Integrations
WordPress
Content management, user administration, and plugin control
The WordPress connector provides 82 actions for managing posts, pages, users, plugins, and site settings via the WordPress REST API.
Setup
There are two ways to connect a WordPress site. Pick whichever fits your situation:
| Method | When to use | Permissions scope |
|---|---|---|
| Keva Connector plugin (recommended) | Client sites where you want audit trails and the ability to revoke from WP admin without disturbing a user account | Scoped to the plugin's own REST endpoints — posts, pages, ACF only |
| Application Passwords (no plugin) | Sites you fully own and want zero install friction | Inherits the WP user's full role (use a dedicated editor/admin account) |
Method 1: Keva Connector plugin (recommended)
- Download the plugin: keva-connector-latest.zip (~12 KB, GPLv2)
- In WordPress admin, go to Plugins → Add New → Upload Plugin and select the zip
- Click Install Now, then Activate Plugin
- WordPress shows the connector token once on activation — copy it now (it's not shown again)
- In Keva, go to Settings → Integrations → WordPress Sites → Add WordPress Site
- Paste the site URL and the connector token
If you ever miss the token: in WordPress admin, Settings → Keva Connector → Regenerate Token. The old token is invalidated immediately.
Optional hardening (per-site, in wp-config.php)
// Only accept connections from Keva's egress IPs.
// IPv4 exact or CIDR. Contact support@keva.support for current IPs —
// they're per-deployment, not a published list.
define( 'KEVA_CONNECTOR_ALLOWED_IPS', [ '203.0.113.0/24' ] );
// Only enable if WordPress sits behind a reverse proxy that strips
// client-set X-Forwarded-For headers and sets its own.
define( 'KEVA_CONNECTOR_TRUST_FORWARDED_FOR', true );Method 2: Application Passwords (no plugin)
- Go to Settings → Integrations → Platform Connectors → Add Platform in Keva
- Pick WordPress, enter your site URL
- In WordPress admin, go to Users → Your Profile → Application Passwords
- Generate a new password named "Keva", copy it (spaces are OK)
- Enter the WordPress username + application password into Keva
Requirements
- WordPress 6.0+ for the plugin path (5.6+ for Application Passwords)
- REST API enabled (default in all modern WP installs)
- HTTPS in production — the plugin enforces this automatically; the Application Password path is also HTTPS-only by Keva policy
- Tested up to WordPress 7.0 with PHP 8.4
Available Actions (82)
Posts & Pages
| Action | Description |
|---|---|
| List posts | Get all published posts |
| Get post | Single post details |
| Create post | Publish new content |
| Update post | Edit existing post |
| Delete post | Remove a post |
| List pages | Get all pages |
| Update page | Edit page content |
Users
| Action | Description |
|---|---|
| List users | Get all site users |
| Get user | User profile details |
| Create user | Add new user account |
| Update user | Edit user info |
| Reset password | Send password reset |
| Delete user | Remove user account |
Media
| Action | Description |
|---|---|
| List media | Get media library |
| Get media | File details |
| Upload media | Add new file |
| Delete media | Remove file |
Plugins & Themes
| Action | Description |
|---|---|
| List plugins | Get installed plugins |
| Activate plugin | Enable a plugin |
| Deactivate plugin | Disable a plugin |
| Update plugin | Install plugin update |
| List themes | Get installed themes |
| Activate theme | Switch active theme |
Comments
| Action | Description |
|---|---|
| List comments | Get all comments |
| Approve comment | Mark as approved |
| Spam comment | Mark as spam |
| Delete comment | Remove comment |
Use Cases
Content Request
Customer: "Can you update the pricing on our services page?"
AI:
1. Calls list_pages() to find Services
2. Calls get_page(123) for current content
3. Reports current pricing text
4. Updates if customer confirms changesUser Access
Customer: "John left the company, remove his access"
AI:
1. Calls list_users() to find John
2. Confirms user: john@company.com
3. Calls delete_user(45)
4. Reports: "User removed successfully"Plugin Issue
Customer: "Site is showing errors after plugin update"
AI:
1. Calls list_plugins() for recently updated
2. Identifies problematic plugin
3. Calls deactivate_plugin(plugin-slug)
4. Reports: "Disabled Contact Form 7"Configuration
- Site URL: Your WordPress installation URL
- Content write: Enable/disable post/page editing
- User management: Enable/disable user operations
- Plugin control: Enable/disable plugin activation
- Media upload: Allow media library access