{"id":310805,"date":"2026-05-29T07:02:09","date_gmt":"2026-05-29T07:02:09","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/axtolab-ai-connector\/"},"modified":"2026-05-29T07:01:57","modified_gmt":"2026-05-29T07:01:57","slug":"axtolab-ai-connector","status":"publish","type":"plugin","link":"https:\/\/zul.wordpress.org\/plugins\/axtolab-ai-connector\/","author":23496482,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Axtolab AI Connector","header_author":"Axtolab","header_description":"Let AI agents safely read, draft, edit, and publish WordPress content. Connects Claude, ChatGPT, and AI agents via MCP. One-click .mcpb installer and OAuth web-client flow included.","assets_banners_color":"0c4247","last_updated":"2026-05-29 07:01:57","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":25,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"axtolab","date":"2026-05-29 07:01:57"}},"upgrade_notice":{"1.0.0":"<p>First public WordPress.org release. See the changelog for the full feature list.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3553042,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3553042,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3553042,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3553042,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3553042,"resolution":"1","location":"assets","locale":"","width":1440,"height":1000},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3553042,"resolution":"2","location":"assets","locale":"","width":1440,"height":1000},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3553042,"resolution":"3","location":"assets","locale":"","width":1440,"height":1000},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3553042,"resolution":"4","location":"assets","locale":"","width":1440,"height":1000},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3553042,"resolution":"5","location":"assets","locale":"","width":1440,"height":1000},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3553042,"resolution":"6","location":"assets","locale":"","width":1440,"height":1000}},"screenshots":{"1":"AI Connector setup page with desktop AI client quick connect and connection status.","2":"Logs &amp; Roll Back admin page where AI-driven writes appear for review and revert.","3":"Connection wizard \u2014 paste an Application Password and the wizard returns the wmcp1_... token to paste into the AI client's extension settings.","4":"Web client setup tab for ChatGPT, Claude Web, and MCP-compatible clients.","5":"Image Providers tab for stock-photo and AI image provider configuration.","6":"Connection capabilities tab for choosing what each AI client can do."}},"plugin_section":[],"plugin_tags":[2353,569,216196,229563,242115],"plugin_category":[],"plugin_contributors":[264883],"plugin_business_model":[],"class_list":["post-310805","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-automation","plugin_tags-chatgpt","plugin_tags-claude","plugin_tags-mcp","plugin_contributors-axtolab","plugin_committers-axtolab"],"banners":{"banner":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/banner-772x250.png?rev=3553042","banner_2x":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/banner-1544x500.png?rev=3553042","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/icon-128x128.png?rev=3553042","icon_2x":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/icon-256x256.png?rev=3553042","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/screenshot-1.png?rev=3553042","caption":"AI Connector setup page with desktop AI client quick connect and connection status."},{"src":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/screenshot-2.png?rev=3553042","caption":"Logs &amp; Roll Back admin page where AI-driven writes appear for review and revert."},{"src":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/screenshot-3.png?rev=3553042","caption":"Connection wizard \u2014 paste an Application Password and the wizard returns the wmcp1_... token to paste into the AI client's extension settings."},{"src":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/screenshot-4.png?rev=3553042","caption":"Web client setup tab for ChatGPT, Claude Web, and MCP-compatible clients."},{"src":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/screenshot-5.png?rev=3553042","caption":"Image Providers tab for stock-photo and AI image provider configuration."},{"src":"https:\/\/ps.w.org\/axtolab-ai-connector\/assets\/screenshot-6.png?rev=3553042","caption":"Connection capabilities tab for choosing what each AI client can do."}],"raw_content":"<!--section=description-->\n<p>Axtolab AI Connector for WordPress connects your WordPress site to AI agents like Claude, ChatGPT, and any MCP-compatible tool. AI agents can safely create drafts, edit content, manage media, work with taxonomies, and integrate with Yoast SEO \u2014 all through a secure, permission-controlled gateway with <strong>Roll Back \/ Undo<\/strong> on every write.<\/p>\n\n<p><strong>How it works:<\/strong> The plugin adds a REST API gateway to your WordPress site. A lightweight MCP server runs on your local machine and translates AI tool calls into WordPress REST requests. The plugin enforces permissions, validates requests, captures every write into a Roll Back \/ Undo changelog, and logs actions.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Roll Back \/ Undo on every write<\/strong> \u2014 every AI-driven change captures a before\/after snapshot. Revert any tool call with one click from the Logs &amp; Roll Back admin page.<\/li>\n<li><strong>Content Management<\/strong> \u2014 Create, edit, and manage posts, pages, and custom post types. Clone existing content as drafts. View and restore revisions. Generate shareable preview links.<\/li>\n<li><strong>Media Library<\/strong> \u2014 Upload images from URL, local file, or drag-and-drop portal. Search and browse existing media. Set featured images. Insert, replace, and remove inline images.<\/li>\n<li><strong>Stock Photos<\/strong> \u2014 Search and import free stock photos from Unsplash and Pexels with automatic attribution.<\/li>\n<li><strong>Yoast SEO<\/strong> \u2014 Read SEO and readability scores. Update focus keyphrase, SEO title, and meta description. Preview rendered meta tags.<\/li>\n<li><strong>Authors &amp; Taxonomies<\/strong> \u2014 Assign authors from an allowlist. Create and assign categories, tags, and custom taxonomy terms.<\/li>\n<li><strong>Per-connection privilege model<\/strong> \u2014 every MCP connection authenticates as a WordPress user via Application Password. The connection's capability set determines which AI tools can be called; the user's WP role determines which objects they can act on. Both layers must allow an action for it to succeed. The plugin never creates WordPress users \u2014 admins create the Application Password under their own (or a dedicated) WordPress profile and paste it into the connection wizard. Confirmation tokens required for publish, trash, and restore operations. Allowlist-driven content type and taxonomy controls. Rate limiting on authentication endpoints.<\/li>\n<li><strong>Two authentication methods<\/strong> \u2014 Application Passwords (for Desktop AI clients) and OAuth 2.1 with PKCE (for Web AI clients like ChatGPT and Claude Web).<\/li>\n<li><strong>Upload Portal<\/strong> \u2014 Drag-and-drop media uploads with time-limited tokens. No WordPress login required for the upload session.<\/li>\n<\/ul>\n\n<h4>Available MCP Tools<\/h4>\n\n<p>The connector exposes a categorized tool surface to MCP-compatible AI clients. All tools are documented and discoverable via the standard MCP <code>tools\/list<\/code> JSON-RPC method.<\/p>\n\n<ul>\n<li><strong>Search &amp; Discovery<\/strong> \u2014 <code>wp_find_content<\/code> (filter + search), <code>wp_list_content_types<\/code>, <code>wp_get_content<\/code>, <code>wp_site_info<\/code>, <code>wp_getting_started<\/code><\/li>\n<li><strong>Content Authoring<\/strong> \u2014 <code>wp_create_draft<\/code>, <code>wp_update_content<\/code>, <code>wp_publish_content<\/code>, <code>wp_clone_content<\/code>, <code>wp_get_preview_link<\/code><\/li>\n<li><strong>Trash &amp; Revisions<\/strong> \u2014 <code>wp_trash_content<\/code>, <code>wp_restore_content<\/code>, <code>wp_list_revisions<\/code>, <code>wp_restore_revision<\/code><\/li>\n<li><strong>Media<\/strong> \u2014 <code>wp_search_media<\/code>, <code>wp_get_media<\/code>, <code>wp_update_media<\/code>, <code>wp_set_featured_image<\/code>, <code>wp_upload_media_from_url<\/code><\/li>\n<li><strong>Inline Images (Gutenberg-aware)<\/strong> \u2014 <code>wp_insert_inline_image<\/code>, <code>wp_replace_inline_image<\/code>, <code>wp_remove_inline_image<\/code><\/li>\n<li><strong>Authors &amp; Taxonomy<\/strong> \u2014 <code>wp_list_authors<\/code>, <code>wp_assign_author<\/code>, <code>wp_list_terms<\/code>, <code>wp_create_term<\/code>, <code>wp_assign_terms<\/code><\/li>\n<li><strong>Yoast SEO<\/strong> \u2014 <code>wp_get_yoast_analysis<\/code>, <code>wp_update_yoast_metadata<\/code>, <code>wp_get_yoast_head_preview<\/code><\/li>\n<li><strong>Stock Photos<\/strong> \u2014 <code>wp_search_stock_photos<\/code>, <code>wp_import_stock_photo<\/code> (Unsplash + Pexels with auto-attribution)<\/li>\n<li><strong>Image Providers<\/strong> \u2014 <code>wp_generate_image<\/code>, <code>wp_list_image_providers<\/code>, <code>wp_confirm_image<\/code> with site-owner supplied provider API keys<\/li>\n<li><strong>Upload Portal<\/strong> \u2014 <code>wp_create_upload_session<\/code>, <code>wp_get_upload_session<\/code> (drag-and-drop with time-limited tokens)<\/li>\n<li><strong>Connection Introspection<\/strong> \u2014 <code>wp_get_my_capabilities<\/code> returns the calling connection's capability groups, named preset (if any), and the resolved tool list \u2014 letting AI agents plan work without trial-and-error.<\/li>\n<li><strong>Custom Post Type support<\/strong> \u2014 Default allowlist accepts <code>post<\/code>, <code>page<\/code>, <code>featured_item<\/code>. To accept ANY registered public post type (e.g. WooCommerce <code>product<\/code>, EDD <code>download<\/code>, custom CPTs), set the allowlist to <code>[\"*\"]<\/code> in MCP Gateway settings. <code>wp_list_content_types<\/code> then expands the wildcard to the live list of public types on the site.<\/li>\n<li><strong>Audit Log<\/strong> \u2014 every tool call is recorded with timestamp, source, and redacted parameters<\/li>\n<li><strong>Rate Limiting<\/strong> \u2014 per-IP token bucket on every authenticated endpoint<\/li>\n<\/ul>\n\n<h4>What's Included<\/h4>\n\n<p>Axtolab AI Connector is <strong>fully featured with no limits<\/strong>. No publish limits, no connection caps, no feature gates.<\/p>\n\n<p><strong>Everything included free:<\/strong><\/p>\n\n<ul>\n<li>Create, edit, publish, and schedule content with AI agents<\/li>\n<li>Unlimited connections \u2014 connect Claude, ChatGPT, and any MCP agent<\/li>\n<li>Upload and manage media (URL, local file, drag-and-drop portal)<\/li>\n<li>Search and import stock photos (Unsplash, Pexels)<\/li>\n<li>Generate images through supported providers when you configure your own provider API key<\/li>\n<li>Yoast SEO integration<\/li>\n<li>Both authentication methods (App Passwords, OAuth 2.1)<\/li>\n<li>All taxonomy and author management<\/li>\n<\/ul>\n\n<p>The free core is feature-complete and useful on its own. Separate plugins may extend it, but no built-in feature in this WordPress.org package requires a license key.<\/p>\n\n<h4>Getting Started<\/h4>\n\n<ol>\n<li>Install and activate the plugin<\/li>\n<li>Go to AI Connector &gt; Connections in wp-admin<\/li>\n<li>Click \"+ Add new connection\" and follow the wizard \u2014 it walks you through creating an Application Password on your WordPress profile (or on a dedicated WP user if you prefer the production-grade setup), pasting it into the connection, and choosing what that connection can do<\/li>\n<li>Click the \"Download Extension (.mcpb)\" button on the setup page to grab the Claude Desktop bundle from GitHub Releases, then drag it into Claude Desktop's Extensions panel \u2014 or connect a compatible client through MCP-over-HTTP<\/li>\n<li>Start using your AI agent with WordPress<\/li>\n<\/ol>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the following external services only when the corresponding feature is configured or used. Provider API keys are supplied by the site owner. The plugin does not send telemetry or analytics to Axtolab.<\/p>\n\n<h4>Claude (Anthropic) \u2014 OAuth Callback<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> Anthropic's Claude products at https:\/\/claude.ai and https:\/\/claude.com<\/li>\n<li><strong>Type:<\/strong> OAuth 2.1 authorization-code callback redirect (no inbound network call from Anthropic during this step)<\/li>\n<li><strong>Endpoints (registered redirect URIs):<\/strong>\n\n<ul>\n<li><code>https:\/\/claude.ai\/api\/mcp\/auth_callback<\/code><\/li>\n<li><code>https:\/\/claude.com\/api\/mcp\/auth_callback<\/code><\/li>\n<\/ul><\/li>\n<li><strong>When used:<\/strong> When a logged-in WordPress administrator authorizes a Claude AI client to connect to their WordPress site via the plugin's OAuth 2.1 flow. The plugin's <code>\/oauth\/authorize<\/code> endpoint redirects the administrator's browser to one of these URLs after consent.<\/li>\n<li><strong>Data sent in redirect:<\/strong> A one-time, short-lived OAuth authorization code plus the original <code>state<\/code> parameter. No personal data, no site content, no credentials.<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/www.anthropic.com\/legal\/consumer-terms\">Anthropic Consumer Terms<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/www.anthropic.com\/legal\/privacy\">Anthropic Privacy Policy<\/a><\/li>\n<\/ul>\n\n<h4>ChatGPT (OpenAI) \u2014 OAuth Callback<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> OpenAI's ChatGPT custom-connector platform and OpenAI apps platform<\/li>\n<li><strong>Type:<\/strong> OAuth 2.1 authorization-code callback redirect (no inbound network call from OpenAI during this step)<\/li>\n<li><strong>Endpoints (registered redirect URIs):<\/strong>\n\n<ul>\n<li><code>https:\/\/chatgpt.com\/connector_platform_oauth_redirect<\/code><\/li>\n<li><code>https:\/\/platform.openai.com\/apps-manage\/oauth<\/code><\/li>\n<\/ul><\/li>\n<li><strong>When used:<\/strong> When a logged-in WordPress administrator authorizes ChatGPT (or an OpenAI Apps Platform client) to connect to their WordPress site via the plugin's OAuth 2.1 flow. The plugin's <code>\/oauth\/authorize<\/code> endpoint redirects the administrator's browser to one of these URLs after consent.<\/li>\n<li><strong>Data sent in redirect:<\/strong> A one-time, short-lived OAuth authorization code plus the original <code>state<\/code> parameter. No personal data, no site content, no credentials.<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/openai.com\/policies\/terms-of-use\">OpenAI Terms of Use<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/openai.com\/policies\/privacy-policy\">OpenAI Privacy Policy<\/a><\/li>\n<\/ul>\n\n<h4>GitHub Releases (Claude Desktop installer bundle download)<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> GitHub Releases \u2014 the Axtolab AI Connector for WordPress (Free) public repository<\/li>\n<li><strong>Type:<\/strong> Static binary file download (HTTP GET, no inbound request from GitHub to the WordPress site)<\/li>\n<li><strong>Endpoint:<\/strong> API host <code>github.com<\/code>, path <code>\/Axtolab\/axtolab-ai-connector-for-wordpress-free\/releases\/latest\/download\/axtolab-ai-connector.mcpb<\/code> (HTTPS).<\/li>\n<li><strong>When used:<\/strong> When a logged-in WordPress administrator clicks the \"Download Extension (.mcpb)\" button on the AI Connector setup page. The administrator's browser is redirected to GitHub Releases to fetch the file. The plugin itself does not initiate an outbound request to GitHub; the user's browser does, when they click the link. Filterable via <code>axtolab_ai_connector_mcpb_download_url<\/code> if a site owner wants to self-host the bundle.<\/li>\n<li><strong>Data sent:<\/strong> Standard HTTP browser request headers only. No WordPress site data, content, credentials, or telemetry is sent.<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/docs.github.com\/en\/site-policy\/github-terms\/github-terms-of-service\">GitHub Terms of Service<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/docs.github.com\/en\/site-policy\/privacy-policies\/github-general-privacy-statement\">GitHub Privacy Statement<\/a><\/li>\n<\/ul>\n\n<h4>Local MCP clients (Claude Desktop, Cursor, Claude Code, VS Code)<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> A local AI client running on the site administrator's own computer.<\/li>\n<li><strong>When used:<\/strong> When the site administrator installs the <code>.mcpb<\/code> bundle (downloaded from GitHub Releases via the AI Connector setup page) into a local AI client such as Claude Desktop. That client then connects inbound to the site's REST API using credentials issued during setup. The plugin does not initiate any outbound network call to these clients.<\/li>\n<li><strong>Data sent:<\/strong> Only what the AI client requests through tool calls the administrator has approved. The plugin does not send unsolicited data.<\/li>\n<\/ul>\n\n<h4>Unsplash (Stock Photo Search)<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> <a href=\"https:\/\/unsplash.com\/\">Unsplash<\/a><\/li>\n<li><strong>Endpoint:<\/strong> API host <code>api.unsplash.com<\/code>, path <code>\/search\/photos<\/code> (HTTPS).<\/li>\n<li><strong>When used:<\/strong> When an AI agent searches for stock photos via the stock photo tool<\/li>\n<li><strong>Data sent:<\/strong> Search query, orientation preference<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/unsplash.com\/terms\">Unsplash Terms<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/unsplash.com\/privacy\">Unsplash Privacy Policy<\/a><\/li>\n<\/ul>\n\n<h4>Pexels (Stock Photo Search)<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> <a href=\"https:\/\/www.pexels.com\/\">Pexels<\/a><\/li>\n<li><strong>Endpoint:<\/strong> API host <code>api.pexels.com<\/code>, path <code>\/v1\/search<\/code> (HTTPS).<\/li>\n<li><strong>When used:<\/strong> When an AI agent searches for stock photos via the stock photo tool<\/li>\n<li><strong>Data sent:<\/strong> Search query, orientation preference<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/www.pexels.com\/terms-of-service\/\">Pexels Terms of Service<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/www.pexels.com\/privacy-policy\/\">Pexels Privacy Policy<\/a><\/li>\n<\/ul>\n\n<h4>Google Imagen (AI Image Generation)<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> <a href=\"https:\/\/cloud.google.com\/vertex-ai\/generative-ai\/docs\/image\/overview\">Google Cloud AI<\/a><\/li>\n<li><strong>Endpoint:<\/strong> API host <code>generativelanguage.googleapis.com<\/code>, path <code>\/v1beta\/models\/imagen-3.0-generate-002:predict<\/code> (HTTPS).<\/li>\n<li><strong>When used:<\/strong> When an AI agent generates images using the Google Imagen provider and the site owner has configured a Google API key<\/li>\n<li><strong>Data sent:<\/strong> Text prompt, aspect ratio, safety filter level<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/cloud.google.com\/terms\">Google Cloud Terms<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/policies.google.com\/privacy\">Google Privacy Policy<\/a><\/li>\n<\/ul>\n\n<h4>OpenAI (AI Image Generation)<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> <a href=\"https:\/\/openai.com\/\">OpenAI<\/a><\/li>\n<li><strong>Endpoint:<\/strong> API host <code>api.openai.com<\/code>, path <code>\/v1\/images\/generations<\/code> (HTTPS).<\/li>\n<li><strong>When used:<\/strong> When an AI agent generates images using the OpenAI provider and the site owner has configured an OpenAI API key<\/li>\n<li><strong>Data sent:<\/strong> Text prompt, image size, quality setting<\/li>\n<li><strong>Terms:<\/strong> <a href=\"https:\/\/openai.com\/policies\/terms-of-use\">OpenAI Terms of Use<\/a><\/li>\n<li><strong>Privacy:<\/strong> <a href=\"https:\/\/openai.com\/policies\/privacy-policy\">OpenAI Privacy Policy<\/a><\/li>\n<\/ul>\n\n<p>All API keys are stored encrypted using AES-256-CBC with WordPress security salts and are only decrypted at the time of the API call.<\/p>\n\n<h3>Support<\/h3>\n\n<ul>\n<li><strong>WordPress.org plugin support forum<\/strong> \u2014 https:\/\/wordpress.org\/support\/plugin\/axtolab-ai-connector\/ (please use this for general questions; replies are public so the next merchant searching for the same answer can find it).<\/li>\n<li><strong>Email support<\/strong> \u2014 support@axtolab.com (for license, account, or anything sensitive).<\/li>\n<li><strong>Documentation<\/strong> \u2014 https:\/\/axtolab.com\/docs\/ai-connector<\/li>\n<li><strong>Bug reports<\/strong> \u2014 use the WordPress.org support forum for public issues or email support for sensitive reports.<\/li>\n<\/ul>\n\n<p>The same support entry points are also surfaced inside wp-admin: a \"Need help?\" footer on every Axtolab settings page, and \"Settings \u00b7 Support\" \/ \"Email support \u00b7 WordPress.org forum \u00b7 Docs\" rows on the Plugins admin row for this plugin.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>axtolab-ai-connector<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the Plugins menu<\/li>\n<li>Go to AI Connector &gt; Connections<\/li>\n<li>Click \"+ Add new connection\" and follow the wizard<\/li>\n<\/ol>\n\n<p>The wizard walks you through creating an Application Password on your WordPress profile (or on a dedicated WP user if you prefer the production-grade setup), pasting it into the connection, and choosing what that connection can do.<\/p>\n\n<p>The plugin does not create WordPress users on activation or at any later step. Every MCP connection authenticates as a WordPress user that already exists on the site \u2014 the user creates an Application Password under their own profile (using WordPress's native UI) and then pastes that password into the connection wizard. The connection records which user it belongs to so the AI's tool calls run with that user's WordPress capabilities, layered with the per-connection capability set the admin chose in the wizard.<\/p>\n\n<h4>About the `.mcpb` Claude Desktop installer<\/h4>\n\n<p>The Claude Desktop installer bundle (<code>.mcpb<\/code>) is distributed as a GitHub Release asset rather than bundled inside this plugin's ZIP. The \"Download Extension (.mcpb)\" button in the AI Connector setup page links to the published release at GitHub; the plugin itself does not bundle, host, execute, or auto-install the file. Site administrators who choose to use Claude Desktop click the button, the browser downloads the file from GitHub, and they then drag it into Claude Desktop's Extensions panel. See the External Services section below for details.<\/p>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.2 or later<\/li>\n<li>PHP 7.4 or later<\/li>\n<\/ul>\n\n<!--section=faq-->\n<dl>\n<dt id=\"what%20ai%20agents%20does%20this%20work%20with%3F\"><h3>What AI agents does this work with?<\/h3><\/dt>\n<dd><p>Any MCP-compatible AI agent, including Claude (via Claude Desktop or Claude Code), ChatGPT (via MCP plugins), and custom agents built with the MCP SDK.<\/p><\/dd>\n<dt id=\"can%20ai%20agents%20publish%20content%20directly%3F\"><h3>Can AI agents publish content directly?<\/h3><\/dt>\n<dd><p>Yes. The AI Connector supports full content workflows including creating, editing, publishing, and scheduling content. No limits on publishing.<\/p><\/dd>\n<dt id=\"is%20my%20content%20sent%20to%20external%20services%3F\"><h3>Is my content sent to external services?<\/h3><\/dt>\n<dd><p>The plugin itself does not send your content to an Axtolab-hosted service. Content stays between your WordPress site and the MCP client\/server you choose to run. Optional stock-photo and AI-image tools connect to their configured provider APIs only when you explicitly use those tools \u2014 see the External Services section below.<\/p><\/dd>\n<dt id=\"does%20this%20work%20with%20multisite%3F\"><h3>Does this work with multisite?<\/h3><\/dt>\n<dd><p>Yes. Single-site and multisite installations are supported by the free core.<\/p><\/dd>\n<dt id=\"how%20is%20authentication%20handled%3F\"><h3>How is authentication handled?<\/h3><\/dt>\n<dd><p>The plugin supports two authentication methods: WordPress Application Passwords (for Desktop AI clients) and OAuth 2.1 with PKCE (for Web AI clients like ChatGPT and Claude Web). Each MCP connection authenticates as a WordPress user that the administrator chose during setup \u2014 either their own admin account (simple) or a dedicated WP user they created themselves (recommended for production sites). The plugin never creates WordPress users or roles. Each tool call runs with that user's WordPress capabilities, layered with the per-connection capability set (read \/ publish \/ trash \/ media \/ SEO \/ etc.) the administrator chose for the connection. Both layers must allow an action for it to succeed.<\/p><\/dd>\n<dt id=\"which%20auth%20method%20works%20for%20which%20endpoint%3F\"><h3>Which auth method works for which endpoint?<\/h3><\/dt>\n<dd><p>Each method has a specific scope. Pick the one that matches what your client needs to do:<\/p>\n\n<ul>\n<li><strong>Application Password<\/strong> (HTTP Basic Auth) \u2014 works against every plugin REST endpoint (<code>\/site-info<\/code>, <code>\/content\/*<\/code>, <code>\/media\/*<\/code>, <code>\/yoast\/*<\/code>, <code>\/abilities\/*<\/code>, etc.). This is available for custom clients and local MCP clients that need direct REST access. The connection wizard packages the username + Application Password into a single <code>wmcp1_<\/code> token you can paste into Claude Desktop \/ Claude Code without copying credentials manually.<\/li>\n<li><strong>OAuth 2.1 with PKCE<\/strong> \u2014 OAuth-issued access tokens are sent as standard <code>Authorization: Bearer &lt;token&gt;<\/code> headers and are scoped to the <strong>MCP-over-HTTP transport only<\/strong> (<code>\/wp-json\/axtolab-ai-connector\/v1\/mcp<\/code>). They do not authenticate the ordinary REST API surface. This scope split is intentional: OAuth is the path remote\/web MCP clients (ChatGPT, Claude Web) use to access the JSON-RPC tool surface, while ordinary REST is reserved for trusted local MCP servers using Application Passwords. If you need OAuth-issued credentials to call ordinary REST endpoints directly, contact support \u2014 we can extend the scope on request once your use case is documented.<\/li>\n<\/ul><\/dd>\n<dt id=\"the%20ai%20connector%20admin%20shows%20%22host-root%20.well-known%20discovery%3A%20blocked%20by%20your%20web%20server%22.%20what%20does%20this%20mean%3F\"><h3>The AI Connector admin shows \"Host-root .well-known discovery: Blocked by your web server\". What does this mean?<\/h3><\/dt>\n<dd><p>This is informational, not an error \u2014 your AI Connector is working correctly.<\/p>\n\n<p>The plugin tries to publish OAuth discovery metadata at three locations: the standard RFC 8414\/9728 paths (<code>\/.well-known\/oauth-protected-resource<\/code> and <code>\/.well-known\/oauth-authorization-server<\/code>), an issuer-relative path used by ChatGPT (<code>\/wp-json\/axtolab-ai-connector\/v1\/.well-known\/...<\/code>), and direct REST endpoints (<code>\/wp-json\/axtolab-ai-connector\/v1\/oauth\/metadata\/...<\/code>). Real-world MCP clients (Claude Desktop, ChatGPT, Claude Web) use the latter two paths and do not need the host-root paths to work.<\/p>\n\n<p>If your site is on a host where nginx sits in front of Apache or LiteSpeed (most managed WordPress hosts including SiteGround, WP Engine, Kinsta, Cloudways), nginx serves <code>\/.well-known\/*<\/code> paths directly and never forwards them to PHP. The plugin's <code>.htaccess<\/code> rewrite is therefore bypassed at the nginx layer \u2014 that's what the warning detects. MCP client connectivity is unaffected.<\/p>\n\n<p>If you do want full RFC 8414\/9728 compliance (e.g. you're integrating with strict OAuth validators), ask your host to add the following nginx configuration block \u2014 typically inserted before any catch-all <code>.well-known<\/code> location and before the <code>index.php<\/code> fallback:<\/p>\n\n<pre><code>location ~ ^\/\\.well-known\/oauth-(protected-resource|authorization-server)$ {\n    try_files $uri \/index.php$is_args$args;\n}\n<\/code><\/pre>\n\n<p>After the host applies this and reloads nginx, the warning will clear within 6 hours (or sooner if you visit the AI Connector admin page).<\/p><\/dd>\n<dt id=\"are%20claude%2C%20chatgpt%2C%20openai%2C%20and%20wordpress%20affiliated%20with%20this%20plugin%3F\"><h3>Are Claude, ChatGPT, OpenAI, and WordPress affiliated with this plugin?<\/h3><\/dt>\n<dd><p>No. Claude, ChatGPT, OpenAI, and WordPress are trademarks of their respective owners. Axtolab AI Connector is not affiliated with, endorsed by, or sponsored by Anthropic, OpenAI, or the WordPress Foundation.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<p>First public WordPress.org release.<\/p>\n\n<p>Highlights:<\/p>\n\n<ul>\n<li><strong>WordPress 7.0 QA verified.<\/strong> Tested on a real WordPress 7.0 testbed, including the Abilities API bridge, admin UI, media\/upload flows, auth methods, and deactivate\/reactivate behaviour.<\/li>\n<li><strong>Health and ping endpoints.<\/strong> <code>\/wp-json\/axtolab-ai-connector\/v1\/ping<\/code> and <code>\/health-check<\/code> report connection status and the installed plugin version.<\/li>\n<li><strong>Roll Back \/ Undo on every write.<\/strong> Every AI-driven create, update, publish, trash, or restore action captures a before\/after snapshot. Revert any change with one click from the Logs &amp; Roll Back admin page.<\/li>\n<li><strong>MCP tools<\/strong> across content authoring, media management, taxonomy, authors, Yoast SEO, stock photos, image generation, upload portal, connection introspection, and Roll Back.<\/li>\n<li><strong>Two authentication methods.<\/strong> Application Passwords (HTTP Basic) for Desktop AI clients, and OAuth 2.1 with PKCE S256 + dynamic client registration (RFC 7591) for Web AI clients on the MCP-over-HTTP transport.<\/li>\n<li><strong>Capability-group-driven tool filtering<\/strong> on the MCP transport \u2014 operators choose what AI agents on each connection are allowed to do (read, create_edit, publish, trash_restore, media_manage, taxonomy, authors, seo, image, upload_portal).<\/li>\n<li><strong>Provider-neutral SEO tools<\/strong> that auto-detect Yoast or Rank Math, with the legacy Yoast-specific tools retained for backwards compatibility.<\/li>\n<li><strong>Confirmation-token flow<\/strong> required for destructive operations (publish, trash, restore) \u2014 a single-use token must be issued before the action proceeds.<\/li>\n<li><strong>Per-connection privilege model<\/strong> \u2014 every MCP connection authenticates as a WordPress user (chosen by the administrator during setup, via the Application Password wizard); the plugin never creates WordPress users or roles. Connection capability set and the user's WordPress role layer to determine what each tool call can do.<\/li>\n<li><strong>Submission readiness pass<\/strong> \u2014 feature settings stand alone (no inline upsells), all third-party services disclosed in the External Services section, the <code>.mcpb<\/code> Claude Desktop installer is hosted as a GitHub Release asset and linked from the setup page.<\/li>\n<\/ul>","raw_excerpt":"Let AI agents read, draft, edit, and publish WordPress content safely. One-click Roll Back on every write.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/310805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=310805"}],"author":[{"embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/axtolab"}],"wp:attachment":[{"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=310805"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=310805"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=310805"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=310805"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=310805"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/zul.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=310805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}