Fixed: Connection wizard could fail with “Network error” on the final Create step on WordPress 6.8 and newer, even when Verify reported authenticated successfully. The wizard now matches the pasted Application Password using the same WordPress core helper as the authentication subsystem (which supports the new fast-hash format introduced in WordPress 6.8), so connections are created correctly.
Improved: The wizard surfaces the actual server-side error message on HTTP failures instead of always showing the generic “Network error” string, making future failures easier to diagnose.
1.0.0
First public WordPress.org release.
Highlights:
WordPress 7.0 QA verified. Tested on a real WordPress 7.0 testbed, including the Abilities API bridge, admin UI, media/upload flows, auth methods, and deactivate/reactivate behaviour.
Health and ping endpoints. /wp-json/axtolab-ai-connector/v1/ping and /health-check report connection status and the installed plugin version.
Roll Back / Undo on every write. Every AI-driven create, update, publish, trash, or restore action captures a before/after snapshot. Revert any change with one click from the Logs & Roll Back admin page.
MCP tools across content authoring, media management, taxonomy, authors, Yoast SEO, stock photos, image generation, upload portal, connection introspection, and Roll Back.
Two authentication methods. Application Passwords (HTTP Basic) for Desktop AI clients, and OAuth 2.1 with PKCE S256 + dynamic client registration (RFC 7591) for Web AI clients on the MCP-over-HTTP transport.
Capability-group-driven tool filtering on the MCP transport — operators choose what AI agents on each connection are allowed to do (read, create_edit, publish, trash_restore, media_manage, taxonomy, authors, seo, image, upload_portal).
Provider-neutral SEO tools that auto-detect Yoast or Rank Math, with the legacy Yoast-specific tools retained for backwards compatibility.
Confirmation-token flow required for destructive operations (publish, trash, restore) — a single-use token must be issued before the action proceeds.
Per-connection privilege model — every MCP connection authenticates as a WordPress user (chosen by the administrator during setup, via the Application Password wizard); the plugin never creates WordPress users or roles. Connection capability set and the user’s WordPress role layer to determine what each tool call can do.
Submission readiness pass — feature settings stand alone (no inline upsells), all third-party services disclosed in the External Services section, the .mcpb Claude Desktop installer is hosted as a GitHub Release asset and linked from the setup page.
