Xaflo
PLUGIN Xaflo WP Connect · v1.3.1 · for WordPress 6.0+

The WordPress plugin
that turns WP into a tool surface.

Install on any WordPress site. Issue scoped JWT tokens. Expose 78 typed tools (now including remote maintenance + debug.log tail) to any MCP-compatible AI client.

What it adds to WordPress

A complete control plane for AI agents.

78 REST tools, typed

Every WordPress capability you actually use, exposed as a typed REST endpoint with JSON schema. Posts, pages, media, menus, widgets, customizer, plugins, themes, CLI, DB, debug.log, maintenance.

🚧

Remote maintenance mode NEW

Toggle a styled 503 page from Xaflo Desktop or wp-admin. IP allow-list keeps operators in, everyone else out. Mirrors a .maintenance file + branded drop-in.

Debug.log tail NEW

Parse + filter the WP error log over REST. Severity-aware. 8 MB tail cap.

JWT scoped tokens

23 granular scopes. Read-only for analytics. Write-only for content. Revoke instantly.

Auto-update

Plugin polls updates/v1/ every 12h. SHA-256 verified before unpack.

Analytics built in

Top posts, no-traffic pages, keywords, referrers, period comparison — no GA4 SDK setup, no Search Console OAuth dance.

SEO toolkit

Bulk audit, single-page diagnosis, schema injection, sitemap status — works alongside Yoast / Rank Math / SEOPress without conflict.

Auto-backups

Every destructive write triggers a snapshot. Restore via wp_backup_restore.

Audit log

Every API call: actor, scope, payload, timestamp. RGPD-friendly.

WPML + Polylang

Multilingual aware. Translations as first-class objects.

Install in 3 steps

Production-ready in under 5 minutes.

01

Upload & activate

Plugins → Add New → Upload. Pick xaflo-wp-connect-1.3.1.zip. Activate.

02

Add signing secret

Add one line to wp-config.php:
define('WPCB_JWT_SECRET', '...');

03

Issue a token

Xaflo → Tokens → New. Pick scopes. Copy. Paste into Xaflo Desktop.

Plugin vs vanilla REST

Why not just use WP’s built-in REST API?

Because Claude needs typed, scoped, audited tool descriptors — not a 50-endpoint REST surface that talks JSON like it’s 2014.

Capability Stock WP REST Xaflo WP Connect
Typed tool descriptors78 tools
Scoped JWT authApplication Passwords only23 granular scopes
Auto-backup before writesNoSnapshot + restore
Audit logNoEvery call logged
Remote maintenance toggleNoStyled 503 + IP bypass
Debug.log tailNoParsed + severity-filtered
Analytics toolsNo10 analytics endpoints
SEO bulk auditNoBuilt in
CLI executionNowp_cli_exec (scoped)
Multilingual awareNoWPML + Polylang
MCP-compatibleManual wiring neededNative via claude-wp-mcp
Self-hosted auto-updateNoSHA-256 verified
Free forever · MIT

Get the plugin.

No license key. No phone-home. No telemetry. Just a .zip and your wp-config.

Download v1.3.1 ↓ Get the desktop app →
Open source · MIT v1.0.0 · 2026-05-15 Windows · macOS · Linux 74 WP tools