Sorry, you are not allowed to create posts as this user. Wordpress 6.4.3

Describe the problem/error/question

I cannot post anything in WordPress. I’m running the version 6.4.3. This is my .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

What is the error message (if any)?

Sorry, you are not allowed to create posts as this user.

Please share your workflow

Share the output returned by the last node

Information on your n8n setup

  • n8n version: N8N Cloud
  • Database (default: SQLite): N8N Cloud
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app): N8N Cloud
  • Operating system: N8N Cloud

Hey! Did you set up an Application Password? You won’t be able to use your regular user credentials. I remember running into exactly the same issue back when I had to set this up myself :slight_smile:

Hi @bartv, we got the credentials from the Application Manager. We created two and none of them is working :/. The result is the same, that’s why we modified the .htaccess without results also.

What is the ‘Application Manager’? Did you follow the steps in the documentation I linked to? You should see this ‘Application Passwords’ section in the user profile of the user:

Indeed, it’s created like this:

Sorry because it’s in Spanish, but it’s the same. Contraseñas de aplicación means Application Passwords.

Great! And just to be sure, this user has a role that has editing permissions in WordPress? Something like this?


We are testing in a fresh WordPress. The admin user is the one who created the Application Password. We even created two WordPress with the same results. Also, I’m not sure if you can add any configuration to the application password, or am I wrong? Thanks.

No, the application password has the same permissions as the user it’s attached to.

Here are a few things you can try:

  • See below for a workflow that works for me, I wonder if yours fails because your initial post doesn’t contain any body content?
  • Perhaps I’m stating the obvious, but make sure you’re using the application password and not the normal password for this account.
  • Try creating a non-admin account with Editor access and set up an application password for them
  • If all that fails, I’d recommend trying to access the API with these credentials outside of n8n and seeing if this works.

I built a Python script and used the same configuration and the error is exactly the same. Using the script, I’m sure I’m using the Application Password. I’m wondering what I should modify since it’s quite odd, I have tried two WordPress instances, and modified the .htconfig and the result is the same.

Python example:

import requests
import json

# WordPress REST API endpoint for creating a post
url = 'https://MY_WORDPRESS_URL/wp-json/wp/v2/posts'

# Application password credentials
username = 'N8N'
password = 'MY_PASSWORD'

# Content of the post
post_data = {
    'title': 'Your Post Title',
    'content': 'Your post content here.',
    'status': 'publish'  # Set to 'draft' if you want to save it as a draft

# Headers
headers = {
    'Content-Type': 'application/json'

# Authentication
auth = (username, password)

# Send POST request to create the post
response =, headers=headers, auth=auth, data=json.dumps(post_data))

# Check if the request was successful
if response.status_code == 201:
        response_json = response.json()
        print('Post created successfully!')
        print('Post ID:', response_json['id'])
    except json.decoder.JSONDecodeError:
        print('Response is not in JSON format.')
        print('Response content:', response.content)
    print('Failed to create post. Status code:', response.status_code)
    print('Error message:', response.content)

It seems your request reaches the API, so I’m pretty sure your .htaccess files are in order. Did you try creating a separate user with only Editor access, not admin?

I created an editor user as suggested with its Application Password and the result is the same:

Error message: b’{“code”:“rest_cannot_create”,“message”:“Sorry, you are not allowed to create posts as this user.”,“data”:{“status”:401}}’

1 Like

Looking online a few people have suggested updating the .htaccess, The downside here is while we know the n8n application configuring Wordpress and Apache is outside of our scope so you may need to reach out to the Wordpress communiyt.

From what I can see though the examples provided don’t include the line that contains REMOTE_USER so I would remove that line and see if it helps.

1 Like

Any hints, Jon? I heard that could be related to the cache, but I don’t know how to check it.