WordPress 7.0 Just Made AI Connectors a Core Feature. Security Researchers Are Already Warning About a Rush to Steal API Keys.
WordPress 7.0 ships with a Connectors API, a built-in AI Client and an Abilities API. Configure one provider key and every plugin can use it. No rate limit, no per-plugin cap, no monthly ceiling. Security researchers expect a rush.
Core has no per-plugin budget cap, no rate limit and no monthly ceiling. The risk model just changed.
WordPress 7.0 just shipped its biggest architectural change in years. It includes a built-in AI layer. A new Connectors API stores your AI provider key, an AI Client routes requests through it and an Abilities API exposes that capability to every plugin on the site.
Configure your OpenAI, Anthropic or Gemini API key once. Every plugin on the install can use it without re-prompting. There is no per-plugin budget cap in core. There is no rate limit. There is no monthly ceiling.
Security researchers had the obvious reaction. Search Engine Journal quoted one who said attackers will absolutely rush to steal these keys, because they are worth real money on the black market. AI API keys power bot farms that run thousands of conversations on dating apps, social media and SMS scams. A single stolen Anthropic or OpenAI key has resold for thousands of dollars in past breaches.
The vulnerability surface is wider than it looks. WordPress runs around 40% of the public web. Most of those sites already have ten or twenty plugins installed, many of them outdated. Each plugin now has read access to the central AI key. If any plugin is compromised, the key leaks.
Why it matters
Australian SMB marketers tend to treat WordPress as the safe option. It is cheap, it is supported and there is always a plugin for the next thing. That calculation has shifted. The default WordPress install is no longer a static content management system. It is now an AI gateway with credit-card-linked access to large language models.
The blast radius is also commercial, not just technical. A stolen OpenAI key linked to a small agency account has run up four-figure overnight bills. A stolen Anthropic key tied to a real client has bigger consequences than the bill. It is a data exfiltration vector.
Share of the public web running WordPress. The Abilities API now sits underneath all of it.
What to do about it
Treat the AI key like a payment credential. The marketing team has to brief the dev team on these basics.
Do not store provider keys directly in WordPress core. Use a serverless proxy with rate limits, IP allowlisting and per-plugin spend caps.
Run a plugin audit. Disable any plugin that has not been updated in 12 months. Each old plugin is a potential exfiltration route to the AI key.
Set hard daily spend caps at the provider level. OpenAI, Anthropic and Google all let you cap usage per key. Use it.
Rotate keys every 30 days. If a leak happens, you want a 30-day blast radius, not a 12-month one.
Move the AI features that matter to a managed platform. The convenience of every-plugin-can-call-AI is not worth the risk for client work.
WordPress 7.0 is going to drive a wave of AI features inside marketing stacks. It is also going to drive the first wave of marketing-team-caused AI breaches. The teams that put guardrails in this month will not be in the headlines next quarter.