View Categories

Creating WordPress Application Passwords for MCP

Overview #

To connect LearnDash to an AI tool like Cursor using the Model Context Protocol (MCP), a secure connection is required. WordPress provides this through application passwords, a safe way to let external tools access your site without sharing your main login.

This guide walks through how to generate and manage an application password from your WordPress dashboard.

Note: If you’re using something like Angie, then you don’t need to create an application password. Angie will connect to LearnDash for you. 

What Is an Application Password? #

An application password is a unique access key that allows tools like MCP servers to connect to your WordPress site using your user account—without needing your main login credentials.

Application passwords are:

  • Secure – You can revoke them at any time without affecting your normal login
  • One per tool – Create a different password for each integration
  • Built into WordPress – No plugin required (available since WordPress 5.6)

When Is This Needed? #

You’ll need an application password anytime you are:

  • Connecting LearnDash to an MCP server
  • Using Cursor to set up a local MCP server
  • Working with any other tool that requires access to your LearnDash API via MCP

Step-by-Step: How to Create an Application Password #

  1. Log in to your WordPress dashboard as an Administrator.
  2. In the left-hand menu, go to Users > Profile
     (If you’re managing multiple users, go to Users > All Users, then click your own profile.)
  3. Scroll down to the section labeled Application Passwords
     This is usually near the bottom of the page.
  4. In the New Application Password Name field, enter a descriptive label.
    Example:
    LearnDash MCP – Cursor
  5. Click Add New Application Password
  6. A new password will appear on the screen (in plain text).
    Copy it immediately and store it somewhere secure.
    You won’t be able to view it again later.

How to Use This Password #

Once copied, paste the application password into your MCP-connected tool when prompted. For example:

  • In Cursor, the AI assistant may ask for your password to finalize the server connection.
  • In Angie, it may be used during the first-time authorization flow.

The password is used alongside your WordPress username to authenticate API requests from the MCP server.

How to Revoke or Regenerate a Password #

You can remove access at any time:

  1. Return to Users > Profile
  2. Scroll to Application Passwords
  3. Locate the password by name
  4. Click Revoke

To generate a new one, simply repeat the steps above.

Best Practices #

  • Use one password per integration for better tracking
  • Revoke old or unused passwords regularly
  • Never share application passwords publicly
  • Store passwords securely (password manager recommended)

Troubleshooting #

  • Don’t see the Application Passwords section?
    Make sure your site is running WordPress 5.6 or later and that REST API authentication is enabled.
  • Error when connecting with an AI tool?
    The application password may be incorrect, expired, or revoked. Try creating a new one.

For more troubleshooting steps, see Troubleshooting Common MCP Errors.

Updated on February 5, 2026