Manage Agent Users & Application Passwords
Give each agent its own WordPress user, scoped to exactly what it should be allowed to do. This guide covers creating that user, choosing its role, and issuing the credential it connects with.
When you connect an agent to your site, it acts as a WordPress user — and it can do exactly what that user is allowed to do, nothing more (see Security Model). That makes the WordPress user the single most important control you have over an agent. This guide covers setting one up well.
Two ways to connect, one thing in common. However your agent connects — the recommended browser sign-in (OAuth), covered in Connect your AI, or an Application Password — it always acts as a WordPress user. This page is about that user: the role you give it and what that allows. Application Passwords are covered here too, since they’re issued per user; if you’re using the browser sign-in, you can skip that section.
Why give each agent its own user
You can connect an agent as yourself, but the better practice is a dedicated user per agent. Three reasons:
- Clean audit trail. Every action is logged against the user that performed it. A dedicated user means you can see at a glance what the agent did versus what you did.
- Scoped permissions. You can give the agent a limited role without limiting your own account.
- Easy revocation. If you ever want to cut an agent off, you disable one user — your own login is untouched.
Creating the user
In WordPress admin, go to Users → Add New User and create a user as you normally would. Give it a name that makes the agent recognizable later — agent-claude, agent-chatgpt, or similar — so it stands out in your user list and in the audit log. Set a strong password (you won’t use it to connect; that’s the next step), and choose a role.
Two separate questions: who can connect, and what they can do
It’s worth separating two things that are easy to conflate, because Maxi treats them as independent gates:
- Who is allowed to connect an agent — controlled by a single setting (below).
- What an agent can do once connected — controlled by the WordPress capabilities of the user it connects as.
Lowering the bar on the first does not change the second. A lower-privileged agent can be allowed to connect, but it still can’t do anything its WordPress role doesn’t permit.
Who can connect: the Required WordPress capability setting
Under Settings → AI Connections → Settings, the Required WordPress capability setting controls the minimum role a user must have to authorize an agent at the connection (consent) screen. The options are:
| Setting | Minimum role allowed to connect |
|---|---|
| Administrator (default) | Administrator |
| Editor | Editor and above |
| Author | Author and above |
| Contributor | Contributor and above |
By default this is Administrator — only an administrator can authorize an agent. You can lower it if you want a less-privileged user to connect an agent (for example, a Contributor-level account for a reporting agent). The setting can also be locked at the server level by your host or developer, in which case it appears greyed out.
This gate applies to the recommended browser-based sign-in. If a user doesn’t meet the required capability, they’re stopped at the consent screen with an “insufficient permissions” message — before any agent is connected.
What the agent can do: its WordPress capabilities
Once connected, the agent acts as its WordPress user and can do exactly what that user’s role allows — no more. Maxi enforces hard floors on top of WordPress’s own permissions:
| The agent’s user is… | What the agent can do |
|---|---|
| Administrator | Everything: read, change content, manage settings, run analytics, read the audit log, AI generation, WooCommerce. This is the role for an agent that does real work on your site. |
| A lower role (Editor, Author, Contributor) | Read your content and create notes (suggestions, knowledge proposals, work items). It cannot change content or settings, run analytics, or read the audit log — those require Administrator. Suitable for a read-and-suggest or reporting agent. |
So the practical shape is: an agent that needs to change things must connect as an Administrator. A lower role is genuinely useful for a look-and-suggest agent, but it’s read-plus-notes only — and that limit is enforced in Maxi’s code, not just by the label.
The two gates together: the connection setting decides who can plug an agent in; the user’s role decides what that agent can then do. You could, for instance, lower the connection requirement to Contributor so a Contributor account can connect a reporting agent — and rest assured it still can’t alter content or settings, because those actions require Administrator capabilities the Contributor doesn’t have.
Issuing the credential: Application Password
If you’re connecting via Application Password rather than the browser sign-in, you generate that credential here — a long, single-purpose credential issued for a specific agent user. (Using the recommended browser sign-in instead? You can skip this section; there’s no password to copy.)
- Go to Users → All Users and open the agent’s user.
- Scroll to the Application Passwords section.
- Enter a name you’ll recognize (e.g.
claude-desktop,chatgpt) and create it. - WordPress shows the generated password once. Copy it immediately and put it into your agent’s connection settings — it isn’t shown again.
The full setup steps for each AI client are in Connect your AI; this guide is about the user and credential behind them.
Application Passwords are separate from the user’s real login password. Revoking one doesn’t change the other, and you can issue more than one (e.g. one per device or client) so they can be revoked individually.
Revoking access
To cut off an agent, you have two levels:
- Revoke the Application Password. On the agent user’s profile, delete the relevant Application Password. That specific connection stops working immediately; the user and any other credentials remain.
- Disable the user. To remove an agent entirely, change its role to one with no access, or remove the user. The audit trail of what it did is preserved regardless.
If you connected via the browser sign-in (OAuth): there’s no Application Password involved — you approve the agent through your WordPress login and revoke it under Settings → AI Connections. Application Passwords are for clients that don’t support the browser sign-in, or for scripted or automated setups.
In summary: give each agent its own WordPress user so its actions are scoped and traceable. Two independent gates apply — a Required WordPress capability setting (default Administrator) decides who may connect an agent, and the user’s own role decides what the agent can then do. An agent that changes your site must be an Administrator; a lower role is read-plus-notes only. Then connect it — via the recommended browser sign-in, or an Application Password you generate on that user — and revoke access whenever you want by removing the connection or the user.