Home / Security
Trust posture
The safe answer is to stay in control.
We never ask you to trust that the agent behaves well. The plugin keeps your site in control regardless: it connects nothing outward, checks every call against a scoped user, and logs the result. Here is the security model, and a refusal you can watch happen.
Nothing leaves your site.
The plugin contacts no AI provider and no external service. Your AI client connects in; the plugin never reaches out. Zero telemetry.
Zero outbound calls
The plugin contacts no AI provider and no external service of its own. Your AI client connects in; the plugin never reaches out.
No telemetry
Nothing about your site, your content, or your usage is collected or sent anywhere. There is no analytics beacon to disable.
Standards in the path
Built on the WordPress 6.9 Abilities API and the official MCP Adapter (no custom transport), so there is no custom transport of ours to trust between your client and your site.
The direction matters: your client opens the connection to WordPress, not the other way around. The plugin is a governed door, not a phone line to a third party.
Watch it refuse.
The strongest security claim is one you can see. The agent asks for the one thing the plugin will not do, and the refusal is written to the log like every other call.
An illustrative exchange. The request asks to delete the last administrator. The site refuses, and the refusal is logged, not just the successes.
Checked on every call, logged on every call.
Two mechanisms carry most of the weight: a capability check that runs before an ability executes, and a record that lands after it, denials included.
Two-layer capability gating
A connection only sees the tools its user can call, and every call re-checks that capability before it runs.
Discovery and execution are gated separately, so an agent never gets more reach than the user you bound it to, even if it asks directly.
Honest audit log
Every call is recorded, denied attempts included, with the principal and the argument keys, never the values. It lives in your own database.
Because it keeps the keys and not the values, the log stays useful for review without becoming a second copy of your sensitive content.
Extra limits, when you want them.
On top of the model above, you can add opt-in guardrails. All of them are off until you set them, so they only ever tighten access, never widen it.
- Per-minute rate limit Off by default
- IP allowlist Off by default
- Force-to-draft mode Off by default
- Title-length cap Off by default
Found something? Tell us privately.
Responsible disclosure keeps everyone safer. If you believe you have found a security issue, report it privately first so it can be fixed before it is public.
Report a vulnerability
Open a private security advisory on GitHub, or use the dedicated report page. Please do not open a public issue for a suspected vulnerability. Requires WordPress 6.9+ and PHP 8.0+.
Security you can watch, not just read about.
Install it, keep everything off, and turn on one ability at a time. Every call is scoped, every result is logged, and nothing leaves your site.
Free on WordPress.org. Public source. Nothing phoning home.