Sticklight

Sticklight Connector provides a structured way to use the WordPress user system in external or React-based applications. The plugin extends the WordPress REST API with additional endpoints that allow authenticated clients to retrieve user context and interact with WordPress data, while fully respecting core authentication methods, roles, and capability checks. Sticklight does not replace WordPress authentication. It relies on wp_authenticate for credential validation and WordPress Application Passwords for API access, and follows standard permission checks (current_user_can) for all requests. Typical use cases

• React applications connected to a WordPress site
• Headless or hybrid WordPress setups
• Admin or user dashboards built outside wp-admin
• External tools that require authenticated access to WordPress data

Features

• Authenticates via wp_authenticate and issues Application Passwords for API access
• Adds REST endpoints for login, logout, and retrieving current user context
• Enforces WordPress capability checks on all requests
• Supports cross-origin headless setups
• Extensible via WordPress hooks and filters

1. Upload the plugin files to the /wp-content/plugins/sticklight-connector directory, or install the plugin through the WordPress plugins screen.
2. Activate the plugin through the Plugins screen in WordPress.
3. Ensure permalinks are enabled (Settings > Permalinks).

No additional configuration is required for basic usage.

1.1.0

• New: Add custom domains to WP REST API cors

1.0.0

• Initial release.