WordPress powers roughly 43% of the public web. Version 7.0 changes what it means to manage one of those sites - AI agents can now interact with WordPress installations directly, reading content, publishing posts, and adjusting settings through a native API integration built into core.
The capability itself is straightforward: WordPress 7.0 ships with standardized support for AI agent connections, giving tools like Claude- or GPT-powered assistants a way to authenticate and operate your site programmatically. Think of it like issuing a keycard to an automated system - except this system can work continuously without human confirmation at each step.
That last part is where things get complicated.
The Access Problem
Traditional WordPress automation used plugins with tightly scoped permissions. A scheduling plugin might publish queued posts, but it couldn't change your theme, install other plugins, or modify user accounts. AI agents, depending on how permissions are configured, can potentially do all of those things in a single session.
The risk isn't that agents are malicious. It's that they're capable and obedient - they do exactly what they're instructed, including instructions that turn out to be wrong. A poorly written prompt combined with admin-level access is how you end up with an agent that helpfully deletes 400 posts because it interpreted "clean up old content" too broadly.
Most WordPress users don't change default settings, don't use two-factor authentication, and don't audit plugin permissions. Adding AI agent access to that baseline means a significant portion of WordPress sites will have agentic AI access configured with minimal oversight.
Configuring This Responsibly
The sensible approach is treating AI agent credentials the same way you'd treat admin login details: scope narrowly, log everything, and revoke access when not in use.
Practical steps:
- Create a dedicated user role for AI agents with only the specific permissions they need - publish posts in one category, not site-wide admin
- Enable activity logging to see exactly what an agent did during each session
- Review agent output before it goes live, especially for agents that modify existing content rather than just creating new content
- Treat any agent with write access as someone who needs sign-off before changes go live
WordPress building this into core rather than leaving it to third-party plugins is the right architectural decision long-term - it creates a standard interface that security researchers can audit and developers can build around consistently. Native support does not mean safe defaults, though, and most site owners won't read the documentation carefully enough to know what needs adjusting.