All docs

Docs / Connect a WordPress site

Guides

Connect WordPress in two minutes.

recto publishes approved links back to your site through WordPress’s own REST API, using an Application Password — a scoped, revocable credential that is separate from your login password. Here is exactly where to find it.

You’ll need: WordPress 5.6 or newer, your site served over HTTPS (Application Passwords are disabled on plain HTTP), and a user account that can publish posts (Administrator, Editor, or Author).

1Open your WordPress profile

Sign in to your WordPress admin (yoursite.com/wp-admin). In the left menu go to Users → Profile (or Users → All Users, then click your own name and Edit).

2Find the Application Passwords section

Scroll to the bottom of the profile page to the Application Passwords section. In the New Application Password Name field, type a name you’ll recognise later — for example recto — then click Add New Application Password.

No Application Passwords section? It’s hidden when the site isn’t on HTTPS, or when a security plugin (e.g. some configurations of Wordfence or iThemes) has disabled the feature. Switch the site to HTTPS, or re-enable Application Passwords in the plugin, and reload the profile page.

3Copy the generated password

WordPress shows the new password once, formatted as six groups of four characters: xxxx xxxx xxxx xxxx xxxx xxxx. Copy it now — you cannot see it again. (You can paste it with or without the spaces; recto handles both.)

4Paste it into recto

Back in recto on the connect-a-site screen, enter your site URL, your WordPress username, and the Application Password you just copied. recto immediately calls your REST API to verify the credential — a wrong username or password is caught here, not later when a publish fails.

The recto connect-a-site screen. A red box highlights the Application Password field where you paste the WordPress credential.
Paste the Application Password here. recto verifies it against your site on the spot.
Your real password is never used. recto stores only the Application Password, encrypted at rest, and uses it solely to publish links you approve and to re-fetch pages to confirm those links went live. Revoke it any time from the same WordPress profile screen — recto access stops immediately.
Was this helpful? Email [email protected] or visit contact support.