WordPress iOS App Login Issue with App Password – Unable to Load Site Details
-
I’ve been experiencing an issue this week while trying to log into my self-hosted WordPress site using the WordPress iOS app. After entering my site URL and login credentials, the app prompts me to generate an application password. However, once I generate it, I get an error saying: “Site details cannot be loaded in WordPress.”
What’s confusing is that everything seems fine on the server side:
- XML-RPC endpoint is accessible
- REST API (JSON) is working
- No recent major changes to hosting or configuration
Interestingly, if I connect the site via Jetpack, everything works perfectly. But if I disconnect Jetpack and try to log in again using the standard method, the same app password issue occurs.
I’ve already tried:
- Deactivating all plugins
- Regenerating application passwords
- Rechecking site endpoints
Has anyone else faced this issue recently? Is this a bug in the WordPress iOS app, or is there something I might be missing in my site configuration?
I also came across similar discussions while browsing via visit Here, where users mentioned possible authentication flow issues in recent app updates.
-
This error often stems from an authentication handshake failure between the iOS app and your site’s native Application Password system. Since Jetpack works (as it uses its own connection layer), the issue is likely with how your server handles Authorization Headers. How to Fix It
- Edit your
.htaccessfile: Your server might be stripping out the authentication headers required for Application Passwords. Add the following code to your.htaccessfile: ApacheSetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - Check for Security Plugins/Firewalls: Even if plugins are deactivated, server-level firewalls (like ModSecurity) or Cloudflare rules can block the specific POST request the app uses to validate the password.
- Verify HTTPS: Ensure your site’s SSL certificate is valid and that there isn’t a “mixed content” issue where the app is trying to reach an
httpendpoint while the site ishttps. - Check Site Health: Go to Tools > Site Health in your WordPress dashboard. Look for any “REST API encountered an error” or “Authorization header” warnings that might provide a specific error code.
If the issue persists, use the Jetpack connection as a permanent workaround, as it is generally more stable for the mobile app than the standard XML-RPC/REST method.
pawbreed.com - Edit your
-
Thanks for the detailed explanation — that actually makes a lot of sense, especially the part about Authorization Headers being stripped by the server. I hadn’t considered that
.htaccessmight be interfering with the Application Password flow. I’ll try adding that rule and also double-check any server-level firewall or ModSecurity settings.Jetpack working as a fallback definitely confirms it’s not a core credential issue but more of a request handling problem. I’ve seen a few similar fixes discussed while browsing via website, so I’m hoping this resolves it. Really appreciate the clear breakdown
WordPress.com Forums 