WordPress - Iru Docs

About WordPress

WordPress 5.6+ supports Application Passwords for REST clients. Iru calls https://YOUR_HOST/wp-json/... with HTTP Basic (username + application password). HTTPS is required - Application Passwords are rejected over plain HTTP.

How It Works

Authorization: Basic base64(username:application_password)

Detail	Value
Category	CMS
Authentication	Basic (Application Password)

Self-hosted 5.6+ or WordPress.com Personal+ (Free tier does not expose Application Passwords per product limits). Official references: Application Passwords, REST API.

Prerequisites

Administrator (or role that may issue Application Passwords).
/wp-json reachable and not blocked by security plugins.

Connect WordPress to Iru

WordPress
Iru Compliance

Complete this tab before you connect the source in Compliance.

Open https://YOUR_HOST/wp-admin and sign in with a user who can edit Users and create Application Passwords (often an Administrator).

Open Users

In the left admin menu, select Users → All Users, then click the user Iru will authenticate as (often a dedicated service account).

Open Profile

Select Edit (or Profile) for that user to open the profile screen.

Open Application Passwords

Scroll to the Application Passwords section (WordPress 5.6+). If it is missing, confirm the site allows Application Passwords and is served over HTTPS.

Create a new Application Password

Enter a name such as Iru Compliance, then select Add New Application Password (or Add). WordPress generates a spaced token.

Copy the token once

Copy the full application password string once. You may paste it into Iru with or without spaces; WordPress accepts both forms.

Continue on the Iru Compliance tab.

Finish the WordPress tab first.

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.

Left navigation: Compliance expanded, Sources selected

Turn on WordPress

Find WordPress (use Category or Search by name or description). On that card, turn on the toggle. A browser tab or window may open for the connector wizard.

Enter hostname

Enter hostname only (for example blog.example.com). Confirm server variables if prompted.

Enter WordPress credentials

Enter username and application password for the integration account.

Finish the connection

Click Submit Credentials. When the connection succeeds, the wizard shows Connection Configured.

Confirm the source is Active

Close the Iru is requesting access to external services browser tab, then return to Compliance → Sources and confirm the WordPress card is Active.

Troubleshooting

Nothing opens when you turn the source on

Check pop-up blocker settings for the Iru site and try again.

401

Correct password; plugin not blocking REST.

REST disabled

Security plugins - allow wp-json.

HTTP site

Enable TLS.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.

​About WordPress

​How It Works

​Prerequisites

​Connect WordPress to Iru

​Troubleshooting

​Related Articles

Sources Management

Getting Started With Compliance

Iru Overview

Artifacts Management

About WordPress

How It Works

Prerequisites

Connect WordPress to Iru

Troubleshooting

Related Articles