WordPress 7.0 Ships AI Features, Hackers Target API Keys

WordPress 7.0 launched on May 20, 2026, but it did not deliver what everyone expected. Regarding WordPress 7.0, The real-time collaborative editing feature that had been promised for months got pulled just twelve days before release. Instead, WordPress shipped something that might be more significant in the long run: built-in AI infrastructure that works across the platform.

However, that decision came with an immediate security concern. Within two days of launch, researchers were warning that the new AI features created a fresh target for hackers. At stake are API credentials worth thousands of dollars, now stored in WordPress admin dashboards across 43% of all websites worldwide.

What Actually Shipped in WordPress 7.0

The WordPress team made a calculated trade. Real-time collaboration fell out due to race conditions, server load issues, and persistent bugs during testing. Rather than delay the entire release, they moved forward with three core AI components that fundamentally change how WordPress can work with artificial intelligence.

First, there is the WP AI Client. This is a provider-agnostic PHP API that gives plugin developers one standard way to talk to large language models. Before this, if you wanted your plugin to use OpenAI, you built a custom integration.

Want to support Anthropic’s Claude too? You needed another separate integration. The WP AI Client eliminates that duplication entirely.

Second, the Connectors API handles credentials. A new Settings screen in wp-admin lets site administrators enter an API key once for providers like Anthropic, Google, or OpenAI. Every plugin that uses the WP AI Client automatically inherits that connection. WordPress Core stays vendor-neutral by offering separate connector plugins rather than bundling provider code directly.

Third, the Abilities API got its JavaScript counterpart. WordPress 6.9 introduced the server-side version. Now with 7.0, plugins and themes can expose their capabilities in a structured, machine-readable format that both other plugins and external systems can discover and use.

The WordPress MCP Adapter Changes Everything

Sitting alongside the core features is something potentially more important: the WordPress MCP Adapter. This separate package bridges WordPress to the Model Context Protocol, a standard that Anthropic introduced in late 2024 and that major AI providers have since adopted.

The adapter does not ship in WordPress 7.0 by default. Most sites running the new version will not be MCP-callable out of the box. However, the strategic direction is unmistakable. Once a plugin registers a capability through the Abilities API, that capability becomes discoverable and callable by compatible AI clients including Claude Desktop, Cursor, and VS Code.

Think about what that means. The CMS powering 43% of all websites could become structured and agent-addressable. That is the real story behind WordPress 7.0, even if the universal “agent-callable WordPress” framing overstates what actually ships in the core package alone.

Security Researchers Sound the Alarm

Oliver Sild, founder of WordPress security company Patchstack, did not wait long to warn the community. He pointed out that WordPress 7.0’s AI infrastructure combined with the platform’s existing plugin vulnerability rate creates a dangerous new opportunity for attackers.

AI API keys are not like regular passwords. They represent prepaid or billable access to expensive language models. A single stolen key could be worth tens of thousands of dollars. Attackers can use those keys to run bot networks, launch phishing campaigns, or deploy malware, all charged to the victim’s account.

“WordPress 7.0 combined with plugin vulnerabilities = free AI tokens,” Sild wrote on X. “There will be an absolute rush by hackers to steal API keys.”

The Risk Is Already Real

This is not a theoretical concern. In November 2025, a vulnerability (CVE-2025-11749) in the AI Engine WordPress plugin exposed bearer tokens through the REST API. The plugin had over 100,000 active installations. Unauthenticated attackers could gain administrative access. The flaw got fixed in version 3.1.4, but it demonstrated exactly the attack pattern Sild described.

Days after the WordPress 7.0 launch, core ticket Trac #65303 reported another problem. The new AI integration setup form allows browsers to autofill Anthropic API keys in plain text. Anyone with access to an active browser session, a shared computer, or even a screen share could see a key directly. As of publication, no fix had shipped.

Developer discussions in the Dynamic WordPress Facebook group revealed a deeper architectural challenge. Brian Coords, a developer advocate at WooCommerce, acknowledged that WordPress’s trust model struggles against this threat. Once an attacker gains database access or can execute arbitrary PHP, secrets stored anywhere in WordPress become accessible.

The Security Landscape Gets More Complex

Patchstack’s 2026 State of WordPress Security report provides sobering context. The median time to mass exploitation of high-impact WordPress vulnerabilities is just five hours. Additionally, 46% of plugin vulnerabilities have no developer patch available when they become public knowledge.

Steve Jones of Equalize Digital suggested WordPress may need a more granular permissions model. The platform should specify which plugins and themes can access sensitive credentials or services. Matt Mullenweg, WordPress co-founder and Automattic CEO, countered that properly maintained WordPress sites remain secure.

Nevertheless, site administrators now face new security obligations. If you configure API keys in the new Connectors screen, you should set hard monthly billing caps with each provider immediately. The Abilities API classifies registered functions as read-only or read/write. Auditing which installed plugins expose which abilities becomes a new piece of WordPress security hygiene.

What WordPress 7.0 Really Delivers

The honest assessment is that this release provides a foundation, not a finished product. The WP AI Client is a developer API. Nothing in core sends data to an AI provider without explicit plugin code requesting it. No AI calls happen by default.

The JavaScript counterpart of the Abilities API is still being evaluated in parts. The Connectors page is expected to expand in version 7.1. Advanced connector filtering is already earmarked for the next release. End-user features like AI-drafted posts, one-click site summarization, or AI-assisted editing in wp-admin will arrive through plugins built on this infrastructure, not as core WordPress features.

However, the practical security obligations are immediate. Any user-generated content becomes a potential prompt-injection surface for any agent that scans it. Comment sections, contact forms, and community forums all represent new attack vectors in the age of AI agents.

A Parallel to the REST API Era

WordPress merged the REST API into core in December 2015. That change made site content retrievable over HTTP by any system that knew where to look. The WP AI Client, Connectors API, and Abilities API represent the structural parallel for the agent era.

Just as the REST API did not instantly integrate every WordPress site with every external service, the WordPress 7.0 AI layer does not make every site an AI agent endpoint by default. What it accomplishes is establishing standard infrastructure on which that capability can be built, one plugin at a time, across the web’s most widely used CMS.

That infrastructure arrived without its intended flagship feature. Real-time collaboration was supposed to be the headline. Instead, WordPress shipped the plumbing that will power AI integration for years to come. Whether this ages better than collaborative editing would have is a question the next few plugin development cycles will begin to answer.

What You Should Do Right Now

If you run a WordPress site and plan to use the new AI features, take these steps immediately. First, set strict billing limits on every API provider account you connect. Second, audit which plugins have access to your AI capabilities. Third, monitor your API usage regularly for unexpected spikes that could indicate compromise.

If you manage WordPress sites for clients, add AI credential security to your maintenance checklist. Review which plugins register abilities and what level of access they request. Consider whether your hosting environment provides adequate isolation for sites storing valuable API credentials.

The WordPress 7.0 AI infrastructure represents both opportunity and risk. The opportunity is real: giving the world’s most popular CMS a standard way to work with AI opens possibilities we are only beginning to understand. The risk is equally real: 43% of the web just became a more attractive target for a new category of credential theft. Your job is to capture the opportunity while managing the risk effectively.

Original Source: www.techtimes.com