WordPress Expert: User Guide
What This Skill Is
This skill equips your OpenClaw agent with the necessary instructions and checklists to manage your existing WordPress website. It empowers the AI to perform tasks related to content, settings, media, plugins, themes, and extensions like WooCommerce or Elementor.
The AI typically communicates with your site via secure web interfaces (HTTPS/REST). If configured accordingly, it can also work directly via the terminal (WP-CLI) or at the file level.
Urgent Recommendation: The Companion Plugin
For the AI to work precisely and safely, you should install the companion plugin wordpress-site-tools on the computer/server where your OpenClaw gateway runs: github.com/realM1lF/openclaw-wordpress-tool.
- - Why? This plugin provides typed tools (e.g.
wordpress_rest_request, wordpress_wp_cli, wordpress_connection_check, optional media and plugin file access). - Benefit: Clearer, easier to audit, and easier to allowlist than ad-hoc
exec/curl. Without it, the skill still documents fallbacks—more manual and error-prone.
Installation Steps (Typical Flow)
On your OpenClaw gateway machine:
- 1. Install the skill (e.g. ClawHub or
skills/wordpress-expert in the workspace). - Clone the
wordpress-site-tools repo, run npm install, then openclaw plugins install / enable (see plugin README). - Grant tools: Add WordPress tools to
tools.allow in openclaw.json. - Environment variables: Set the three required variables below (host env or
skills.entries["wordpress-expert"].env). Optional: WORDPRESS_PATH if you use WP-CLI or wordpress_plugin_files—see {baseDir}/references/CONNECTING.md. openclaw gateway restart after plugin, allowlist, or env changes.
Full detail: {baseDir}/README.md, {baseDir}/references/CONNECTING.md, {baseDir}/references/PRE_INSTALL_AND_TRUST.md.
What You Can Expect from the AI
- - Everyday tasks: e.g. “Create a draft post” or “Upload an image” via REST—with
wordpress-site-tools, prefer wordpress_rest_request and related tools. - Advanced tasks: WP-CLI or plugin file edits need
WORDPRESS_PATH, narrow allowlists, and explicit configuration—see {baseDir}/references/CONNECTING.md and {baseDir}/references/WPCLI_PRESETS.md. - Security: The AI is not an omnipotent admin by default; use staging, least-privilege users, and approval for destructive work. The AI should use fresh tool/API data, not guesses.
Required Setup (Environment Variables)
These three are required (see metadata.openclaw.requires):
- 1.
WORDPRESS_SITE_URL — Base URL of the site (HTTPS, no trailing slash), e.g. https://yoursite.com. WORDPRESS_USER — WordPress username for the application password.WORDPRESS_APPLICATION_PASSWORD — From Users → Profile → Application Passwords in WordPress (not the login password). Store in env/config, never in chat or Git.
Optional: WORDPRESS_PATH — Directory on the gateway where wp runs, if you use WP-CLI or plugin file tools. Details: {baseDir}/references/AUTH.md, {baseDir}/references/CONNECTING.md.
Important Rules for People and the AI
- - No secrets in chat or Git — see
{baseDir}/references/AUTH.md. - Deeper topics load from
{baseDir}/references/ as needed (progressive disclosure).
When the agent should use this skill
Use for WordPress-related work: content, media, plugins, themes, WooCommerce, Elementor, REST, code under wp-content. Do not use for unrelated tasks.
Load {baseDir}/references/ files when the task matches (examples: CONNECTING.md, PLUGIN_DEV_PLAYBOOK.md, DOMAIN.md, WOOCOMMERCE.md, ELEMENTOR.md, BLOCK_EDITOR.md, THEME_AND_TEMPLATES.md, PERFORMANCE_AND_SECURITY.md, SAFETY.md, WORKFLOWS.md). Full index: {baseDir}/references/OVERVIEW.md.
Rules for the assistant (summary)
- 1. Use fresh data from tools/API before writes; do not invent site state.
- Never echo secrets; store credentials in host env or
openclaw.json skill env—not chat. - Prefer
wordpress_rest_request / wordpress_wp_cli / wordpress_connection_check (and related plugin tools) when in tools.allow; see {baseDir}/references/NATIVE_VS_PLUGIN.md and {baseDir}/references/TOOLING.md. - For new site-specific plugin files, prefer the real
wp-content/plugins/… tree or wordpress_plugin_files—not the generic OpenClaw workspace by default; see {baseDir}/references/PLUGIN_DEV_PLAYBOOK.md (“Where OpenClaw should write”). - After plugin or
tools.allow changes, openclaw gateway restart is usually required—see {baseDir}/references/CONNECTING.md. - Do not patch third-party plugins in place—addon approach in
{baseDir}/references/PLUGIN_DEV_PLAYBOOK.md and {baseDir}/references/USER_EXPECTATIONS.md.
Where work runs: On the OpenClaw gateway (REST, shell, browser, workspace). Optional MU helper on the WordPress server is documented under {baseDir}/bundled/mu-plugin/README.md and {baseDir}/references/MU_HELPER.md.
WordPress 专家:用户指南
本技能简介
本技能为您的 OpenClaw 代理提供必要的指令和检查清单,用于管理您现有的 WordPress 网站。它使 AI 能够执行与内容、设置、媒体、插件、主题以及 WooCommerce 或 Elementor 等扩展相关的任务。
AI 通常通过安全的 Web 接口(HTTPS/REST)与您的网站通信。如果进行了相应配置,它也可以直接通过终端(WP-CLI)或在文件级别工作。
强烈推荐:配套插件
为了让 AI 精确且安全地工作,您应在运行 OpenClaw 网关的计算机/服务器上安装配套插件 wordpress-site-tools:github.com/realM1lF/openclaw-wordpress-tool。
- - 原因? 该插件提供类型化工具(例如 wordpressrestrequest、wordpresswpcli、wordpressconnectioncheck,以及可选的媒体和插件文件访问)。
- 优势: 比临时使用 exec/curl 更清晰、更易于审计、更便于加入白名单。如果没有该插件,本技能仍会记录备用方案——但更手动且更容易出错。
安装步骤(典型流程)
在您的 OpenClaw 网关机器上:
- 1. 安装本技能(例如通过 ClawHub 或工作区中的 skills/wordpress-expert)。
- 克隆 wordpress-site-tools 仓库,运行 npm install,然后运行 openclaw plugins install / enable(参见插件 README)。
- 授予工具权限: 在 openclaw.json 的 tools.allow 中添加 WordPress 工具。
- 环境变量: 设置以下三个必需变量(主机环境或 skills.entries[wordpress-expert].env)。可选:如果使用 WP-CLI 或 wordpresspluginfiles,请设置 WORDPRESS_PATH——参见 {baseDir}/references/CONNECTING.md。
- 在更改插件、白名单或环境变量后,执行 openclaw gateway restart。
完整详情:{baseDir}/README.md、{baseDir}/references/CONNECTING.md、{baseDir}/references/PREINSTALLAND_TRUST.md。
您可以期待 AI 做什么
- - 日常任务: 例如通过 REST 执行“创建草稿文章”或“上传图片”——使用 wordpress-site-tools,优先选择 wordpressrestrequest 及相关工具。
- 高级任务: WP-CLI 或插件文件编辑需要 WORDPRESSPATH、严格的白名单和显式配置——参见 {baseDir}/references/CONNECTING.md 和 {baseDir}/references/WPCLIPRESETS.md。
- 安全性: AI 默认不是全能管理员;请使用暂存环境、最小权限用户,并对破坏性操作进行审批。AI 应使用最新的工具/API 数据,而非猜测。
必需设置(环境变量)
以下三个是 必需的(参见 metadata.openclaw.requires):
- 1. WORDPRESSSITEURL — 网站的基础 URL(HTTPS,无尾部斜杠),例如 https://yoursite.com。
- WORDPRESSUSER — 用于应用程序密码的 WordPress 用户名。
- WORDPRESSAPPLICATION_PASSWORD — 来自 WordPress 的 用户 → 个人资料 → 应用程序密码(非登录密码)。存储在环境变量/配置中,切勿出现在聊天或 Git 中。
可选:WORDPRESS_PATH — 网关机器上运行 wp 的目录,如果您使用 WP-CLI 或插件文件工具。详情:{baseDir}/references/AUTH.md、{baseDir}/references/CONNECTING.md。
对用户和 AI 的重要规则
- - 聊天或 Git 中不得包含机密信息 — 参见 {baseDir}/references/AUTH.md。
- 更深层次的主题 根据需要从 {baseDir}/references/ 加载(渐进式披露)。
代理何时应使用本技能
用于 WordPress 相关 工作:内容、媒体、插件、主题、WooCommerce、Elementor、REST、wp-content 下的代码。不要 用于不相关的任务。
当任务匹配时,加载 {baseDir}/references/ 文件(示例:CONNECTING.md、PLUGINDEVPLAYBOOK.md、DOMAIN.md、WOOCOMMERCE.md、ELEMENTOR.md、BLOCKEDITOR.md、THEMEANDTEMPLATES.md、PERFORMANCEAND_SECURITY.md、SAFETY.md、WORKFLOWS.md)。完整索引:{baseDir}/references/OVERVIEW.md。
对助手的规则(摘要)
- 1. 在写入前使用来自工具/API 的 最新数据;不要虚构网站状态。
- 切勿 泄露机密信息;将凭据存储在主机环境或 openclaw.json 的技能环境中——而非聊天中。
- 当在 tools.allow 中时,优先使用 wordpressrestrequest / wordpresswpcli / wordpressconnectioncheck(及相关插件工具);参见 {baseDir}/references/NATIVEVSPLUGIN.md 和 {baseDir}/references/TOOLING.md。
- 对于 新的特定于网站的插件文件,优先使用 实际 的 wp-content/plugins/… 目录树或 wordpresspluginfiles——默认情况下不要使用通用的 OpenClaw 工作区;参见 {baseDir}/references/PLUGINDEVPLAYBOOK.md(“OpenClaw 应写入的位置”)。
- 在更改插件或 tools.allow 后,通常需要执行 openclaw gateway restart——参见 {baseDir}/references/CONNECTING.md。
- 不要原地修补第三方插件——采用 {baseDir}/references/PLUGINDEVPLAYBOOK.md 和 {baseDir}/references/USER_EXPECTATIONS.md 中的附加组件方法。
工作运行位置: 在 OpenClaw 网关 上(REST、Shell、浏览器、工作区)。WordPress 服务器上的可选 MU 助手在 {baseDir}/bundled/mu-plugin/README.md 和 {baseDir}/references/MU_HELPER.md 中有文档说明。
