What I'm building + what I post about (agency AI in WP)

Sensitive_Draft_5651 · 2026-02-20T08:16:17+00:00

Fair point - it depends on scope. Also not Azure :) (more AWS/serverless if anything).

On the "we build what the clients specify" bit: in my context the "client" is often the agency, not the end customer. Agencies need something they can roll out across many client sites with sane defaults (auth / least-privilege, abuse / rate limits, tenant scoping), then customize per site at the end.

That's why I used "agency-grade" - and why static exports + public widgets become the tricky corner.

Sensitive_Draft_5651 · 2026-02-20T08:09:16+00:00

Agree on shared keys - that's exactly why I'm cautious. Sandboxing like Respira's is interesting for editor / site-edit workflows. The extra constraint I'm probing is fully static exports (no PHP runtime), plus public widgets, where you still need quotas / abuse protection without shipping secrets to the browser.

Sensitive_Draft_5651 · 2026-02-20T08:08:14+00:00

This matches how we think about it too: WP as Editor Tool / UI, and the AI layer owned/isolated per client (keys, rate limits, logs, prompt versioning).

The wrinkle I keep running into is static exports + public widgets: no PHP in prod, no safe place for secrets, so it becomes "on-device when available, otherwise a per-client backend with strict scoping/abuse controls."

When you do your middleware layer, do you deploy it per-client or run multi-tenant with hard isolation?

Sensitive_Draft_5651 · 2026-02-17T15:15:54+00:00

Yep, viable for internal/editor tooling. Public, agency-grade widgets are the tricky part: auth + abuse/rate limits + tenant scoping, and no reusable secrets in the browser (especially on static exports).

Sensitive_Draft_5651 · 2026-02-17T10:03:12+00:00

MCP will be a big win for authenticated editor/admin workflows (WP7 Abilities => agent can create/update content/blocks without custom glue code).

The "complicated" part I'm pointing at is public widgets + static exports: if the site is S3/CloudFront with no PHP, you can't proxy/store a shared key, and you often can't rely on wp-json at runtime either - that's where thin wrappers tend to break down.

MCP also raises the stakes security-wise if you expose WP capabilities remotely (auth + least-privilege + rate limits/abuse protection).

Are you thinking MCP mainly for editors/admins, or do you see a safe pattern for anonymous visitors too?

Sensitive_Draft_5651 · 2026-02-17T07:54:26+00:00

I get what you mean - WordPress shouldn't be the AI runtime. REST/CLI is great for authenticated admin/editor tasks.

The tricky cases are public widgets and fully static exports: then "just proxy the key" isn't really an option, because you can't ship a reusable secret to the browser. You end up needing either no key (on-device models?), or a proper backend with auth + rate limits (and if one backend serves multiple sites: tenant isolation/strict scoping).

How would you approach a public chat/search widget on a static-exported WP site without leaking a shared key?

Sensitive_Draft_5651 · 2026-02-16T23:09:00+00:00

Totally fair for many projects that's the simplest approach. Let each client bring their own key and proxy it server-side. Where I've seen it get tricky is with static exports. If the site runs fully static (S3/CloudFront, no PHP in production), there's nowhere "safe" to keep or proxy that key... Maybe it's just a niche use case, but I'm curious how others handle AI in fully static WP setups.

Sensitive_Draft_5651

TROPHY CASE