WP Agent — Security Model

Last updated: March 13, 2026

WP Agent is designed to be safe-by-default for typical WordPress installs.

Core rule

Everything the agent can do is exposed as an ability (Abilities API).

This means:

  • Abilities can be enabled/disabled
  • Abilities can have permission checks
  • Abilities can be filtered/guarded by execution policy

Execution policy tiers

WP Agent supports tiered execution policy. The agent should prefer safer native paths first.

Tiers:

  1. wp-native (default)

    • WordPress-native operations only
    • Avoids depending on shell access

  2. restricted-shell

    • Allows shell tool usage for admins
    • Shell commands are allowlisted

  3. extended-shell

    • Optional, for advanced environments

  4. trusted

    • Power-user mode

Filters

wp-native (default)

  • WordPress-native operations only
  • Avoids depending on shell access

REST API permissions

restricted-shell

  • Allows shell tool usage for admins
  • Shell commands are allowlisted

Data storage

extended-shell

  • Optional, for advanced environments

trusted

Recommendations

  • Power-user mode

More in WP Agent

Changelog

All notable changes to this project will be documented in this file. Unreleased Added WP-native…

WP Agent — Setup

WP Agent is a WordPress-native AI agent runtime. It runs inside your site and can…

Changelog

All notable changes to this project will be documented in this file. Unreleased Added WP-native…

All WP Agent Docs
View on GitHub