Quibodocs

getting started

Connect WordPress

Username + Application Password. Native auth, no plugins.

Quibo connects to WordPress using Application Passwords, a native feature in WordPress 5.6+. No plugin, no OAuth dance, no custom endpoint. You generate a one-purpose password from your admin profile and paste it into Quibo.

What you'll need

  • Admin (or editor) access to your WordPress site.
  • Your WordPress username (the login name, not the display name).
  • An Application Password generated for Quibo.

Generate the Application Password

  1. Sign into your WordPress admin.
  2. Go to Users → Profile (top-right avatar → Edit Profile if you're editing your own user).
  3. Scroll to the Application Passwords section near the bottom.
  4. In New Application Password Name type Quibo → click Add New Application Password.
  5. Copy the 24-character password that appears (format xxxx xxxx xxxx xxxx xxxx xxxx). It's only shown once. You can leave the spaces — WordPress strips them when checking.

Plug it into Quibo

From Sites → New pick WordPress and paste:

  • Site name (e.g. Acme Blog)
  • Site URL — your WordPress site URL (https required)
  • WordPress username
  • Application Password

Click Connect site. We test the credentials immediately, encrypt them, and start learning your brand voice.

Auto-discovery

After connecting, Quibo probes the WordPress REST API to discover:

  • Post fields — from OPTIONS /wp-json/wp/v2/posts. Used to know which fields your install accepts.
  • Custom post types — in case you publish to something other than post.
  • Editorial users — from GET /wp-json/wp/v2/users. Powers the Default author dropdown so you can pick which user appears as the byline on Quibo-generated posts (admin, editor, author, contributor — anyone with edit_posts capability).

Open Sites → your siteBrand profile → pick the Default author. Every article Quibo publishes will be attributed to that user.

What if Application Passwords are disabled?

Some hosts (or the iThemes Security plugin) disable Application Passwords by default. Symptoms:

  • Quibo's connect step returns 401 Unauthorized.
  • The Application Passwords section doesn't appear in your Profile.

Ask your host or admin to re-enable Application Passwords — most hosts have a one-line fix in functions.php:

add_filter( 'wp_is_application_passwords_available', '__return_true' );

…or via a small must-use plugin. Once enabled, regenerate and reconnect.

If your site is behind aggressive bot protection (Cloudflare Bot Fight Mode, custom WAF rules), make sure POST/GET requests to /wp-json/wp/v2/* from external services are allowed.

What we publish

When an article ships to your WordPress, we send:

  • Title, slug, excerpt (used as the meta description fallback)
  • Content rendered as native Gutenberg blocks
  • The cover image, uploaded to your media library first with proper alt text and set as the featured image
  • Yoast SEO meta title and description (in meta._yoast_wpseo_title / meta._yoast_wpseo_metadesc)
  • The chosen Default author (numeric author field)
  • Structured data so search engines see Article + FAQ rich results

We never delete or modify other posts. We don't touch user accounts. We don't write to site options.

Test the connection

After connecting, go to Sites → your site and click Test connection — we make a quick check that the credential still has write access.

Security

  • The Application Password is encrypted at rest with industry-standard encryption.
  • It's never returned to the browser, never logged, never sent to a third party.
  • Revoke any time from Users → Profile → Application Passwords → Revoke.
  • Application Passwords cannot create users, install plugins, or change site settings — they're scoped to the user's existing capabilities.