{"id":294968,"date":"2026-04-21T16:48:10","date_gmt":"2026-04-21T16:48:10","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/aicom-ai-commander\/"},"modified":"2026-05-10T15:13:27","modified_gmt":"2026-05-10T15:13:27","slug":"aicom","status":"publish","type":"plugin","link":"https:\/\/mlt.wordpress.org\/plugins\/aicom\/","author":13647991,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"3.1.0","stable_tag":"3.1.0","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"AICOM - AI Commander","header_author":"dudaster","header_description":"Let AI agents control your site via MCP. API key auth, scope control, safety locks, audit logging and 87 tools for WP, WooCommerce, Elementor.","assets_banners_color":"024594","last_updated":"2026-05-10 15:13:27","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/aicom\/","header_author_uri":"https:\/\/profiles.wordpress.org\/dudaster\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":507,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"dudaster","date":"2026-04-21 16:48:18"},"2.0.0":{"tag":"2.0.0","author":"dudaster","date":"2026-04-21 16:49:09"},"2.0.1":{"tag":"2.0.1","author":"dudaster","date":"2026-04-23 11:50:12"},"2.0.10":{"tag":"2.0.10","author":"dudaster","date":"2026-04-27 12:27:13"},"2.0.11":{"tag":"2.0.11","author":"dudaster","date":"2026-04-28 05:28:16"},"2.0.2":{"tag":"2.0.2","author":"dudaster","date":"2026-04-23 12:31:25"},"2.0.3":{"tag":"2.0.3","author":"dudaster","date":"2026-04-23 16:12:14"},"2.0.4":{"tag":"2.0.4","author":"dudaster","date":"2026-04-23 16:20:28"},"2.0.5":{"tag":"2.0.5","author":"dudaster","date":"2026-04-23 16:28:05"},"2.0.8":{"tag":"2.0.8","author":"dudaster","date":"2026-04-27 08:39:22"},"2.0.9":{"tag":"2.0.9","author":"dudaster","date":"2026-04-27 11:10:16"},"2.1.0":{"tag":"2.1.0","author":"dudaster","date":"2026-05-04 11:56:37"},"2.1.1":{"tag":"2.1.1","author":"dudaster","date":"2026-05-04 13:19:31"},"2.2.0":{"tag":"2.2.0","author":"dudaster","date":"2026-05-05 12:01:07"},"2.3.0":{"tag":"2.3.0","author":"dudaster","date":"2026-05-09 05:38:19"},"2.4.0":{"tag":"2.4.0","author":"dudaster","date":"2026-05-09 07:46:41"},"2.7.0":{"tag":"2.7.0","author":"dudaster","date":"2026-05-09 11:37:17"},"2.9.0":{"tag":"2.9.0","author":"dudaster","date":"2026-05-09 13:54:40"},"2.9.1":{"tag":"2.9.1","author":"dudaster","date":"2026-05-10 06:46:48"},"2.9.2":{"tag":"2.9.2","author":"dudaster","date":"2026-05-10 07:28:31"},"3.1.0":{"tag":"3.1.0","author":"dudaster","date":"2026-05-10 15:13:27"}},"upgrade_notice":{"2.0.0":"

Complete rewrite. After upgrading, re-generate all API keys \u2014 the key format has changed and old keys are not valid.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3512071,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3512071,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3512071,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3512071,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","2.0.0","2.0.1","2.0.10","2.0.11","2.0.2","2.0.3","2.0.4","2.0.5","2.0.8","2.0.9","2.1.0","2.1.1","2.2.0","2.3.0","2.4.0","2.7.0","2.9.0","2.9.1","2.9.2","3.1.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3512071,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3512071,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3512071,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3512071,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3512071,"resolution":"5","location":"assets","locale":""}},"screenshots":{"1":"Dashboard<\/strong> \u2014 Real-time server status, MCP endpoint URL, lock state indicator, today's request count broken down by result, and list of active modules with tool counts.","2":"API Keys<\/strong> \u2014 Generate new keys with a descriptive label, select granular scopes (read, write, manage per module), set an optional IP allowlist, and view all existing keys with their last-used date and status.","3":"Audit Logs<\/strong> \u2014 Full request history filterable by date range, API key, and tool name. Each row shows timestamp, IP, key label, tool called, result status, and response time in ms.","4":"Safety Controls<\/strong> \u2014 One-click Soft Lock and Hard Lock toggles with current lock status indicator. Includes the full Lock Permission Matrix showing which tool classes are allowed in each lock mode.","5":"Modules<\/strong> \u2014 Overview cards for all 7 modules (WordPress Core, Media, Users, Backup, WooCommerce, Elementor, Polylang) with active\/inactive status and tool count, followed by the complete list of all 87 registered tools with their class, required scopes, and flags."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2353,232494,569,242115,23853],"plugin_category":[],"plugin_contributors":[82305],"plugin_business_model":[],"class_list":["post-294968","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-ai-agent","plugin_tags-automation","plugin_tags-mcp","plugin_tags-rest-api","plugin_contributors-dudaster","plugin_committers-dudaster"],"banners":{"banner":"https:\/\/ps.w.org\/aicom\/assets\/banner-772x250.png?rev=3512071","banner_2x":"https:\/\/ps.w.org\/aicom\/assets\/banner-1544x500.png?rev=3512071","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/aicom\/assets\/icon-128x128.png?rev=3512071","icon_2x":"https:\/\/ps.w.org\/aicom\/assets\/icon-256x256.png?rev=3512071","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-1.png?rev=3512071","caption":"Dashboard<\/strong> \u2014 Real-time server status, MCP endpoint URL, lock state indicator, today's request count broken down by result, and list of active modules with tool counts."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-2.png?rev=3512071","caption":"API Keys<\/strong> \u2014 Generate new keys with a descriptive label, select granular scopes (read, write, manage per module), set an optional IP allowlist, and view all existing keys with their last-used date and status."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-3.png?rev=3512071","caption":"Audit Logs<\/strong> \u2014 Full request history filterable by date range, API key, and tool name. Each row shows timestamp, IP, key label, tool called, result status, and response time in ms."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-4.png?rev=3512071","caption":"Safety Controls<\/strong> \u2014 One-click Soft Lock and Hard Lock toggles with current lock status indicator. Includes the full Lock Permission Matrix showing which tool classes are allowed in each lock mode."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-5.png?rev=3512071","caption":"Modules<\/strong> \u2014 Overview cards for all 7 modules (WordPress Core, Media, Users, Backup, WooCommerce, Elementor, Polylang) with active\/inactive status and tool count, followed by the complete list of all 87 registered tools with their class, required scopes, and flags."}],"raw_content":"\n

AICOM - AI Commander<\/strong> turns your WordPress site into an MCP (Model Context Protocol) server, giving AI agents direct, structured access to your WordPress content, settings, and data.<\/p>\n\n

Control your WordPress site through Claude Code<\/strong>, OpenClaw<\/strong>, Celine<\/strong>, Goose<\/strong>, and any other MCP-compatible AI agent. No more copy-pasting between your AI assistant and WordPress. No more manual repetitive tasks. Describe what you want, and your AI agent does it.<\/p>\n\n

What can you do with AICOM?<\/h4>\n\n
    \n
  • AI-powered content creation<\/strong> \u2014 let an AI agent write, update and publish posts, pages and custom post types directly on your site<\/li>\n
  • Automate your WooCommerce store<\/strong> \u2014 update product descriptions, manage categories and read settings through an AI agent without touching the dashboard<\/li>\n
  • Manage multilingual sites<\/strong> \u2014 connect with Polylang so AI agents can create and manage translations automatically<\/li>\n
  • Control Elementor pages<\/strong> \u2014 validate and inspect Elementor-built pages programmatically<\/li>\n
  • Build AI editorial workflows<\/strong> \u2014 draft, review, schedule and publish content via AI instructions<\/li>\n
  • Bulk SEO tasks<\/strong> \u2014 update meta fields, slugs, titles and descriptions in bulk via AI<\/li>\n
  • Audit every AI action<\/strong> \u2014 full log of every request: who, what, when, from which IP, with result<\/li>\n<\/ul>\n\n

    Who is this for?<\/h4>\n\n
      \n
    • Developers<\/strong> building AI-powered WordPress tools or integrations<\/li>\n
    • Agencies<\/strong> automating client site management with AI agents<\/li>\n
    • Content teams<\/strong> using AI writing assistants and wanting direct WordPress integration<\/li>\n
    • Claude Code users<\/strong> \u2014 use AICOM as an MCP server directly from your terminal with Claude Code<\/li>\n
    • OpenClaw users<\/strong> \u2014 AICOM works with the OpenClaw AI platform as a native WordPress MCP connector<\/li>\n
    • Celine & Goose users<\/strong> \u2014 connect Celine or Goose to your WordPress site via AICOM's MCP endpoint<\/li>\n
    • Anyone<\/strong> using Claude, ChatGPT, Gemini, or other AI agents who wants them to directly control a WordPress site<\/li>\n<\/ul>\n\n

      How it works<\/h4>\n\n

      AICOM exposes a secure HTTP endpoint on your WordPress site. AI platforms and agents send structured requests using the MCP \/ Model Context Protocol standard. AICOM authenticates the request, checks permissions, executes the operation, and returns a structured response.<\/p>\n\n

      AI Agent \u2192 AICOM Endpoint \u2192 WordPress\n<\/code><\/pre>\n\n
      Features<\/h4>\n\n
        \n
      • MCP Standard<\/strong> \u2014 Full JSON-RPC 2.0 support (tools\/call<\/code>, tools\/list<\/code>), compatible with any MCP client<\/li>\n
      • 87 tools<\/strong> across 7 modules: WP Core, Media, Users, Backup, WooCommerce, Elementor, Polylang<\/li>\n
      • Security-first<\/strong> \u2014 API key authentication (bcrypt-hashed), IP allowlists, scope-based access control per key<\/li>\n
      • Lock system<\/strong> \u2014 Hard lock (read-only emergency mode), soft lock, unlocked \u2014 switchable from the WordPress admin<\/li>\n
      • Audit logging<\/strong> \u2014 Every request logged with duration, API key label, tool used, parameters and result summary<\/li>\n
      • Dry-run mode<\/strong> \u2014 Test what an operation would do without applying changes<\/li>\n
      • Confirm flag<\/strong> \u2014 Destructive operations require explicit \"confirm\": true<\/code> \u2014 prevents accidental AI mistakes<\/li>\n
      • Modular<\/strong> \u2014 WooCommerce, Elementor and Polylang tools only activate when those plugins are present<\/li>\n<\/ul>\n\n
        Available Modules & Tools<\/h4>\n\n
          \n
        • WP Core<\/strong> \u2014 server.status, wp.site.info, wp.posts.list\/get\/create\/update\/delete, wp.terms.*, wp.meta.*, wp.options.*<\/li>\n
        • Media<\/strong> \u2014 media.list, media.get, media.upload, media.update, media.delete, files.list\/read\/write<\/li>\n
        • Users<\/strong> \u2014 wp.users.list\/get\/create\/update\/delete, wp.roles.list<\/li>\n
        • Backup<\/strong> \u2014 backup.post, backup.term, backup.restore, backup.list, backup.delete, backup.purge<\/li>\n
        • WooCommerce<\/strong> (optional)<\/em> \u2014 wc.products.list\/get\/create\/update\/delete, wc.categories.*, wc.settings.get\/update<\/li>\n
        • Elementor<\/strong> (optional)<\/em> \u2014 elementor.page.validate, elementor.page.get_data, elementor.widget.*<\/li>\n
        • Polylang<\/strong> (optional)<\/em> \u2014 pll.languages.list, pll.post.translate, pll.term.translate, pll.string.*<\/li>\n<\/ul>\n\n
          API Key Scopes<\/h4>\n\n
          Each API key is granted specific scopes \u2014 you control exactly what each AI agent can and cannot do:<\/p>\n\n
          read.wp, `write.wp.posts`, `manage.taxonomies`, `manage.meta`, `manage.wordpress.settings`, `manage.media`, `manage.users`, `manage.plugins`, `manage.woocommerce.products`, `manage.woocommerce.settings`, `manage.elementor`, `manage.polylang`\n<\/code><\/pre>\n\n
          Endpoint<\/h4>\n\n
          REST API:<\/strong>\n    POST \/wp-json\/aicom\/v1\/mcp<\/p>\n\n
          Fallback<\/strong> (no mod_rewrite required):\n    POST \/?aicom=1<\/p>\n\n
          Health check:<\/strong>\n    GET \/?aicom=1<\/p>\n\n
          Authentication<\/h4>\n\n
          Authorization: Bearer aicom_XXXXXXXX_<secret>\n<\/code><\/pre>\n\n
          or:<\/p>\n\n
          X-API-Key: aicom_XXXXXXXX_<secret>\n<\/code><\/pre>\n\n
          MCP Request Example<\/h4>\n\n
          {\"jsonrpc\":\"2.0\",\"method\":\"tools\/call\",\"params\":{\"name\":\"wp.posts.list\",\"arguments\":{\"post_type\":\"post\",\"posts_per_page\":10}},\"id\":1}\n<\/code><\/pre>\n\n\n
            \n
          1. Upload the aicom<\/code> folder to \/wp-content\/plugins\/<\/code> or install directly from Plugins \u2192 Add New<\/strong> by searching for \"AICOM\"<\/li>\n
          2. Activate the plugin via Plugins \u2192 Installed Plugins<\/strong><\/li>\n
          3. Go to AICOM \u2192 API Keys<\/strong> and click Generate New Key<\/strong><\/li>\n
          4. Give the key a label (e.g. \"OpenClaw agent\") and select the scopes you want to grant<\/li>\n
          5. Copy the key immediately \u2014 it will not be shown again<\/li>\n
          6. Point your AI agent or MCP client to https:\/\/yoursite.com\/wp-json\/aicom\/v1\/mcp<\/code><\/li>\n
          7. Pass the key as Authorization: Bearer <your-key><\/code> in every request<\/li>\n<\/ol>\n\n
            Apache note:<\/strong> If the Authorization header is stripped by your server, add this line to .htaccess<\/code>:<\/p>\n\n
            SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n<\/code><\/pre>\n\n
            Safety tip:<\/strong> Start with Soft Lock<\/strong> enabled to limit the agent to read-only operations, then unlock once you're confident in the integration.<\/p>\n\n\n
            \n
            Does this plugin make my site publicly accessible to anyone?<\/h3><\/dt>\n
            No. Every request must include a valid API key. Keys are bcrypt-hashed in the database and scoped \u2014 each key only has access to the specific operations you explicitly grant it. Without a valid key, the endpoint returns 401 Unauthorized.<\/p><\/dd>\n
            Does it work without mod_rewrite or pretty permalinks?<\/h3><\/dt>\n
            Yes. The fallback endpoint \/?aicom=1<\/code> works on any server configuration, with or without pretty permalinks or Apache mod_rewrite.<\/p><\/dd>\n
            Is it compatible with WooCommerce, Elementor, and Polylang?<\/h3><\/dt>\n
            Yes. Each plugin's tools are loaded automatically only if the corresponding plugin is active. If WooCommerce is not installed, no WooCommerce tools appear in the tool list or audit log.<\/p><\/dd>\n
            Can I restrict an AI agent to read-only access?<\/h3><\/dt>\n
            Yes, in two ways: (1) assign only read.wp<\/code> scopes to the API key, or (2) enable Soft Lock<\/strong> or Hard Lock<\/strong> mode from the Safety page \u2014 this blocks write and destructive operations site-wide regardless of key scopes.<\/p><\/dd>\n
            What is the difference between Soft Lock and Hard Lock?<\/h3><\/dt>\n
            Soft Lock<\/strong> permits public<\/code>, discovery<\/code> and read<\/code> class tools only \u2014 agents can browse and read content but cannot write, delete or change settings. Hard Lock<\/strong> permits only public<\/code> tools (like server.status<\/code>) \u2014 the site is effectively frozen from an AI perspective. Hard Lock overrides Soft Lock.<\/p><\/dd>\n
            Can I test operations before they actually run?<\/h3><\/dt>\n
            Yes. Send \"dry_run\": true<\/code> in your request parameters. The operation will be validated and simulated but no data will be changed. The audit log will record it as a dry run.<\/p><\/dd>\n
            Does it log what AI agents do?<\/h3><\/dt>\n
            Yes. Every request is logged to the audit log with timestamp, remote IP, API key label, tool name, parameters, result summary, and response duration. The log is accessible from AICOM \u2192 Audit Logs<\/strong> and can be filtered by date, key, or tool name.<\/p><\/dd>\n
            What is MCP (Model Context Protocol)?<\/h3><\/dt>\n
            MCP is an open standard created by Anthropic for connecting AI models to external tools and data sources. AICOM implements the MCP standard so any MCP-compatible AI client \u2014 Claude, OpenClaw, and others \u2014 can communicate with your WordPress site natively without custom integrations.<\/p><\/dd>\n
            Is this plugin free?<\/h3><\/dt>\n
            Yes, completely free and open source under the GPL-2.0-or-later license.<\/p><\/dd>\n
            Can I restrict which IP addresses can use an API key?<\/h3><\/dt>\n
            Yes. Each API key has an optional IP allowlist. If set, requests from any other IP will be rejected even if the key is valid.<\/p><\/dd>\n\n<\/dl>\n\n\n
            3.1.0<\/h4>\n\n
              \n
            • New: Working Hours Schedule \u2014 automatically apply Soft or Hard Lock outside configured working hours and days.<\/li>\n
            • The manual lock always takes precedence; the schedule only adds additional restrictions.<\/li>\n<\/ul>\n\n
              3.0.0<\/h4>\n\n
                \n
              • New: Resource Boundaries UI \u2014 configure post type, taxonomy, meta key, WP option, file path, and language restrictions per API key directly from the edit\/create form.<\/li>\n
              • New: Preset Rename \u2014 rename any custom preset in-place via a prompt dialog.<\/li>\n
              • New: Preset Duplicate \u2014 clone any custom preset; the copy appears instantly in the preset grid.<\/li>\n<\/ul>\n\n
                2.9.2<\/h4>\n\n
                  \n
                • Fix: Toolbar lock buttons (Unlock \/ Soft Lock \/ Hard Lock) now work on frontend pages, not only in wp-admin.<\/li>\n<\/ul>\n\n
                  2.9.1<\/h4>\n\n
                    \n
                  • Improvement: Session description now shown inside the expanded session card in Audit Logs (hidden when collapsed).<\/li>\n
                  • Improvement: tools\/list response now includes an instructions field telling the agent whether a session is active, and prompting it to call session.open with both name and description before making changes.<\/li>\n
                  • Improvement: session.open tool description updated to explicitly request a meaningful name and description from the agent.<\/li>\n<\/ul>\n\n
                    2.9.0<\/h4>\n\n
                      \n
                    • New: Backups page redesigned into 3 tabs \u2014 Dashboard (total count, storage used, activity by period, auto-cleanup status), Cleanup Settings, and Backup Snapshots.<\/li>\n
                    • New: Backup Snapshots table now shows Class badge (colour-coded by tool class) and Session column with a direct link to the corresponding session in Audit Logs, including scroll-to + highlight on arrival.<\/li>\n
                    • New: Toolbar lock controls \u2014 Unlock \/ Soft Lock \/ Hard Lock buttons in the AICOM Keys dropdown; toolbar badge turns red on Hard Lock and amber on Soft Lock.<\/li>\n
                    • New: Stacked bar chart in Audit Logs Sessions tab \u2014 each bar segment is colour-coded by tool class (read\/write\/destructive\/admin_sensitive); legend shown below graph.<\/li>\n
                    • New: Clicking a graph bar navigates to that day's sessions via server-side filtering (log_date).<\/li>\n
                    • New: Class column added to session log tables in Audit Logs.<\/li>\n
                    • New: Session filter added to Audit Logs Filters tab.<\/li>\n
                    • Improvement: Cleanup Settings form redesigned \u2014 each field on its own row with description on the right; fields separated by dividers.<\/li>\n
                    • Improvement: Tab navigation on Backups and Audit Logs pages now uses consistent aicom-tab-bar \/ aicom-tab-btn styles matching API Keys page.<\/li>\n
                    • Fix: Graph bars no longer show tool classes from orphaned logs (sessions that were deleted); uses INNER JOIN to exclude them.<\/li>\n
                    • Fix: DB v4.4 \u2014 added tool_class column to wp_aicom_logs with backfill migration.<\/li>\n<\/ul>\n\n
                      2.8.0<\/h4>\n\n
                        \n
                      • New: Named sessions \u2014 agents must call session.open(name: \"...\") before making any changes; all write operations blocked until a session is opened; sessions auto-close after 2h of inactivity.<\/li>\n
                      • New: Session restore \u2014 Audit Logs \u2192 Sessions tab shows all sessions with a 30-day activity graph; click Restore to undo all backups from a session in reverse chronological order.<\/li>\n
                      • New: Backup cleanup \u2014 set a max age (days) and\/or max size (MB) for automatic backup pruning; runs daily via cron.<\/li>\n
                      • Improvement: Audit Logs split into Logs \/ Sessions \/ Filters tabs for easier navigation.<\/li>\n
                      • Fix: session_id now correctly populated in backup rows.<\/li>\n<\/ul>\n\n
                        2.7.0<\/h4>\n\n
                          \n
                        • New: API Key Lifecycle \u2014 optional expiry date (TTL) on any key; keys expire automatically via hourly cron; expired\/archived status badges in the key table.<\/li>\n
                        • New: Archive\/Unarchive \u2014 hide inactive keys from the main list without deleting them; restore with one click (unarchived keys come back as suspended).<\/li>\n
                        • New: Edit scopes \u2014 repurpose an existing key without revoking it; update scopes, IP allowlist, dry-run flag, and expiry date from a dedicated edit view.<\/li>\n
                        • New: Rotate secret inside the edit form \u2014 optionally generate a fresh API key string as part of a scope-edit, with live diff preview of permission changes.<\/li>\n
                        • New: Scope diff preview \u2014 while editing, the UI shows which scopes were added (+) and removed (\u2212) compared to the original key, in real time.<\/li>\n
                        • New: Full i18n \u2014 all admin strings wrapped for translation; POT template generated at languages\/aicom.pot.<\/li>\n<\/ul>\n\n
                          2.6.0<\/h4>\n\n
                            \n
                          • New: Save custom presets \u2014 name and save any scope selection as a reusable preset that appears alongside the system presets. Custom presets are stored in the database and can be deleted with one click.<\/li>\n<\/ul>\n\n
                            2.5.0<\/h4>\n\n
                              \n
                            • New: Preset picker for key creation \u2014 6 system presets (Read-only, Content Assistant, Elementor Editor, WooCommerce Catalog, Site Maintenance, Full Admin) plus Custom mode to auto-select common scope bundles with one click.<\/li>\n
                            • New: Scope tree UI \u2014 scopes now grouped into 5 categories (WordPress Core, Media & Files, Users & Roles, Site Configuration, Integrations) with LOW\/MED\/HIGH\/CRITICAL risk labels on every scope.<\/li>\n
                            • New: Live search filter for scopes in the key creation form.<\/li>\n
                            • New: Collapsible scope groups \u2014 click a group header to expand\/collapse.<\/li>\n<\/ul>\n\n
                              2.4.0<\/h4>\n\n
                                \n
                              • New: AICOM Keys menu in the WordPress admin bar \u2014 lists all active and suspended API keys with one-click suspend\/unsuspend via AJAX (no page reload). Shows a green badge with the count of active keys. Last item links to the full API Keys management page. Works in both wp-admin and frontend toolbar.<\/li>\n<\/ul>\n\n
                                2.3.0<\/h4>\n\n
                                  \n
                                • New: elementor.page.create_from_template \u2014 create a new page by cloning Elementor data from a source page or template. Copies _elementor_data, _elementor_edit_mode, and _wp_page_template in one call. Supports dry_run and returns preview URL + admin edit URL.<\/li>\n
                                • New: wp.posts.preview_url \u2014 get a preview URL for any post or page. Returns get_preview_post_link() for drafts\/private, get_permalink() for published. Also includes admin_edit_url.<\/li>\n<\/ul>\n\n
                                  2.2.0<\/h4>\n\n
                                    \n
                                  • New: Clautron module \u2014 11 tools for blueprint and capability management (catalog.list\/install, primitives.list, blueprint.examples\/list\/validate\/create\/compile\/smoke_test, capability.meta.get\/set). Requires Clautron plugin.<\/li>\n
                                  • New: Yoast SEO module \u2014 9 tools for reading and writing Yoast SEO meta (yoast.post.get\/set, yoast.post.social.get\/set, yoast.posts.bulk_get for audits, yoast.term.get\/set, yoast.site.get). Supports free and premium. Requires Yoast SEO plugin.<\/li>\n<\/ul>\n\n
                                    2.1.1<\/h4>\n\n
                                      \n
                                    • Fix: wp.posts.create now accepts post_name (URL slug) and post_excerpt directly \u2014 no more 2-step create+update workaround.<\/li>\n
                                    • Fix: wp.posts.update now applies post_name and post_author \u2014 previously these were silently ignored despite returning updated:true.<\/li>\n
                                    • Fix: wp.posts.create defaults post_author to the user associated with the API key \u2014 prevents author=0 on REST-context requests.<\/li>\n
                                    • Fix: wp.posts.get now includes a terms map in the response, grouped by taxonomy (category, post_tag, custom taxonomies).<\/li>\n
                                    • New: wp.meta.set_many \u2014 set multiple post meta keys in one call. Accepts a meta object of key\u2192value pairs; allowlist enforced per key.<\/li>\n<\/ul>\n\n
                                      2.1.0<\/h4>\n\n
                                        \n
                                      • New: Ele Custom Skin (ECS) module \u2014 26 tools for reading and writing ECS Color Schemes, Font Schemes, Custom Looks, Custom CSS, Alt Logos, and Dynamic Repeater Builder (DRB) presets and bindings. Works with both ele-custom-skin (free) and ele-custom-skin-pro. Activate a color scheme site-wide in one call via ecs.color_schemes.activate_global.<\/li>\n<\/ul>\n\n
                                        2.0.11<\/h4>\n\n
                                          \n
                                        • Fix: wp.posts.update and wp.posts.create now support post_date parameter \u2014 previously the parameter was silently ignored and the tool returned success without changing the date. Accepts YYYY-MM-DD HH:MM:SS or ISO 8601; invalid format returns a clear error.<\/li>\n
                                        • Fix: wp.posts.update now also exposes post_excerpt in its input schema (was handled in code but not documented).<\/li>\n<\/ul>\n\n
                                          2.0.10<\/h4>\n\n
                                            \n
                                          • Fix: replaced match() expression with if\/elseif for PHP 7.4 compatibility \u2014 caused parse error on API Keys page for sites running PHP < 8.0<\/li>\n<\/ul>\n\n
                                            2.0.9<\/h4>\n\n
                                              \n
                                            • New: Suspend\/Unsuspend for API keys \u2014 temporarily block a key without revoking it. Suspended keys return 401 automatically (auth query filters status = active). Active keys show Suspend button; suspended keys show Unsuspend + Revoke.<\/li>\n<\/ul>\n\n
                                              2.0.8<\/h4>\n\n
                                                \n
                                              • New: wp.plugins.list \u2014 list all installed plugins with version, update availability, and status. Optional force_refresh=true for a live check against wordpress.org.<\/li>\n
                                              • New: wp.plugins.update_all \u2014 update all plugins with available updates in one call (dry_run and include[] filter supported). Uses WordPress's native Plugin_Upgrader + Automatic_Upgrader_Skin, identical to background auto-updates.<\/li>\n
                                              • New scope: manage.plugins \u2014 dedicated scope for plugin management tools, separate from manage.wordpress.settings.<\/li>\n<\/ul>\n\n
                                                2.0.7<\/h4>\n\n
                                                  \n
                                                • New: elementor.template.set_conditions \u2014 dedicated tool that writes _elementor_conditions meta AND rebuilds the global elementor_pro_theme_builder_conditions option, then flushes the conditions cache. Uses Elementor Pro Conditions_Manager API when available, falls back to a manual option rebuild. Fixes Theme Builder templates not attaching to pages when conditions were set via wp.meta.set + wp.options.set.<\/li>\n<\/ul>\n\n
                                                  2.0.6<\/h4>\n\n
                                                    \n
                                                  • Fix: wp.meta.set now applies wp_slash() on string values before passing to update_post_meta() \u2014 prevents backslash stripping that broke Elementor JSON stored in post meta<\/li>\n<\/ul>\n\n
                                                    2.0.5<\/h4>\n\n
                                                      \n
                                                    • Fix: pll.string.set no longer calls PLL()->model->get_language() which is null in REST API context \u2014 replaced with direct pll_languages_list() lookup<\/li>\n<\/ul>\n\n
                                                      2.0.4<\/h4>\n\n
                                                        \n
                                                      • Fix: pll.strings.list, pll.string.get, pll.string.set no longer depend on pll_get_strings() (Polylang Pro only) \u2014 now works on Polylang free via direct PLL_MO access<\/li>\n
                                                      • WordPress core strings (blogname, blogdescription, date_format, time_format) can be set per-language using wp_option parameter without Polylang Pro<\/li>\n<\/ul>\n\n
                                                        2.0.3<\/h4>\n\n
                                                          \n
                                                        • New: pll.strings.list \u2014 list all registered Polylang strings with current translations per language<\/li>\n
                                                        • New: pll.string.get \u2014 get a specific string and all its translations<\/li>\n
                                                        • New: pll.string.set \u2014 set the translation of a registered string for a specific language (supports dry-run)<\/li>\n<\/ul>\n\n
                                                          2.0.2<\/h4>\n\n
                                                            \n
                                                          • Fix: wp.menus.delete and wp.menus.items.remove now document confirm=true in their input schema \u2014 agents can now discover this requirement via tools\/list<\/li>\n
                                                          • Fix: wp.menus.items.add no longer requires url for custom type items \u2014 WordPress supports label-only menu items with an empty URL<\/li>\n<\/ul>\n\n
                                                            2.0.1<\/h4>\n\n
                                                              \n
                                                            • Fix: pll.post.link_translation and pll.term.link_translation now preserve existing translation group members when adding a new language \u2014 previously a third language (e.g. UK) was dropped when linking two posts<\/li>\n
                                                            • Changed: link_translation tools now accept a translations map {\"lang\": id} instead of pairs, supporting any number of languages in a single call<\/li>\n<\/ul>\n\n
                                                              2.0.0<\/h4>\n\n
                                                                \n
                                                              • Complete rewrite with modular, autoloaded architecture<\/li>\n
                                                              • 87 tools across 7 modules: WP Core, Media, Users, Backup, WooCommerce, Elementor, Polylang<\/li>\n
                                                              • Full MCP JSON-RPC 2.0 support \u2014 tools\/call<\/code> and tools\/list<\/code> methods<\/li>\n
                                                              • Shorthand request format also supported for simpler integrations<\/li>\n
                                                              • Scope-based access control per API key \u2014 12 granular scopes<\/li>\n
                                                              • Hard lock \/ soft lock \/ unlocked safety modes switchable from admin<\/li>\n
                                                              • Full audit logging: timestamp, IP, key label, tool, params, result, duration<\/li>\n
                                                              • Dry-run mode \u2014 validate and simulate without applying changes<\/li>\n
                                                              • Confirm flag required for all destructive operations<\/li>\n
                                                              • IP allowlist per API key<\/li>\n
                                                              • Backup and restore for posts and terms stored in database<\/li>\n
                                                              • WooCommerce, Elementor, Polylang modules auto-activate when plugins present<\/li>\n
                                                              • Fallback endpoint \/?aicom=1<\/code> for servers without mod_rewrite<\/li>\n
                                                              • bcrypt-hashed API keys with prefix-based fast lookup<\/li>\n
                                                              • Admin UI: Dashboard, API Keys, Audit Logs, Safety, Modules, Backups pages<\/li>\n<\/ul>","raw_excerpt":"Control WordPress with Claude Code, OpenClaw, Celine, Goose and any AI agent via MCP. API key auth, scope control, safety locks, audit logging and 87  …","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/294968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=294968"}],"author":[{"embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/dudaster"}],"wp:attachment":[{"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=294968"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=294968"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=294968"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=294968"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=294968"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/mlt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=294968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}