Axtolab AI Connector

Description

Axtolab AI Connector for WordPress connects your WordPress site to AI agents like Claude, ChatGPT, and any MCP-compatible tool. AI agents can safely create drafts, edit content, manage media, work with taxonomies, and integrate with Yoast SEO — all through a secure, permission-controlled gateway with Roll Back / Undo on every write.

How it works: The plugin adds a REST API gateway to your WordPress site. A lightweight MCP server runs on your local machine and translates AI tool calls into WordPress REST requests. The plugin enforces permissions, validates requests, captures every write into a Roll Back / Undo changelog, and logs actions.

Key Features

• Roll Back / Undo on every write — every AI-driven change captures a before/after snapshot. Revert any tool call with one click from the Logs & Roll Back admin page.
• Content Management — Create, edit, and manage posts, pages, and custom post types. Clone existing content as drafts. View and restore revisions. Generate shareable preview links.
• Media Library — Upload images from URL, local file, or drag-and-drop portal. Search and browse existing media. Set featured images. Insert, replace, and remove inline images.
• Stock Photos — Search and import free stock photos from Unsplash and Pexels with automatic attribution.
• Yoast SEO — Read SEO and readability scores. Update focus keyphrase, SEO title, and meta description. Preview rendered meta tags.
• Authors & Taxonomies — Assign authors from an allowlist. Create and assign categories, tags, and custom taxonomy terms.
• Per-connection privilege model — every MCP connection authenticates as a WordPress user via Application Password. The connection’s capability set determines which AI tools can be called; the user’s WP role determines which objects they can act on. Both layers must allow an action for it to succeed. The plugin never creates WordPress users — admins create the Application Password under their own (or a dedicated) WordPress profile and paste it into the connection wizard. Confirmation tokens required for publish, trash, and restore operations. Allowlist-driven content type and taxonomy controls. Rate limiting on authentication endpoints.
• Two authentication methods — Application Passwords (for Desktop AI clients) and OAuth 2.1 with PKCE (for Web AI clients like ChatGPT and Claude Web).
• Upload Portal — Drag-and-drop media uploads with time-limited tokens. No WordPress login required for the upload session.

Available MCP Tools

The connector exposes a categorized tool surface to MCP-compatible AI clients. All tools are documented and discoverable via the standard MCP tools/list JSON-RPC method.

• Search & Discovery — wp_find_content (filter + search), wp_list_content_types, wp_get_content, wp_site_info, wp_getting_started
• Content Authoring — wp_create_draft, wp_update_content, wp_publish_content, wp_clone_content, wp_get_preview_link
• Trash & Revisions — wp_trash_content, wp_restore_content, wp_list_revisions, wp_restore_revision
• Media — wp_search_media, wp_get_media, wp_update_media, wp_set_featured_image, wp_upload_media_from_url
• Inline Images (Gutenberg-aware) — wp_insert_inline_image, wp_replace_inline_image, wp_remove_inline_image
• Authors & Taxonomy — wp_list_authors, wp_assign_author, wp_list_terms, wp_create_term, wp_assign_terms
• Yoast SEO — wp_get_yoast_analysis, wp_update_yoast_metadata, wp_get_yoast_head_preview
• Stock Photos — wp_search_stock_photos, wp_import_stock_photo (Unsplash + Pexels with auto-attribution)
• Image Providers — wp_generate_image, wp_list_image_providers, wp_confirm_image with site-owner supplied provider API keys
• Upload Portal — wp_create_upload_session, wp_get_upload_session (drag-and-drop with time-limited tokens)
• Connection Introspection — wp_get_my_capabilities returns the calling connection’s capability groups, named preset (if any), and the resolved tool list — letting AI agents plan work without trial-and-error.
• Custom Post Type support — Default allowlist accepts post, page, featured_item. To accept ANY registered public post type (e.g. WooCommerce product, EDD download, custom CPTs), set the allowlist to ["*"] in MCP Gateway settings. wp_list_content_types then expands the wildcard to the live list of public types on the site.
• Audit Log — every tool call is recorded with timestamp, source, and redacted parameters
• Rate Limiting — per-IP token bucket on every authenticated endpoint

What’s Included

Axtolab AI Connector is fully featured with no limits. No publish limits, no connection caps, no feature gates.

Everything included free:

• Create, edit, publish, and schedule content with AI agents
• Unlimited connections — connect Claude, ChatGPT, and any MCP agent
• Upload and manage media (URL, local file, drag-and-drop portal)
• Search and import stock photos (Unsplash, Pexels)
• Generate images through supported providers when you configure your own provider API key
• Yoast SEO integration
• Both authentication methods (App Passwords, OAuth 2.1)
• All taxonomy and author management

The free core is feature-complete and useful on its own. Separate plugins may extend it, but no built-in feature in this WordPress.org package requires a license key.

Getting Started

1. Install and activate the plugin
2. Go to AI Connector > Connections in wp-admin
3. Click «+ Add new connection» and follow the wizard — it walks you through creating an Application Password on your WordPress profile (or on a dedicated WP user if you prefer the production-grade setup), pasting it into the connection, and choosing what that connection can do
4. Click the «Download Extension (.mcpb)» button on the setup page to grab the Claude Desktop bundle from GitHub Releases, then drag it into Claude Desktop’s Extensions panel — or connect a compatible client through MCP-over-HTTP
5. Start using your AI agent with WordPress

External Services

This plugin connects to the following external services only when the corresponding feature is configured or used. Provider API keys are supplied by the site owner. The plugin does not send telemetry or analytics to Axtolab.

Claude (Anthropic) — OAuth Callback

• Service: Anthropic’s Claude products at https://claude.ai and https://claude.com
• Type: OAuth 2.1 authorization-code callback redirect (no inbound network call from Anthropic during this step)
• Endpoints (registered redirect URIs):
  • https://claude.ai/api/mcp/auth_callback
  • https://claude.com/api/mcp/auth_callback
• When used: When a logged-in WordPress administrator authorizes a Claude AI client to connect to their WordPress site via the plugin’s OAuth 2.1 flow. The plugin’s /oauth/authorize endpoint redirects the administrator’s browser to one of these URLs after consent.
• Data sent in redirect: A one-time, short-lived OAuth authorization code plus the original state parameter. No personal data, no site content, no credentials.
• Terms: Anthropic Consumer Terms
• Privacy: Anthropic Privacy Policy

ChatGPT (OpenAI) — OAuth Callback

• Service: OpenAI’s ChatGPT custom-connector platform and OpenAI apps platform
• Type: OAuth 2.1 authorization-code callback redirect (no inbound network call from OpenAI during this step)
• Endpoints (registered redirect URIs):
  • https://chatgpt.com/connector_platform_oauth_redirect
  • https://platform.openai.com/apps-manage/oauth
• When used: When a logged-in WordPress administrator authorizes ChatGPT (or an OpenAI Apps Platform client) to connect to their WordPress site via the plugin’s OAuth 2.1 flow. The plugin’s /oauth/authorize endpoint redirects the administrator’s browser to one of these URLs after consent.
• Data sent in redirect: A one-time, short-lived OAuth authorization code plus the original state parameter. No personal data, no site content, no credentials.
• Terms: OpenAI Terms of Use
• Privacy: OpenAI Privacy Policy

GitHub Releases (Claude Desktop installer bundle download)

• Service: GitHub Releases — the Axtolab AI Connector for WordPress (Free) public repository
• Type: Static binary file download (HTTP GET, no inbound request from GitHub to the WordPress site)
• Endpoint: API host github.com, path /Axtolab/axtolab-ai-connector-for-wordpress-free/releases/latest/download/axtolab-ai-connector.mcpb (HTTPS).
• When used: When a logged-in WordPress administrator clicks the «Download Extension (.mcpb)» button on the AI Connector setup page. The administrator’s browser is redirected to GitHub Releases to fetch the file. The plugin itself does not initiate an outbound request to GitHub; the user’s browser does, when they click the link. Filterable via axtolab_ai_connector_mcpb_download_url if a site owner wants to self-host the bundle.
• Data sent: Standard HTTP browser request headers only. No WordPress site data, content, credentials, or telemetry is sent.
• Terms: GitHub Terms of Service
• Privacy: GitHub Privacy Statement

Local MCP clients (Claude Desktop, Cursor, Claude Code, VS Code)

• Service: A local AI client running on the site administrator’s own computer.
• When used: When the site administrator installs the .mcpb bundle (downloaded from GitHub Releases via the AI Connector setup page) into a local AI client such as Claude Desktop. That client then connects inbound to the site’s REST API using credentials issued during setup. The plugin does not initiate any outbound network call to these clients.
• Data sent: Only what the AI client requests through tool calls the administrator has approved. The plugin does not send unsolicited data.

Unsplash (Stock Photo Search)

• Service: Unsplash
• Endpoint: API host api.unsplash.com, path /search/photos (HTTPS).
• When used: When an AI agent searches for stock photos via the stock photo tool
• Data sent: Search query, orientation preference
• Terms: Unsplash Terms
• Privacy: Unsplash Privacy Policy

Pexels (Stock Photo Search)

• Service: Pexels
• Endpoint: API host api.pexels.com, path /v1/search (HTTPS).
• When used: When an AI agent searches for stock photos via the stock photo tool
• Data sent: Search query, orientation preference
• Terms: Pexels Terms of Service
• Privacy: Pexels Privacy Policy

Google Imagen (AI Image Generation)

• Service: Google Cloud AI
• Endpoint: API host generativelanguage.googleapis.com, path /v1beta/models/imagen-3.0-generate-002:predict (HTTPS).
• When used: When an AI agent generates images using the Google Imagen provider and the site owner has configured a Google API key
• Data sent: Text prompt, aspect ratio, safety filter level
• Terms: Google Cloud Terms
• Privacy: Google Privacy Policy

OpenAI (AI Image Generation)

• Service: OpenAI
• Endpoint: API host api.openai.com, path /v1/images/generations (HTTPS).
• When used: When an AI agent generates images using the OpenAI provider and the site owner has configured an OpenAI API key
• Data sent: Text prompt, image size, quality setting
• Terms: OpenAI Terms of Use
• Privacy: OpenAI Privacy Policy

All API keys are stored encrypted using AES-256-CBC with WordPress security salts and are only decrypted at the time of the API call.

Support

• WordPress.org plugin support forum — https://wordpress.org/support/plugin/axtolab-ai-connector/ (please use this for general questions; replies are public so the next merchant searching for the same answer can find it).
• Email support — support@axtolab.com (for license, account, or anything sensitive).
• Documentation — https://axtolab.com/docs/ai-connector
• Bug reports — use the WordPress.org support forum for public issues or email support for sensitive reports.

The same support entry points are also surfaced inside wp-admin: a «Need help?» footer on every Axtolab settings page, and «Settings · Support» / «Email support · WordPress.org forum · Docs» rows on the Plugins admin row for this plugin.