WordPress integration: connect your CMS to publish from Semji
Connect WordPress to publish from Semji without copy-pasting. You decide what agents can read, create, or modify.
At a glance
- What you can do: give Semji's agents controlled access to your WordPress posts.
- Who it's for: workspace owners and WordPress administrators.
- Compatibility: WordPress 5.6 and newer.
Prerequisites
- WordPress 5.6 or newer. Application passwords, which are used for the connection, have existed since this version.
- A live, public site served over HTTPS. A local or internal-network site cannot be connected.
- The WordPress REST API reachable. It's on by default, but a security plugin may have disabled it.
- A WordPress account allowed to manage posts, Author role at minimum. Choose Editor if agents should be able to update posts written by others.
How to connect your WordPress site
1) Create an application password in WordPress
An application password is a dedicated password WordPress generates for an outside service, here Semji. It's tied only to this connection, and you can revoke it at any time without touching the account's normal password.
In wp-admin, open the account Semji will use, via Users → Profile or Users → All Users. Scroll down to the Application Passwords section, enter a name such as Semji, and click Add New Application Password.
WordPress shows this password only once, in the form xxxx xxxx xxxx xxxx xxxx xxxx. Copy it right away. You can paste it into Semji with or without the spaces.
Good to know ℹ️: don't see the Application Passwords section? That's because your site isn't on HTTPS, is running a WordPress version older than 5.6, or a security plugin has disabled the feature.
2) Connect from Semji
You must be a workspace owner, since the connection applies to the whole team. In Semji, open Settings → Integrations, go to the CMS tab, and click Connect on the WordPress row.

Fill in the three fields:
- Site URL: your site's exact address over HTTPS, e.g. https://your-site.com. Enter the address your site actually uses: if it switches from example.com to www.example.com, enter the www version. Semji does not follow redirects.
- Username: the WordPress account the application password belongs to.
- Application password: the one generated in step 1.

Click Next. Semji immediately checks that these credentials work on your site.
3) Pick the WordPress tools
Choose what AI agents can do on your site. All four tools are enabled by default: Create posts, Read posts, List posts, Update posts. You can change this selection at any time.

4) Save
Click Save. The WordPress row now shows as connected.

What Semji can do once connected
| Tool | What it does |
|---|---|
| List posts | Search and browse your posts, with filters by status |
| Read posts | Fetch a post's full content, as stored in the editor |
| Create posts | Create new posts, always as a draft unless you explicitly ask an agent to publish |
| Update posts | Change only the fields you edit: title, content, status, categories, tags |
Manage or disconnect
From Settings → Integrations → CMS, the WordPress row offers:
- Manage tools: enable or disable each of the four tools.
- Disconnect: remove the integration for the whole workspace.
Firewalls, Cloudflare, and IP allowlisting
Semji calls your site's REST API directly. If a firewall or protection like Cloudflare sits in front of your WordPress, it must let these calls through, or the connection fails.
On Cloudflare, create a rule that lets through (Skip action) requests coming from Semji's IP addresses whose path starts with /wp-json/.
Semji IP addresses to allow:
-
63.34.75.122
-
63.35.78.179
-
54.228.104.165
-
18.200.156.37
-
34.248.117.83
-
52.213.28.177
Heads-up ⚠️: a firewall block looks just like a credentials error. When a protection layer answers "403 Forbidden" on /wp-json/, Semji shows an invalid-credentials error even though your username and password are correct. If you're sure of the credentials, check the firewall first.
Troubleshooting
"Invalid WordPress credentials. Check the username and the application password." Your site refused the connection. Possible causes: the username or application password is wrong or was revoked, application passwords are disabled on the site, or a firewall (Cloudflare, Wordfence) is blocking Semji before it even reaches WordPress. See the firewall section.
"Could not connect to the WordPress site. Check credentials and site URL." Semji couldn't reach your site. The most common causes:
- The address redirects. Semji does not follow redirects, so enter the final address, for example the www version or the https version.
- The REST API isn't reachable: /wp-json/ returns a 404, often because of a plugin or a permalink setting.
- The site is unreachable: a DNS problem, host down, or a non-public site.
- The site responds too slowly: the response must arrive within 10 seconds.
Errors shown before you even submit the form:
- "Please enter a valid URL." The text you entered isn't a web address.
- "The site URL must start with https://." HTTP sites cannot be connected.
- "The site URL points to a private or reserved address, which is not allowed." Local or internal sites are rejected, the site must be public.
An agent reports an error after the connection was working:
- "WordPress authentication failed. Please check the credentials in the integration settings." The application password was revoked or changed since connection. Reconnect with a fresh one.
- "No WordPress integration configured for this workspace." The integration was disconnected. A workspace owner must reconnect it.