內容簡介
VideoWhisper Site Manager 外掛幫助使用者透過 ChatGPT 管理 WordPress 文章與頁面,無需將 AI 服務嵌入 WordPress。它提供安全的 REST 層及簡化的設置流程,適合希望利用聊天方式編輯內容的網站擁有者和團隊。
【主要功能】
• 安全的 REST 層進行內容操作
• 自動生成的 OpenAPI 架構 URL
• 一鍵創建 WordPress 應用密碼
• 指導式上線流程,便於設置
• 支援草稿優先工作流程
• 審計日誌端點供管理員使用
外掛標籤
開發者團隊
② 後台搜尋「AI Site Manager – Using ChatGPT Claude Codex」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
VideoWhisper Site Manager lets you manage WordPress posts and pages through external AI assistants such as ChatGPT (Custom GPT + Actions), Claude (MCP: web, desktop, mobile, CLI), and Codex (MCP). It exposes authenticated WordPress endpoints and setup guidance while you keep using your own AI account and subscription.
It provides:
A secure REST layer for content operations (list, read, create, update, revert, reset)
An MCP (Model Context Protocol) endpoint for Claude.ai, Claude Desktop, Claude CLI, Claude mobile apps, and Codex MCP clients
A generated OpenAPI schema URL for GPT Actions import
Guided onboarding with copy/paste values for ChatGPT Builder, Claude connector setup, and Codex MCP setup
Turnkey OAuth onboarding for shared GPT / shared MCP workflows through a compatible Relay & OAuth Server
WordPress Application Password onboarding for direct site-owned integrations
Frontend user connection shortcode support for connected account workflows
Safety controls: HTTPS enforcement, draft-first behavior, publish gating, read/write rate limiting, write quotas, IP allowlists, audit logs
Extension points through WordPress hooks for custom authentication, tools, settings, content types, and admin UI additions
The plugin does not call OpenAI, Anthropic, or any AI provider directly. Your WordPress site exposes authenticated endpoints and setup guidance. You connect it to ChatGPT, Claude, or Codex yourself with your own account and subscription.
Ideal for
Site owners who want to draft, edit, or review WordPress content by chat
Teams using a dedicated WordPress user (recommended: Editor) for AI-assisted publishing workflows
Mobile workflows: configure on desktop, use the GPT or Claude connector on phone/tablet
Developer workflows where Codex can use MCP tools to inspect and update WordPress content
Supported Authentication
The onboarding flow recommends using one authentication option for clarity, but development and migration setups can enable more than one.
Turnkey OAuth – recommended for most sites. Users connect through a compatible Relay & OAuth Server and can operate one or more connected sites from the same shared GPT or MCP connector.
Application Passwords – direct WordPress authentication over HTTPS using WordPress core Application Passwords. Best for admin-owned custom GPT/MCP setups where credentials are managed by the site operator.
Extension-provided authentication – developers can add custom OAuth, token validation, alternate connector metadata, or other authentication flows with the hooks listed below.
Connecting ChatGPT
Install and activate VideoWhisper Site Manager.
Open VideoWhisper Site Manager > Onboarding.
Create (or link) a dedicated WordPress user (recommended role: Editor).
Choose Turnkey OAuth for a shared GPT workflow, or create an Application Password from the onboarding page for a direct site-owned GPT.
In ChatGPT Builder (desktop), create a Custom GPT and import the plugin OpenAPI schema URL.
Use the provided copy/paste values for Configure, Actions, authentication, and privacy policy fields.
Test on desktop, then use the same GPT on mobile.
Connecting Claude (MCP)
The free plugin includes an MCP endpoint at /wp-json/videowhisper-site-manager/v1/mcp.
Claude.ai (web):
Go to claude.ai/customize/connectors.
Click the + button in the Connectors sidebar → Add custom connector.
Set a name and paste the MCP endpoint URL.
Authorize via Turnkey OAuth when connected to a compatible Relay & OAuth Server, or use an Application Password for direct setup.
The connector also works in the Claude mobile apps (iOS and Android) and desktop once authorized.
Claude CLI:
claude mcp add –transport http “YourSiteName” “https://yoursite.com/wp-json/videowhisper-site-manager/v1/mcp”
Automatic OAuth authorization requires a compatible Relay & OAuth Server. Without that connection, use WordPress Application Passwords over HTTPS.
Connecting Codex (MCP)
The onboarding flow includes Codex setup values for both direct and Turnkey MCP architectures. Codex can connect to the same Streamable HTTP MCP endpoint at /wp-json/videowhisper-site-manager/v1/mcp.
Open VideoWhisper Site Manager > Onboarding and enable Codex in the AI Tools selection step.
Choose Turnkey OAuth for shared relay access, or Application Passwords for direct site-owned MCP access.
Copy the generated Codex config.toml block or OAuth login command from the Codex onboarding tab.
Restart or reload Codex MCP settings, then use /mcp in Codex to confirm the WordPress MCP server is active.
Features
MCP endpoint for Claude.ai, Claude Desktop, Claude CLI, Claude mobile apps, and Codex — implements MCP Streamable HTTP transport (protocol 2025-03-26)
ChatGPT / GPT Actions integration via generated OpenAPI schema URL (/wp-json/videowhisper-site-manager/v1/openapi)
Dynamic agent guide at /wp-json/videowhisper-site-manager/v1/agent-guide with Markdown by default and JSON via ?format=json; MCP also exposes guide resources for MCP-aware clients
Shared AI action registry keeps MCP tools and OpenAPI schemas aligned for ChatGPT, Claude, and Codex integrations; extra OpenAPI actions are grouped by module with an action subaction field to stay under GPT operation limits
GPT Actions onboarding aligned with current auth UI, including Application Password and Turnkey OAuth setup paths
One-click Application Password creation for the dedicated operator user (plaintext shown once, not stored long-term)
Guided onboarding with copyable values for:
GPT Name, Description, Instructions, Conversation Starters
MCP endpoint URL, Claude connector setup instructions (Claude.ai, Desktop, CLI), and Codex MCP configuration snippets
Action authentication values, Schema URL, Privacy Policy URL
curl examples and credential samples
Authentication options:
Turnkey OAuth for shared GPT / shared MCP workflows through a compatible Relay & OAuth Server
Application Passwords for direct site-owned admin integrations
hook-based extension points for additional authentication methods
REST endpoints for listing, reading, creating, and updating WordPress posts/pages
Context endpoint for site and content context used by MCP tools
Optional read-only Live Support Tickets CRM integration for authenticated users to list their own conversations and retrieve messages through OpenAPI/MCP tools
Content revert/reset helpers backed by revision snapshots
dry_run support for safer create/update previews before writing
Draft-first workflow and optional publish permission (Allow publish)
HTTPS enforcement for plugin endpoints by default (with dev-only HTTP override setting)
Per-user rate limiting with separate defaults for read traffic (10/minute), write actions (5/minute), and hourly write quotas (30/hour)
FansPaysite support for frontend shortcode styling, dark/light mode, and Pro menu icon fields when the FansPaysite theme is active
IP allowlists for Application Password and Turnkey OAuth traffic
External OAuth URL hardening (HTTPS-only with external-host validation)
Configurable short cache TTL for external bearer-token validation (default: 10s)
Categories and tags support
Generic SEO metadata fields (plugin-owned keys)
Audit logging endpoint for administrators
Settings endpoint for administrators
Public protected resource metadata for OAuth-aware clients
Provider Terms of Use and Privacy Policy links when supplied by connected services
User connection shortcode ([vwsm_user_connect]) for account-based connection flows
Admin notices and onboarding reminders for incomplete setup
Recommended GPT/Claude/Codex capabilities guidance
Current AI Actions and Tools
The shared registry exposes the same capabilities to ChatGPT Actions, Claude MCP, and Codex MCP when settings and user permissions allow them. OpenAPI may group extra actions by module; MCP lists the individual tool names.
Core tools: get_site_context, list_content, get_content, get_logs, create_content, update_content.
Conditional core tools: revert_action, reset_action when log state tools are enabled.
Plugin integration tools: get_site_context includes brief permission-aware available_integrations metadata, while plugins_list lists compatible plugins, agent instructions, whitelisted option documentation, and plugin-specific tools visible to the authenticated user. Site Manager Pro adds plugin_list_options, plugin_get_options, and plugin_update_option for admin-only whitelisted option configuration. Other plugins can register tools with vwsm_ai_plugin_integrations; Site Manager exposes them automatically through MCP, the dynamic agent guide, and grouped OpenAPI /actions/{module} paths.
Live Support Tickets read-only tools when CRM access is enabled: crm_list_my_conversations, crm_get_my_conversation_messages.
Agent documentation: /wp-json/videowhisper-site-manager/v1/agent-guide, /wp-json/videowhisper-site-manager/v1/agent-guide?surface=mcp, /wp-json/videowhisper-site-manager/v1/agent-guide?surface=actions, and /wp-json/videowhisper-site-manager/v1/agent-guide?format=json.
Extension Hooks
Developers can extend this plugin without editing core files. Common hooks include:
Settings and admin UI: vwsm_settings_defaults, vwsm_settings_normalized, vwsm_admin_settings_save, vwsm_rest_settings_payload, vwsm_settings_tab_label, vwsm_settings_form_publishing_rows, vwsm_settings_form_security_rows, vwsm_settings_form_rate_limits_rows, vwsm_settings_form_logs_revisions_rows, vwsm_settings_form_turnkey_oauth_rows, vwsm_settings_form_authentication_rows, vwsm_settings_form_application_passwords_rows, vwsm_settings_form_content_rows, vwsm_settings_form_admin_rows, vwsm_settings_form_attachments_rows, vwsm_settings_form_fomantic_rows, vwsm_settings_form_after_core_rows, vwsm_auth_methods_section.
Authentication and OAuth metadata: vwsm_oauth_server_url, vwsm_authorization_server_url, vwsm_rest_401_headers, vwsm_external_oauth_onboarding_urls, vwsm_onboarding_oauth_tab_content, vwsm_handle_external_register_gpt.
OpenAPI, MCP, and tools: vwsm_ai_actions, vwsm_ai_plugin_integrations, vwsm_ai_plugin_option_integrations, vwsm_ai_plugin_action_dispatch, vwsm_ai_action_native_openapi_tools, vwsm_mcp_server_name, vwsm_mcp_extra_tools, vwsm_mcp_dispatch_tool, vwsm_mcp_site_context, vwsm_openapi_components, vwsm_openapi_document, vwsm_write_rate_limit_mcp_tools.
Content and sanitization: vwsm_allowed_content_types, vwsm_revision_limit, vwsm_revision_gradient, vwsm_supported_extra_allowed_html_tags, vwsm_allow_extra_allowed_html_tags.
User connection workflows: vwsm_user_connect_handle_post, vwsm_user_connect_after_sections, vwsm_user_connect_tools_data, vwsm_user_connect_gpt_url.
Operator and environment behavior: vwsm_default_operator_username, vwsm_use_current_user_mode.
Disclaimer
This plugin provides infrastructure for operating a WordPress site with external AI chatbots and agents. The site owner is solely responsible for the actions enabled through this functionality, including content created or changed by AI tools, credentials and access tokens, backups, privacy compliance, and any publishing or policy consequences.
AI-generated content can be inaccurate, defamatory, plagiarized, non-compliant, or otherwise unsuitable for publication. Review AI output and tool activity before publishing. Keep publishing disabled unless you fully understand and accept the risk.
Use HTTPS, protect Application Passwords and OAuth credentials, restrict access where possible, monitor logs, and maintain independent backups. Use at your own risk.
Privacy
This plugin stores the following data on your WordPress site:
Plugin settings in WordPress options (for example: publish, rate limit, HTTPS, IP allowlist, authentication, and provider URL settings)
Audit log entries in a custom database table (*_vwsm_audit_logs)
Optional dedicated operator user ID reference in WordPress options (when using onboarding helper)
Short-lived transient for one-time Application Password display after creation (plaintext is not stored long-term)
Short-lived transient cache for external bearer-token validation, when Turnkey OAuth is used
Optional connected service account tokens, site keys, server URLs, and provider policy links used for remote account and Turnkey OAuth workflows
Audit logs may include:
Authenticated WordPress user ID
Request route and method
Sanitized request/response summaries
Timestamp and IP address
This plugin does not send data to third-party AI services by itself.
This plugin does not include telemetry/analytics tracking by default.
Site owners are responsible for:
Securing the site with HTTPS
Managing WordPress users and Application Passwords
Configuring GPT sharing safely (recommended: Only Me)
Reviewing the privacy implications of any external AI service connected to the site’s API
