WordPress Setup Guide
Connect your WordPress site to Oskuo using an Application Password so Oskuo can manage your content without needing your main account password.
Prerequisites
- check_circle A WordPress account on the site. Application Passwords inherit the permissions of the user that creates them. For full capabilities, use an Administrator account. If you'd prefer to limit what Oskuo can do, assign a role with fewer permissions (e.g. Editor or Author) — this is a good multi-layered security approach, but note that it will affect which tools are available inside Oskuo.
- check_circle WordPress 5.6 or later (Application Passwords are built-in from 5.6+)
- check_circle Application Passwords feature enabled. It is on by default, but some security plugins (Wordfence, iThemes Security, Solid Security) may disable it. Check your plugin settings if you don't see the option.
- check_circle The site must use HTTPS. Application Passwords require a secure connection.
Connecting WordPress to Oskuo
-
1
Log in to your WordPress admin at
yourdomain.com/wp-adminwith the account you want Oskuo to use. - 2 Navigate to Users → Profile and scroll down to Application Passwords. Enter Oskuo as the name and click Add New Application Password. Copy the generated password immediately — you won't see it again.
- 3 Open Connectors in Oskuo — click the plug icon in the left sidebar and select WordPress.
-
4
Enter your Site URL (e.g.
https://yourdomain.com), your WordPress login username, and the application password you just copied. Optionally select your SEO plugin (Yoast, Rank Math, AIOSEO, SEOPress), page builder (Elementor, Avada, Gutenberg, Beaver Builder), and code snippets plugin (Code Snippets, WPCode, FluentSnippets). - 5 Click Test Connection. If it succeeds, click Save.
- 6 You're connected. Start a conversation and try it out.
What you can do
Oskuo has 20 WordPress tools covering the full range of content management.
Content
List, get, create, update, and delete posts, pages, and media.
SEO
Read and update SEO metadata — title, description, social previews, and robots directives. Works with Yoast, Rank Math, AIOSEO, and SEOPress.
Taxonomy
Manage categories and tags across your content.
Media
Upload images from URLs directly to your media library.
Code Snippets
Manage code snippets — list, create, update, activate, and deactivate. Works with Code Snippets, WPCode, and FluentSnippets.
Page Sections
Get a page outline, read individual sections, and update specific sections without touching the rest of the page.
Search & Replace
Preview regex find-and-replace across your content, then apply changes to specific posts.
Staging
Check out content for offline editing with conflict detection.
Revisions
View revision history and restore previous versions of any post or page.
REST API
Direct access to the WordPress REST API for advanced operations beyond the built-in tools.
Code Validation
Validate page builder markup for Gutenberg, Elementor, Avada, and Beaver Builder.
Site Info & Discovery
Get site name, URL, and configuration. Discover available REST API endpoints on your site.
Try it out
Here are some things you can ask Oskuo to do:
- chat_bubble "List my last 10 published blog posts"
- chat_bubble "Create a draft post about our new product launch"
- chat_bubble "Update the SEO title and description for my About page"
- chat_bubble "Upload this image and add it to my latest post"
- chat_bubble "Show me the revision history for my homepage"
Good to know
- info You can connect multiple WordPress sites — each gets its own instance in Oskuo.
- info If you change your SEO plugin, page builder, or code snippets plugin, update the selection in the connector settings so Oskuo uses the correct API format.
- info Oskuo can't install or update plugins or themes — you'll need to do that from your WordPress dashboard.
- info Site-wide settings like permalinks, reading preferences, and general options can't be changed through Oskuo.
- info Oskuo can't manage user accounts or roles — user administration stays in WordPress.
- info Direct database access isn't available. Oskuo works through the WordPress REST API, so anything not exposed there is out of reach.
Keeping things secure
- lock Choose the right account role for your needs. Application Passwords inherit the permissions of the user. An Administrator account gives Oskuo full capabilities, but be aware this provides full access to your site via the API. If you want to limit what Oskuo can do, create a WordPress user with a more restrictive role (e.g. Editor or Author) — this is a good multi-layered security approach, though it will affect which tools are available inside Oskuo.
- lock Treat the application password like a master key to your site. Anyone who has it can act as you through the WordPress API — reading, creating, editing, and deleting any content your account has access to. This is called impersonation.
- lock Never share it, paste it in chat, email it, or store it in a document. If you need to give someone else access, generate a separate application password under their own WordPress user.
- lock If you suspect it's been compromised, revoke it immediately in WordPress (Users → Profile → Application Passwords → Revoke).
- lock Each application password is independent — revoking one doesn't affect your normal login or other application passwords.
- lock Credentials are encrypted with AES-256-GCM before storage. They are never sent to the AI model or included in chat messages.
- lock Rotate your application password periodically (e.g. every few months) by generating a new one in WordPress and updating it in Oskuo. Remove the old one to limit your exposure window.
Troubleshooting
"Connection failed" or "Could not connect" expand_more
Check that the URL includes https://, has no trailing slash, and the site is publicly accessible. Try opening the URL in your browser to confirm it loads.
"401 Unauthorised" expand_more
Wrong username or password. The username must be your WordPress login name, not your display name or the label you gave the application password. Usernames are case-sensitive. Generate a new application password if unsure.
"403 Forbidden" expand_more
Insufficient permissions — your WordPress account's role may not have access to that resource. If you need full capabilities, use an Administrator account. Some security plugins (Wordfence, iThemes, Sucuri) also block REST API access by default. Check your plugin settings for REST API restrictions.
"Application Passwords not available" expand_more
Your WordPress version is below 5.6, or a security plugin has disabled the Application Passwords feature. Update WordPress or check your security plugin settings to re-enable it.
"SSL certificate error" expand_more
Your site's SSL certificate may be expired or self-signed. Check your certificate status with your hosting provider. Application Passwords require a valid HTTPS connection.