connected Apps” option to view a list of all your connected applications.
- Revoke access by clicking the “Disconnect” button next to any application.
This section of the guide applies to sites with the WordPress.com Creator or Entrepreneur plan. If your site has one of our legacy plans, this feature is available on the Pro plan.
If you’re setting up a connection with an app like IFTTT or Zapier, it may ask you for your login credentials. Instead of providing your account’s password, you can use the steps below to generate a secure password used specifically for that application.
- Add
/wp-admin/profile.phpto the end of your website’s address (for example,yourgroovysite.com/wp-admin/profile.php - Scroll down to the “Application Passwords” section:
- Type a descriptive name for the new application you’ll be connecting. Use something that you’ll remember.
- Click the “Add New Application Password” button to generate a new password. Take note of the password; it will not be displayed on the screen in the future:
To remove access to an app that you generated a password for, take the following steps:
- Add
/wp-admin/profile.phpto the end of your website’s address (for example,yourgroovysite.com/wp-admin/profile.php - Scroll down to the “Application Passwords” section.
- Click the “Revoke” button next to the application you want to remove access for or click “Revoke all application passwords” to remove access to all applications:
