WordPress REST API for Publishers: How to Connect Claude to WordPress Without Plugins

WordPress has a fully functional REST API built in. Most people never use it because they don’t know it’s there. For publishers, content operations teams, and anyone running Claude-powered content workflows, the REST API is the infrastructure that eliminates manual publishing and enables automation at scale. Here’s how it works and how to wire Claude to it.

What the WordPress REST API Can Do

The REST API exposes every major WordPress function over HTTP: create posts, update posts, get posts, manage categories and tags, upload media, manage users. Every action you can take in the WordPress admin can be done via API call. No plugin required — it’s built into WordPress core since version 4.7.

Authentication: Application Passwords

The simplest authentication method for Claude-to-WordPress connections is WordPress Application Passwords — a built-in feature (WordPress 5.6+) that generates a dedicated password for API access without exposing your main login credentials.

To generate one: WP Admin → Users → Your Profile → Application Passwords → enter a name → click Add New. Copy the generated password immediately — it’s only shown once. The format it gives you has spaces; remove them before using in API calls.

Authenticate using HTTP Basic Auth:

Publishing a Post via API

A complete post publish call:

The response returns the new post ID and URL. Log these — you need the post ID for any subsequent updates.

Wiring Claude Into the Pipeline

The standard Claude-to-WordPress pipeline: Claude generates the article content (with SEO optimization, schema markup, and FAQ sections baked in), a Python or Node.js script assembles the API payload, the payload POSTs to the WordPress REST endpoint, and the response confirms publication. For Cowork tasks, this runs on a schedule without human intervention.

The critical rule: Notion first, WordPress second. Every article goes to a Notion page before publishing to WordPress. Notion is the storage and version control layer; WordPress is the distribution layer. If you ever need to republish, update, or audit, you have a source of truth that isn’t locked inside the WordPress database.

Handling WAF Blocks

Many managed WordPress hosts (WP Engine, SiteGround) run Web Application Firewalls that block API calls from cloud IP addresses. Symptoms: 403 Forbidden errors on POST requests, even with correct credentials. Two solutions: route API calls through a Cloud Run proxy service that presents a different IP profile, or whitelist your specific GCP IP range in the hosting provider’s WAF settings. For SiteGround specifically, direct whitelisting is the most reliable path — the proxy approach has mixed results due to SiteGround’s aggressive WAF configuration.

Schema and SEO Metadata

The WordPress REST API supports all Yoast SEO and Rank Math meta fields as post meta. To set SEO title, meta description, and schema markup programmatically, include the relevant meta fields in your POST payload. For Yoast: _yoast_wpseo_title and _yoast_wpseo_metadesc. For Rank Math: rank_math_title and rank_math_description. Inject JSON-LD schema directly into the post content as a <script type="application/ld+json"> block — it renders correctly on the front end and passes Google’s rich results validator.