diff --git a/wp-admin/authorize-application.php b/wp-admin/authorize-application.php
index a6aac398fd..fa8d919747 100644
--- a/wp-admin/authorize-application.php
+++ b/wp-admin/authorize-application.php
@@ -88,6 +88,18 @@ if ( is_wp_error( $is_valid ) ) {
 	);
 }
 
+if ( ! empty( $_SERVER['PHP_AUTH_USER'] ) || ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
+	wp_die(
+		__( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),
+		__( 'Cannot Authorize Application' ),
+		array(
+			'response'  => 501,
+			'link_text' => __( 'Go Back' ),
+			'link_url'  => $reject_url ? add_query_arg( 'error', 'disabled', $reject_url ) : admin_url(),
+		)
+	);
+}
+
 if ( ! wp_is_application_passwords_available_for_user( $user ) ) {
 	if ( wp_is_application_passwords_available() ) {
 		$message = __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' );
diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php
index aaab1862da..bd73cd6204 100644
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@@ -874,7 +874,7 @@ function upgrade_all() {
 		upgrade_550();
 	}
 
-	if ( $wp_current_db_version < 49735 ) {
+	if ( $wp_current_db_version < 49752 ) {
 		upgrade_560();
 	}
 
@@ -2278,6 +2278,19 @@ function upgrade_560() {
 	if ( $wp_current_db_version < 49735 ) {
 		delete_transient( 'dirsize_cache' );
 	}
+
+	if ( $wp_current_db_version < 49752 ) {
+		$results = $wpdb->get_results(
+			$wpdb->prepare(
+				"SELECT 1 FROM {$wpdb->usermeta} WHERE meta_key = %s LIMIT 1",
+				WP_Application_Passwords::USERMETA_KEY_APPLICATION_PASSWORDS
+			)
+		);
+
+		if ( ! empty( $results ) ) {
+			update_site_option( WP_Application_Passwords::OPTION_KEY_IN_USE, 1 );
+		}
+	}
 }
 
 /**
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 110eee5d7f..4177288547 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -738,27 +738,34 @@ endif;
 					<?php
 				}
 			}
-			?>
-		<div class="create-application-password form-wrap">
-			<div class="form-field">
-				<label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
-				<input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
-				<p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
+
+			if ( empty( $_SERVER['PHP_AUTH_USER'] ) && empty( $_SERVER['PHP_AUTH_PW'] ) ) {
+				?>
+			<div class="create-application-password form-wrap">
+				<div class="form-field">
+					<label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
+					<input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
+					<p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
+				</div>
+
+				<?php
+				/**
+				 * Fires in the create Application Passwords form.
+				 *
+				 * @since 5.6.0
+				 *
+				 * @param WP_User $profileuser The current WP_User object.
+				 */
+				do_action( 'wp_create_application_password_form', $profileuser );
+				?>
+
+				<?php submit_button( __( 'Add New Application Password' ), 'secondary', 'do_new_application_password' ); ?>
 			</div>
-
-			<?php
-			/**
-			 * Fires in the create Application Passwords form.
-			 *
-			 * @since 5.6.0
-			 *
-			 * @param WP_User $profileuser The current WP_User object.
-			 */
-			do_action( 'wp_create_application_password_form', $profileuser );
-			?>
-
-			<?php submit_button( __( 'Add New Application Password' ), 'secondary', 'do_new_application_password' ); ?>
-		</div>
+		<?php } else { ?>
+			<div class="notice notice-error inline">
+				<p><?php _e( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ); ?></p>
+			</div>
+		<?php } ?>
 
 		<div class="application-passwords-list-table-wrapper">
 			<?php
diff --git a/wp-includes/class-wp-application-passwords.php b/wp-includes/class-wp-application-passwords.php
index df8745ecba..003b888b4c 100644
--- a/wp-includes/class-wp-application-passwords.php
+++ b/wp-includes/class-wp-application-passwords.php
@@ -22,6 +22,15 @@ class WP_Application_Passwords {
 	 */
 	const USERMETA_KEY_APPLICATION_PASSWORDS = '_application_passwords';
 
+	/**
+	 * The option name used to store whether application passwords is in use.
+	 *
+	 * @since 5.6.0
+	 *
+	 * @type string
+	 */
+	const OPTION_KEY_IN_USE = 'using_application_passwords';
+
 	/**
 	 * The generated application password length.
 	 *
@@ -31,6 +40,19 @@ class WP_Application_Passwords {
 	 */
 	const PW_LENGTH = 24;
 
+	/**
+	 * Checks if Application Passwords are being used by the site.
+	 *
+	 * This returns true if at least one App Password has ever been created.
+	 *
+	 * @since 5.6.0
+	 *
+	 * @return bool
+	 */
+	public static function is_in_use() {
+		return (bool) get_site_option( self::OPTION_KEY_IN_USE );
+	}
+
 	/**
 	 * Creates a new application password.
 	 *
@@ -67,6 +89,10 @@ class WP_Application_Passwords {
 			return new WP_Error( 'db_error', __( 'Could not save application password.' ) );
 		}
 
+		if ( ! get_site_option( self::OPTION_KEY_IN_USE ) ) {
+			update_site_option( self::OPTION_KEY_IN_USE, true );
+		}
+
 		/**
 		 * Fires when an application password is created.
 		 *
diff --git a/wp-includes/user.php b/wp-includes/user.php
index 1a5fc7f92f..822d0f0f0f 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -313,6 +313,10 @@ function wp_authenticate_application_password( $input_user, $username, $password
 		return $input_user;
 	}
 
+	if ( ! WP_Application_Passwords::is_in_use() ) {
+		return $input_user;
+	}
+
 	$is_api_request = ( ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) );
 
 	/**
diff --git a/wp-includes/version.php b/wp-includes/version.php
index f5b610fc4d..d91ff2abc0 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,14 +13,14 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.6-RC3-49753';
+$wp_version = '5.6-RC3-49754';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 49735;
+$wp_db_version = 49752;
 
 /**
  * Holds the TinyMCE version.