Category: Tech

Things that interest me in the tech world, from WordPress and WooCommerce to the ideas, tools, and trends I like to dig into.

Plug WordPress 7.0 AI Into Your ChatGPT Subscription – Without an API Key
WordPress 7.0 ships first-class AI providers. The reaction online has been almost entirely about the bill: drop in an Anthropic or OpenAI API key, forget you did it, and discover next month that a content workflow has been quietly burning tokens at full retail.
The warning is fair. People will get charged. But the framing, that this is WordPress’s fault, misses where the policy actually lives.
The vendor policy WordPress can’t fix
Anthropic explicitly bans third-party apps from using Claude Pro/Max session auth. Claude Code is the exception because Anthropic owns it. Everyone else is told to use an API key billed against an API account, separate from the consumer subscription. So even if WordPress wanted to ship a “use your Claude subscription” option, Anthropic’s terms wouldn’t permit it.
OpenAI is different in a way that matters. The Codex CLI authenticates with your ChatGPT account over OAuth and routes requests through the same backend that powers chatgpt.com, billed against your ChatGPT Plus/Pro plan rather than an API account. The login flow lives in their public repository. There is no policy banning third-party clients from doing what Codex does. The design is just publicly documented.
That gap is what this plugin steps into.
What I built
AI Provider for ChatGPT is a WordPress plugin that registers ChatGPT as a first-class AI provider, the same surface as the official OpenAI, Anthropic, and Google plugins, but authenticates with your ChatGPT account instead of an API key. Once paired, every WP 7.0 AI feature on the site routes through your subscription. The server handles token refresh on its own. No API account, no per-token bills.
The proof-of-concept I showed on LinkedIn required you to run codex login on your laptop and paste ~/.codex/auth.json into the plugin settings. It worked end-to-end on video, but it was a developer-only UX, so I never published it in that shape. The released version replaces the paste step with a companion CLI:
```
npx @abdalsalaam/chatgpt-wp-connect https://your-site.example <pairing-token>
```
Click Connect with ChatGPT in the WordPress admin, copy the command, run it on any machine that has a browser. The CLI opens an OpenAI sign-in page, runs the OAuth PKCE flow on 127.0.0.1:1455, then posts the resulting bundle to a one-time pairing endpoint on your site. The WordPress tab connects automatically. No copy-pasting of secrets.
How it works
The trick that makes the two-piece design work: OpenAI’s allowlist for the public Codex client only permits http://localhost:1455 (and 1457 as fallback) as redirect URIs. That restriction applies to the *authorize* step only. Token refresh and API calls have no such restriction. So once the bundle is paired, the WordPress server handles refresh and every subsequent API call on its own. The laptop is out of the loop forever.
The pairing protocol
A CLI on your laptop posting tokens to your server is exactly the kind of “convenience” feature that tends to be sloppy in the security model. The pairing endpoint has six properties worth naming explicitly:
1. 256-bit, single-use token. Minted by an admin-only REST route.
2. Hashed at rest. Only the SHA-256 is stored; the raw token never touches the database.
3. 10-minute TTL. Issuing a new token revokes any prior outstanding one.
4. Atomic redemption. Using delete_transient‘s boolean return value, so two concurrent redemptions can’t both win.
5. Per-IP rate limit. 10 attempts per minute by default, filterable.
6. Generic error responses. Parser internals never leak to unauthenticated callers.
The OAuth bundle itself is encrypted at rest with sodium_crypto_secretbox, using a 32-byte key derived from AUTH_KEY and LOGGED_IN_KEY. The plugin refuses to read or write tokens when those salts are missing, shorter than 32 chars, or still set to the wp-config placeholder. A SQL dump alone is not enough to recover the tokens.
What you trade for the convenience
This plugin works today and the engineering is real, but the trade-offs are not subtle and they belong above the fold:
- Reused first-party client_id. The OAuth consent screen will say “Codex CLI” because that’s the OpenAI-owned app whose client_id is used. If OpenAI revokes or rotates that client, the plugin breaks the same day.
- No API DPA. Traffic goes through the consumer ChatGPT backend. Prompts may be used by OpenAI for training unless the connected account has training opt-out enabled. If you’re processing customer data or anything covered by a data-processing agreement, this is the wrong tool. Use the official ai-provider-for-openai plugin with an API key.
- Consumer plans only. Free / Plus / Pro work. Business / Edu / Enterprise do not.
- No image generation. The Codex backend doesn’t expose DALL-E or gpt-image. Text generation, chat history, function calling, tool use, structured output via JSON schema all work.
The honest framing is: this is a proof of concept that happens to be production-quality on the security and refresh-handling side. It’s appropriate for a personal site, an internal tool, or experimentation. It is not appropriate for a store handling customer data, and that’s a vendor-policy problem, not a plugin problem.
What this means for you
If you’ve been holding off on the WP 7.0 AI features because the API-account bill felt like a tax on experimentation, this gives you a way to use what you’re already paying for. If you’d rather not depend on an undocumented OAuth surface, the same WP AI Provider architecture supports cheaper paths. I’ve also published a Kimi connector (source on GitHub) that hits the standard Moonshot API with a straightforward key, at a fraction of OpenAI’s per-token cost.
The broader ask, though, is at the platform layer. The reason the “drop in an API key and forget” pattern keeps producing surprise bills is that consumer subscriptions and developer APIs are two separate billing surfaces with no bridge between them. Codex CLI shows that the bridge is technically trivial. What’s missing is a vendor-blessed “Sign in with my subscription” flow that third-party apps can build on without standing on top of an OAuth client they don’t own.
Try it
Want the cheaper, no-OAuth alternative? Read the companion post: WordPress AI Connector for Kimi (Moonshot).
```
# WordPress plugin
https://github.com/Abdalsalaam/ai-provider-for-chatgpt

# Pairing CLI
npx @abdalsalaam/chatgpt-wp-connect <site-url> <pairing-token>
```
Both are GPL-2.0-or-later. Issues and PRs welcome.
May 26, 2026
WordPress AI Connector for Kimi (Moonshot AI)
WordPress 7.0 added built-in support for AI connectors. The idea is simple. Instead of every plugin author writing their own integration with OpenAI, Anthropic or Google, WordPress now defines one common interface, and the actual AI provider behind it is swappable. You install a connector for the provider you want, and any plugin on your site that uses AI features picks it up automatically.
OpenA, Anthropic and Google make great models, but for the kind of work a WordPress site usually does, like generating drafts, writing summaries, answering simple questions in a chatbot, you are paying a premium for capabilities you mostly do not need. Open and cheaper alternatives have caught up to the point where, for everyday tasks, the difference in quality is small and the difference in price is huge.
So I wrote a connector for one of those cheaper providers. It is called AI Provider for Kimi.
Why Kimi
Kimi is made by a company called Moonshot AI. Their models, especially kimi-k2.6, are strong. The API is OpenAI-compatible, which means the request and response shapes are almost identical, so it fits into the WordPress AI connector contract cleanly. And the pricing is a small fraction of what the big closed-source providers charge.
You bring your own API key from platform.kimi.ai and you pay Moonshot directly for what you use. There is no middleman.
What the plugin does
It is a thin layer, on purpose.
1. It registers Kimi as a connector inside WordPress.
2. It fetches the list of available Kimi models from the API, so new releases show up without a plugin update.
3. It adds a settings screen where you pick a default model.
4. It hands every AI request from other plugins off to Kimi and returns the response.
How to use it
If you are on WordPress 7.0 or later:
1. Install and activate the plugin.
2. Get an API key from platform.kimi.ai.
3. Paste the key into the AI connectors screen in WordPress.
4. Pick a default model from Settings, Kimi AI.
Any other plugin on your site that uses AI will start running on Kimi automatically. You do not have to touch their code.
If you are still on WordPress 6.9, you can install the AI client package separately and the connector will work the same way.
Why I think this matters
Two things are happening at the same time. WordPress is making AI a first-class citizen in core, which means a lot of plugin authors are about to start adding AI features. And the cost gap between the closed-source giants and the rest of the field is at its widest in years.
If the default for the WordPress ecosystem becomes “ship it with OpenAI”, a lot of small site owners are going to end up paying way more than they need to. The fix is to make sure the cheaper providers are just as easy to install. That is the whole point of writing connectors like this one.
It is also the point of the connector system itself. Once your plugins talk to the connector interface instead of a specific vendor, the choice of provider becomes a settings change, not a code change. That is a healthy place for the ecosystem to be in.
If you want to try the plugin, or read the code, or open an issue, the repo is here:
https://github.com/Abdalsalaam/ai-provider-for-kimi
It is GPL-2.0 and free. If you are a WordPress developer planning to add AI features, please consider giving your users a cheaper option out of the box. The connector system makes it easy.
May 5, 2026
Gulf Currencies Symbols for WooCommerce
I just released version 2.0 of the Saudi Riyal for WooCommerce plugin, and it’s no longer just about the Saudi Riyal.
The plugin now supports three Gulf currency symbols: Saudi Riyal (SAR), UAE Dirham (AED), and Omani Rial (OMR). So I renamed it from “Saudi Riyal Symbol for WooCommerce” to “Gulf currencies Symbols for WooCommerce.”
Why I Built This
WooCommerce doesn’t render the official Saudi Riyal symbol correctly. Same issue with the UAE Dirham and Omani Rial symbols. You end up with “SAR” or “AED” text instead of the actual symbol.
This isn’t just about aesthetics. Saudi Arabia mandated the use of the new Riyal symbol for all businesses. The UAE and Oman have similar requirements for their currency symbols. If you’re running a WooCommerce store in these countries, you need to display the official symbol to stay compliant.
The plugin fixes this automatically. No custom code, no messing with WooCommerce templates.
What v2.0 Adds
- UAE Dirham (AED) symbol support.
- Omani Rial (OMR) symbol support.
- Better symbol rendering in the WordPress admin dashboard
Everything else from v1.x still works: frontend display, WooCommerce emails, PDF invoices, RTL support, and block-based Cart/Checkout compatibility.
Compatibility
I made sure this works with the tools people actually use:
- WooCommerce emails
- PDF Invoices & Packing Slips for WooCommerce
- Challan – PDF Invoice & Packing Slip for WooCommerce
- WOOCS – WooCommerce Currency Switcher
- Multi Currency for WooCommerce (VillaTheme)
- WooCommerce Multi-Currency
If you’re using a currency switcher and selling in multiple Gulf currencies, the symbols will display correctly for each one.
Install It
The plugin is free and available on the WordPress plugin directory:
Download Gulf currencies Symbols for WooCommerce
Just install, activate, and the symbols work automatically. No configuration needed.

Thanks!
December 24, 2025