Connecting to WordPress

Derivv Pro uploads to WordPress through the REST API using a per-application password — your real account password stays on WordPress. This works on WordPress.com, self-hosted WordPress, and any host that hasn't disabled the REST API.

What you need

  • A WordPress user account on your site with permission to upload media (Author role or higher).
  • The base URL of the site, e.g. https://example.com.
  • An Application Password generated from that user account.

WordPress's own documentation covers the feature and current minimum version requirements:

Generating an application password

On a typical WordPress install:

  1. Sign in to your site's /wp-admin.
  2. Go to Users → Profile (or Users → Edit User for the account you want to use).
  3. Scroll to the Application Passwords section.
  4. Enter a name (e.g. Derivv Pro) and click Add New Application Password.
  5. WordPress will show the generated password once. Copy it now — you won't be able to see it again, only revoke it.

If you don't see the Application Passwords section, your host or a security plugin may have disabled the feature. See the troubleshooting notes below.

Filling in the form

In Derivv Pro, choose WordPress as the provider and fill in:

  • Name — a label you'll recognize later, e.g. Blog or Client site.
  • Site URL — the base URL of your WordPress site, with https:// and no trailing slash. The app appends /wp-json/... itself.
  • Username — the WordPress username (not the email) that owns the application password.
  • Application Password — the value WordPress just showed you. Spaces inside the value don't matter; paste it as-is.

Click Save, then click Test on the new row to verify Derivv Pro can reach your site and authenticate as that user.

Troubleshooting

  • No "Application Passwords" section — Application Passwords require HTTPS by default and may be disabled by security plugins (e.g. some configurations of Wordfence or iThemes Security). Enable the feature in the plugin's settings, or temporarily disable it, to generate the password.
  • "Forbidden" or 401 on test — double-check that the username matches the account that generated the password. Site URLs that redirect (e.g. www → apex domain) can also cause this; use the canonical URL.
  • "Not Found" on test — the REST API has been disabled on your site. Re-enable it in WordPress or with your host before continuing.

Was this page helpful?