PhantomWP Connect
one WordPress plugin, fully wired
The WordPress plugin that turns your CMS into a fully wired backend for your Astro frontend. Signed writes, visitor JWT auth, agentic AI that creates posts and custom post types for you, and WooCommerce flows. One install.
What this WordPress plugin does
Six things that used to require half a dozen plugins and a weekend of wp-config edits.
One-click self-pairing
Install the WordPress plugin, activate it, visit the admin once. The plugin self-pairs with your PhantomWP project using a one-time bootstrap token. No API keys to copy, no wp-config edits.
Agentic AI that writes to WordPress
The PhantomWP AI assistant uses the WordPress plugin to create posts, pages, custom post types, taxonomies, and field groups directly inside your WordPress. Ask for a CPT, get a CPT.
Visitor JWT authentication
Login, registration, and password reset on your Astro frontend - all backed by short-lived, capability-restricted JWTs issued from WordPress. Tokens auto-invalidate on role, email, or password changes.
Signed two-way communication
Every request from PhantomWP to your WordPress is signed with ECDSA P-256 and SHA-256. Scoped to your install ID, ±5 minute replay window. No shared passwords, no long-lived keys on the wire.
Encrypted at-rest storage
API keys, JWT secrets, and signing material are encrypted with AES-256-GCM in the WordPress database. A database leak does not leak your secrets.
WooCommerce customer flows
Customer login, registration, and account management on your Astro storefront. One WordPress plugin replaces the stack of JWT and REST plugins you used to need.
The AI can actually operate your WordPress
With the WordPress plugin paired, the PhantomWP AI assistant can reach back through the signed channel and make real changes inside your WordPress. You describe what you want, the AI creates it. No logging into wp-admin, no copy-pasting code into functions.php.
The WordPress plugin detects whichever content modeler you already use (SCF, ACF, ACPT, or Meta Box) and routes the scaffold through it. It never installs modelers on your behalf. All write routes are gated by signed API key permission and a single kill switch you control.
Install in under a minute
No API keys to copy. No wp-config edits. No .htaccess rewrites. The WordPress plugin self-pairs.
Enter your WordPress URL
In the PhantomWP IDE, click Connect WordPress and enter your site URL.
Download your per-project zip
We bake a one-time bootstrap token into a WordPress plugin zip for your specific project.
Upload and activate
In wp-admin, go to Plugins > Add New > Upload Plugin, upload the zip, click Activate.
Done
The WordPress plugin self-pairs on your first admin visit. The bootstrap token self-destructs.
The WordPress plugin is the trust boundary
WordPress plugins have a reputation. This one is designed so the worst case of a stolen token or compromised edge is bounded. Short-lived, scoped, capability-restricted, and auditable.
Read the full security modelDo I have to install the WordPress plugin?
No. PhantomWP works with your public REST API out of the box. The WordPress plugin is the upgrade path when you are ready to do more than read.
Read-only mode
- Read public posts, pages, and media
- Generate Astro pages from your content
- Import media to your Astro repo
Full access
- Everything above, plus:
- Agentic AI can create posts, pages, CPTs, taxonomies
- Visitor login and account flows on your Astro site
- Signed writes and webhooks
- WooCommerce customer flows
Learn more
Install the WordPress plugin in under a minute
Create your PhantomWP project, download the per-project zip, and activate. The plugin self-pairs.
Get started