WordPress 7.0 AI: The Token Cost Reality for Site Owners
July 10, 2026 0 comments
WordPress 7.0 “Armstrong” (released May 20, 2026) adds native AI infrastructure to core: the WP AI Client, a Connectors screen, and the Abilities API. But core ships the wiring, not the intelligence. WordPress itself burns no tokens. Cost only begins when you connect a provider and a plugin actually calls it, and you pay that provider directly, not WordPress.
What WordPress 7.0 actually added
The headline feature in Armstrong isn’t a chatbot. It’s plumbing. WordPress 7.0 ships three things: the WP AI Client, a provider-agnostic PHP API that plugins call instead of wiring up OpenAI or Anthropic themselves; the Connectors screen at Settings > Connectors, where API keys live; and the Abilities API, which lets plugins and core expose actions like “create a post” or “add an excerpt” in a machine-readable form. That last piece is what makes 7.0 natively agentic. An AI agent can now discover and trigger site actions through a defined interface, which is the same shift that’s reshaping optimizing for AI-powered search. Three provider connectors come pre-registered: OpenAI, Anthropic, and Google. Each still needs its plugin activated and your own API key, on PHP 7.4 or higher.
Where the token cost actually starts
Here’s the part most of the coverage gets wrong. Installing WordPress 7.0 costs you nothing in tokens. The AI Client sits dormant until two things happen: you add a provider key in Connectors, and a plugin makes a call through the client. No key, no calls, no bill. When calls do happen, the provider bills you on its own per-token rates against the key you supplied. WordPress is only the router. It never sees a cent of that traffic, and it has no native spending cap of its own. The credential is entered once, encrypted, and shared across every compatible plugin on the site, which is cleaner than the old habit of each plugin storing its own key.
WordPress 7.0 ships the plumbing, not the water bill. Nothing costs you a token until a plugin actually calls a connected provider.
Four ways the AI gets paid for
Before you connect anything, decide which of these you’re actually signing up for. They have very different cost profiles.
| Setup | Who you pay | Cost model |
|---|---|---|
| Core only, no provider connected | No one | Free. The AI layer stays dormant. |
| Cloud provider key (OpenAI / Anthropic / Google) | The provider, directly | Metered per token. No cap inside WordPress. |
| Local model via the Ollama provider plugin | No one external | Server compute only. No outbound calls, no per-token fee. |
| Host-bundled tokens (some managed hosts) | Your host | Often a small free monthly allowance, billed with hosting. |
For privacy-sensitive clients or high-volume workloads, the community Ollama provider runs open models like Llama or Mistral on your own server. No data leaves the box and there’s no metered token cost, which is the same instinct behind keeping AI on a tight leash in any production workflow. If you’ve ever weighed a hosted builder against self-managed WordPress, the trade is familiar; we’ve argued before that WordPress still wins for SEO, and owning your AI plumbing is part of why.
The real exposure isn’t the bill. It’s who can run it up.
Because keys live in one screen and every compatible plugin shares them, the risk concentrates instead of spreading out. Anyone who can reach Settings > Connectors can attach a provider and open the meter. The Abilities API widens the surface further: it defines what an AI agent is permitted to do on your site, and the official guidance is blunt that it needs administrator-level capability checks so untrusted users can’t fire arbitrary prompts at your paid providers. On a multi-author site, or any client install you manage, that’s the first thing to lock down. The MCP Adapter, which ships as a separate plugin, goes further again, letting external assistants like Claude or ChatGPT discover and trigger your site’s abilities over MCP. Genuinely useful, but only with permissions set deliberately. Left loose, this becomes exactly the kind of technical debt that piles up quietly until a bill or a breach surfaces it.
What to do now
Whether you run one site or forty client installs, the moves are the same.
- Update on staging first. Armstrong rebuilt the admin in React and the release slipped a full month for stability reasons, so test plugin and theme compatibility before production.
- Restrict the Connectors screen to a single admin role so no one quietly attaches a key.
- Set hard spend caps and rate limits at the provider dashboard, because WordPress has none. Use one project-scoped key per site so you can attribute and kill spend independently.
- Decide billing per client up front: you hold the key and bill managed usage, or the client brings their own and owns the invoice. Don’t leave it ambiguous.
- Audit the Abilities API permissions and any MCP Adapter exposure before switching on agentic features.
- For privacy-sensitive or high-token work, evaluate the Ollama local-model provider instead of a metered cloud key.
- Disable the AI layer entirely on brochure sites that won’t use it. Less attack surface, zero accidental spend.
My read
7.0 is the right architecture and the wrong moment to switch your brain off. The provider-agnostic design genuinely protects you from lock-in, and centralizing keys beats the old one-plugin-per-provider mess. But “native AI” has been sold as a feature when it’s really a billing relationship you now own. Treat the AI Client like any outbound paid API: gate who configures it, cap it at the source, and turn it on only where it earns its keep. With 7.1 due in August and 7.2 in December, the agentic surface only gets wider, so get your governance right before then. It pairs directly with how search is shifting in 2026.
Managing AI Across a Fleet of WordPress Sites?
We configure Connectors, lock down provider keys, and govern agentic permissions across client installs, so the meter never surprises you.
Related Posts
-
May 22, 2024
Brotli Compression for websites: The Secret Weapon for a Lightning-Fast Website
In web performance, every millisecond counts. A slow website can lead to frustrated users, increased bounce rates, and lost revenue. One often overlooked technique for dramatically improving your site's speed is Brotli compression. What is Brotli Compression? Brotli, developed by Google, is a cutting-edge compression algorithm that squeezes your website's files (HTML, CSS, JavaScript) into much
Web Development, Web tools, WordPress Development0 comments -
December 17, 2024
WordPress database optimization – Why WordPress Developers Should Care About it?
Why Developers Should Care About WordPress Database Optimization? WordPress developers just install WordPress, build a site on top of it, install plugins and deliver the site to clients. They do not go beyond it. WordPress, with its user-friendly interface and vast plugin ecosystem, has democratized web development. It allows individuals


