WordPress Integration

• REST API connection — we hit your site's built-in WordPress REST API. No plugin required.
• Application Passwords — token-based auth via WordPress' native Application Passwords feature. Your real account password never leaves your dashboard.
• Sequential publish — we create the post, fetch the AI-generated featured image, upload it to wp-media, then update the post to attach it. Sequential because some WordPress hosts choke on parallel writes; safer over slow shared hosting.

1. Get your WordPress site URL — e.g. https://yourblog.com. The REST API must be enabled (default in WordPress 5.6+).

2. Create an Application Password

• Log in to your WordPress admin dashboard
• Go to Users → Profile
• Scroll down to Application Passwords
• Enter a name (e.g. SEO Ladders)
• Click Add New Application Password and copy the value including the spaces — it's only shown once

3. Connect in SEO Ladders

• Open Settings → CMS Integration in your dashboard
• Choose WordPress as the CMS type
• Enter your site URL, WordPress username (not email), and the application password
• Pick a default post status: Draft, Pending Review, or Publish
• Click Test Connection to verify credentials before saving

• Draft — articles save as drafts for you to review before publishing. Best for keeping editorial control.
• Pending Review — articles require editor approval before going live. Useful for teams with an editorial workflow.
• Publish — articles go live immediately. Pair this with auto-publish for fully automated content pipelines.

• Application passwords are hashed before storage in our database (never plain-text)
• Create a dedicated WordPress user for SEO Ladders with Editor or Author role — not Admin — so the integration only has the permissions it needs
• Revoke the application password immediately if you stop using the integration (Users → Profile → Application Passwords → Revoke)
• Run your WordPress site over HTTPS so credentials and content aren't exposed in transit
• Audit your WordPress application passwords periodically and remove unused ones

• “Invalid credentials” error — make sure you're using the WordPress username, not email. Verify the application password was copied with all its spaces intact, and that the user has publishing permissions (Editor or Author role).
• “REST API not found” error — confirm WordPress 5.6+ and check that no security plugin has disabled the REST API. Visit https://yoursite.com/wp-json/ in a browser; you should see JSON, not a 404.
• Featured images not appearing — confirm your theme supports post thumbnails (most do). If your host blocks external image URLs, you may need to whitelist SEO Ladders. Some security plugins also block uploads from external sources.
• “403 Forbidden” — Cloudflare or a WAF is most likely blocking the REST API requests. Whitelist our outbound IPs in your firewall, or temporarily disable the security plugin to confirm it's the culprit.
• Yoast meta not showing on posts — Yoast SEO must be installed and active, with REST API integration enabled (Yoast→General→Features→REST API).
• Slow publishes / timeouts — slow shared WordPress hosts can take 30+ seconds to upload a featured image. We don't apply a fetch timeout for the sequential publish step, so it'll wait — but if your host kills connections, you may see partial publishes (post created, image not attached). Re-publish from the dashboard to retry.

• CMS Publishing overview — how auto-publish fits into the article generation pipeline.
• CMS Webhook — alternative destination for any CMS we don't support natively (Webflow, Ghost, Framer, custom).