clarify adding external connections instructions in README, fix #837

[skorasaurus]

Description of the Change

Clarified the instructions for setting up External Connections. Existing instructions assumes use of the applications-password plugin whose functionality has been merged into WordPress core as of 5.6.
The current Add New External Connection page is also different than what is described in the readme and instructions have been updated for that (more information in #837

Closes #837

Alternate Designs

Possible Drawbacks

Maybe you want users to use the application-password plugin? Additional references to using the application-password are still in README and readme.

Verification Process

What process did you follow to verify that your change has the desired effects?

• Manually followed my new instructions on 5.8.3 websites.

Checklist:

• [ x] I have read the CONTRIBUTING document.
• My code follows the code style of this project.
• [x ] My change requires a change to the documentation.
• [x ] I have updated the documentation accordingly.
• [ na] I have added tests to cover my change.
• All new and existing tests passed.

Changelog Entry

Changed - documentation updates.

Credits

Props @skorasaurus, @jeffpaul.

[jeffpaul]

@skorasaurus thanks for getting this started, much appreciated! Things should be even more simple than what you've updated to here, so if you're able to update your PR to the non-manual connection setup to use the Remove Connection Wizard steps that would be great... thanks again!

[jeffpaul]

This and the next couple steps can generally be skipped as the "Remote Connection Wizard" helps skip many of these steps. Should essentially be (1) add label for the External Connection, (2) enter domain for the external site, (3) click Authorize Connection, (4) process acceptance from there to get to the final step of saving the new External Connection.

[skorasaurus]

I think I had a misunderstanding of how Application Passwords were being used and did not think that an Application Password.

As I understand now, an application password is now automatically generated and saved when going through the "Remote Connection Wizard" process although the user first enters their user name and their password (not an application password) when making the authorization (if the user is not already logged into that other website). At the time of making the PR, I didn't know that (application password creation) was happening behind the scene.

The message in the 'Edit External Connection' page -
"Important: We strongly recommend using the Application Passwords plugin on the site you are connecting to in order to create a unique password for this connection. This helps limit the use of your primary password and will allow you to revoke access in the future if needed." -

led me to believe that my credentials were being stored instead (of a unique application password) ; as indicated in the screenshot below

I've updated the PR using the "Remote connection Wizard" directions.

[jeffpaul]

@skorasaurus good callout on the text on the Edit External Connection page, we could/should probably remove that entire line at this point as that adds unnecessary plugins to someone's site as WordPress core now handles all that functionality. If you'd like, I'd say go ahead and strip that out as part of this PR as well if you'd like?

[jeffpaul]

Thanks @skorasaurus, much appreciated!