{"id":294968,"date":"2026-04-21T16:48:10","date_gmt":"2026-04-21T16:48:10","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/aicom-ai-commander\/"},"modified":"2026-05-14T12:45:23","modified_gmt":"2026-05-14T12:45:23","slug":"aicom","status":"publish","type":"plugin","link":"https:\/\/ky.wordpress.org\/plugins\/aicom\/","author":13647991,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"3.3.0","stable_tag":"3.3.0","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"AICOM - AI Commander","header_author":"dudaster","header_description":"Let AI agents control your site via MCP. API key auth, scope control, safety locks, audit logging and 87 tools for WP, WooCommerce, Elementor.","assets_banners_color":"024594","last_updated":"2026-05-14 12:45:23","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/aicom\/","header_author_uri":"https:\/\/profiles.wordpress.org\/dudaster\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":635,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"dudaster","date":"2026-04-21 16:48:18"},"2.0.0":{"tag":"2.0.0","author":"dudaster","date":"2026-04-21 16:49:09"},"2.0.1":{"tag":"2.0.1","author":"dudaster","date":"2026-04-23 11:50:12"},"2.0.10":{"tag":"2.0.10","author":"dudaster","date":"2026-04-27 12:27:13"},"2.0.11":{"tag":"2.0.11","author":"dudaster","date":"2026-04-28 05:28:16"},"2.0.2":{"tag":"2.0.2","author":"dudaster","date":"2026-04-23 12:31:25"},"2.0.3":{"tag":"2.0.3","author":"dudaster","date":"2026-04-23 16:12:14"},"2.0.4":{"tag":"2.0.4","author":"dudaster","date":"2026-04-23 16:20:28"},"2.0.5":{"tag":"2.0.5","author":"dudaster","date":"2026-04-23 16:28:05"},"2.0.8":{"tag":"2.0.8","author":"dudaster","date":"2026-04-27 08:39:22"},"2.0.9":{"tag":"2.0.9","author":"dudaster","date":"2026-04-27 11:10:16"},"2.1.0":{"tag":"2.1.0","author":"dudaster","date":"2026-05-04 11:56:37"},"2.1.1":{"tag":"2.1.1","author":"dudaster","date":"2026-05-04 13:19:31"},"2.2.0":{"tag":"2.2.0","author":"dudaster","date":"2026-05-05 12:01:07"},"2.3.0":{"tag":"2.3.0","author":"dudaster","date":"2026-05-09 05:38:19"},"2.4.0":{"tag":"2.4.0","author":"dudaster","date":"2026-05-09 07:46:41"},"2.7.0":{"tag":"2.7.0","author":"dudaster","date":"2026-05-09 11:37:17"},"2.9.0":{"tag":"2.9.0","author":"dudaster","date":"2026-05-09 13:54:40"},"2.9.1":{"tag":"2.9.1","author":"dudaster","date":"2026-05-10 06:46:48"},"2.9.2":{"tag":"2.9.2","author":"dudaster","date":"2026-05-10 07:28:31"},"3.1.0":{"tag":"3.1.0","author":"dudaster","date":"2026-05-10 15:13:27"},"3.2.0":{"tag":"3.2.0","author":"dudaster","date":"2026-05-11 11:05:58"},"3.3.0":{"tag":"3.3.0","author":"dudaster","date":"2026-05-14 12:45:23"}},"upgrade_notice":{"2.0.0":"

Complete rewrite. After upgrading, re-generate all API keys \u2014 the key format has changed and old keys are not valid.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3512071,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3512071,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3512071,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3512071,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","2.0.0","2.0.1","2.0.10","2.0.11","2.0.2","2.0.3","2.0.4","2.0.5","2.0.8","2.0.9","2.1.0","2.1.1","2.2.0","2.3.0","2.4.0","2.7.0","2.9.0","2.9.1","2.9.2","3.1.0","3.2.0","3.3.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3530652,"resolution":"1","location":"assets","locale":"","width":1440,"height":1136},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3530652,"resolution":"2","location":"assets","locale":"","width":1440,"height":2284},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3530652,"resolution":"3","location":"assets","locale":"","width":1440,"height":1136},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3530652,"resolution":"4","location":"assets","locale":"","width":1440,"height":1565},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3530652,"resolution":"5","location":"assets","locale":"","width":1440,"height":8635},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3530652,"resolution":"6","location":"assets","locale":"","width":1440,"height":1136}},"screenshots":{"1":"Dashboard<\/strong> \u2014 Real-time server status, MCP endpoint URL, lock state indicator, today's request count broken down by result, and list of active modules.","2":"API Keys<\/strong> \u2014 Generate keys with granular scopes (read, write, manage per module), optional IP allowlist, expiry date, and scope presets. View all keys with last-used date and status.","3":"Audit Logs<\/strong> \u2014 Full request history grouped into named sessions, with a per-day activity chart colour-coded by tool class. Filter by date, key, tool, or session. One-click session restore.","4":"Safety Controls<\/strong> \u2014 Soft Lock, Hard Lock, and Working Hours Schedule. Set which days and hours agents are allowed to operate; outside those hours the site locks automatically. Includes the full Lock Permission Matrix.","5":"Modules<\/strong> \u2014 Overview cards for all active modules (WordPress Core, Media, Users, Backup, Sessions, Accessibility, WooCommerce, Elementor, Polylang, Yoast, Clautron) with status and registered tools.","6":"Backups<\/strong> \u2014 Overview of all post and term snapshots created before AI agent edits: total count, storage used, activity by period, and auto-cleanup status. The Backup Snapshots tab lists every snapshot with its session, tool class, and a one-click restore button."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2353,232494,569,242115,23853],"plugin_category":[],"plugin_contributors":[82305],"plugin_business_model":[],"class_list":["post-294968","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-ai-agent","plugin_tags-automation","plugin_tags-mcp","plugin_tags-rest-api","plugin_contributors-dudaster","plugin_committers-dudaster"],"banners":{"banner":"https:\/\/ps.w.org\/aicom\/assets\/banner-772x250.png?rev=3512071","banner_2x":"https:\/\/ps.w.org\/aicom\/assets\/banner-1544x500.png?rev=3512071","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/aicom\/assets\/icon-128x128.png?rev=3512071","icon_2x":"https:\/\/ps.w.org\/aicom\/assets\/icon-256x256.png?rev=3512071","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-1.png?rev=3530652","caption":"Dashboard<\/strong> \u2014 Real-time server status, MCP endpoint URL, lock state indicator, today's request count broken down by result, and list of active modules."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-2.png?rev=3530652","caption":"API Keys<\/strong> \u2014 Generate keys with granular scopes (read, write, manage per module), optional IP allowlist, expiry date, and scope presets. View all keys with last-used date and status."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-3.png?rev=3530652","caption":"Audit Logs<\/strong> \u2014 Full request history grouped into named sessions, with a per-day activity chart colour-coded by tool class. Filter by date, key, tool, or session. One-click session restore."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-4.png?rev=3530652","caption":"Safety Controls<\/strong> \u2014 Soft Lock, Hard Lock, and Working Hours Schedule. Set which days and hours agents are allowed to operate; outside those hours the site locks automatically. Includes the full Lock Permission Matrix."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-5.png?rev=3530652","caption":"Modules<\/strong> \u2014 Overview cards for all active modules (WordPress Core, Media, Users, Backup, Sessions, Accessibility, WooCommerce, Elementor, Polylang, Yoast, Clautron) with status and registered tools."},{"src":"https:\/\/ps.w.org\/aicom\/assets\/screenshot-6.png?rev=3530652","caption":"Backups<\/strong> \u2014 Overview of all post and term snapshots created before AI agent edits: total count, storage used, activity by period, and auto-cleanup status. The Backup Snapshots tab lists every snapshot with its session, tool class, and a one-click restore button."}],"raw_content":"\n

AICOM - AI Commander<\/strong> connects your WordPress site to any AI agent via MCP (Model Context Protocol). Use your existing AI subscription \u2014 Claude Code, OpenAI Codex, OpenClaw, Celine, Goose, or any MCP-compatible client \u2014 to manage content, build pages, run audits, and automate repetitive tasks, all without leaving your AI interface.<\/p>\n\n

No more copy-pasting between your AI assistant and the WordPress dashboard. Describe what you want, and your agent does it \u2014 safely, with a full record of every action.<\/p>\n\n

Content Management<\/h4>\n\n

Create, update, and publish posts, pages, and custom post types directly from your AI agent. Build and duplicate Elementor pages, manage menus, upload media, update taxonomies, and handle bulk SEO fields including Yoast SEO meta, titles, and social previews<\/strong> \u2014 all in a single conversation. What used to take hours of dashboard work can be delegated to your AI in minutes.<\/p>\n\n

Safety You Control<\/h4>\n\n

AICOM puts you in charge at every level:<\/p>\n\n

    \n
  • Scope-based API keys<\/strong> \u2014 each key grants access only to the operations you explicitly allow. One key for read-only content review, another for full publishing access.<\/li>\n
  • Soft Lock \/ Hard Lock<\/strong> \u2014 freeze all write operations (Soft) or block everything except public tools (Hard) with one click from the admin bar or Safety page.<\/li>\n
  • Working Hours Schedule<\/strong> \u2014 automatically apply Soft or Hard Lock outside your configured working hours and days. Agents can't make changes at night or on weekends unless you explicitly override it.<\/li>\n
  • Dry-run mode<\/strong> \u2014 test any operation before it runs. See exactly what would change without touching live data.<\/li>\n
  • Confirm flag<\/strong> \u2014 destructive operations require an explicit \"confirm\": true<\/code> parameter. Accidental deletions are prevented by design.<\/li>\n<\/ul>\n\n

    Backup & Restore<\/h4>\n\n

    Before every significant change, your agent can snapshot the current state of a post or term. If something goes wrong, restore the exact previous version in one call. Backups are stored in the database, organised by session, and can be cleaned up automatically based on age or total size.<\/p>\n\n

    Full Audit Trail<\/h4>\n\n

    Every request is logged: timestamp, remote IP, API key label, tool used, parameters, result, and response time. Logs are grouped into named sessions<\/strong> \u2014 when an agent opens a session, all its actions are recorded together so you can review, replay, or undo an entire workflow at once. The Audit Logs page includes a session activity chart and a direct Restore button for each session.<\/p>\n\n

    Accessibility Audits \u2014 New in v3.2.0<\/h4>\n\n

    AICOM now includes a dedicated Accessibility module<\/strong> so your AI agent can audit and fix WCAG issues across your entire site \u2014 no external tools or services required:<\/p>\n\n

      \n
    • Site report<\/strong> \u2014 instantly see how many images are missing alt text across your entire media library, with a ranked preview of the top offenders and a percentage score.<\/li>\n
    • Post audit<\/strong> \u2014 scan any post or page for heading hierarchy errors (missing H1, skipped heading levels), images without alt text, and links with non-descriptive anchor text (\"click here\", \"read more\"). Each issue is rated by severity and the post receives an overall accessibility score from 0 to 100.<\/li>\n
    • Fix in place<\/strong> \u2014 set alt text on any media library image in one call. Pass an empty string to correctly mark it as decorative (aria-hidden<\/code>). Full dry-run support so you can preview changes before saving.<\/li>\n
    • Screenshot before & after<\/strong> \u2014 combine AICOM's audit tools with your AI agent's browser capabilities to capture a visual record of the page before and after remediation.<\/li>\n<\/ul>\n\n

      A typical AI-driven accessibility workflow: run the site report, get the list of problem images, let the agent analyse each image visually and write descriptive alt text, apply the fixes \u2014 then run the audit again to confirm the score improved. All in one session, with a full audit trail.<\/p>\n\n

      Supported Modules<\/h4>\n\n
        \n
      • WordPress Core<\/strong> \u2014 posts, pages, custom post types, terms, meta, options, menus, plugins<\/li>\n
      • Media<\/strong> \u2014 upload, update, delete media; direct file system access<\/li>\n
      • Users & Roles<\/strong> \u2014 create, update, manage users and role assignments<\/li>\n
      • Backup<\/strong> \u2014 per-post and per-term snapshots, session-based restore<\/li>\n
      • Sessions<\/strong> \u2014 named audit sessions with grouped action history<\/li>\n
      • Accessibility<\/strong> \u2014 site-wide alt text audit, post-level WCAG check, alt text fixes<\/li>\n
      • WooCommerce<\/strong> (optional)<\/em> \u2014 products, categories, settings<\/li>\n
      • Elementor<\/strong> (optional)<\/em> \u2014 page creation from template, widget inspection, theme builder conditions<\/li>\n
      • Polylang<\/strong> (optional)<\/em> \u2014 translations, language assignment, string management<\/li>\n
      • Yoast SEO<\/strong> (optional)<\/em> \u2014 read and write SEO titles, meta descriptions, Open Graph and Twitter card fields; bulk audit across all posts in one session<\/li>\n
      • Clautron<\/strong> (optional)<\/em> \u2014 blueprint management, capability catalog, event analytics<\/li>\n
      • ECS<\/strong> (optional)<\/em> \u2014 Ele Custom Skin color schemes, font schemes, custom looks<\/li>\n<\/ul>\n\n

        Who is this for?<\/h4>\n\n
          \n
        • Content teams<\/strong> using Claude, ChatGPT, or any AI assistant who want it to publish and update WordPress content directly<\/li>\n
        • Agencies<\/strong> managing multiple client sites and wanting AI-assisted workflows with a full paper trail<\/li>\n
        • Developers<\/strong> building AI-powered WordPress tools or automation pipelines<\/li>\n
        • Accessibility specialists<\/strong> who want to audit and remediate WCAG issues at scale with AI assistance<\/li>\n
        • Claude Code users<\/strong> \u2014 point AICOM as an MCP server from your terminal and control WordPress alongside your code<\/li>\n
        • OpenAI Codex users<\/strong> \u2014 connect Codex to your site via AICOM's MCP endpoint and let it manage content as part of your dev workflow<\/li>\n
        • OpenClaw \/ Celine \/ Goose users<\/strong> \u2014 native MCP connector, works out of the box<\/li>\n<\/ul>\n\n

          How it works<\/h4>\n\n

          AICOM exposes a secure HTTP endpoint on your WordPress site. Your AI agent sends structured MCP requests, AICOM authenticates the request, checks scopes and lock state, executes the operation, logs it, and returns a structured response.<\/p>\n\n

          AI Agent \u2192 AICOM Endpoint \u2192 WordPress\n<\/code><\/pre>\n\n
          API Key Scopes<\/h4>\n\n
          Each API key is granted specific scopes \u2014 you control exactly what each AI agent can and cannot do:<\/p>\n\n
          read.wp, `write.wp.posts`, `manage.taxonomies`, `manage.meta`, `manage.wordpress.settings`, `manage.media`, `manage.files`, `manage.users`, `manage.plugins`, `manage.backups`, `manage.a11y`, `manage.woocommerce.products`, `manage.woocommerce.settings`, `manage.elementor`, `manage.polylang`, `manage.yoast`, `manage.clautron`\n<\/code><\/pre>\n\n
          Endpoint<\/h4>\n\n
          REST API:<\/strong>\n    POST \/wp-json\/aicom\/v1\/mcp<\/p>\n\n
          Fallback<\/strong> (no mod_rewrite required):\n    POST \/?aicom=1<\/p>\n\n
          Health check:<\/strong>\n    GET \/?aicom=1<\/p>\n\n
          Authentication<\/h4>\n\n
          Authorization: Bearer aicom_XXXXXXXX_<secret>\n<\/code><\/pre>\n\n
          or:<\/p>\n\n
          X-API-Key: aicom_XXXXXXXX_<secret>\n<\/code><\/pre>\n\n
          MCP Request Example<\/h4>\n\n
          {\"jsonrpc\":\"2.0\",\"method\":\"tools\/call\",\"params\":{\"name\":\"wp.posts.list\",\"arguments\":{\"post_type\":\"post\",\"posts_per_page\":10}},\"id\":1}\n<\/code><\/pre>\n\n\n
            \n
          1. Upload the aicom<\/code> folder to \/wp-content\/plugins\/<\/code> or install directly from Plugins \u2192 Add New<\/strong> by searching for \"AICOM\"<\/li>\n
          2. Activate the plugin via Plugins \u2192 Installed Plugins<\/strong><\/li>\n
          3. Go to AICOM \u2192 API Keys<\/strong> and click Generate New Key<\/strong><\/li>\n
          4. Give the key a label (e.g. \"OpenClaw agent\") and select the scopes you want to grant<\/li>\n
          5. Copy the key immediately \u2014 it will not be shown again<\/li>\n
          6. Point your AI agent or MCP client to https:\/\/yoursite.com\/wp-json\/aicom\/v1\/mcp<\/code><\/li>\n
          7. Pass the key as Authorization: Bearer <your-key><\/code> in every request<\/li>\n<\/ol>\n\n
            Apache note:<\/strong> If the Authorization header is stripped by your server, add this line to .htaccess<\/code>:<\/p>\n\n
            SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n<\/code><\/pre>\n\n
            Safety tip:<\/strong> Start with Soft Lock<\/strong> enabled to limit the agent to read-only operations, then unlock once you're confident in the integration.<\/p>\n\n\n
            \n
            Does this plugin make my site publicly accessible to anyone?<\/h3><\/dt>\n
            No. Every request must include a valid API key. Keys are bcrypt-hashed in the database and scoped \u2014 each key only has access to the specific operations you explicitly grant it. Without a valid key, the endpoint returns 401 Unauthorized.<\/p><\/dd>\n
            Does it work without mod_rewrite or pretty permalinks?<\/h3><\/dt>\n
            Yes. The fallback endpoint \/?aicom=1<\/code> works on any server configuration, with or without pretty permalinks or Apache mod_rewrite.<\/p><\/dd>\n
            Is it compatible with WooCommerce, Elementor, and Polylang?<\/h3><\/dt>\n
            Yes. Each plugin's tools are loaded automatically only if the corresponding plugin is active. If WooCommerce is not installed, no WooCommerce tools appear in the tool list or audit log.<\/p><\/dd>\n
            Can I restrict an AI agent to read-only access?<\/h3><\/dt>\n
            Yes, in two ways: (1) assign only read.wp<\/code> scopes to the API key, or (2) enable Soft Lock<\/strong> or Hard Lock<\/strong> mode from the Safety page \u2014 this blocks write and destructive operations site-wide regardless of key scopes.<\/p><\/dd>\n
            What is the difference between Soft Lock and Hard Lock?<\/h3><\/dt>\n
            Soft Lock<\/strong> permits public<\/code>, discovery<\/code> and read<\/code> class tools only \u2014 agents can browse and read content but cannot write, delete or change settings. Hard Lock<\/strong> permits only public<\/code> tools (like server.status<\/code>) \u2014 the site is effectively frozen from an AI perspective. Hard Lock overrides Soft Lock.<\/p><\/dd>\n
            Can I test operations before they actually run?<\/h3><\/dt>\n
            Yes. Send \"dry_run\": true<\/code> in your request parameters. The operation will be validated and simulated but no data will be changed. The audit log will record it as a dry run.<\/p><\/dd>\n
            Does it log what AI agents do?<\/h3><\/dt>\n
            Yes. Every request is logged to the audit log with timestamp, remote IP, API key label, tool name, parameters, result summary, and response duration. The log is accessible from AICOM \u2192 Audit Logs<\/strong> and can be filtered by date, key, or tool name.<\/p><\/dd>\n
            What is MCP (Model Context Protocol)?<\/h3><\/dt>\n
            MCP is an open standard created by Anthropic for connecting AI models to external tools and data sources. AICOM implements the MCP standard so any MCP-compatible AI client \u2014 Claude, OpenClaw, and others \u2014 can communicate with your WordPress site natively without custom integrations.<\/p><\/dd>\n
            Is this plugin free?<\/h3><\/dt>\n
            Yes, completely free and open source under the GPL-2.0-or-later license.<\/p><\/dd>\n
            Can I restrict which IP addresses can use an API key?<\/h3><\/dt>\n
            Yes. Each API key has an optional IP allowlist. If set, requests from any other IP will be rejected even if the key is valid.<\/p><\/dd>\n\n<\/dl>\n\n\n
            3.3.0<\/h4>\n\n
              \n
            • New: OpenAPI schema endpoint \u2014 GET \/wp-json\/aicom\/v1\/schema generates a live OpenAPI 3.0 spec from all registered tools.<\/li>\n
            • New: Individual tool REST endpoints \u2014 POST \/wp-json\/aicom\/v1\/tools\/{tool.name} for ChatGPT Custom GPT Actions compatibility.<\/li>\n
            • Import the schema URL into a Custom GPT Action, set Authentication \u2192 Bearer, and ChatGPT discovers all tools automatically.<\/li>\n<\/ul>\n\n
              3.2.0<\/h4>\n\n
                \n
              • New: Accessibility module \u2014 a11y.images_missing_alt, a11y.audit_post, a11y.set_image_alt, a11y.site_report tools for AI-driven WCAG remediation.<\/li>\n<\/ul>\n\n
                3.1.0<\/h4>\n\n
                  \n
                • New: Working Hours Schedule \u2014 automatically apply Soft or Hard Lock outside configured working hours and days.<\/li>\n
                • The manual lock always takes precedence; the schedule only adds additional restrictions.<\/li>\n<\/ul>\n\n
                  3.0.0<\/h4>\n\n
                    \n
                  • New: Resource Boundaries UI \u2014 configure post type, taxonomy, meta key, WP option, file path, and language restrictions per API key directly from the edit\/create form.<\/li>\n
                  • New: Preset Rename \u2014 rename any custom preset in-place via a prompt dialog.<\/li>\n
                  • New: Preset Duplicate \u2014 clone any custom preset; the copy appears instantly in the preset grid.<\/li>\n<\/ul>\n\n
                    2.9.2<\/h4>\n\n
                      \n
                    • Fix: Toolbar lock buttons (Unlock \/ Soft Lock \/ Hard Lock) now work on frontend pages, not only in wp-admin.<\/li>\n<\/ul>\n\n
                      2.9.1<\/h4>\n\n
                        \n
                      • Improvement: Session description now shown inside the expanded session card in Audit Logs (hidden when collapsed).<\/li>\n
                      • Improvement: tools\/list response now includes an instructions field telling the agent whether a session is active, and prompting it to call session.open with both name and description before making changes.<\/li>\n
                      • Improvement: session.open tool description updated to explicitly request a meaningful name and description from the agent.<\/li>\n<\/ul>\n\n
                        2.9.0<\/h4>\n\n
                          \n
                        • New: Backups page redesigned into 3 tabs \u2014 Dashboard (total count, storage used, activity by period, auto-cleanup status), Cleanup Settings, and Backup Snapshots.<\/li>\n
                        • New: Backup Snapshots table now shows Class badge (colour-coded by tool class) and Session column with a direct link to the corresponding session in Audit Logs, including scroll-to + highlight on arrival.<\/li>\n
                        • New: Toolbar lock controls \u2014 Unlock \/ Soft Lock \/ Hard Lock buttons in the AICOM Keys dropdown; toolbar badge turns red on Hard Lock and amber on Soft Lock.<\/li>\n
                        • New: Stacked bar chart in Audit Logs Sessions tab \u2014 each bar segment is colour-coded by tool class (read\/write\/destructive\/admin_sensitive); legend shown below graph.<\/li>\n
                        • New: Clicking a graph bar navigates to that day's sessions via server-side filtering (log_date).<\/li>\n
                        • New: Class column added to session log tables in Audit Logs.<\/li>\n
                        • New: Session filter added to Audit Logs Filters tab.<\/li>\n
                        • Improvement: Cleanup Settings form redesigned \u2014 each field on its own row with description on the right; fields separated by dividers.<\/li>\n
                        • Improvement: Tab navigation on Backups and Audit Logs pages now uses consistent aicom-tab-bar \/ aicom-tab-btn styles matching API Keys page.<\/li>\n
                        • Fix: Graph bars no longer show tool classes from orphaned logs (sessions that were deleted); uses INNER JOIN to exclude them.<\/li>\n
                        • Fix: DB v4.4 \u2014 added tool_class column to wp_aicom_logs with backfill migration.<\/li>\n<\/ul>\n\n
                          2.8.0<\/h4>\n\n
                            \n
                          • New: Named sessions \u2014 agents must call session.open(name: \"...\") before making any changes; all write operations blocked until a session is opened; sessions auto-close after 2h of inactivity.<\/li>\n
                          • New: Session restore \u2014 Audit Logs \u2192 Sessions tab shows all sessions with a 30-day activity graph; click Restore to undo all backups from a session in reverse chronological order.<\/li>\n
                          • New: Backup cleanup \u2014 set a max age (days) and\/or max size (MB) for automatic backup pruning; runs daily via cron.<\/li>\n
                          • Improvement: Audit Logs split into Logs \/ Sessions \/ Filters tabs for easier navigation.<\/li>\n
                          • Fix: session_id now correctly populated in backup rows.<\/li>\n<\/ul>\n\n
                            2.7.0<\/h4>\n\n
                              \n
                            • New: API Key Lifecycle \u2014 optional expiry date (TTL) on any key; keys expire automatically via hourly cron; expired\/archived status badges in the key table.<\/li>\n
                            • New: Archive\/Unarchive \u2014 hide inactive keys from the main list without deleting them; restore with one click (unarchived keys come back as suspended).<\/li>\n
                            • New: Edit scopes \u2014 repurpose an existing key without revoking it; update scopes, IP allowlist, dry-run flag, and expiry date from a dedicated edit view.<\/li>\n
                            • New: Rotate secret inside the edit form \u2014 optionally generate a fresh API key string as part of a scope-edit, with live diff preview of permission changes.<\/li>\n
                            • New: Scope diff preview \u2014 while editing, the UI shows which scopes were added (+) and removed (\u2212) compared to the original key, in real time.<\/li>\n
                            • New: Full i18n \u2014 all admin strings wrapped for translation; POT template generated at languages\/aicom.pot.<\/li>\n<\/ul>\n\n
                              2.6.0<\/h4>\n\n
                                \n
                              • New: Save custom presets \u2014 name and save any scope selection as a reusable preset that appears alongside the system presets. Custom presets are stored in the database and can be deleted with one click.<\/li>\n<\/ul>\n\n
                                2.5.0<\/h4>\n\n
                                  \n
                                • New: Preset picker for key creation \u2014 6 system presets (Read-only, Content Assistant, Elementor Editor, WooCommerce Catalog, Site Maintenance, Full Admin) plus Custom mode to auto-select common scope bundles with one click.<\/li>\n
                                • New: Scope tree UI \u2014 scopes now grouped into 5 categories (WordPress Core, Media & Files, Users & Roles, Site Configuration, Integrations) with LOW\/MED\/HIGH\/CRITICAL risk labels on every scope.<\/li>\n
                                • New: Live search filter for scopes in the key creation form.<\/li>\n
                                • New: Collapsible scope groups \u2014 click a group header to expand\/collapse.<\/li>\n<\/ul>\n\n
                                  2.4.0<\/h4>\n\n
                                    \n
                                  • New: AICOM Keys menu in the WordPress admin bar \u2014 lists all active and suspended API keys with one-click suspend\/unsuspend via AJAX (no page reload). Shows a green badge with the count of active keys. Last item links to the full API Keys management page. Works in both wp-admin and frontend toolbar.<\/li>\n<\/ul>\n\n
                                    2.3.0<\/h4>\n\n
                                      \n
                                    • New: elementor.page.create_from_template \u2014 create a new page by cloning Elementor data from a source page or template. Copies _elementor_data, _elementor_edit_mode, and _wp_page_template in one call. Supports dry_run and returns preview URL + admin edit URL.<\/li>\n
                                    • New: wp.posts.preview_url \u2014 get a preview URL for any post or page. Returns get_preview_post_link() for drafts\/private, get_permalink() for published. Also includes admin_edit_url.<\/li>\n<\/ul>\n\n
                                      2.2.0<\/h4>\n\n
                                        \n
                                      • New: Clautron module \u2014 11 tools for blueprint and capability management (catalog.list\/install, primitives.list, blueprint.examples\/list\/validate\/create\/compile\/smoke_test, capability.meta.get\/set). Requires Clautron plugin.<\/li>\n
                                      • New: Yoast SEO module \u2014 9 tools for reading and writing Yoast SEO meta (yoast.post.get\/set, yoast.post.social.get\/set, yoast.posts.bulk_get for audits, yoast.term.get\/set, yoast.site.get). Supports free and premium. Requires Yoast SEO plugin.<\/li>\n<\/ul>\n\n
                                        2.1.1<\/h4>\n\n
                                          \n
                                        • Fix: wp.posts.create now accepts post_name (URL slug) and post_excerpt directly \u2014 no more 2-step create+update workaround.<\/li>\n
                                        • Fix: wp.posts.update now applies post_name and post_author \u2014 previously these were silently ignored despite returning updated:true.<\/li>\n
                                        • Fix: wp.posts.create defaults post_author to the user associated with the API key \u2014 prevents author=0 on REST-context requests.<\/li>\n
                                        • Fix: wp.posts.get now includes a terms map in the response, grouped by taxonomy (category, post_tag, custom taxonomies).<\/li>\n
                                        • New: wp.meta.set_many \u2014 set multiple post meta keys in one call. Accepts a meta object of key\u2192value pairs; allowlist enforced per key.<\/li>\n<\/ul>\n\n
                                          2.1.0<\/h4>\n\n
                                            \n
                                          • New: Ele Custom Skin (ECS) module \u2014 26 tools for reading and writing ECS Color Schemes, Font Schemes, Custom Looks, Custom CSS, Alt Logos, and Dynamic Repeater Builder (DRB) presets and bindings. Works with both ele-custom-skin (free) and ele-custom-skin-pro. Activate a color scheme site-wide in one call via ecs.color_schemes.activate_global.<\/li>\n<\/ul>\n\n
                                            2.0.11<\/h4>\n\n
                                              \n
                                            • Fix: wp.posts.update and wp.posts.create now support post_date parameter \u2014 previously the parameter was silently ignored and the tool returned success without changing the date. Accepts YYYY-MM-DD HH:MM:SS or ISO 8601; invalid format returns a clear error.<\/li>\n
                                            • Fix: wp.posts.update now also exposes post_excerpt in its input schema (was handled in code but not documented).<\/li>\n<\/ul>\n\n
                                              2.0.10<\/h4>\n\n
                                                \n
                                              • Fix: replaced match() expression with if\/elseif for PHP 7.4 compatibility \u2014 caused parse error on API Keys page for sites running PHP < 8.0<\/li>\n<\/ul>\n\n
                                                2.0.9<\/h4>\n\n
                                                  \n
                                                • New: Suspend\/Unsuspend for API keys \u2014 temporarily block a key without revoking it. Suspended keys return 401 automatically (auth query filters status = active). Active keys show Suspend button; suspended keys show Unsuspend + Revoke.<\/li>\n<\/ul>\n\n
                                                  2.0.8<\/h4>\n\n
                                                    \n
                                                  • New: wp.plugins.list \u2014 list all installed plugins with version, update availability, and status. Optional force_refresh=true for a live check against wordpress.org.<\/li>\n
                                                  • New: wp.plugins.update_all \u2014 update all plugins with available updates in one call (dry_run and include[] filter supported). Uses WordPress's native Plugin_Upgrader + Automatic_Upgrader_Skin, identical to background auto-updates.<\/li>\n
                                                  • New scope: manage.plugins \u2014 dedicated scope for plugin management tools, separate from manage.wordpress.settings.<\/li>\n<\/ul>\n\n
                                                    2.0.7<\/h4>\n\n
                                                      \n
                                                    • New: elementor.template.set_conditions \u2014 dedicated tool that writes _elementor_conditions meta AND rebuilds the global elementor_pro_theme_builder_conditions option, then flushes the conditions cache. Uses Elementor Pro Conditions_Manager API when available, falls back to a manual option rebuild. Fixes Theme Builder templates not attaching to pages when conditions were set via wp.meta.set + wp.options.set.<\/li>\n<\/ul>\n\n
                                                      2.0.6<\/h4>\n\n
                                                        \n
                                                      • Fix: wp.meta.set now applies wp_slash() on string values before passing to update_post_meta() \u2014 prevents backslash stripping that broke Elementor JSON stored in post meta<\/li>\n<\/ul>\n\n
                                                        2.0.5<\/h4>\n\n
                                                          \n
                                                        • Fix: pll.string.set no longer calls PLL()->model->get_language() which is null in REST API context \u2014 replaced with direct pll_languages_list() lookup<\/li>\n<\/ul>\n\n
                                                          2.0.4<\/h4>\n\n
                                                            \n
                                                          • Fix: pll.strings.list, pll.string.get, pll.string.set no longer depend on pll_get_strings() (Polylang Pro only) \u2014 now works on Polylang free via direct PLL_MO access<\/li>\n
                                                          • WordPress core strings (blogname, blogdescription, date_format, time_format) can be set per-language using wp_option parameter without Polylang Pro<\/li>\n<\/ul>\n\n
                                                            2.0.3<\/h4>\n\n
                                                              \n
                                                            • New: pll.strings.list \u2014 list all registered Polylang strings with current translations per language<\/li>\n
                                                            • New: pll.string.get \u2014 get a specific string and all its translations<\/li>\n
                                                            • New: pll.string.set \u2014 set the translation of a registered string for a specific language (supports dry-run)<\/li>\n<\/ul>\n\n
                                                              2.0.2<\/h4>\n\n
                                                                \n
                                                              • Fix: wp.menus.delete and wp.menus.items.remove now document confirm=true in their input schema \u2014 agents can now discover this requirement via tools\/list<\/li>\n
                                                              • Fix: wp.menus.items.add no longer requires url for custom type items \u2014 WordPress supports label-only menu items with an empty URL<\/li>\n<\/ul>\n\n
                                                                2.0.1<\/h4>\n\n
                                                                  \n
                                                                • Fix: pll.post.link_translation and pll.term.link_translation now preserve existing translation group members when adding a new language \u2014 previously a third language (e.g. UK) was dropped when linking two posts<\/li>\n
                                                                • Changed: link_translation tools now accept a translations map {\"lang\": id} instead of pairs, supporting any number of languages in a single call<\/li>\n<\/ul>\n\n
                                                                  2.0.0<\/h4>\n\n
                                                                    \n
                                                                  • Complete rewrite with modular, autoloaded architecture<\/li>\n
                                                                  • 87 tools across 7 modules: WP Core, Media, Users, Backup, WooCommerce, Elementor, Polylang<\/li>\n
                                                                  • Full MCP JSON-RPC 2.0 support \u2014 tools\/call<\/code> and tools\/list<\/code> methods<\/li>\n
                                                                  • Shorthand request format also supported for simpler integrations<\/li>\n
                                                                  • Scope-based access control per API key \u2014 12 granular scopes<\/li>\n
                                                                  • Hard lock \/ soft lock \/ unlocked safety modes switchable from admin<\/li>\n
                                                                  • Full audit logging: timestamp, IP, key label, tool, params, result, duration<\/li>\n
                                                                  • Dry-run mode \u2014 validate and simulate without applying changes<\/li>\n
                                                                  • Confirm flag required for all destructive operations<\/li>\n
                                                                  • IP allowlist per API key<\/li>\n
                                                                  • Backup and restore for posts and terms stored in database<\/li>\n
                                                                  • WooCommerce, Elementor, Polylang modules auto-activate when plugins present<\/li>\n
                                                                  • Fallback endpoint \/?aicom=1<\/code> for servers without mod_rewrite<\/li>\n
                                                                  • bcrypt-hashed API keys with prefix-based fast lookup<\/li>\n
                                                                  • Admin UI: Dashboard, API Keys, Audit Logs, Safety, Modules, Backups pages<\/li>\n<\/ul>","raw_excerpt":"Use your AI subscription to manage WordPress: create Elementor pages, update content, automate tasks, and stay fully in control.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/294968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=294968"}],"author":[{"embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/dudaster"}],"wp:attachment":[{"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=294968"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=294968"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=294968"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=294968"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=294968"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ky.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=294968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}