WordPress & WooCommerce Setup Configuration

WordPress & WooCommerce Setup Configuration

Comprehensive guide for setting up WordPress and WooCommerce API access using Application Passwords and Consumer Keys.

When to Use This Skill

Activate this skill when user needs help with:

• Initial plugin configuration for a project
• Generating WordPress Application Passwords
• Creating WooCommerce API keys (Consumer Key/Secret)
• Troubleshooting authentication issues
• Understanding HTTPS requirements
• Reconfiguring credentials for a site

Quick Setup Overview

1. Run initialization command: /wc-wp:init
2. Generate WordPress Application Password (in WP admin)
3. Generate WooCommerce API Keys (if using WooCommerce)
4. Test connection (automatic validation)
5. Start using WordPress/WooCommerce tools

WordPress Application Password Setup

What is an Application Password?

Application Passwords are a built-in WordPress feature (since WP 5.6) that allows external applications to authenticate without using your main account password. They are:

• More secure than your main password
• Can be revoked individually
• Don't require additional plugins
• Work only over HTTPS

Step-by-Step Generation

1. Log into WordPress Admin Dashboard

   • Navigate to your WordPress site
   • Access /wp-admin/
   • Log in with your admin credentials

2. Navigate to Your Profile

   • Click on "Users" in the admin sidebar
   • Click "Profile" or "Your Profile"
   • Alternatively: Users → All Users → (click your username)

3. Find Application Passwords Section

   • Scroll down to the "Application Passwords" section
   • If you don't see this section:
     • Your site may not be using HTTPS (Application Passwords require HTTPS)
     • Check WordPress version (must be 5.6+)
     • Some security plugins may disable this feature

4. Generate New Application Password

   • In "New Application Password Name" field, enter: Claude Code
   • Click "Add New Application Password" button
   • A password will be generated (format: xxxx xxxx xxxx xxxx xxxx xxxx)

5. Copy the Password

   • CRITICAL: Copy the password immediately - it will not be shown again
   • The password contains spaces - copy the entire string as-is
   • Store it temporarily (you'll enter it during /wc-wp:init)

Common Issues

"Application Passwords section is missing":

• Ensure site uses HTTPS (not HTTP) - Application Passwords require SSL
• Verify WordPress version 5.6 or higher
• Check if security plugin is blocking the feature (Wordfence, iThemes Security, etc.)
• Some hosts disable Application Passwords - contact hosting support

"Invalid username or password" error:

• Verify username matches WordPress admin username exactly
• Ensure you copied the entire Application Password (including spaces)
• Try removing spaces from password - plugin handles this automatically
• Regenerate Application Password if corrupted

"REST API is disabled" error:

• Go to Settings → Permalinks
• Change from "Plain" to any other option (e.g., "Post name")
• Save changes
• REST API requires pretty permalinks

WooCommerce API Keys Setup

What are WooCommerce API Keys?

WooCommerce uses OAuth 1.0a authentication with Consumer Key and Consumer Secret for API access. These credentials:

• Are separate from WordPress authentication
• Have configurable permissions (Read, Write, Read/Write)
• Can be generated per user
• Are specific to WooCommerce endpoints

Step-by-Step Generation

1. Ensure WooCommerce is Installed

   • WooCommerce must be active on your WordPress site
   • Check: Plugins → Installed Plugins → WooCommerce should be "Active"

2. Navigate to WooCommerce Settings

   • In WordPress admin, click "WooCommerce" in sidebar
   • Click "Settings"
   • Click "Advanced" tab at the top
   • Click "REST API" sub-tab

3. Add New API Key

   • Click "Add key" button
   • Fill in the form:
     • Description: Claude Code
     • User: Select your admin user
     • Permissions: Select "Read/Write"
   • Click "Generate API Key" button

4. Copy Credentials

   • After generation, you'll see:
     • Consumer Key: Starts with ck_
     • Consumer Secret: Starts with cs_
   • CRITICAL: Copy both immediately - Consumer Secret won't be shown again
   • Consumer Key remains visible, but regenerating will change both

5. Store Credentials

   • Keep these temporarily for /wc-wp:init command
   • Will be stored in .claude/woocommerce-wordpress.local.md (gitignored)

Common Issues

"WooCommerce settings not found":

• Verify WooCommerce plugin is installed and activated
• Some WooCommerce versions have different menu structures
• Try: WooCommerce → Settings → API → Keys/Apps

"Unauthorized" or "Invalid signature" errors:

• Verify Consumer Key starts with ck_
• Verify Consumer Secret starts with cs_
• Ensure HTTPS is enabled (WooCommerce API requires it)
• Check keys have "Read/Write" permissions (not just "Read")
• Regenerate keys if corrupted

"WooCommerce API is disabled":

• Go to WooCommerce → Settings → Advanced → REST API
• Ensure REST API is enabled
• Check that no security plugin is blocking API access

Running the Initialization Command

Once you have credentials ready:

/wc-wp:init

The command will:

1. Prompt for WordPress site URL (must be https://)
2. Ask for WordPress username and Application Password
3. Ask if WooCommerce is enabled
4. If yes, ask for Consumer Key and Consumer Secret
5. Ask for backup preferences (storage location, retention, format)
6. Create .claude/woocommerce-wordpress.local.md configuration file
7. Immediately test credentials with API calls
8. Report connection status

Testing Connection

After init, the plugin automatically tests connectivity:

WordPress Test:

• Attempts to fetch current user information
• If successful: Shows your WordPress username and user ID
• If failed: Shows error with troubleshooting guidance

WooCommerce Test (if enabled):

• Attempts to fetch WooCommerce system status
• If successful: Shows WooCommerce version
• If failed: Shows error with troubleshooting guidance

Troubleshooting Failed Connections

If WordPress connection fails:

1. Verify HTTPS is enabled on site
2. Check Application Password was copied correctly
3. Ensure WordPress username is exact (case-sensitive)
4. Try regenerating Application Password
5. Check WordPress REST API is accessible: https://yoursite.com/wp-json/

If WooCommerce connection fails:

1. Verify WooCommerce plugin is active
2. Check Consumer Key and Consumer Secret are correct
3. Ensure API keys have "Read/Write" permissions
4. Verify keys are for the correct WordPress user
5. Check WooCommerce REST API: https://yoursite.com/wp-json/wc/v3/

HTTPS Requirement

Both WordPress and WooCommerce APIs require HTTPS for security:

Why HTTPS is Required:

• Application Passwords only work over HTTPS (WordPress security requirement)
• API credentials are transmitted - must be encrypted
• WordPress REST API best practice
• WooCommerce requirement for production use

How to Enable HTTPS:

• Contact your hosting provider (most offer free SSL certificates)
• Use Let's Encrypt (free SSL certificate authority)
• Many hosts enable HTTPS by default
• Check hosting control panel for SSL/HTTPS settings

Testing HTTPS:

• Visit your site - URL should show https:// with padlock icon
• Check: https://yoursite.com/wp-admin/ should load without warnings
• Mixed content warnings indicate some resources still use HTTP

Configuration File Structure

After running /wc-wp:init, your configuration is stored in:

.claude/woocommerce-wordpress.local.md

File format:

---
site_url: https://yoursite.com
wordpress:
  username: admin
  app_password: xxxx xxxx xxxx xxxx xxxx xxxx
woocommerce:
  enabled: true
  consumer_key: ck_xxxxxxxxxxxxxxxxxxxxx
  consumer_secret: cs_xxxxxxxxxxxxxxxxxxxxx
backup:
  auto_backup: true
  storage: ./backups
  format: both
  retention_days: 30
---

# WordPress & WooCommerce Configuration

Configuration created: 2025-12-25

Security Notes

• This file is automatically added to .gitignore - never committed to git
• Permissions: Only readable by you (your user account)
• Credentials stored in plain text (standard for .local.md files)
• Alternative: Use environment variables (see references/environment-variables.md)

Updating Configuration

To update credentials or settings:

1. Edit .claude/woocommerce-wordpress.local.md directly, OR
2. Run /wc-wp:init again (will ask about overwriting)
3. Changes take effect immediately (no restart needed)

Using Environment Variables (Optional)

For added security, use environment variables instead of plain text:

wordpress:
  username: admin
  app_password: ${WP_APP_PASSWORD}
woocommerce:
  consumer_key: ${WC_CONSUMER_KEY}
  consumer_secret: ${WC_CONSUMER_SECRET}

Then set environment variables in your shell:

export WP_APP_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx"
export WC_CONSUMER_KEY="ck_xxxxxxxxxxxxx"
export WC_CONSUMER_SECRET="cs_xxxxxxxxxxxxx"

See references/environment-variables.md for detailed setup.

WordPress-Only Sites (No WooCommerce)

If your site doesn't use WooCommerce:

1. During /wc-wp:init, answer "No" to "Is WooCommerce enabled?"
2. Configuration will only include WordPress credentials
3. WooCommerce tools won't be available (expected)
4. All WordPress tools work normally

Multi-Site Configuration

For managing multiple WordPress/WooCommerce sites:

• Each project has its own .claude/woocommerce-wordpress.local.md
• Configuration is per-project, not global
• Switch between projects by changing directories
• Each site can have different credentials and settings

Next Steps After Setup

Once configured:

1. Generate project README: Run /wc-wp:readme for project-specific documentation
2. Test basic operations: Try "Show me all posts" or "List products"
3. Create initial backup: Run /wc-wp:backup to create baseline backup
4. Explore tools: Ask "What WordPress operations can you do?"

Utility Scripts

This skill includes helpful utility scripts in scripts/:

• test-connection.sh - Test WordPress/WooCommerce API connectivity
• generate-app-password.md - Screenshot guide for Application Password generation
• generate-wc-keys.md - Screenshot guide for WooCommerce API keys

Run scripts directly or reference them for detailed step-by-step guidance.

Additional Resources

• references/wordpress-rest-api.md - WordPress REST API documentation and endpoints
• references/woocommerce-api.md - WooCommerce API documentation and endpoints
• references/environment-variables.md - Using environment variables for credentials
• references/troubleshooting.md - Common issues and solutions
• examples/config-examples.md - Sample configuration files for different scenarios

---

Remember: HTTPS is mandatory. Both WordPress and WooCommerce require secure connections for API access.