Title: AICOM – AI Commander
Author: dudaster
Published: 21 april 2026
Last modified: 10 mei 2026
---
Plugins zoeken
# AICOM – AI Commander
Door [dudaster](https://profiles.wordpress.org/dudaster/)
[Download](https://downloads.wordpress.org/plugin/aicom.3.1.0.zip)
* [Details](https://nl.wordpress.org/plugins/aicom/#description)
* [Beoordelingen](https://nl.wordpress.org/plugins/aicom/#reviews)
* [Installatie](https://nl.wordpress.org/plugins/aicom/#installation)
* [Ontwikkeling](https://nl.wordpress.org/plugins/aicom/#developers)
[Ondersteuning](https://wordpress.org/support/plugin/aicom/)
## Beschrijving
**AICOM – AI Commander** turns your WordPress site into an MCP (Model Context Protocol)
server, giving AI agents direct, structured access to your WordPress content, settings,
and data.
Control your WordPress site through **Claude Code**, **OpenClaw**, **Celine**, **
Goose**, and any other MCP-compatible AI agent. No more copy-pasting between your
AI assistant and WordPress. No more manual repetitive tasks. Describe what you want,
and your AI agent does it.
#### What can you do with AICOM?
* **AI-powered content creation** — let an AI agent write, update and publish posts,
pages and custom post types directly on your site
* **Automate your WooCommerce store** — update product descriptions, manage categories
and read settings through an AI agent without touching the dashboard
* **Manage multilingual sites** — connect with Polylang so AI agents can create
and manage translations automatically
* **Control Elementor pages** — validate and inspect Elementor-built pages programmatically
* **Build AI editorial workflows** — draft, review, schedule and publish content
via AI instructions
* **Bulk SEO tasks** — update meta fields, slugs, titles and descriptions in bulk
via AI
* **Audit every AI action** — full log of every request: who, what, when, from
which IP, with result
#### Who is this for?
* **Developers** building AI-powered WordPress tools or integrations
* **Agencies** automating client site management with AI agents
* **Content teams** using AI writing assistants and wanting direct WordPress integration
* **Claude Code users** — use AICOM as an MCP server directly from your terminal
with Claude Code
* **OpenClaw users** — AICOM works with the OpenClaw AI platform as a native WordPress
MCP connector
* **Celine & Goose users** — connect Celine or Goose to your WordPress site via
AICOM’s MCP endpoint
* **Anyone** using Claude, ChatGPT, Gemini, or other AI agents who wants them to
directly control a WordPress site
#### How it works
AICOM exposes a secure HTTP endpoint on your WordPress site. AI platforms and agents
send structured requests using the MCP / Model Context Protocol standard. AICOM
authenticates the request, checks permissions, executes the operation, and returns
a structured response.
```
AI Agent AICOM Endpoint WordPress
```
#### Features
* **MCP Standard** — Full JSON-RPC 2.0 support (`tools/call`, `tools/list`), compatible
with any MCP client
* **87 tools** across 7 modules: WP Core, Media, Users, Backup, WooCommerce, Elementor,
Polylang
* **Security-first** — API key authentication (bcrypt-hashed), IP allowlists, scope-
based access control per key
* **Lock system** — Hard lock (read-only emergency mode), soft lock, unlocked —
switchable from the WordPress admin
* **Audit logging** — Every request logged with duration, API key label, tool used,
parameters and result summary
* **Dry-run mode** — Test what an operation would do without applying changes
* **Confirm flag** — Destructive operations require explicit `"confirm": true` —
prevents accidental AI mistakes
* **Modular** — WooCommerce, Elementor and Polylang tools only activate when those
plugins are present
#### Available Modules & Tools
* **WP Core** — server.status, wp.site.info, wp.posts.list/get/create/update/delete,
wp.terms.*, wp.meta.*, wp.options.*
* **Media** — media.list, media.get, media.upload, media.update, media.delete,
files.list/read/write
* **Users** — wp.users.list/get/create/update/delete, wp.roles.list
* **Backup** — backup.post, backup.term, backup.restore, backup.list, backup.delete,
backup.purge
* **WooCommerce** _(optional)_ — wc.products.list/get/create/update/delete, wc.
categories.*, wc.settings.get/update
* **Elementor** _(optional)_ — elementor.page.validate, elementor.page.get_data,
elementor.widget.*
* **Polylang** _(optional)_ — pll.languages.list, pll.post.translate, pll.term.
translate, pll.string.*
#### API Key Scopes
Each API key is granted specific scopes — you control exactly what each AI agent
can and cannot do:
```
read.wp, `write.wp.posts`, `manage.taxonomies`, `manage.meta`, `manage.wordpress.settings`, `manage.media`, `manage.users`, `manage.plugins`, `manage.woocommerce.products`, `manage.woocommerce.settings`, `manage.elementor`, `manage.polylang`
```
#### Endpoint
**REST API:**
POST /wp-json/aicom/v1/mcp
**Fallback** (no mod_rewrite required):
POST /?aicom=1
**Health check:**
GET /?aicom=1
#### Authentication
```
Authorization: Bearer aicom_XXXXXXXX_
```
or:
```
X-API-Key: aicom_XXXXXXXX_
```
#### MCP Request Example
```
{"jsonrpc":"2.0","method":"tools/call","params":{"name":"wp.posts.list","arguments":{"post_type":"post","posts_per_page":10}},"id":1}
```
## Schermafbeeldingen
* [[
* **Dashboard** — Real-time server status, MCP endpoint URL, lock state indicator,
today’s request count broken down by result, and list of active modules with
tool counts.
* [[
* **API Keys** — Generate new keys with a descriptive label, select granular scopes(
read, write, manage per module), set an optional IP allowlist, and view all existing
keys with their last-used date and status.
* [[
* **Audit Logs** — Full request history filterable by date range, API key, and
tool name. Each row shows timestamp, IP, key label, tool called, result status,
and response time in ms.
* [[
* **Safety Controls** — One-click Soft Lock and Hard Lock toggles with current
lock status indicator. Includes the full Lock Permission Matrix showing which
tool classes are allowed in each lock mode.
* [[
* **Modules** — Overview cards for all 7 modules (WordPress Core, Media, Users,
Backup, WooCommerce, Elementor, Polylang) with active/inactive status and tool
count, followed by the complete list of all 87 registered tools with their class,
required scopes, and flags.
## Installatie
1. Upload the `aicom` folder to `/wp-content/plugins/` or install directly from **
Plugins Add New** by searching for “AICOM”
2. Activate the plugin via **Plugins Installed Plugins**
3. Go to **AICOM API Keys** and click **Generate New Key**
4. Give the key a label (e.g. “OpenClaw agent”) and select the scopes you want to
grant
5. Copy the key immediately — it will not be shown again
6. Point your AI agent or MCP client to `https://yoursite.com/wp-json/aicom/v1/mcp`
7. Pass the key as `Authorization: Bearer ` in every request
**Apache note:** If the Authorization header is stripped by your server, add this
line to `.htaccess`:
```
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
```
**Safety tip:** Start with **Soft Lock** enabled to limit the agent to read-only
operations, then unlock once you’re confident in the integration.
## FAQ
### Does this plugin make my site publicly accessible to anyone?
No. Every request must include a valid API key. Keys are bcrypt-hashed in the database
and scoped — each key only has access to the specific operations you explicitly
grant it. Without a valid key, the endpoint returns 401 Unauthorized.
### Does it work without mod_rewrite or pretty permalinks?
Yes. The fallback endpoint `/?aicom=1` works on any server configuration, with or
without pretty permalinks or Apache mod_rewrite.
### Is it compatible with WooCommerce, Elementor, and Polylang?
Yes. Each plugin’s tools are loaded automatically only if the corresponding plugin
is active. If WooCommerce is not installed, no WooCommerce tools appear in the tool
list or audit log.
### Can I restrict an AI agent to read-only access?
Yes, in two ways: (1) assign only `read.wp` scopes to the API key, or (2) enable**
Soft Lock** or **Hard Lock** mode from the Safety page — this blocks write and destructive
operations site-wide regardless of key scopes.
### What is the difference between Soft Lock and Hard Lock?
**Soft Lock** permits `public`, `discovery` and `read` class tools only — agents
can browse and read content but cannot write, delete or change settings. **Hard
Lock** permits only `public` tools (like `server.status`) — the site is effectively
frozen from an AI perspective. Hard Lock overrides Soft Lock.
### Can I test operations before they actually run?
Yes. Send `"dry_run": true` in your request parameters. The operation will be validated
and simulated but no data will be changed. The audit log will record it as a dry
run.
### Does it log what AI agents do?
Yes. Every request is logged to the audit log with timestamp, remote IP, API key
label, tool name, parameters, result summary, and response duration. The log is
accessible from **AICOM Audit Logs** and can be filtered by date, key, or tool
name.
### What is MCP (Model Context Protocol)?
MCP is an open standard created by Anthropic for connecting AI models to external
tools and data sources. AICOM implements the MCP standard so any MCP-compatible
AI client — Claude, OpenClaw, and others — can communicate with your WordPress site
natively without custom integrations.
### Is this plugin free?
Yes, completely free and open source under the GPL-2.0-or-later license.
### Can I restrict which IP addresses can use an API key?
Yes. Each API key has an optional IP allowlist. If set, requests from any other
IP will be rejected even if the key is valid.
## Beoordelingen
Er zijn geen beoordelingen voor deze plugin.
## Bijdragers & ontwikkelaars
“AICOM – AI Commander” is open source software. De volgende personen hebben bijgedragen
aan deze plugin.
Bijdragers
* [ dudaster ](https://profiles.wordpress.org/dudaster/)
“AICOM – AI Commander” is vertaald in 1 locale. Dank voor [de vertalers](https://translate.wordpress.org/projects/wp-plugins/aicom/contributors)
voor hun bijdragen.
[Vertaal “AICOM – AI Commander” in je eigen taal.](https://translate.wordpress.org/projects/wp-plugins/aicom)
### Interesse in ontwikkeling?
[Bekijk de code](https://plugins.trac.wordpress.org/browser/aicom/), haal de [SVN repository](https://plugins.svn.wordpress.org/aicom/)
op, of abonneer je op het [ontwikkellog](https://plugins.trac.wordpress.org/log/aicom/)
via [RSS](https://plugins.trac.wordpress.org/log/aicom/?limit=100&mode=stop_on_copy&format=rss).
## Changelog
#### 3.1.0
* New: Working Hours Schedule — automatically apply Soft or Hard Lock outside configured
working hours and days.
* The manual lock always takes precedence; the schedule only adds additional restrictions.
#### 3.0.0
* New: Resource Boundaries UI — configure post type, taxonomy, meta key, WP option,
file path, and language restrictions per API key directly from the edit/create
form.
* New: Preset Rename — rename any custom preset in-place via a prompt dialog.
* New: Preset Duplicate — clone any custom preset; the copy appears instantly in
the preset grid.
#### 2.9.2
* Fix: Toolbar lock buttons (Unlock / Soft Lock / Hard Lock) now work on frontend
pages, not only in wp-admin.
#### 2.9.1
* Improvement: Session description now shown inside the expanded session card in
Audit Logs (hidden when collapsed).
* Improvement: tools/list response now includes an instructions field telling the
agent whether a session is active, and prompting it to call session.open with
both name and description before making changes.
* Improvement: session.open tool description updated to explicitly request a meaningful
name and description from the agent.
#### 2.9.0
* New: Backups page redesigned into 3 tabs — Dashboard (total count, storage used,
activity by period, auto-cleanup status), Cleanup Settings, and Backup Snapshots.
* New: Backup Snapshots table now shows Class badge (colour-coded by tool class)
and Session column with a direct link to the corresponding session in Audit Logs,
including scroll-to + highlight on arrival.
* New: Toolbar lock controls — Unlock / Soft Lock / Hard Lock buttons in the AICOM
Keys dropdown; toolbar badge turns red on Hard Lock and amber on Soft Lock.
* New: Stacked bar chart in Audit Logs Sessions tab — each bar segment is colour-
coded by tool class (read/write/destructive/admin_sensitive); legend shown below
graph.
* New: Clicking a graph bar navigates to that day’s sessions via server-side filtering(
log_date).
* New: Class column added to session log tables in Audit Logs.
* New: Session filter added to Audit Logs Filters tab.
* Improvement: Cleanup Settings form redesigned — each field on its own row with
description on the right; fields separated by dividers.
* Improvement: Tab navigation on Backups and Audit Logs pages now uses consistent
aicom-tab-bar / aicom-tab-btn styles matching API Keys page.
* Fix: Graph bars no longer show tool classes from orphaned logs (sessions that
were deleted); uses INNER JOIN to exclude them.
* Fix: DB v4.4 — added tool_class column to wp_aicom_logs with backfill migration.
#### 2.8.0
* New: Named sessions — agents must call session.open(name: “…”) before making
any changes; all write operations blocked until a session is opened; sessions
auto-close after 2h of inactivity.
* New: Session restore — Audit Logs Sessions tab shows all sessions with a 30-
day activity graph; click Restore to undo all backups from a session in reverse
chronological order.
* New: Backup cleanup — set a max age (days) and/or max size (MB) for automatic
backup pruning; runs daily via cron.
* Improvement: Audit Logs split into Logs / Sessions / Filters tabs for easier
navigation.
* Fix: session_id now correctly populated in backup rows.
#### 2.7.0
* New: API Key Lifecycle — optional expiry date (TTL) on any key; keys expire automatically
via hourly cron; expired/archived status badges in the key table.
* New: Archive/Unarchive — hide inactive keys from the main list without deleting
them; restore with one click (unarchived keys come back as suspended).
* New: Edit scopes — repurpose an existing key without revoking it; update scopes,
IP allowlist, dry-run flag, and expiry date from a dedicated edit view.
* New: Rotate secret inside the edit form — optionally generate a fresh API key
string as part of a scope-edit, with live diff preview of permission changes.
* New: Scope diff preview — while editing, the UI shows which scopes were added(
+) and removed (−) compared to the original key, in real time.
* New: Full i18n — all admin strings wrapped for translation; POT template generated
at languages/aicom.pot.
#### 2.6.0
* New: Save custom presets — name and save any scope selection as a reusable preset
that appears alongside the system presets. Custom presets are stored in the database
and can be deleted with one click.
#### 2.5.0
* New: Preset picker for key creation — 6 system presets (Read-only, Content Assistant,
Elementor Editor, WooCommerce Catalog, Site Maintenance, Full Admin) plus Custom
mode to auto-select common scope bundles with one click.
* New: Scope tree UI — scopes now grouped into 5 categories (WordPress Core, Media&
Files, Users & Roles, Site Configuration, Integrations) with LOW/MED/HIGH/CRITICAL
risk labels on every scope.
* New: Live search filter for scopes in the key creation form.
* New: Collapsible scope groups — click a group header to expand/collapse.
#### 2.4.0
* New: AICOM Keys menu in the WordPress admin bar — lists all active and suspended
API keys with one-click suspend/unsuspend via AJAX (no page reload). Shows a
green badge with the count of active keys. Last item links to the full API Keys
management page. Works in both wp-admin and frontend toolbar.
#### 2.3.0
* New: elementor.page.create_from_template — create a new page by cloning Elementor
data from a source page or template. Copies _elementor_data, _elementor_edit_mode,
and _wp_page_template in one call. Supports dry_run and returns preview URL +
admin edit URL.
* New: wp.posts.preview_url — get a preview URL for any post or page. Returns get_preview_post_link()
for drafts/private, get_permalink() for published. Also includes admin_edit_url.
#### 2.2.0
* New: Clautron module — 11 tools for blueprint and capability management (catalog.
list/install, primitives.list, blueprint.examples/list/validate/create/compile/
smoke_test, capability.meta.get/set). Requires Clautron plugin.
* New: Yoast SEO module — 9 tools for reading and writing Yoast SEO meta (yoast.
post.get/set, yoast.post.social.get/set, yoast.posts.bulk_get for audits, yoast.
term.get/set, yoast.site.get). Supports free and premium. Requires Yoast SEO
plugin.
#### 2.1.1
* Fix: wp.posts.create now accepts post_name (URL slug) and post_excerpt directly—
no more 2-step create+update workaround.
* Fix: wp.posts.update now applies post_name and post_author — previously these
were silently ignored despite returning updated:true.
* Fix: wp.posts.create defaults post_author to the user associated with the API
key — prevents author=0 on REST-context requests.
* Fix: wp.posts.get now includes a terms map in the response, grouped by taxonomy(
category, post_tag, custom taxonomies).
* New: wp.meta.set_many — set multiple post meta keys in one call. Accepts a meta
object of keyvalue pairs; allowlist enforced per key.
#### 2.1.0
* New: Ele Custom Skin (ECS) module — 26 tools for reading and writing ECS Color
Schemes, Font Schemes, Custom Looks, Custom CSS, Alt Logos, and Dynamic Repeater
Builder (DRB) presets and bindings. Works with both ele-custom-skin (free) and
ele-custom-skin-pro. Activate a color scheme site-wide in one call via ecs.color_schemes.
activate_global.
#### 2.0.11
* Fix: wp.posts.update and wp.posts.create now support post_date parameter — previously
the parameter was silently ignored and the tool returned success without changing
the date. Accepts YYYY-MM-DD HH:MM:SS or ISO 8601; invalid format returns a clear
error.
* Fix: wp.posts.update now also exposes post_excerpt in its input schema (was handled
in code but not documented).
#### 2.0.10
* Fix: replaced match() expression with if/elseif for PHP 7.4 compatibility — caused
parse error on API Keys page for sites running PHP < 8.0
#### 2.0.9
* New: Suspend/Unsuspend for API keys — temporarily block a key without revoking
it. Suspended keys return 401 automatically (auth query filters status = active).
Active keys show Suspend button; suspended keys show Unsuspend + Revoke.
#### 2.0.8
* New: wp.plugins.list — list all installed plugins with version, update availability,
and status. Optional force_refresh=true for a live check against wordpress.org.
* New: wp.plugins.update_all — update all plugins with available updates in one
call (dry_run and include[] filter supported). Uses WordPress’s native Plugin_Upgrader
+ Automatic_Upgrader_Skin, identical to background auto-updates.
* New scope: manage.plugins — dedicated scope for plugin management tools, separate
from manage.wordpress.settings.
#### 2.0.7
* New: elementor.template.set_conditions — dedicated tool that writes _elementor_conditions
meta AND rebuilds the global elementor_pro_theme_builder_conditions option, then
flushes the conditions cache. Uses Elementor Pro Conditions_Manager API when
available, falls back to a manual option rebuild. Fixes Theme Builder templates
not attaching to pages when conditions were set via wp.meta.set + wp.options.
set.
#### 2.0.6
* Fix: wp.meta.set now applies wp_slash() on string values before passing to update_post_meta()—
prevents backslash stripping that broke Elementor JSON stored in post meta
#### 2.0.5
* Fix: pll.string.set no longer calls PLL()->model->get_language() which is null
in REST API context — replaced with direct pll_languages_list() lookup
#### 2.0.4
* Fix: pll.strings.list, pll.string.get, pll.string.set no longer depend on pll_get_strings()(
Polylang Pro only) — now works on Polylang free via direct PLL_MO access
* WordPress core strings (blogname, blogdescription, date_format, time_format)
can be set per-language using wp_option parameter without Polylang Pro
#### 2.0.3
* New: pll.strings.list — list all registered Polylang strings with current translations
per language
* New: pll.string.get — get a specific string and all its translations
* New: pll.string.set — set the translation of a registered string for a specific
language (supports dry-run)
#### 2.0.2
* Fix: wp.menus.delete and wp.menus.items.remove now document confirm=true in their
input schema — agents can now discover this requirement via tools/list
* Fix: wp.menus.items.add no longer requires url for custom type items — WordPress
supports label-only menu items with an empty URL
#### 2.0.1
* Fix: pll.post.link_translation and pll.term.link_translation now preserve existing
translation group members when adding a new language — previously a third language(
e.g. UK) was dropped when linking two posts
* Changed: link_translation tools now accept a translations map {“lang”: id} instead
of pairs, supporting any number of languages in a single call
#### 2.0.0
* Complete rewrite with modular, autoloaded architecture
* 87 tools across 7 modules: WP Core, Media, Users, Backup, WooCommerce, Elementor,
Polylang
* Full MCP JSON-RPC 2.0 support — `tools/call` and `tools/list` methods
* Shorthand request format also supported for simpler integrations
* Scope-based access control per API key — 12 granular scopes
* Hard lock / soft lock / unlocked safety modes switchable from admin
* Full audit logging: timestamp, IP, key label, tool, params, result, duration
* Dry-run mode — validate and simulate without applying changes
* Confirm flag required for all destructive operations
* IP allowlist per API key
* Backup and restore for posts and terms stored in database
* WooCommerce, Elementor, Polylang modules auto-activate when plugins present
* Fallback endpoint `/?aicom=1` for servers without mod_rewrite
* bcrypt-hashed API keys with prefix-based fast lookup
* Admin UI: Dashboard, API Keys, Audit Logs, Safety, Modules, Backups pages
## Meta
* Versie **3.1.0**
* Laatst geüpdatet **16 uur geleden**
* Actieve installaties **Minder dan 10**
* WordPress versie ** 6.0 of nieuwer **
* Getest t/m **6.9.4**
* PHP versie ** 7.4 of nieuwer **
* Talen
* [Dutch](https://nl.wordpress.org/plugins/aicom/) en [English (US)](https://wordpress.org/plugins/aicom/).
* [Vertaal in je eigen taal](https://translate.wordpress.org/projects/wp-plugins/aicom)
* Tags
* [AI](https://nl.wordpress.org/plugins/tags/ai/)[AI agent](https://nl.wordpress.org/plugins/tags/ai-agent/)
[automation](https://nl.wordpress.org/plugins/tags/automation/)[mcp](https://nl.wordpress.org/plugins/tags/mcp/)
[rest-api](https://nl.wordpress.org/plugins/tags/rest-api/)
* [Geavanceerde weergave](https://nl.wordpress.org/plugins/aicom/advanced/)
## Waarderingen
Er zijn nog geen beoordelingen ingediend.
[Your review](https://wordpress.org/support/plugin/aicom/reviews/#new-post)
[Bekijk alle beoordelingen](https://wordpress.org/support/plugin/aicom/reviews/)
## Bijdragers
* [ dudaster ](https://profiles.wordpress.org/dudaster/)
## Ondersteuning
Iets te melden? Hulp nodig?
[Het supportforum bekijken](https://wordpress.org/support/plugin/aicom/)