Skill

WordPress & WooCommerce Setup Configuration

This skill should be used when the user asks to "set up WordPress", "configure WooCommerce API", "connect to my WordPress site", "generate API keys", "create Application Password", mentions "WordPress authentication", "WooCommerce credentials", or needs help with initial WordPress/WooCommerce plugin configuration and credential setup.

From woocommerce-wordpress

Install

Run in your terminal

npx claudepluginhub orbruno/woocommerce-ccplugin

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

142.9k

agent-introspection-debugging

Implements structured self-debugging workflow for AI agent failures: capture errors, diagnose patterns like loops or context overflow, apply contained recoveries, and generate introspection reports.

everything-claude-code

142.9k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

142.9k

Stats

Stars0

Forks0

Last CommitFeb 4, 2026

Actions

View Source View Plugin View on GitHub View README

WordPress & WooCommerce Setup Configuration

Comprehensive guide for setting up WordPress and WooCommerce API access using Application Passwords and Consumer Keys.

When to Use This Skill

Activate this skill when user needs help with:

Initial plugin configuration for a project
Generating WordPress Application Passwords
Creating WooCommerce API keys (Consumer Key/Secret)
Troubleshooting authentication issues
Understanding HTTPS requirements
Reconfiguring credentials for a site

Quick Setup Overview

Run initialization command: /wc-wp:init
Generate WordPress Application Password (in WP admin)
Generate WooCommerce API Keys (if using WooCommerce)
Test connection (automatic validation)
Start using WordPress/WooCommerce tools

WordPress Application Password Setup

What is an Application Password?

Application Passwords are a built-in WordPress feature (since WP 5.6) that allows external applications to authenticate without using your main account password. They are:

More secure than your main password
Can be revoked individually
Don't require additional plugins
Work only over HTTPS

Step-by-Step Generation

Log into WordPress Admin Dashboard
- Navigate to your WordPress site
- Access /wp-admin/
- Log in with your admin credentials
Navigate to Your Profile
- Click on "Users" in the admin sidebar
- Click "Profile" or "Your Profile"
- Alternatively: Users → All Users → (click your username)
Find Application Passwords Section
- Scroll down to the "Application Passwords" section
- If you don't see this section:
  - Your site may not be using HTTPS (Application Passwords require HTTPS)
  - Check WordPress version (must be 5.6+)
  - Some security plugins may disable this feature
Generate New Application Password
- In "New Application Password Name" field, enter: Claude Code
- Click "Add New Application Password" button
- A password will be generated (format: xxxx xxxx xxxx xxxx xxxx xxxx)
Copy the Password
- CRITICAL: Copy the password immediately - it will not be shown again
- The password contains spaces - copy the entire string as-is
- Store it temporarily (you'll enter it during /wc-wp:init)

Common Issues

"Application Passwords section is missing":

Ensure site uses HTTPS (not HTTP) - Application Passwords require SSL
Verify WordPress version 5.6 or higher
Check if security plugin is blocking the feature (Wordfence, iThemes Security, etc.)
Some hosts disable Application Passwords - contact hosting support

"Invalid username or password" error:

Verify username matches WordPress admin username exactly
Ensure you copied the entire Application Password (including spaces)
Try removing spaces from password - plugin handles this automatically
Regenerate Application Password if corrupted

"REST API is disabled" error:

Go to Settings → Permalinks
Change from "Plain" to any other option (e.g., "Post name")
Save changes
REST API requires pretty permalinks

WooCommerce API Keys Setup

What are WooCommerce API Keys?

WooCommerce uses OAuth 1.0a authentication with Consumer Key and Consumer Secret for API access. These credentials:

Are separate from WordPress authentication
Have configurable permissions (Read, Write, Read/Write)
Can be generated per user
Are specific to WooCommerce endpoints

Step-by-Step Generation

Ensure WooCommerce is Installed
- WooCommerce must be active on your WordPress site
- Check: Plugins → Installed Plugins → WooCommerce should be "Active"
Navigate to WooCommerce Settings
- In WordPress admin, click "WooCommerce" in sidebar
- Click "Settings"
- Click "Advanced" tab at the top
- Click "REST API" sub-tab
Add New API Key
- Click "Add key" button
- Fill in the form:
  - Description: Claude Code
  - User: Select your admin user
  - Permissions: Select "Read/Write"
- Click "Generate API Key" button
Copy Credentials
- After generation, you'll see:
  - Consumer Key: Starts with ck_
  - Consumer Secret: Starts with cs_
- CRITICAL: Copy both immediately - Consumer Secret won't be shown again
- Consumer Key remains visible, but regenerating will change both
Store Credentials
- Keep these temporarily for /wc-wp:init command
- Will be stored in .claude/woocommerce-wordpress.local.md (gitignored)

Common Issues

"WooCommerce settings not found":

Verify WooCommerce plugin is installed and activated
Some WooCommerce versions have different menu structures
Try: WooCommerce → Settings → API → Keys/Apps

"Unauthorized" or "Invalid signature" errors:

Verify Consumer Key starts with ck_
Verify Consumer Secret starts with cs_
Ensure HTTPS is enabled (WooCommerce API requires it)
Check keys have "Read/Write" permissions (not just "Read")
Regenerate keys if corrupted

"WooCommerce API is disabled":

Go to WooCommerce → Settings → Advanced → REST API
Ensure REST API is enabled
Check that no security plugin is blocking API access

Running the Initialization Command

Once you have credentials ready:

/wc-wp:init

The command will:

Prompt for WordPress site URL (must be https://)
Ask for WordPress username and Application Password
Ask if WooCommerce is enabled
If yes, ask for Consumer Key and Consumer Secret
Ask for backup preferences (storage location, retention, format)
Create .claude/woocommerce-wordpress.local.md configuration file
Immediately test credentials with API calls
Report connection status

Testing Connection

After init, the plugin automatically tests connectivity:

WordPress Test:

Attempts to fetch current user information
If successful: Shows your WordPress username and user ID
If failed: Shows error with troubleshooting guidance

WooCommerce Test (if enabled):

Attempts to fetch WooCommerce system status
If successful: Shows WooCommerce version
If failed: Shows error with troubleshooting guidance

Troubleshooting Failed Connections

If WordPress connection fails:

Verify HTTPS is enabled on site
Check Application Password was copied correctly
Ensure WordPress username is exact (case-sensitive)
Try regenerating Application Password
Check WordPress REST API is accessible: https://yoursite.com/wp-json/

If WooCommerce connection fails:

Verify WooCommerce plugin is active
Check Consumer Key and Consumer Secret are correct
Ensure API keys have "Read/Write" permissions
Verify keys are for the correct WordPress user
Check WooCommerce REST API: https://yoursite.com/wp-json/wc/v3/

HTTPS Requirement

Both WordPress and WooCommerce APIs require HTTPS for security:

Why HTTPS is Required:

Application Passwords only work over HTTPS (WordPress security requirement)
API credentials are transmitted - must be encrypted
WordPress REST API best practice
WooCommerce requirement for production use

How to Enable HTTPS:

Contact your hosting provider (most offer free SSL certificates)
Use Let's Encrypt (free SSL certificate authority)
Many hosts enable HTTPS by default
Check hosting control panel for SSL/HTTPS settings

Testing HTTPS:

Visit your site - URL should show https:// with padlock icon
Check: https://yoursite.com/wp-admin/ should load without warnings
Mixed content warnings indicate some resources still use HTTP

Configuration File Structure

After running /wc-wp:init, your configuration is stored in:

.claude/woocommerce-wordpress.local.md

File format:

---
site_url: https://yoursite.com
wordpress:
  username: admin
  app_password: xxxx xxxx xxxx xxxx xxxx xxxx
woocommerce:
  enabled: true
  consumer_key: ck_xxxxxxxxxxxxxxxxxxxxx
  consumer_secret: cs_xxxxxxxxxxxxxxxxxxxxx
backup:
  auto_backup: true
  storage: ./backups
  format: both
  retention_days: 30
---

# WordPress & WooCommerce Configuration

Configuration created: 2025-12-25

Security Notes

This file is automatically added to .gitignore - never committed to git
Permissions: Only readable by you (your user account)
Credentials stored in plain text (standard for .local.md files)
Alternative: Use environment variables (see references/environment-variables.md)

Updating Configuration

To update credentials or settings:

Edit .claude/woocommerce-wordpress.local.md directly, OR
Run /wc-wp:init again (will ask about overwriting)
Changes take effect immediately (no restart needed)

Using Environment Variables (Optional)

For added security, use environment variables instead of plain text:

wordpress:
  username: admin
  app_password: ${WP_APP_PASSWORD}
woocommerce:
  consumer_key: ${WC_CONSUMER_KEY}
  consumer_secret: ${WC_CONSUMER_SECRET}

Then set environment variables in your shell:

export WP_APP_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx"
export WC_CONSUMER_KEY="ck_xxxxxxxxxxxxx"
export WC_CONSUMER_SECRET="cs_xxxxxxxxxxxxx"

See references/environment-variables.md for detailed setup.

WordPress-Only Sites (No WooCommerce)

If your site doesn't use WooCommerce:

During /wc-wp:init, answer "No" to "Is WooCommerce enabled?"
Configuration will only include WordPress credentials
WooCommerce tools won't be available (expected)
All WordPress tools work normally

Multi-Site Configuration

For managing multiple WordPress/WooCommerce sites:

Each project has its own .claude/woocommerce-wordpress.local.md
Configuration is per-project, not global
Switch between projects by changing directories
Each site can have different credentials and settings

Next Steps After Setup

Once configured:

Generate project README: Run /wc-wp:readme for project-specific documentation
Test basic operations: Try "Show me all posts" or "List products"
Create initial backup: Run /wc-wp:backup to create baseline backup
Explore tools: Ask "What WordPress operations can you do?"

Utility Scripts

This skill includes helpful utility scripts in scripts/:

test-connection.sh - Test WordPress/WooCommerce API connectivity
generate-app-password.md - Screenshot guide for Application Password generation
generate-wc-keys.md - Screenshot guide for WooCommerce API keys

Run scripts directly or reference them for detailed step-by-step guidance.

Additional Resources

references/wordpress-rest-api.md - WordPress REST API documentation and endpoints
references/woocommerce-api.md - WooCommerce API documentation and endpoints
references/environment-variables.md - Using environment variables for credentials
references/troubleshooting.md - Common issues and solutions
examples/config-examples.md - Sample configuration files for different scenarios

Remember: HTTPS is mandatory. Both WordPress and WooCommerce require secure connections for API access.