WordPress.org
Get WordPress
WordPress.org

Plugin Directory

BotCreds Agent Access

BotCreds Agent Access

By Joe Boydston
Download

Description

BotCreds Agent Access gives your AI agent, MCP client, or automation tool a secure, scoped credential to interact with your site — no code required.

Whether you’re connecting Claude, ChatGPT, a custom MCP server, or an OpenClaw agent, BotCreds gives you a one-click setup wizard that generates a properly scoped WordPress Application Password and logs every action the agent takes.

Why BotCreds?

Most AI agent setups require digging into wp-config, creating users manually, or sharing admin credentials. BotCreds removes all of that. Install, click, copy, paste — your agent is connected in under a minute.

Features:

  • One-click connection setup under Settings BotCreds
  • Generates a secure, scoped Application Password for your AI agent or MCP client
  • Works with any agent that supports the WordPress REST API: Claude, ChatGPT, OpenClaw, n8n, Zapier, custom MCP servers, and more
  • User-level and site-level logging of agent actions — see exactly what your agent did and when
  • Displays credentials in ready-to-paste format (table and JSON)
  • Shows connection status, creation date, and last used date
  • One-click revoke with confirmation
  • Clean, modern admin UI using native WordPress styles
  • Proper security: nonces, capability checks, password shown only once

Compatibility:

  • Works with the Model Context Protocol (MCP)
  • Compatible with all major AI agent frameworks
  • No third-party services or accounts required — everything stays on your site

Installation

  1. Upload the botcreds-agent-access folder to /wp-content/plugins/.
  2. Activate the plugin through the “Plugins” menu in WordPress.
  3. Go to Settings BotCreds.
  4. Click “Connect Agent” to generate your credentials.
  5. Copy the credentials and paste them into your agent’s config.

FAQ

What is an Application Password?

Application Passwords are a built-in WordPress feature (since 5.6) that let external tools authenticate against the REST API without using your main account password. They can be revoked at any time without affecting your login.

What agents and tools does this work with?

Any tool that supports HTTP Basic Auth against the WordPress REST API. This includes Claude (via MCP), ChatGPT plugins, OpenClaw, n8n, Zapier, Make, custom Python scripts, and more.

What is MCP?

The Model Context Protocol (MCP) is an open standard for connecting AI agents to external tools and data sources. BotCreds makes it easy to connect an MCP client to your site.

Is the password stored anywhere?

The plain-text password is shown once when created. WordPress stores only a hash, so the password cannot be retrieved later. If you lose it, revoke the old one and create a new connection.

Can I have multiple agent connections?

BotCreds manages one Application Password per user. Revoke the existing one before creating a new connection, or create additional passwords directly in your WordPress profile.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“BotCreds Agent Access” is open source software. The following people have contributed to this plugin.

Contributors

Translate “BotCreds Agent Access” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

2.1.0

  • Rebranded internals from ClawPress to BotCreds Agent Access throughout.
  • New: Activity log — tracks agent actions (app password create, revoke, REST API use) per user and site-wide.
  • New: WP.com MCP support — detects and logs Jetpack/WP.com MCP connections.
  • Security: replaced %i placeholder with esc_sql() for WP 5.6 compatibility.
  • Fixed: DirectQuery and NoCaching PHPCS warnings in database calls.
  • Fixed: Cache busting after agent credential changes.

2.0.3

  • Fixed text domain mismatch in all includes (botcreds-agent-access).
  • Trimmed tags to 5 for directory compliance.

2.0.2

  • Renamed to BotCreds Agent Access.
  • Updated text domain to botcreds-agent-access.

2.0.1

  • Renamed to Botcred Application Passwords for clarity and directory compliance.
  • Updated text domain to botcred-application-passwords.

2.0.0

  • Rebranded and relaunched as BotCreds Agent Access.
  • Removed provisioner and theme-bridge (available as separate add-ons).
  • Security hardening (escaping, nonces, input validation).
  • Added object caching for content stats.
  • Updated all namespaces, hooks, and REST routes.

1.1.0

  • New: @mentions in comments — type @username to mention any site user.
  • New: Mentioned users receive email notifications automatically.
  • New: Mentions render as styled links in comment display.
  • New: agent_access_user_mentioned action hook for integrations.
  • New: agent_access_send_mention_notification filter to control notifications.

1.0.0

  • Initial release.
  • Create and revoke agent Application Passwords.
  • Connection status display with creation and last-used dates.
  • Copy-to-clipboard support for credentials.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum