Security Model
Maxi gives an AI agent real access to your site, so it’s fair to ask: how is that kept safe? This page explains the protections in plain terms — what they are and why they mean you stay in control.
Handing an AI agent the keys to your site is a reasonable thing to be cautious about. Maxi is built around that caution. Several independent protections work together so that an agent can be genuinely useful while staying inside boundaries you control — and so that everything it does is visible and accountable.
The connection is encrypted and authenticated
Your agent connects over a secure, encrypted link (HTTPS), and it must prove who it is before it can do anything. There are two ways to authenticate:
- Sign in with your site (recommended). Built on OAuth 2.1 — the same secure standard used to “Sign in with Google” or connect any modern app. You approve the agent through your normal WordPress login in the browser, click Authorize, and you’re done. Your WordPress password is never shared with the agent, and you can review or revoke connected agents at any time under Settings → AI Connections.
- Application Password. A long, single-purpose credential you generate in WordPress for an agent to use. Useful for tools that don’t support the browser sign-in, or for automated scripts. You can revoke it whenever you like.
Either way, the agent always acts as a specific WordPress user — never as some anonymous, all-powerful process. That single fact underpins everything below.
The agent has exactly the permissions of its user — no more
Because an agent acts as a WordPress user, it inherits that user’s permissions and nothing beyond them. This is the most important control you have, and it’s the one you already understand from running WordPress: give an agent a limited role and it can only do limited things.
In practice that means you can scope an agent deliberately. A read-only agent for reporting. A content agent that can draft and edit but not touch settings. A full administrator only when you genuinely need one. The Connect your AI guide covers choosing a role.
Changing content requires an administrator
On top of WordPress’s own permissions, Maxi adds a firm rule: the abilities that change your site’s content can only be run by an administrator-level agent. This is enforced in the code itself — no instruction, note, or setting can talk the agent around it. A lower-privilege agent can read your site and make suggestions, but it cannot alter content. So even a misconfigured or misled non-admin agent simply has no path to modifying your pages.
Your secrets stay secret
Any sensitive credentials Maxi stores for you — such as the API keys for AI providers — are encrypted where they’re saved, not kept in plain text. When the agent or the admin screens need to refer to them, they’re shown only as masked fragments, never in full. And personal data in results is automatically masked before it reaches the agent, so day-to-day work doesn’t expose customer details unnecessarily.
Everything is recorded, and the record can’t be edited
Every change an agent makes is written to an audit log — which user, which action, when. Crucially, the log is append-only: the agent can read it but cannot rewrite or erase it. That gives you one trustworthy place to answer “what happened on my site, and who did it?” — independent of what any agent reports. If an action shows up in the audit log, it really happened; if it doesn’t, it didn’t.
Why this adds up to safe
No single feature is the whole story; the safety comes from how they stack. The agent must prove who it is, it can only do what its user is allowed to do, content changes are walled off to administrators, secrets are encrypted, and every action leaves a permanent trace. Layered together, they mean an agent is powerful within the limits you set — and that you can always see, and roll back through normal WordPress means, what it did.
In summary: agents connect over an encrypted link and must authenticate; each acts as a specific WordPress user with only that user’s permissions; changing content requires an administrator and is enforced in code; stored secrets are encrypted and personal data is masked; and every change is recorded in an audit log the agent can’t alter. You set the boundaries, and you keep a complete, tamper-proof record of what happens inside them.