Title: Sticklight
Author: Elementor
Published: <strong>Èbìbí  26, 2026</strong>
Last modified: Òkúdù 3, 2026

---

Ṣàwárí àwọn plugin

![](https://ps.w.org/sticklight/assets/icon.svg?rev=3549373)

# Sticklight

 Láti ọwọ́ [Elementor](https://profiles.wordpress.org/elemntor/)

[Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/sticklight.1.1.0.zip)

 * [Àwọn àlàyé](https://yor.wordpress.org/plugins/sticklight/#description)
 * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/sticklight/#reviews)
 *  [Ìgbéwọlẹ̀](https://yor.wordpress.org/plugins/sticklight/#installation)
 * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/sticklight/#developers)

 [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/sticklight/)

## Àpèjúwe

Sticklight Connector provides a structured way to use the WordPress user system 
in external or React-based applications.

The plugin extends the WordPress REST API with additional endpoints that allow authenticated
clients to retrieve user context and interact with WordPress data, while fully respecting
core authentication methods, roles, and capability checks.

Sticklight does not replace WordPress authentication. It relies on `wp_authenticate`
for credential validation and WordPress Application Passwords for API access, and
follows standard permission checks (`current_user_can`) for all requests.

#### Typical use cases

 * React applications connected to a WordPress site
 * Headless or hybrid WordPress setups
 * Admin or user dashboards built outside wp-admin
 * External tools that require authenticated access to WordPress data

#### Features

 * Authenticates via `wp_authenticate` and issues Application Passwords for API 
   access
 * Adds REST endpoints for login, logout, and retrieving current user context
 * Enforces WordPress capability checks on all requests
 * Supports cross-origin headless setups
 * Extensible via WordPress hooks and filters

### Usage

#### Login

Authenticate with username (or email) and password:

    ```
    POST /wp-json/sticklight/v1/auth/login
    ```

On success the response includes an Application Password for subsequent API requests
and the authenticated user:

    ```
    {
      "app_password": "XXXX XXXX XXXX XXXX XXXX XXXX",
      "user": {
        "user_id": 1,
        "username": "admin",
        "display_name": "Admin",
        "email": "admin@example.com",
        "roles": ["administrator"]
      }
    }
    ```

Use the returned `app_password` with HTTP Basic Authentication for all further requests.

#### Current user

Retrieve the current authenticated user:

    ```
    GET /wp-json/sticklight/v1/auth/me
    ```

#### Logout

Revoke the current Application Password session:

    ```
    POST /wp-json/sticklight/v1/auth/logout
    ```

#### User registration

User creation is handled through the built-in WordPress REST API (`POST /wp-json/
wp/v2/users`) and requires administrator authentication.

#### Accessing protected data

Requests to any endpoint must pass standard WordPress permission checks. Sticklight
does not bypass or override these checks.

### Security

Sticklight follows WordPress security practices:

 * Authenticates via `wp_authenticate`, which respects all security plugin hooks(
   rate limiting, two-factor authentication, brute-force protection)
 * Issues Application Passwords scoped to individual sessions
 * Does not provide user registration — accounts must be created by an administrator
 * Applies capability checks (`current_user_can`) on all endpoints
 * Does not expose private data without proper permissions

For external applications, it is recommended to:

 * Use HTTPS
 * Restrict allowed origins
 * Avoid exposing sensitive endpoints unnecessarily

## Ìgbéwọlẹ̀

 1. Upload the plugin files to the `/wp-content/plugins/sticklight-connector` directory,
    or install the plugin through the WordPress plugins screen.
 2. Activate the plugin through the **Plugins** screen in WordPress.
 3. Ensure permalinks are enabled (**Settings** > **Permalinks**).

No additional configuration is required for basic usage.

## FAQ

### Does this plugin replace WordPress authentication?

No. It delegates credential validation to `wp_authenticate` and uses WordPress Application
Passwords for API access.

### Does it allow bypassing permissions?

No. All requests are validated using standard WordPress capability checks.

### Can it be used in headless setups?

Yes. It is designed for headless and cross-origin WordPress architectures.

### Does it handle user registration?

No. User creation should be done through the built-in WordPress REST API (`POST /
wp-json/wp/v2/users`) with administrator authentication.

### Can I extend the endpoints?

Yes. Developers can add or modify behavior using WordPress hooks and filters.

## Àwọn àgbéyẹ̀wò

Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.

## Àwọn Olùkópa & Olùgbéejáde

“Sticklight” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí
plugin yìí.

Àwọn Olùkópa

 *   [ Elementor ](https://profiles.wordpress.org/elemntor/)

[Túmọ̀ “Sticklight” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/sticklight)

### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

[Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/sticklight/), ṣàyẹ̀wò 
[ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/sticklight/), tàbí ṣe àgbékalẹ̀
sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/sticklight/) nípasẹ̀
[RSS](https://plugins.trac.wordpress.org/log/sticklight/?limit=100&mode=stop_on_copy&format=rss).

## Àkọsílẹ̀ àwọn àyípadà

#### 1.1.0

 * New: Add custom domains to WP REST API cors

#### 1.0.0

 * Initial release.

## Àkójọpọ̀ Meta

 *  Ẹ̀yà **1.1.0**
 *  Ìgbàgbọ́hùn tó kẹ́yìn **ọ̀sẹ̀ 2 sẹ́yìn**
 *  Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **60+**
 *  Ẹ̀yà WordPress ** 6.8 tàbí ju bẹ́ẹ̀ lọ **
 *  Dánwò dé **7.0**
 *  Ẹ̀yà PHP ** 7.4 tàbí ju bẹ́ẹ̀ lọ **
 *  Èdè
 * [English (US)](https://wordpress.org/plugins/sticklight/)
 * Àwọn àmì
 * [api](https://yor.wordpress.org/plugins/tags/api/)[authentication](https://yor.wordpress.org/plugins/tags/authentication/)
   [headless](https://yor.wordpress.org/plugins/tags/headless/)[react](https://yor.wordpress.org/plugins/tags/react/)
   [rest-api](https://yor.wordpress.org/plugins/tags/rest-api/)
 *  [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/sticklight/advanced/)

## Àwọn ìbò

Kò sí ìwádìí tí a tíì fi ránṣẹ́.

[Your review](https://wordpress.org/support/plugin/sticklight/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/sticklight/reviews/)

## Àwọn Olùkópa

 *   [ Elementor ](https://profiles.wordpress.org/elemntor/)

## Ìrànlọ́wọ́

Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́?

 [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/sticklight/)