Skip to content

How We Gave Claude Direct Access to WordPress — Without Sharing a Password

Goose Digital complete
aiautomationai-agentsmarketing-automation ClaudeWordPressPHP

Overview

Most AI content workflows hit the same wall: Claude can write the content, but getting it into WordPress requires copy-pasting. Someone still has to open the CMS, navigate to the right post, paste the title, the meta description, the focus keyword, the body — then categorize and tag it correctly. The AI did the hard part and a human is doing the data entry.

We wanted to close that gap. The result is the Goose Digital Intelligent Marketing Connector — a WordPress plugin that exposes site content and SEO metadata through a secure REST API, letting Claude and other AI tools read and update WordPress directly.

No shared passwords. No user accounts for bots. No manual copy-paste step.

Approach

The plugin is built on WordPress’s native REST API framework and secured with API key authentication. Every request requires a X-Goose-API-Key header containing a 48-character key generated on plugin activation. Authentication uses hash_equals() — a timing-safe comparison that prevents attackers from measuring response times to guess keys character by character.

Eight endpoints cover the full content workflow:

  • GET /content — list posts and pages with pagination, search, and status filtering
  • GET /content/{id} — full detail on a single post including Yoast SEO fields
  • POST /content/{id}/seo — update SEO title, meta description, and focus keyphrase
  • GET /taxonomies — list all categories and tags
  • POST /content/{id}/taxonomy — update categories and tags
  • GET /taxonomies/all — discover all custom taxonomies on the site
  • POST /taxonomies/create-term — create new terms in any taxonomy
  • POST /content/{id}/custom-taxonomy — assign custom taxonomy terms

The Yoast SEO integration reads and writes directly to the underlying meta keys (_yoast_wpseo_title, _yoast_wpseo_metadesc, _yoast_wpseo_focuskw), so updates made through the API are immediately reflected in the Yoast interface and on-page output.

One design decision we spent the most time on: how should AI tools reference categories and tags? Requiring exact numeric IDs would make Claude’s job harder — it would need to look up IDs before every update. So we built flexible term resolution that accepts IDs, names, or slugs, in any mix, in the same request. Claude can say "categories": ["News", "AI"] and the plugin handles the resolution. If a term in a custom taxonomy doesn’t exist yet, the plugin auto-creates it — one less API call, one less failure mode.

Results

The plugin was built, iterated to v1.2, and run against a live 565-post site — all in a single day.

We ran the first full-scale test on goosedigital.com — our own 565-post site. The plugin was built and the entire content library was processed in a single day, with approximately two to three hours of total human time invested. Here’s what came out the other end:

  • 40 core pages SEO-optimized to keyword and page context
  • 513 blog posts re-optimized with updated titles, meta descriptions, and focus keyphrases
  • 51 posts skipped — already had current SEO titles and meta descriptions, left untouched
  • 565/565 topics updated — old taxonomy terms fully replaced with 12 new consolidated topics
  • 565/565 tags cleaned across the entire post library

That is the full content library of a real agency website — titles, descriptions, focus keywords, categories, and tags — processed and updated in a single afternoon. The work that would have taken weeks of manual CMS editing was done before lunch.

The 51 skipped posts are worth noting. The plugin doesn’t blindly overwrite — it reads existing SEO state first and the Claude workflow can make conditional decisions. Posts that already had optimized metadata were identified and left alone, which is exactly the right behaviour for a production site where some content has already been manually tuned.

The admin settings page includes a full endpoint reference and a copy-paste system prompt snippet for Claude — so anyone on the team can set up a new site integration without needing to read the plugin code.

Lessons Learned

Flexibility in inputs compounds over time. The decision to accept term names and slugs alongside IDs made every subsequent workflow easier to build. When Claude can reference a category by name, prompts are simpler, fewer things break when IDs change, and the whole system requires less scaffolding to use.

Auto-creation is worth the complexity. The term auto-create behaviour added complexity to the plugin but removed a whole class of workflow failures. AI tools encounter undefined states — a category that doesn’t exist yet, a tag that needs creating mid-session — and handling those gracefully inside the plugin is better than requiring the calling tool to handle every edge case.

Admin UX matters for non-technical users. The capability reference table and the Claude prompt snippet in the settings page were afterthoughts during development but ended up being the most-used part of the interface for onboarding new accounts. Documenting what a tool can do, inside the tool itself, is worth the extra effort.

API keys beat user accounts for AI integrations. Giving an automation tool a WordPress user account creates audit trail noise, security surface, and permission management overhead. A purpose-built API key that can be revoked instantly, scoped to exactly what the integration needs, is cleaner in every way.

What’s Next

The connector is live and handling content operations across multiple client accounts. Future iterations under consideration include webhook support (push-based updates rather than pull-based polling), bulk update endpoints, and draft/schedule publication helpers for more complete content pipeline automation.

The longer-term vision is for this plugin to serve as the WordPress-side endpoint in GD Command’s content workflow — so the full chain from content plan to AI draft to SEO optimization to WordPress publish runs as a single, auditable pipeline.