WordPress 7.0 arrives on April 9. It is the biggest change to the platform since Gutenberg. Most people think it is just a routine update with new blocks. They are wrong.
This version includes a native Model Context Protocol (MCP) server. This lets AI agents like Claude or ChatGPT work inside your website. They will not just write text for you to copy and paste. They will manage pages, edit site structure, and handle comments.
It makes running a site much faster. But it also creates a massive security gap.
Every AI agent needs a user account to do its job. If your site allows anyone to register, you are not just letting in humans. You are letting in autonomous software with the power to change your database.
You have a choice to make before April 9. You can let the technology run itself, or you can do user role management. If you do not vet who is joining your site, you lose control of your business.
Here is a quick look at the shift:
| Feature | WordPress 6.9 (Old) | WordPress 7.0 (New) |
|---|---|---|
| AI Role | External assistant | Internal operator |
| Workflow | Copy and paste text | Direct site execution |
| Primary Risk | Poor content quality | Unauthorized site changes |
| User Access | Mostly human users | Human + AI Agent users |
Efficiency is good. But unsupervised access is a disaster. You need to decide how you will handle new users before the agents arrive.
The Structural Shift in WordPress 7.0 MCP
WordPress 7.0 is a structural pivot. It moves the platform toward a headless administrative model. If you ignore this, you are missing the shift from “software you run” to “software that runs itself.”
The core code now includes three specific systems.
AI Connectors
This is a central hub for your API keys. You enter your credentials for Claude, Gemini, or OpenAI once. All your plugins use this shared layer. It stops the mess of 20 plugins, each holding its own keys in its own way.
Abilities API
This gives your site a functional voice. It lets plugins define exactly what they can do in a way an AI understands. For example, a plugin can say: “I can delete spam comments” or “I can update a page title.”
MCP Adapter
This is the translator. It takes those site abilities and shows them to an external AI agent. It is the bridge between your database and the machine’s logic.
You are no longer just managing content. You are managing an agentic environment. Proceed with that in mind.
What is Model Context Protocol (MCP) in WordPress 7.0
MCP is a standard. It is the USB-C of the AI world.
Before this, every AI tool had its own way of connecting to WordPress. One plugin used a specific OpenAI bridge. Another used a custom Gemini script. They were messy and broke often.
MCP fixes the connection layer. It gives any AI agent a standard way to “talk” to any application. Because it is now in WordPress core, your site is officially “discoverable” by AI.
This changes the workflow completely.
The Old Way:
- You go to ChatGPT.
- You ask for a blog post.
- You copy the text.
- You log into WordPress.
- You paste it and fix the formatting.
The MCP Way:
- You tell the AI agent what you want.
- The agent reads your site structure.
- It understands your categories.
- It creates the draft directly in your database.
- You just hit publish.
This is a massive gain in efficiency. But it means an external entity is now inside your house. If you do not know who is holding the key, you have a problem.
The Abilities API in WordPress 7.0
The Abilities API is how WordPress tells an AI what it can do. It is like a menu. Instead of an AI guessing how to post a blog, the API lists “Create Post” as a clear action.
It is more than just core features. Third-party plugins can register their own abilities. A form plugin might register “Read Submissions.” An e-commerce plugin might register “Check Stock.”
This is where the risk lives. If a plugin is poorly coded, it might expose an ability you do not want an AI to have.
| Plugin Type | Possible Ability | Potential Risk |
|---|---|---|
| Forms | Export entries. | Data privacy leak. |
| SEO | Edit metadata. | Accidental site-wide de-indexing. |
| E-commerce | Manage Coupons. | Financial loss through errors. |
If you let every new user or every new agent access these abilities immediately, you are asking for trouble. Control your user table. It is the only way to control these abilities.
The Governance Gap: Who is Letting the Agents In?
The biggest risk of WordPress 7.0 is not the AI. It is the identity of the user.
Every AI agent needs a User Role to interact with the Abilities API. If an agent wants to draft a post, it needs “Contributor” or “Author” permissions. If it wants to manage your site settings, it needs “Administrator” access.
This is where New User Approve comes handy.
Agents as “New Users”
A “New User” is no longer just a person with an email address. It is now a service-linked account. It is an autonomous entity. If your site allows open registration, any bot can sign up and immediately start calling “Abilities.”
You cannot rely on “implicit consent.” Just because an AI asks for confirmation before it publishes a post does not mean it should have been in your database in the first place. This is why a strict WordPress user approval process is a security requirement.
| Identity Type | Action Method | Governance Needed |
|---|---|---|
| Human User | Manual Login / Dashboard | Standard vetting. |
| AI Agent | MCP Protocol / API | Strict, role-based vetting. |
The “Ability” to edit your site is a currency. If you do not vet who is joining your site, you are giving that currency away.
The Risk of Agent Sprawl
Without a gatekeeper, your user table will fill up with abandoned service accounts. Each one is a potential backdoor. You need a way to stop the “Agent Storm” before it starts.
Manual user approval is the only logical solution. You must verify the human before the agent gets to touch your site.
Manual Approval is the New Firewall
WordPress 7.0 makes your site faster. It also makes it easier to breach. If you do not change how you handle user registration, you are leaving the front door open for autonomous software.
Efficiency is the goal of this update. But security requires intentional friction. You cannot afford to automate your user table when the users are no longer just people.
Friction as Security
Manual governance is the only way to prevent an “Agent Storm.” You must verify every request. If a new user signs up, you need to know if it is a human contributor or an AI service seeking “Abilities.”
- Vet the human. Every agent is tied to a person or a company.
- Assign the role. Don’t give “Editor” permissions to a “Subscriber” agent.
- Audit the access. Use a WordPress user approval plugin to keep your user table verified.
Wrap Up
April 9 is the start of a new era. You should embrace the innovation of MCP and the Abilities API in WordPress 7.0. They will change how you work for the better. Prepare for WordPress 7.0 by tightening your registration logic today. Use a tool like New User Approve to ensure that no agent (human or otherwise) gets inside without your explicit “Yes.”
Control the gate. Secure your site. Then, let the AI get to work.
