Title: BotCreds Agent Access Author: Joe Boydston Published: 2026 年 5 月 22 日 Last modified: 2026 年 6 月 2 日 --- 搜尋外掛 ![](https://ps.w.org/botcreds-agent-access/assets/banner-772x250.png?rev=3558619) ![](https://ps.w.org/botcreds-agent-access/assets/icon-256x256.png?rev=3544121) # BotCreds Agent Access 由 [Joe Boydston](https://profiles.wordpress.org/jboydston/) 開發 [下載](https://downloads.wordpress.org/plugin/botcreds-agent-access.2.1.19.zip) * [詳細資料](https://tw.wordpress.org/plugins/botcreds-agent-access/#description) * [使用者評論](https://tw.wordpress.org/plugins/botcreds-agent-access/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/botcreds-agent-access/#installation) * [開發資訊](https://tw.wordpress.org/plugins/botcreds-agent-access/#developers) [技術支援](https://wordpress.org/support/plugin/botcreds-agent-access/) ## 外掛說明 **BotCreds Agent Access** gives your AI agent, MCP client, or automation tool a secure, scoped credential to interact with your site — no code required. Whether you’re connecting Claude, ChatGPT, a custom MCP server, or an OpenClaw agent, BotCreds gives you a one-click setup wizard that generates a properly scoped WordPress Application Password and logs every action the agent takes. **Why BotCreds?** Most AI agent setups require digging into wp-config, creating users manually, or sharing admin credentials. BotCreds removes all of that. Install, click, copy, paste— your agent is connected in under a minute. **Features:** * One-click connection setup under Settings BotCreds * Generates a secure, scoped Application Password for your AI agent or MCP client * Works with any agent that supports the WordPress REST API: Claude, ChatGPT, OpenClaw, n8n, Zapier, custom MCP servers, and more * User-level and site-level logging of agent actions — see exactly what your agent did and when * Displays credentials in ready-to-paste format (table and JSON) * Shows connection status, creation date, and last used date * One-click revoke with confirmation * Clean, modern admin UI using native WordPress styles * Proper security: nonces, capability checks, password shown only once **Compatibility:** * Works with the Model Context Protocol (MCP) * Compatible with all major AI agent frameworks * No third-party services or accounts required — everything stays on your site ## 安裝方式 1. Upload the `botcreds-agent-access` folder to `/wp-content/plugins/`. 2. Activate the plugin through the “Plugins” menu in WordPress. 3. Go to Settings BotCreds. 4. Click “Connect Agent” to generate your credentials. 5. Copy the credentials and paste them into your agent’s config. ## 常見問題集 ### What is an Application Password? Application Passwords are a built-in WordPress feature (since 5.6) that let external tools authenticate against the REST API without using your main account password. They can be revoked at any time without affecting your login. ### What agents and tools does this work with? Any tool that supports HTTP Basic Auth against the WordPress REST API. This includes Claude (via MCP), ChatGPT plugins, OpenClaw, n8n, Zapier, Make, custom Python scripts, and more. ### What is MCP? The Model Context Protocol (MCP) is an open standard for connecting AI agents to external tools and data sources. BotCreds makes it easy to connect an MCP client to your site. ### Is the password stored anywhere? The plain-text password is shown once when created. WordPress stores only a hash, so the password cannot be retrieved later. If you lose it, revoke the old one and create a new connection. ### Can I have multiple agent connections? BotCreds manages one Application Password per user. Revoke the existing one before creating a new connection, or create additional passwords directly in your WordPress profile. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈BotCreds Agent Access〉的開發相關工作。 參與者 * [ Joe Boydston ](https://profiles.wordpress.org/jboydston/) * [ Droyal ](https://profiles.wordpress.org/droyal/) [將〈BotCreds Agent Access〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/botcreds-agent-access) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/botcreds-agent-access/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/botcreds-agent-access/),或透過 [RSS](https://plugins.trac.wordpress.org/log/botcreds-agent-access/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/botcreds-agent-access/)。 ## 變更記錄 #### 2.1.19 * “View details” modal now shows full plugin description, installation steps, FAQ, and changelog — populated locally via plugins_api filter instead of a WordPress. org API call. #### 2.1.18 * Connections tab: role badges now show a tooltip on hover with a plain-English description of what that role can do (e.g. “Can publish and manage all posts, pages, categories, and comments.”). Custom roles derive their tooltip from actual capabilities. #### 2.1.17 * Rebrand UI labels from “BotCreds” to “Agent Access” in Tools menu, settings page title, profile sections, and admin JS. Underlying credential name unchanged for backwards compatibility. #### 2.1.16 * Activity log now records write methods only (POST, PUT, PATCH, DELETE) by default. Read requests (GET/HEAD) are skipped. Add `add_filter( 'agent_access_log_reads',' __return_true' )` to re-enable read logging. #### 2.1.11 * Fix phpcs:ignore comment placement for uninstall_table() DROP TABLE — moved inline so Plugin Check actually picks it up. #### 2.1.10 * Fix Plugin Check warnings: add wp_unslash() to User-Agent read, add phpcs:ignore for schema-change DROP TABLE (NoCaching/NotPrepared false positives on constant table name), add PluginCheck.Security.DirectDB ignore on dynamic-but-prepared SQL in get_entries/count_entries. #### 2.1.9 * Security: Uninstall now correctly revokes credentials minted as ‘BotCreds’ (and all legacy names from prior rebrands). Previously uninstalling the plugin left live credentials on every connected account. * Security: Activity log IP is now recorded from REMOTE_ADDR only — forwarded headers( CF-Connecting-IP, X-Forwarded-For) are client-controlled and were previously used, making the audit record forgeable. * Security: Removed unverified Jetpack signature header as a source-detection signal— an empty header was sufficient to have any authenticated write attributed to the wordpress-mcp source. * Fix: Admin page assets (admin.js / admin.css) were never loaded on the Tools page due to a hook suffix mismatch. Tools BotCreds now renders correctly with all JS interactions working. * Fix: Uninstall now drops the activity log table and version option (were missing). * Fix: Windowed pagination for the activity log using core paginate_links() — prevents emitting thousands of page links on large sites. * Fix: @mention notifications no longer fire for pending/unapproved comments, preventing notification spam before moderation. * Fix: @mention regex now ignores email domains (foo@bar.com no longer extracts‘ bar’ as a mention). * Fix: Removed unreachable render_created_state() and dead transient reads — credentials are delivered via AJAX/JS only. * Improvement: Connections tab shows a warning when the site has more than 200 users (silent cap). * Code: Extracted shared WHERE clause builder in the activity log class. * Code: Renamed is_openclaw_request() to is_managed_agent_request(), get_all_openclaw_users() to get_connected_users(). #### 2.1.0 * Added activity log for Agent Access app passwords and WP.com MCP connections. * Activity Log tab in Tools Agent Access — filterable by source and HTTP method, paginated. * Removed ClawPress references — rebranded to BotCreds Agent Access. #### 2.0.3 * Fixed text domain mismatch in all includes (botcreds-agent-access). * Trimmed tags to 5 for directory compliance. #### 2.0.2 * Renamed to BotCreds Agent Access. * Updated text domain to botcreds-agent-access. #### 2.0.1 * Renamed to Botcred Application Passwords for clarity and directory compliance. * Updated text domain to botcred-application-passwords. #### 2.0.0 * Rebranded and relaunched as BotCreds Agent Access. * Removed provisioner and theme-bridge (available as separate add-ons). * Security hardening (escaping, nonces, input validation). * Added object caching for content stats. * Updated all namespaces, hooks, and REST routes. #### 1.1.0 * New: @mentions in comments — type @username to mention any site user. * New: Mentioned users receive email notifications automatically. * New: Mentions render as styled links in comment display. * New: `agent_access_user_mentioned` action hook for integrations. * New: `agent_access_send_mention_notification` filter to control notifications. #### 1.0.0 * Initial release. * Create and revoke agent Application Passwords. * Connection status display with creation and last-used dates. * Copy-to-clipboard support for credentials. ## 中繼資料 * 版本 **2.1.19** * 最後更新 **11 小時前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 5.6 或更新版本 ** * 已測試相容的 WordPress 版本 **7.0** * PHP 版本需求 ** 7.4 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/botcreds-agent-access/) * 標籤: * [ai agents](https://tw.wordpress.org/plugins/tags/ai-agents/)[application-passwords](https://tw.wordpress.org/plugins/tags/application-passwords/) [mcp](https://tw.wordpress.org/plugins/tags/mcp/)[rest-api](https://tw.wordpress.org/plugins/tags/rest-api/) [security](https://tw.wordpress.org/plugins/tags/security/) * [進階檢視](https://tw.wordpress.org/plugins/botcreds-agent-access/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/botcreds-agent-access/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/botcreds-agent-access/reviews/) ## 參與者 * [ Joe Boydston ](https://profiles.wordpress.org/jboydston/) * [ Droyal ](https://profiles.wordpress.org/droyal/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/botcreds-agent-access/)