Troubleshooting
Solutions for common connection and setup issues
401 Unauthorized — "rest_not_logged_in"
This is the most common connection error. It means the authentication header never reached WordPress — your server stripped it before PHP could read it.
incorrect_password for wrong credentials. The rest_not_logged_in code means WordPress didn't receive any credentials at all.Add the Authorization header passthrough to .htaccess
Most Apache-based hosts strip the Authorization header by default. This is especially common on shared hosting providers like OVH, o2switch, Infomaniak, SiteGround, and GoDaddy.
Open your WordPress root .htaccess file and add this line before # BEGIN WordPress:
If that doesn't work, try the RewriteRule version instead (for CGI/FastCGI setups):
Make sure your site uses HTTPS
WordPress Application Passwords only work over HTTPS. If your site is still on http://, the feature is silently disabled. Contact your host to enable an SSL certificate, or use a free option like Let's Encrypt.
Check security plugins
Plugins like Wordfence, iThemes Security, Sucuri, and All In One WP Security can block REST API authentication. Look for settings like "Disable REST API", "Disable Application Passwords", or "REST API Access" and make sure authenticated requests are allowed.
Nginx servers
If your host uses Nginx instead of Apache, the .htaccess fix won't apply. Ask your host to add this to the Nginx config:
Application Passwords Section Not Visible
If you can't find the "Application Passwords" section under Users → Profile, check the following:
HTTPS is required
WordPress hides Application Passwords on HTTP sites. Enable SSL first.
Security plugin may disable it
Some security plugins disable Application Passwords entirely. Check your plugin settings.
WordPress 5.6+ required
Application Passwords were introduced in WordPress 5.6. Update WordPress if you're on an older version.
Connection Test Fails
If the "Test Connection" button fails with a generic error:
Use your username, not your email
WPLink needs your WordPress username (the one you log in with), not your email address. You can find it under Users → Profile → "Username" field.
Use an Application Password, not your login password
Your regular WordPress login password won't work. You need to generate a dedicated Application Password. See the WordPress Connection guide for steps.
Verify the REST API is accessible
Visit yoursite.com/wp-json in your browser. You should see a JSON response. If you get a 404 or error page, the REST API may be disabled on your site.
Check the site URL
Make sure the URL matches exactly — including https:// and any subdirectory (e.g., https://example.com/blog if WordPress is in a subfolder).
REST API Blocked
Some hosts and plugins restrict access to the WordPress REST API. Here's how to check and fix it:
Disable REST API restrictions in security plugins
Wordfence: Go to Firewall → All Firewall Options → uncheck "Disable REST API".
iThemes Security: Go to Settings → WordPress Tweaks → set REST API to "Default Access".
All In One Security: Go to WP Security → Miscellaneous → disable "Disable REST API".
Check for a REST API disabling plugin
Plugins like "Disable REST API" or "Disable WP REST API" will prevent WPLink from connecting. Deactivate them or configure exceptions for authenticated users.
Host-level firewall
Some hosts (particularly managed WordPress hosts) have server-level firewalls that block REST API requests. Contact your host's support to whitelist REST API access.
Still need help?
Join our Discord community for live support. We typically respond within a few hours.
Join Discord