Manage WordPress posts and pages from ChatGPT (including mobile app) using your account (and subscription).
VideoWhisper Site Manager helps you manage WordPress posts and pages through ChatGPT (Custom GPT + Actions) using your account (and subscription), without embedding an AI service inside WordPress.
It provides:
- A secure REST layer for content operations
- A generated OpenAPI schema URL for GPT Actions import
- A guided onboarding flow with copy/paste values for ChatGPT Builder
- One-click creation of a WordPress Application Password (shown once, not stored)
- Safety controls such as HTTPS enforcement, draft-first behavior, and publish gating
The plugin does not call OpenAI (or any AI provider) directly. Your WordPress site exposes authenticated endpoints and setup guidance. You connect it to ChatGPT yourself with own account and subscription (optional).
Ideal for
- Site owners who want to draft/edit WordPress content by chat
- Teams using a dedicated WordPress user (recommended: Editor) for AI-assisted publishing workflows
- Mobile workflows after desktop setup (configure once, then use the GPT on phone/tablet)
Direct Mode (current version)
- Install and activate VideoWhisper Site Manager.
- Open VideoWhisper Site Manager > Onboarding.
- Create (or link) a dedicated WordPress user (recommended role: Editor).
- Create an Application Password from the onboarding page (one click).
- In ChatGPT Builder (desktop), create a Custom GPT and import the plugin OpenAPI schema URL.
- Use the provided copy/paste values for Configure and Actions.
- Test on desktop, then use the same GPT on mobile.
Features
- ChatGPT / GPT Actions integration via generated OpenAPI schema URL (
/wp-json/videowhisper-site-manager/v1/openapi)
- GPT Actions onboarding aligned with current auth UI (
Authentication Type: API Key, Auth Type: Basic)
- One-click Application Password creation for the dedicated operator user (plaintext shown once, not stored)
- Guided onboarding with copyable values for:
- GPT Name, Description, Instructions, Conversation Starters
- Action authentication values
- Schema URL and Privacy Policy URL
curl examples and credential samples
- REST endpoints for listing, reading, creating, and updating WordPress posts/pages
dry_run support for safer create/update previews before writing- Draft-first workflow and optional publish permission (
Allow publish)
- HTTPS enforcement for plugin endpoints by default (with dev-only HTTP override setting)
- Categories and tags support
- Generic SEO metadata fields (plugin-owned keys)
- Audit logging endpoint for administrators
- Settings endpoint for administrators
- Admin notices and onboarding reminders for incomplete setup
- Recommended GPT capabilities guidance (Web Search / Code Interpreter, etc.)
ChatGPT Setup (Quick Notes)
- Use a Custom GPT on desktop for initial setup.
- In Actions, import the schema from the plugin’s OpenAPI URL (do not paste the whole schema manually).
- For authentication, the onboarding guide provides the values for current GPT Actions UI:
Authentication Type = API KeyAuth Type = Basic
- For GPT sharing/visibility, choose Only Me (recommended). Do not use Link unless you fully understand the risk.
Privacy
This plugin stores the following data on your WordPress site:
- Plugin settings in WordPress options (for example: publish/rate limit/HTTPS behavior settings)
- Audit log entries in a custom database table (
*_vwsm_audit_logs)
- Optional dedicated operator user ID reference in WordPress options (when using onboarding helper)
- Short-lived transient for one-time Application Password display after creation (plaintext is not stored long-term)
Audit logs may include:
- Authenticated WordPress user ID
- Request route and method
- Sanitized request/response summaries
- Timestamp and IP address
This plugin does not send data to third-party AI services by itself.
This plugin does not include telemetry/analytics tracking by default.
Site owners are responsible for:
- Securing the site with HTTPS
- Managing WordPress users and Application Passwords
- Configuring GPT sharing safely (recommended: Only Me)
- Reviewing the privacy implications of any external AI service connected to the site’s API
Screenshots
Claude updating WP site pages.
ChatGPT listing sites available to operate.
Onboarding screen with authentication method, Claude / GPT.
Frontend user connection instructions to chatbots.
Shared GPT for muti site support.
Does this plugin store an OpenAI or Anthropic API key?
No. This plugin does not store or use any AI provider API keys.
How does authentication work?
The plugin supports Turnkey OAuth and WordPress Application Passwords. Turnkey OAuth uses a compatible Relay & OAuth Server for shared GPT/MCP workflows. Application Passwords use WordPress core HTTP Basic Authentication over HTTPS. Developers can add more authentication flows with the documented hooks.
Can the API publish posts immediately?
Not by default. Publishing is blocked unless an administrator enables Allow publish in the plugin settings. The onboarding instructions and GPT/Claude guidance also reflect whether publishing is enabled.
Why does ChatGPT or Claude get a 403 on settings or logs?
The /settings and /logs endpoints are admin-only by default. This is intentional. A dedicated Editor account can still create/edit content, but cannot access operational endpoints.
Does the plugin require HTTPS?
Yes, by default plugin REST endpoints (including the OpenAPI and MCP endpoints) require HTTPS. A development-only setting can allow HTTP if needed on a local/dev environment.
How quickly are revoked external OAuth bearer tokens rejected?
External bearer-token validation uses a short cache to reduce remote validation traffic. The cache TTL is configurable in settings (External token cache (seconds)), so revoked tokens are typically rejected after that cache window expires.
Can I set up everything from the plugin without visiting Users > Profile?
Yes. You can create the dedicated user and create the Application Password directly from the onboarding page. A profile link is still provided for later review/revocation.
What content types are supported?
Posts and pages by default (both enabled). Admins can enable or disable each in the Content settings tab. Developers can extend supported content types and tool behavior with hooks such as vwsm_allowed_content_types, vwsm_mcp_extra_tools, vwsm_mcp_dispatch_tool, vwsm_openapi_components, and vwsm_openapi_document.
Does it include an AI chat interface inside WordPress?
No. You need to use ChatGPT or Claude apps. This plugin only provides REST endpoints, an MCP endpoint, and onboarding for the external AI applications.
Does the Claude connector work on mobile?
Yes. Once you set up and authorize the connector in Claude.ai on desktop, it is automatically available in the Claude iOS and Android mobile apps — no additional setup is needed.
ChangeLog
1.0.4
- Maintenance release for the current Turnkey OAuth and shared GPT onboarding flow
- Refined release metadata and packaging for the latest Site Manager distribution build
1.0.2
- Turnkey OAuth now reads shared ChatGPT and shared Claude MCP details from the connected Site Manager Server instead of relying on client-side local settings
- Turnkey onboarding links and activation guidance now surface server-provided shared GPT state more consistently
1.0.1
- Added VideoWhisper top admin-bar integration with Site Manager shortcuts
- Updated shared VideoWhisper contact/admin-bar links to use consult.videowhisper.com
0.4.0
- Added: MCP GET endpoint with SSE support per MCP Streamable HTTP transport spec (2025-03-26) — required for Claude.ai, Claude Desktop, and Claude CLI to connect
- Added: Claude Desktop and Claude CLI setup instructions in the onboarding panel (Claude.ai / Desktop / CLI tabs)
- Added: Note that Claude.ai connector also works in Claude mobile apps (iOS and Android)
- Fixed: Onboarding notice now correctly detects the onboarding page using
get_current_screen() instead of filter_input() which could return null on some server configurations
0.3.1
- Fixed: Moved inline JavaScript on the onboarding page to an enqueued external file using wp_enqueue_script() and wp_localize_script()
- Fixed: REST permission callback for /content endpoint now checks the post-type-specific capability (e.g. edit_pages for pages) instead of always checking edit_posts
0.2.0
- Added admin Logs page in wp-admin
- Added configurable audit log retention with daily cleanup
- Simplified onboarding with ChatGPT/Claude tabs
- Updated ChatGPT action setup guidance and sharing safety notes
- Moved advanced options to extension hooks and add-on integration points
- Added/expanded extension hooks documentation for third-party add-ons
- Policy/readiness cleanup for WordPress.org checks
0.1.0
- Initial release
- Direct Mode REST endpoints for content, settings, logs, and OpenAPI
- ChatGPT / GPT Actions onboarding with generated OpenAPI schema URL
- One-click dedicated user + Application Password onboarding helpers
- GPT Builder step-by-step setup instructions with copy/paste values
- HTTPS enforcement for plugin endpoints (with development override)
- Draft-first workflow with optional publish gate
- Audit logging and admin settings controls
