Most WordPress security issues don’t come from WordPress itself — but from how a site is set up and maintained.

In this guide, we’ll explain how secure WordPress is, where real risks come from, and what steps you can take to reduce your chances of being hacked.

Is WordPress a safe option for websites? 

Yes — WordPress is secure by design. Vulnerabilities in WordPress core are relatively rare and are usually patched quickly when discovered. Security issues occur within the WordPress ecosystem, not the core platform itself. 

Most successful attacks exploit:

• Outdated or abandoned plugins and themes.
• Weak or reused passwords.
• Missing software updates.
• Poorly configured or low-quality hosting environments.

Why do people think WordPress isn’t secure?

People think WordPress isn’t secure because it’s widely used, frequently targeted, and transparent about vulnerabilities — not because the core software is weak.

Here’s what contributes to this WordPress myth: 

• WordPress powers over 43% of all websites, so it simply shows up more often in security reports and browser warnings than other platforms.

• Issues caused by plugins, themes, or hosting are usually treated as WordPress problems, even though they’re not part of WordPress core. For example, Patchstack, WordPress’s vulnerability database, reported that of 5,948 vulnerabilities, almost 97% were found in WordPress plugins, while the core WordPress software had just 13 vulnerabilities in 2024.
• Security companies like Wordfence run bug bounty programs and publish vulnerabilities publicly. That improves WordPress security, but it also makes those issues easier to notice.

How secure and reliable is WordPress core?

WordPress core software is secure and actively maintained. Security issues in the core platform are relatively rare and typically patched quickly.

WordPress core security is supported by:

• A dedicated security team that reviews vulnerability reports and coordinates responsible disclosures.
• Open-source code transparency that allows thousands of contributors to identify and fix issues.
• Regular security updates, including automatic minor security releases.
• Built-in password strength tools that encourage strong credentials.

Most large-scale WordPress security issues do not originate in core software, but in plugins, themes, or poor site management.

How does WordPress.com further strengthen security?

WordPress core provides a secure foundation. But in practice, many security risks come from how a site is hosted and managed.

WordPress.com reduces those risks by handling key security layers for you.

It includes:

• Built-in two-factor authentication to protect accounts from unauthorized logins.
• Automatic WordPress core updates.
• Free SSL encryption on all sites.
• Daily security scans for plugins, themes, and malware.
• Web Application Firewall (WAF), DDoS mitigation, and brute-force protection.
• Regular platform backups, with real-time backups on Business and higher.
• Activity logging to monitor site changes.
• A dedicated security team supported by a public bug bounty program.

How to keep your WordPress website secure

To keep your WordPress site secure, you need to reduce avoidable risk — the kind that comes from outdated software, weak access controls, and hosting environments without built-in security protections.

Let’s explore the key steps you can follow.

1. Use strong, unique passwords for each account

Create a unique, complex password for each user account. Avoid easily-guessed formats like “password123” which are susceptible to brute force hacking attacks.

Use WordPress.com’s built-in password generator to create strong credentials, and change your password immediately if you receive a suspicious activity alert.

2. Enable two-factor authentication (2FA)

Turn on two-factor authentication to add a second verification step to your login.

With 2FA enabled, logging in requires your password plus a one-time code from an authenticator app or SMS. 

Even if someone obtains your password, they won’t be able to access your account without that code.

WordPress.com includes built-in two-step authentication. On self-hosted WordPress sites, you can enable 2FA through a security plugin.

3. Review and limit user access

Control who has access to your site and review user roles regularly.

Give each user their own account with the appropriate role. Avoid shared logins, and limit Administrator access to trusted users only.

At least once a month, go to Users → All Users and check:

• Are there accounts you don’t recognize?
• Does anyone have Administrator access who doesn’t need it?
• Are there old contributors or contractors who should be removed?
• Are external collaborators marked correctly?

Remove unused accounts or downgrade permissions if full access isn’t required.

4. Monitor your site’s activity log

Then, check your site’s activity logs regularly to see who logged in, what changed, and when. 

If you notice unfamiliar logins, new admin users, or unexpected plugin or settings changes, reset passwords immediately and investigate.

• WordPress.com’s Free, Personal, and Premium plans include 20-event logs, while the Business plan and above feature full logging with Jetpack’s Activity Log. 
• Self-hosted sites can install an activity log plugin for WordPress. 

5. Keep WordPress, themes, and plugins updated

Update your WordPress core, themes, and plugins as soon as new versions are released.

It’s essential since outdated software is one of the most common causes of WordPress security issues. 

Only install plugins and themes from reputable sources like the WordPress.com plugin directory, prioritize those that are actively maintained, and delete anything you’re not using — inactive plugins and themes can still create risk.

If you’re using WordPress.com, core updates are handled automatically, and the Business plan and higher include managed plugin updates. 

Many core features also come built into WordPress.com, so you don’t need to install as many plugins, which lowers your overall security risk.

On self-hosted WordPress sites, you’re responsible for monitoring and applying updates yourself.

6. Enable SSL certificates

Make sure your site uses HTTPS to encrypt data between your website and your visitors.

An SSL certificate protects sensitive information like login credentials and form submissions. Without it, browsers may label your site as “Not secure,” which can damage trust and expose user data.

You can verify SSL is active by checking for https:// and a padlock icon in your browser’s address bar:

All sites hosted on WordPress.com include a free SSL certificate enabled by default. On self-hosted WordPress sites, SSL must be configured through your hosting provider. 

7. Set up reliable backups 

Make sure your site is backed up regularly so you can restore it if something breaks or your site is compromised.

Backups allow you to roll back to a clean version after a failed update, malware infection, or accidental change. 

Look for solutions that offer automated backups and simple restore options — e.g., the JetPack plugin.

On WordPress.com, sites are backed up at the platform level, and Business and Commerce plans include real-time backups with one-click restores via Jetpack VaultPress Backup. 

For self-hosted WordPress sites, you’ll need to install a backup plugin to achieve the same level of protection.

8. Choose secure web hosting

Opt for a trusted WordPress hosting provider with robust security features to ensure a safe environment for your website. 

When choosing a web hosting provider, look for:

• Firewalls to block suspicious traffic.
• Suspicious activity monitoring to protect against unwanted login attempts, brute force attacks, and distributed denial of service (DDoS) attacks.
• Daily scans of sites for dangerous plugins, themes, malware, and other vulnerabilities.
• Managed updates that automatically apply the latest patches for WordPress core, plugins, and themes. 
• An expert security team that monitors threats and resolves issues as soon as they arise. 

On WordPress.com, these layers are built into the platform, with additional security features powered by Jetpack — including activity logging, malware scanning, and real-time backups on eligible plans.

7. Stay informed 

New threats emerge all the time, so we recommend keeping up to date on WordPress and website security issues.

You don’t need to become a web security expert. But you can follow the latest WordPress security news and check for issues that may concern your site’s security. 

We recommend these sources for reliable WordPress security news:

• Patchstack Security News
• Sucuri Monthly Vulnerability & Patch Roundup
• Wordfence Blog

Ensure your website security with WordPress.com

Out of the box, and at its core, WordPress is highly secure. Vulnerabilities typically come from outdated plugins and themes, insecure hosting, or poor security practices.

According to Patchstack, “vulnerability management and mitigation (coupled with 2FA & session management) remain the most important proactive security measures.”

The simplest way to stay on top of these security habits is to use a hosting provider that handles them for you.

WordPress.com includes built-in protections like automatic core updates, free SSL, firewalls, malware scanning, activity monitoring, and backups — reducing the number of security tools you need to manage yourself.

But after hours, he’s been working on something else.

His son Jäger races motorcycles. He is the 2025 FIM MiniGP Canada Champion — six wins, nine podiums in a single season — and has represented Team Canada at the FIM MiniGP World Final twice.

None of it lived anywhere the public could find. Sponsors had nowhere to land. Fans who couldn’t make it to events had nothing to follow.

“I’ve always had this vision in my head of creating a website for Jäger to showcase what he’s doing.”

Why WordPress.com

Jason isn’t a web professional. But his employer had recently relaunched their business website on WordPress — and working through that process gave him a feel for the platform.

“I really found that WordPress’s format was really user-friendly. It was intimidating at first, but not stopping me from doing it.”

He signed up, picked a template, and started building on his own. 

The setup was fast — no complicated hosting decisions to figure out, no technical configuration, just straight into building. 

Then the WordPress.com team reached out about our Website Design Service. Jason said yes.

How it all came together

Jason shared his vision, and the WordPress.com design experts took it from there — helping him build the site and get it live.

Jason also got support from WordPress.com’s Happiness Onboarding team, who helped him think through the launch strategy.

“Nick Severson has been really helpful in walking me through the strategy for launching my website. I can’t say enough about that experience.”

For someone who doesn’t build websites for a living, that mattered.

Next steps

Today, jagerstockillracing.com covers Jäger’s full championship history, a sponsor section, a merch store, race news, and a newsletter. 

The big launch is still coming — podcast, social push, the works. The website is where it all points to.

Your story deserves a home, too

Jason and Jäger’s story started on the track. Now there’s a website that shows the world what they’ve built.

WordPress.com’s Website Design Service pairs you with an expert who guides you through the whole build. You get a professional, fully managed website — no coding, no setup headaches, no doing it alone. 

Just a site that’s live in days, with fast and secure hosting included.

Ready to launch yours?

The challenge? Figuring out which SEO plugins actually move the needle versus which ones just clutter your dashboard. 

We looked at WordPress.com usage data and user ratings, then I tested the top contenders myself. Here are the 12 SEO plugins worth installing, what each one does best, and which ones to skip:

1. Yoast SEO Premium — Best for step-by-step SEO guidance as you write
2. All in One SEO (AIOSEO) — Best for broad coverage with AI-era features
3. The SEO Framework — Best for fast sites that need simple SEO
4. Rank Math — Best all-in-one for new sites
5. Google Site Kit — Best for tracking how your site performs in Google
6. Jetpack Boost — Best for one-click performance improvements
7. SureRank — Best for a simple setup with guided assistance
8. Xagio SEO — Best for AI-driven management and multi-site keyword research
9. Schema & Structured Data for WP & AMP — Best for detailed schema and rich snippets
10. Smush — Best for image compression and lazy loading
11. Better Robots.txt — Best for controlling crawler access
12. Redirection — Best for managing redirects and 404 errors

1. Yoast SEO Premium: Best for step-by-step SEO guidance as you write

• Who should use it: Bloggers and small site owners who want SEO guidance right inside the editor.
• Rating: 4.5/5
• Pricing: Starts at $118/year.

Yoast SEO Premium is a reliable, safety-first plugin that prevents small SEO mistakes from compounding as your site grows. It provides real-time optimization feedback directly in your editor.

You can use this SEO plugin to optimize site pages for target keywords, generate SEO titles and meta descriptions, fix internal linking issues, manage redirects, and meet readability and technical SEO standards.

I found it most useful when maintaining or updating existing content on a website with limited content. 

For example, when I tested it on an older site, it flagged broken links and surfaced inconsistent meta descriptions I had missed during regular publishing. 

Our favorite features

• Multiple-keyphrase optimization: This plugin lets you optimize a page for multiple related keyphrases for better topical coverage.
• Internal links suggestions: It suggests internal links while editing based on existing content.
• AI content assistance: It generates SEO titles and meta descriptions in the editor, with an AI Optimize (beta) feature that suggests on-page improvements for shorter content.
• Google Docs add-on: Yoast offers the same level of SEO guidance within Google Docs.

Pros and cons

Pros:

• SEO guidance is built directly into the editor, so issues are flagged before content goes live.
• Yoast has strong on-page coverage, such as keyphrases, readability, metadata, internal linking, redirects, and structured data in one plugin.
• It includes advanced add-ons (Local SEO, News, Video SEO) under one license instead of separate purchases.

Cons:

• Yoast’s recommendations don’t always align with every content strategy or niche, and can sometimes be irrelevant.
• It may feel limiting for advanced SEO users looking to conduct deep technical SEO audits and experiment with generative engine optimization.

Our take

• Choose Yoast SEO Premium for SEO guidance built into your writing workflow. It’s especially useful for bloggers and small business owners who are learning SEO fundamentals and want step-by-step guidance.
• Skip it if you’re looking for a more advanced tool for technical SEO and AI search visibility.

2. All in One SEO (AIOSEO) — Best for broad SEO coverage with AI-era features

• Who should use it: Users who want hands-on control over SEO from the start and are comfortable managing more settings in exchange for that control.
• Rating: 4.7/5
• Pricing: A free version is available. Paid plans start at $49.50/year.

All-in-One SEO handles site-wide SEO setup with minimal input, then lets you step in and fine-tune details as your site grows.

During page-level edits, the optimization panel works like a checklist, grouping tasks into sections for schema markup, social previews, internal linking, metadata, and more.

It also includes AI tools that generate SEO titles, meta descriptions, FAQs, and key points — helping you structure content in a way that’s easier for both search engines and AI systems to understand.

The operational visibility stood out the most to me. 

Built-in 404 monitoring and redirect management helped me catch and fix broken URLs immediately, without relying on Search Console or extra plugins.

Our favorite features

• Link Assistant: AIOSEO scans your entire site and suggests relevant internal links.
• Schema support and an LLM.txt generator: It lets you add structured data and create LLM.txt files to improve how your content appears in Google and AI search results.
• Google Search Console integration: It pulls key search performance metrics like keyword rankings, clicks, impressions, and average position into WordPress.
• AI content generation: This plugin speeds up on-page SEO (titles, descriptions, FAQs) and nudges you toward more structured content.

Pros and cons

Pros:

• AIOSEO handles both on-page and technical SEO in one workflow, reducing the need to juggle multiple plugins.
• It gives power users more flexibility than Yoast, with fewer forced scoring rules and more control over how SEO is applied.
• This plugin scales well for growing sites and content teams that need to manage SEO consistently across many content types.
• It makes structured data easier to manage at scale, reducing manual markup work as sites grow, and offers AI search-specific features.

Cons:

• The sheer number of settings and modules can feel overwhelming for beginners, even with the guided setup.
• Site audits can take longer to complete on large websites, and the TruSEO scoring system may feel strict if your content strategy doesn’t match its built-in recommendations.

Our take

• Pick AIOSEO if you want a complete website SEO setup that prepares you for modern AI search. It works well for new sites, migrations, and WooCommerce stores that need both SEO basics and operational tools like 404 monitoring and redirects.
• Skip it if you want a lightweight setup or prefer handling technical SEO and monitoring outside WordPress.

3. The SEO Framework — Best for advanced users who want clean, automated SEO

• Who should use it: Developers and experienced WordPress users who don’t need SEO scoring or step-by-step guidance.
• Rating: 4.9/5
• Pricing: A free version is available. Paid plans start at $84/year.

The SEO Framework is a lightweight, automation-first SEO plugin that handles core SEO tasks quietly in the background without constant prompts, ads, or upsells.

When I first tested it on an inherited site, it automatically filled in titles and meta descriptions and generated an XML sitemap immediately, without any setup. 

The one trade-off is that it doesn’t guide you step by step or score keywords. So, if you rely on prescriptive SEO prompts, know that this plugin is minimal by design.

The SEO Framework works best on performance-sensitive sites where speed and minimal overhead matter more than in-editor guidance.

Our favorite features: 

• Auto-generated meta tags: This plugin automatically creates SEO titles and meta descriptions for posts, pages, and archives using content-based logic.
• Built-in XML sitemap and canonical handling: It generates XML sitemaps and applies canonical URLs automatically to prevent duplicate-content issues.
• Unbranded, ad-free interface: It stays out of the way with no upsells, nags, or SEO “score” prompts — so the plugin feels native inside WordPress.
• Modular extension system: It lets you add advanced functionality (such as structured data, local SEO, or monitoring) through optional extensions that can be enabled individually.

Pros and cons

Pros:

• You can publish content faster because meta titles and descriptions are generated automatically.
• Setup takes minutes since smart defaults handle technical SEO without requiring configuration decisions.
• It keeps your site fast because the plugin is extremely lightweight compared to bloated alternatives.

Cons:

• It lacks content analysis and keyword optimization tools, so you won’t get real-time guidance on readability, keyword placement, or SEO improvements as you write.
• There are no native FAQ or How-To blocks: Structured data requires manual setup or third-party tools.

Our take

• Choose The SEO Framework if you already understand SEO basics and want fast, automated technical SEO handled quietly in the background. It’s ideal for performance-sensitive sites where speed and minimal interface clutter matter more than in-editor guidance.
• Skip it if you want hands-on SEO help, keyword checks, or extensive writing feedback.

4. Rank Math — Best all-in-one SEO for new sites

• Who should use it: New sites and creators who want maximum SEO features early on.
• Rating: 4.9/5
• Pricing: A free version is available. Paid plans start at $107.88/year.

Rank Math combines on-page SEO tools, schema markup, redirects, and basic technical SEO features into a single plugin — with many capabilities available on the free plan.

At the page level, Rank Math is highly directive. Each page includes a checklist and score that flag issues with title structure, focus keyword usage, and indexing before publishing.

Once schema templates are set up, you can reuse them across content types instead of configuring structured data page by page.

For the most part, visibility makes Rank Math powerful for scaling sites and teams, but it’s best for users who want active SEO guidance rather than hands-off SEO.

Our favorite features

• Score-based SEO checks: Rank Math assigns an overall score and flags optimization issues without forcing step-by-step fixes.

• Multiple focus keywords: You can optimize a single page for several related keywords.

• Search Console data in your dashboard: You’ll receive basic performance data directly inside WordPress.

• Modular design: It allows you to turn features on or off so you only use what you really need.

Pros and cons

Pros:

• Rank Math provides clear checklists and scoring inside the editor, so it’s obvious what needs fixing before publishing.
• You get access to most SEO settings upfront, which makes it easy to adjust schema, indexing rules, and analytics as your site evolves.
• Shared rules, templates, and scoring make it easier to keep SEO consistent across multiple authors and pages.
• You can set up structured data once per content type and reuse it, saving time on content-heavy or multi-format sites.

Cons:

• Rank Math asks you to make several SEO decisions early on — sometimes before you fully understand what you actually need to do.
• The checklist-and-score approach can push users to optimize for the score rather than for search intent or strategy.
• While powerful, schema templates and settings work best when you already understand how structured data should be applied across different content types.

Our take 

• Go for Rank Math if you run a content-heavy site and want tighter control over how posts appear in search.
• Skip it if you’re running a small or new site and only need simple, hands-off SEO basics.

5. Google Site Kit — Best for understanding how your site performs in Google

• Who should use it: Site owners who want Google performance data inside WordPress.
• Rating: 4.2/5
• Pricing: The plugin is free, but connected Google services may have their own costs.

Google Site Kit pulls key data from Google tools like Search Console, Analytics, and PageSpeed Insights into your WordPress dashboard. You can monitor search performance and Core Web Vitals in one place.

When I installed it, I got a clear, high-level view of how my site was performing in Google, within minutes. 

I could quickly see trends in search traffic and analyze technical aspects like the Core Web Vitals without jumping between dashboards.

All in all, Site Kit works best as a monitoring and context dashboard to identify where problems exist. 

From there, you can dig deeper into Search Console or use dedicated SEO and performance plugins to address them.

Our favorite features 

• Unified Google data: Site Kit brings traffic, search visibility, Core Web Vitals, and AdSense earnings into a single WordPress dashboard.

• Search funnel visibility: It shows which queries surface your pages, how often they appear in search, and how many clicks they earn.

• Per-page performance stats: You can check Analytics and Search Console metrics for individual posts and pages, so you can see what content drives results.

• No-code Google setup: It connects tools like Analytics, Search Console, Tag Manager, and AdSense without editing your theme or touching site code.

Pros and cons

Pros:

• It helps you monitor traffic and search performance without switching tools.
• You can connect Google services without touching code, because Site Kit handles the technical setup automatically.
• All features are available at no cost, making it an accessible monitoring tool for basic visibility.

Cons:

• Site Kit surfaces trends and signals, but it doesn’t provide deep analysis such as conversion tracking, advanced user behavior, or detailed diagnostics.
• It shows where issues exist, but resolving SEO or performance problems still requires dedicated plugins or native Google dashboards.

Our take 

• Choose Google Site Kit if you’re already using Google services and want to see basic metrics in WordPress without paying for a premium analytics plugin and switching between tools. Use it as a prioritization layer to decide which SEO or performance issues to address first.
• Skip this if you need detailed product, funnel, or revenue breakdowns inside WordPress — Site Kit focuses on high-level Google metrics rather than full reporting.

6. Jetpack Boost — Best for one-click performance improvements

• Who should use it: Site owners who want core security, monitoring, and basic SEO handled automatically with minimal setup.
• Rating: 4.7/5
• Pricing: A free version of Jetpack is available. Paid plans start at $119.40/year for the first year (introductory discount; regular price is $239.40/year).

Jetpack Boost improves Core Web Vitals using a small set of safe, automated performance optimizations, including Critical CSS, deferred JavaScript, and improved image loading. 

When I tested it on a lightly optimized site, it immediately highlighted issues related to Critical CSS, deferred JavaScript, and oversized images. 

Instead of tweaking dozens of technical settings, the SEO plugin focuses on a narrow set of optimizations designed specifically to safely improve Google’s performance metrics. 

It’s a good fit for site owners who want quick, measurable improvements in Core Web Vitals with minimal effort.

Tip: The full Jetpack plugin also covers security, backups, analytics, and more. It’s included for WordPress.com users, with features like real-time backups and SEO support available on Business plans and higher.

Our favorite features 

• One-click Critical CSS: Jetpack loads essential page styles first so content appears faster, without breaking layouts.

• LCP-focused optimization: The most important content appears sooner, improving Core Web Vitals scores.

• Deferred JavaScript: It delays non-essential scripts so text and layout load first, reducing blank screens on slower devices.

• Page Cache: It saves pages as static files so they load faster for visitors, reducing server load and improving overall response times.

Pros and cons

Pros:

• Jetpack improves Core Web Vitals with one-click optimizations like Critical CSS, deferred JavaScript, and lazy loading.
• You can feel the difference quickly, especially on content-heavy pages, making it a solid baseline performance upgrade.
• The optimizations are designed to be safe and WordPress-friendly, so you’re less likely to run into layout issues or broken functionality.

Cons:

• Boost is designed to stay simple; it won’t replace a fully custom performance setup for advanced needs.
• Controls are mostly toggle-based, which means you get less flexibility than with tools built for deep tuning.

Our take

• Choose Jetpack Boost if you want a simple, low-maintenance way to improve site speed and Core Web Vitals.
• Skip it if you already have a heavily customized performance setup — you’ll get more value from a tool built for advanced tuning.

7. SureRank — Best for simple setup and guided SEO assistance

• Who should use it: Content creators who want a “set it and forget it” SEO for essentials.
• Rating: 4.6/5
• Pricing: A free version is available. Paid plans start at $149/year. $99 with a first-year discount. They also offer lifetime plans.

SureRank keeps SEO basics in one place: titles and meta descriptions, social previews, sitemaps, and default schema.

When I tested it, the first audit surfaced a short list of fixes I could act on immediately. Then, the editor kept flagging common issues as I worked, like missing alt text, oversized images, or titles that ran too long.

It adds default schema (like BreadcrumbList and Article) and keeps your SEO titles/descriptions consistent with your social share previews.

Altogether, SureRank works best for small blogs, portfolios, and simple business sites that need essential SEO with minimal setup. 

Our favorite features

• Focused SEO audit: SureRank highlights only the most important issues, so you know what to fix first without noise.
• Unified metadata workflow: SEO titles, schema, and social previews live in one place, reducing mismatches.
• Search Console integration: It shows key performance metrics, clicks, impressions, and top queries inside WordPress.
• Indexing controls (robots + canonicals): It lets you noindex low-value pages and set canonical URLs to reduce duplicate-content issues.

Pros and cons

Pros:

• The plugin is lightweight by design, so it keeps site overhead low and performance impact minimal.
• It helps you catch practical on-page SEO issues as you write, like missing alt text or overly long titles, without pushing you toward rigid scores.
• It keeps SEO, schema, and social metadata in a single workflow, reducing mismatches between search results and social previews.

Cons:

• SureRank is not well-suited for large or complex sites that require granular control or agency-level workflows.
• It has a smaller ecosystem and potentially fewer third-party resources due to its relatively recent launch.

Our take

• Choose SureRank if you’re a content creator, blogger, or small business that needs basic SEO applied with minimal effort. It’s most useful when updating existing content or managing content on a smaller site.
• Skip it if you’re an SEO consultant, power user, or enterprise site that needs advanced control.

8. Xagio SEO — Best for AI-driven SEO management and keyword research

• Who should use it: Agencies and advanced teams managing SEO across multiple WordPress sites.
• Rating: 4.9/5
• Pricing: A free version is available. Paid plans start at $467/year.

Xagio is an SEO system built for planning and managing SEO at the site level, not just optimizing individual pages. 

When I tested it, this SEO plugin analyzed existing pages first and grouped them by the keywords they were already ranking for. It then surfaced where pages were competing with each other or missing clear search intent.

Instead of fixing posts individually, you work from a central planner where titles, descriptions, and headings can be updated across multiple pages at once. 

This makes site-wide cleanup and restructuring far faster than editing pages manually.

Our favorite features 

• Cluster-based optimization: Xagio optimizes each page for groups of related keywords, not just a single focus term.
• Centralized project planning: You can see all pages, keyword groups, and rankings in one site-wide dashboard.
• Intent-aligned page editor: It keeps titles, H1s, schema, and metadata tied to a single keyword group.
• Integrated rank tracking: This plugin connects keywords directly to the pages they rank for, without external tools.

Pros and cons

Pros:

• You can manage SEO at the site level, so updating titles and metadata across many pages doesn’t require page-by-page edits.
• It groups keywords by page and intent, helping prevent keyword overlap and content cannibalization.
• Xagio provides clear competitive direction by showing which keywords and page structures already perform in the SERPs.
• It reduces the need for multiple SEO tools by combining keyword planning, competitor research, and bulk optimization in one system.

Cons:

• It has a steeper learning curve than in-editor SEO plugins, especially for non-technical users.
• The interface can feel heavy, with many settings and views visible at once.
• Teams using dedicated analytics or keyword tools may find some features redundant or less substantial than specialist competitors.

Our take

• Go for Xagio SEO if you’re running multiple WordPress sites or need advanced SEO automation. It’s built for managing SEO across projects, not optimizing pages one by one.
• Skip it if you’re a solo blogger or a small business with basic SEO needs.

9. Schema & Structured Data for WP & AMP — Best for fine-grained schema and rich snippets control

• Who should use it: Ecommerce stores, review sites, and local businesses that rely on rich results and need strong support for Product, Review, and LocalBusiness schema.
• Rating: 4.5/5
• Pricing: It has a free plan. Paid plans start at $99/year.

Schema & Structured Data for WP & AMP is built for sites that need more control over structured data than most SEO plugins offer. 

Instead of applying one generic schema type site-wide, it lets you assign schema by content type — so products, articles, FAQs, and How-To pages stay correctly marked up.

Once configured, those rules apply automatically across your site, keeping markup consistent and reducing manual work.

I especially like that you can add schema directly from the block editor using dedicated schema blocks, which is especially useful for FAQ, How-To, and review content.

Our favorite features 

• Site-wide schema control: It defines core entity data once and applies it consistently across the site.
• Content-type–based rules: It applies the schema by post type or taxonomy, so markup stays predictable and accurate.
• Gutenberg schema blocks: This plugin converts visible FAQ, How-To, and review blocks into matching structured data.
• Explicit AMP schema handling: It separates AMP schema from non-AMP pages to reduce mobile validation issues.

Pros and cons

Pros:

• Schema can be assigned by content type, so product pages, blog posts, and FAQs don’t end up using the same generic markup.
• Templates let you define a schema once and apply it across multiple posts, keeping markup consistent at scale.
• The free version includes a broad set of schema types, covering most common use cases without needing an upgrade.

Cons:

• This plugin requires some schema knowledge to use effectively, especially when configuring advanced rules or templates.
• It can conflict with other SEO plugins if schema output isn’t carefully managed, leading to duplicate markup.

Our take

• Choose Schema & Structured Data for WP & AMP if you run an ecommerce store, review site, or local business alongside your existing SEO setup. It handles schema markup, but doesn’t replace a full SEO system.
• Skip it if you’re just getting started with SEO and want an all-in-one solution.

10. Smush — Best for image compression, resizing, and lazy loading

• Who should use it: WordPress beginners, content creators, and small business owners who want hassle-free image compression.
• Rating: 4.8/5
• Pricing: A free version is available. Paid plans start at $30/year.

The Smush plugin focuses on image optimization, automatically compressing images as you upload them to help pages load faster.

New uploads are optimized immediately, and oversized images are clearly highlighted as you browse the site, which makes performance issues easy to spot and fix. 

For best results, I found that enabling both resizing and metadata removal had more impact than compression alone.

All in all, I found Smush works best on smaller or newer sites where ongoing uploads matter more than bulk cleanup. 

Our favorite features 

• Bulk optimization for existing libraries: You can optimize unlimited images without running heavy processes on your own server.
• Lazy loading: Smush delays loading offscreen images until users scroll to them.
• Safe image resizing: It notifies you when you upload images that exceed recommended dimensions.

• Smart compression: It shrinks image file sizes without a noticeable drop in quality, helping pages load faster.

Pros and cons

Pros:

• It starts optimizing images automatically after activation, so new uploads are handled without ongoing manual work.
• This plugin makes it easy to spot oversized or unoptimized images that hurt performance.
• It covers essential image optimization in the free plan, which is enough for basic compression and lazy loading.

Cons:

• Bulk optimization capped at 50 images per batch makes cleaning up large image libraries slow and repetitive.
• It’s focused just on images, so you’ll need additional tools for broader performance or SEO optimization.

Our take 

• Choose Smush if images are slowing your site down. This plugin is best for fixing image-related performance issues on image-heavy sites.
• Skip it if you need basic image optimization while your images are already handled by a CDN and your performance stack covers compression, resizing, and lazy loading.

11. Better Robots.txt — Best for customising crawler access and blocking unwanted bots

• Who should use it: Site owners and SEOs who need precise control over which pages and bots can crawl their site.
• Rating: 4.5/5
• Pricing: A free plan is available. Paid plans start at $109.94/year.

Better Robots.txt lets you control how search engines and bots crawl your site directly from the WordPress dashboard — no file editing required.

It generates and serves a robots.txt file automatically, making it easy to update crawl rules, block unwanted bots, or add sitemap references without touching server settings.

Keep in mind that robots.txt controls crawling, not indexing. It works best for managing bot access and crawl behavior rather than hiding pages from search results entirely.

Tip: The plugin can also generate an llms.txt file. While not essential for SEO, it’s a useful addition if you want to prepare for how AI search engines like ChatGPT may discover content over time.

Our favorite features 

• SEO-safe robots.txt configuration: It applies sensible default crawl rules so you don’t accidentally block important pages.
• Granular bot control: It lets you allow or block individual crawlers, including AI bots, without touching robots.txt syntax.
• Search Console–aware validation: It flags rules that could cause crawl or indexing issues before they become problems.
• LLM-ready configuration: Better Robots includes support for AI crawlers and optional llms.txt generation.

Pros and cons

Pros:

• You can manage crawler rules directly inside WordPress, which is especially useful on managed hosts without server or FTP access.
• It helps improve crawl efficiency by blocking low-value URLs that can waste crawl budget.
• You avoid missing or incorrect sitemap declarations, because sitemap references are added automatically when compatible SEO plugins are active.

Cons:

• It requires SEO knowledge to use safely, since incorrect rules can block important pages from being crawled.
• It uses a virtual robots.txt file, so changes may require cache or CDN refreshes on some hosting setups.
  

Our take

• Choose Better Robots.txt if you need precise control over how bots crawl your site and want to prepare your site for AI search.
• Skip it if your site is simple or you don’t want to manage crawl rules yourself.

12. Redirection — Best for managing redirects and tracking 404 errors

• Who should use it: Site owners who regularly update URLs, migrate content, or want visibility into broken links without server access.
• Rating: 4.4/5
• Pricing: Completely free with no paid version.

Redirection manages URL redirects and tracks 404 errors directly inside WordPress, without requiring server access or file edits. 

As soon as it’s activated, it starts logging 404 errors and lets you create, edit, and test redirects from the WordPress admin.

What stands out is visibility: You can see which redirects are active, where users are hitting dead URLs, and whether rules are actually matching real traffic. 

Overall, I found Redirection most useful during migrations or cleanups — when you’re handling lots of URL changes and need reliable 404 tracking in one place.

Our favorite features 

• Regex redirects: This plugin redirects entire URL patterns in bulk using regex, making it ideal for site migrations.
• 404 monitoring: It tracks and logs 404 errors and redirect hits.
• Automatic redirects for URL changes: It creates a redirect when you update a page or post URL, so visitors and search engines don’t hit broken links.
• Bulk import and export: It lets you move redirects between sites or upload them in batches during migrations.

Pros and cons

Pros:

• Redirection protects traffic and rankings by preventing broken links during updates, migrations, and permalink changes.
• It automatically surfaces real 404 errors and patterns, helping you prioritize fixes based on what users and search engines actually hit.
• It scales from simple one-off redirects to large restructures, reducing manual cleanup work even for complex URL changes.
• This plugin is fully usable for free: You can handle redirects and 404 monitoring without committing to a paid SEO suite.

Cons:

• Not ideal for extremely high-traffic sites: On very large sites, handling thousands of redirects inside WordPress may be less efficient than managing them directly on the server.
• Advanced rules can cause mistakes: Pattern-based redirects are powerful, but a small typo can accidentally send visitors to the wrong page or create redirect loops.

Our take

• Choose Redirection if you regularly update content, change URLs, or want an easy way to track and fix broken links inside WordPress.
• Skip it if your site has very high traffic or thousands of redirects, where a server-based redirect setup is usually a better long-term fit.

The right SEO plugins complete your setup

If you want a simple starting point for SEO plugins, focus on the essentials:

• One core SEO plugin (Yoast, Rank Math, or AIOSEO) for on-page optimization and technical controls.
• Jetpack Boost for performance improvements and Core Web Vitals.
• Smush for image optimization.
• Redirection for managing URL changes and 404 errors.
• Schema & Structured Data for WP & AMP if you need advanced schema control.

On WordPress.com, you already benefit from fast managed hosting, built-in security, SSL, sitemaps, and various Jetpack features. 

These plugins don’t replace that foundation — they extend it where you need more control, insight, or flexibility.

When I first learned to build WordPress sites, I had to stitch them together from different tools and vendors. Think of connecting your domain registrar to a hosting provider, installing backup, security, and performance plugins — that sort of thing.

When I switched to WordPress.com, the experience became entirely different. Here are 14 ways it makes site ownership easier.

1. Launch your site in a single, ready-to-run environment

On WordPress.com, getting a domain, hosting, security, backups, and performance are already configured.

Your site runs on WordPress-first infrastructure, built to handle updates, plugins, traffic spikes, and security without you having to tune the stack yourself.

Here’s what you get:

• Hosting optimized specifically for WordPress.
• Your domain automatically connects to your site (if you purchase it through WordPress.com).
• Automatic real-time backups and one-click restore (on Business and higher).
• Ready-to-use, top-notch security features.
• Performance optimization out of the box.

In short, instead of spending time setting up your site’s infrastructure, you can get online — and stay online — while focusing on growing your business.

2. Build with AI, but keep full control

On WordPress.com, AI helps you launch quickly — while still creating a real WordPress site you control.

Some AI website builders generate sites inside proprietary platforms, which can make it harder to customize, add advanced features, or move your site elsewhere later.

That’s different on WordPress.com. 

The AI website builder creates your site using native WordPress functionality, including proven themes, patterns, and the Block Editor. Instead of generating loose code, it assembles your site from building blocks that are designed to work well together.

Because of that, you’re building directly on WordPress from day one. You can redesign, add features, or scale your site over time without rebuilding it from scratch.

And it doesn’t stop after launch. With the WordPress AI Assistant, the AI truly understands your site’s content and layout. You can use it to add smart improvements and optimize your site for better results.

3. Grow your site without headaches

On WordPress.com, success doesn’t create extra work or extra fees. When your site starts getting attention, you don’t need to scramble to keep it online or worry about sudden costs.

No matter if you have 10 visitors or 100,000, all WordPress.com plans come with:

• Unlimited bandwidth with no overage fees.
• A 99.999% uptime target.
• Global caching and CDN.
• Free SSL encryption.
• Built-in malware scanning and attack protection.

That means you’ll never be forced to upgrade for performance reasons. While you can upgrade to a Business or Commerce plan for advanced features, your site will remain safe and stable on any plan.

4. Bring familiar AI tools into your WordPress workflow

WordPress.com connects your site to the AI tools you already use.

You can build themes and plugins with AI, connect Claude to analyze your real site data, or use the built-in WordPress AI Assistant directly inside your dashboard. 

These integrations are officially supported and permission-based, so you control what AI can access.

Instead of copying content into a generic chatbot, AI works with your actual WordPress environment — your posts, pages, traffic data, and structure.

All this helps you focus on the actions, pages, content, and opportunities that actually drive business results.

5. Work with real humans who treat your site like it matters

That said, you don’t have to figure everything out alone. 

With WordPress.com’s website design services, real WordPress experts build your site with you — refining your vision, making sure it looks professional, and helping you launch with confidence.

Take Jason, a WordPress.com user who wanted a website to support his son’s motorcycle racing journey.  He worked directly with the WordPress.com team to refine the design and structure, so it felt credible and ready to launch.

But the help didn’t stop at launch. The team continued guiding him through SEO setup, plugin choices, and planning his rollout strategy.

That’s the difference. You’re not just buying a template. You’re getting real people who help you build it right — and stay available as your site evolves. 

6. Restore your website, even if you are locked out

Every WordPress.com site is automatically backed up behind the scenes. You don’t need to install a plugin or set up a backup schedule — it’s handled for you.

On Business and Commerce plans, you can also restore your site yourself with one click — even if you can’t access your WordPress dashboard.

Like all other features, backups and restores happen on the platform level. This means you don’t need to log in to your site or server. Trust me, the last thing you want to do in this situation is struggle to get your website back.

7. Automate site updates without worrying

WordPress.com keeps your site up to date automatically — without you managing core updates, plugins, themes, or server software.

On most setups, it’s your responsibility to update WordPress core, plugins, themes, and even PHP. On WordPress.com, that maintenance is handled for you and coordinated to reduce compatibility issues and update-related errors.

How so?

First of all, core website updates are applied automatically, as are new versions of plugins and themes. Server maintenance is also taken care of for you.

Because the platform and infrastructure are built to work together, updates are tested and coordinated before they reach your site. That reduces the chance of something breaking after an update.

And if you want more control, you still have it. For example, on Business and Commerce plans, you can change your PHP version from the site settings — no server access required.

8. Use plugins to add features, not crucial infrastructure

On WordPress.com, security and performance are built in — so plugins serve to add features rather than fix fundamentals. 

On many setups, you install plugins just to handle backups, security, or caching. Here, that infrastructure is already managed for you. For example, all WordPress.com sites come with Jetpack, which offers SEO tools, analytics, newsletter functionality, additional editor blocks, and more.

That means you can focus on adding capabilities instead — ecommerce, memberships, translations, forums, and more.

With access to over 50,000 plugins, you can shape your site around your goals, not around technical gaps.

9. Build locally, using the same environment

With WordPress Studio, you can test changes on your own computer in the same environment your live site uses — then sync them when you’re ready.

This is more relevant to developers than beginners, but it’s useful to understand. Local development gives you a safe space to experiment, redesign pages, or test features without visitors seeing half-finished work.

The tricky part with local development is usually deployment. If your local setup doesn’t match your live environment, things can break when you push changes.

WordPress Studio solves that by mirroring your WordPress.com environment, making it much easier to move changes from local to live without surprises. It also comes with reusable site blueprints, shareable preview sites, and selective push and pull. 

Tip: Other WordPress.com developer features include free staging sites, SFTP/SSH, WP-CLI, Git commands, and GitHub deployments.

10. Keep your site fast and secure over time

Website performance and security are usually ongoing projects. But, as we’ve already settled, on WordPress.com this happens at the platform level, so you don’t have to worry about it at all.

Keeping a site fast and protected means adjusting cache plugins, configuring security tools, and monitoring logs over time. Here, that work happens behind the scenes.

Features that keep your site resilient include:

• Automated data center failover.
• Built-in spam protection.
• A detailed site activity log.

And if you ever need a hand, WordPress.com’s Happiness Engineers are available 24/7 to help.

Besides, WordPress is one of the most rigorously tested and actively maintained software projects in the world, with thousands of contributors and a dedicated security team. 

On WordPress.com, that foundation is reinforced with managed infrastructure that keeps your site protected as you grow.

11. Expand what your site can do — without starting over

On WordPress.com, you can redesign, extend, and turn your site into something bigger without changing platforms or rebuilding from scratch.

Your website might start as a simple blog or portfolio. Later, you might add a shop, memberships, bookings, or a newsletter. On many setups, that means migrating systems, upgrading servers, or reworking your entire stack.

Here, you build on the same foundation.

You can refresh your design using native blocks, patterns, and themes — and use tools like newsletters. You can also add ecommerce, payments, or other features through plugins. 

And you can do it all without touching hosting, security, or performance settings behind the scenes.

12. Keep full ownership of your website

With WordPress.com, your content and data remain yours forever — and you can export them if you ever decide to move.

Some proprietary website builders make it difficult to take your site elsewhere, limiting how easily you can export your content, structure, or integrations. While self-hosting WordPress gives you full ownership, it also means full responsibility for managing everything.

WordPress.com runs on the open-source WordPress software, which means your content isn’t trapped in a proprietary system. If your needs change, you can export and migrate your site without rebuilding it from scratch.

13. Get out of the maintenance loop

On WordPress.com, most routine upkeep happens automatically, so you’re not constantly managing your site behind the scenes.

It’s great that WordPress and its components receive regular updates. But keeping WordPress core, themes, plugins, and infrastructure up to date can turn into an ongoing cycle of small tasks and checks. 

Here, those updates — along with performance and security management — are handled for you.

That means less time maintaining your website and more time using it to move your work or business forward.

WordPress core is updated automatically on all plans; themes are maintained for you.

On Business and Commerce plans, plugins can be updated automatically as well. Server-level components like PHP are managed by WordPress.com behind the scenes.

14. Migrate your site without downtime

Finally, WordPress.com also helps you seamlessly migrate your website, whether you do it yourself or with expert help.

Moving hosting providers comes with a long list of to-dos. You have to move all parts of your site, fix compatibility issues with the new environment, and cross your fingers that the website won’t go down during the switch.

To avoid this, on WordPress.com Business and Commerce, migration and launch happen as separate steps:

1. Create a new, empty site.
2. Clone your existing site into it (your original site stays live on your old host).
3. Review the WordPress version, pages, plugins, etc., in the new environment.
4. Switch your domain when you are 100% ready.

Your visitors won’t even notice the change. Better yet, you can choose the “do it for me” option and the WordPress.com team will handle the migration for you, and then guide you through the final steps.

Make your life easy — Choose WordPress.com

The difference of hosting your site on WordPress.com versus elsewhere doesn’t come down to a single feature — it changes your entire experience of website ownership.

From the beginning, your site lives in an optimized, centrally managed environment that it never has to leave, no matter how much you grow. 

This reduces the technical work necessary to keep it running smoothly, allowing you to focus on what really matters and moves the needle. At the same time, you retain full ownership and control over your site.

Ready to make this a reality for yourself?

Since then, thousands of you have built blocks, shared feedback, and pushed the tool in directions we didn’t expect.

That enthusiasm kept us going. Here’s what’s new.

1. Show Telex what you want to build

You can now upload reference images when describing your block. A Figma mockup. A screenshot of a design you like. A napkin sketch. 

Upload it alongside your prompt and let Telex see what you’re imagining.

This helps most with complex layouts — or when you’re chasing a specific aesthetic. Instead of writing a detailed description of how every element should be arranged, just show it.

A picture is worth a thousand prompt words, or so they say.

2. Work in your favorite editor, then come back

One of our most requested features — editing blocks outside of Telex — is here.

Download your block, open it in VS Code, Cursor, or whatever you prefer (we’re not starting that debate), and make your changes. Then upload the zip back to Telex to keep refining with AI.

This round-trip workflow bridges AI generation and traditional development. It’s early days — we’ll keep improving it.

3. Explore previous versions risk-free

Version history now works better. When you restore a previous version, Telex creates a new version instead of overwriting your current work. 

This means you can explore past iterations, compare approaches, and recover that thing you deleted three prompts ago.

Your past mistakes are now just research. Or as we call it: iterative development.

4. Telex speaks your language

Telex is now available in 7 languages for you to create blocks and experiment.

We also fixed an issue where Japanese, Chinese, emoji, and other multi-byte characters weren’t streaming correctly.

5. Small improvements that add up

We’ve also shipped a bunch of smaller fixes:

• Dynamic page titles: Juggling multiple blocks in different tabs? The page title now matches your selected project.

• Save confirmations: Manual code edits now show a “Files updated” message. You’ll always know your changes took.

• Shorter share links: Cleaner URLs that are easier to pass along.

• Changelog page: Want to keep up with every update? We now have a dedicated changelog. It’s like release notes, but we actually write them.

Keep experimenting

Telex is a living experiment. Your feedback shapes where it goes.

Spin up a block. Try the image upload. Tell us what’s working and what isn’t — in the comments or through the in-app feedback form.

But something was missing.

“I really enjoyed thinking about very deep questions,” she says. “But I kind of missed the human element. I would get frustrated — why should a normal, everyday person care about this?”

That question led her toward science writing. And eventually, to a portfolio she built in an hour using our AI website builder.

From lab to byline

To pursue her science writing dream, Lily built up slowly. Volunteer projects. Small bylines. Then, in late 2023, she applied to the AAAS Mass Media Fellowship — mostly as practice.

She got in.

Ten weeks at a public radio station in North Carolina, reporting on science. That was the moment it became real.

“This might actually be something I could do.”

The portfolio problem

But to get paid work, she needed a portfolio. A place to show her clips. Proof she could do the job.

She kept putting it off.

I had been dreading making the website — not because it would be so hard, but I just didn’t know exactly how to do it.

Then a deadline hit. An internship application. Four hours to finish everything — resume, cover letter, portfolio.

She opened WordPress.com, found the AI website builder, and started typing. About an hour later, her online portfolio was live.

It lowered the barrier for me to get started and get everything together.

What Lily’s new website delivered

She didn’t get that first job. But the website stuck around.

A few weeks later, another interview. They wanted writing samples. She sent the website immediately.

As a result, Lily got:

• Contract work from that company
• A separate internship
• A portfolio ready to send whenever opportunities come up

They asked for writing samples. I sent them my website. I got the contract.

Your story deserves a home, too

Lily had been putting off her portfolio for too long. A deadline forced her hand — and the AI website builder got her there in an hour.

WordPress.com’s managed hosting also means she’s not dealing with updates or maintenance. She focuses on her career. The platform handles the rest.

Her story started in the lab. But her website is where the next chapter begins.

Yours can too.

You bring the idea — AI makes it real

Use our AI website builder for free today.

Try it now

If you’ve used our AI website builder, you already know how easy it is to create a full site by having a conversation. Now, that same intelligence stays with you inside the editor and Media Library. 

Unlike standalone AI tools, the WordPress AI Assistant works inside your site. It understands your content and layout and can take action where you’re already building — no copy-pasting, no prompt engineering, and no code to figure out what to do with.

Sites on WordPress.com’s Business or Commerce plans can now opt into the WordPress AI Assistant at no extra cost.

Build, write, design, and manage without breaking your flow

The new AI assistant will show up in a few places within your WordPress experience once enabled on each of your sites:

The Editor

Get help with site-wide structure and design decisions, as well as content editing and refinement without leaving the editor. You can adjust layouts, styles, and patterns on your posts and pages just by talking — and see changes take shape as you work.

You can ask it to:

• “Make this section feel more modern and spacious.”
• “Change my site colors to be more bright and bold.”
• “Give me more font options that feel clean and professional.”
• “Add a testimonials section below this section.”
• “Add a Contact page.”
• “Rewrite this to sound more confident.”
• “Translate this section into Spanish.”
• “Give me three title options for this page.”
• “Generate an image of a croissant for this blog post.”

Media Library

Create and edit images directly in your Media Library. The AI assistant helps you generate new visuals or make targeted edits to existing images, so your media stays consistent with your site’s look and brand. You can specify aspect ratios and image styles to have even more control over the final look.

This feature uses the latest Nano Banana models, bringing you added value without needing other subscriptions.

In your Media Library, click the “Generate Image” button. You can ask the assistant things like:

• “Generate an image of a calico cat reading a book.”
• “Update this image to be black and white.”
• “Replace this stack of pancakes with a stack of waffles.”

Block notes

The block notes feature introduced in WordPress 6.9 lets you collaborate with teammates directly in the editor. The WordPress AI Assistant extends that same workflow with AI: ask questions in block notes and get answers with your content as context, including relevant links and info from external sources:

• “@ai Please fact-check this block.”
• “@ai Give me headline ideas for this article”
• “@ai Suggest examples to strengthen this paragraph”

The WordPress AI Assistant works right inside WordPress, so you get help exactly where you’re building, writing, and editing.

How to enable the WordPress AI Assistant

You can opt-in in just a few clicks:

1. Log in to your WordPress.com account and go to your Sites list.
2. Click your site name, and then click Settings. 
3. Scroll down and click the “AI tools” setting.
4. Click the toggle to enable the setting.

Alternatively, if you purchase a site built with our AI website builder, the AI assistant will be enabled automatically, regardless of which plan you choose.

Note that the AI assistant works best with block themes. If you’re using a classic theme, the AI assistant won’t appear in the editor. However, you can still generate and edit AI images in the Media Library.

Get started today

Most tools stop after generating a site. Others give you a single chat box isolated from your workflow or one-off code you need to know what to do with.

The WordPress AI Assistant works inside your actual site, helping adjust blocks, shape layouts, write content, and guide decisions.

This is WordPress, now with intelligence built in — ready to help you create, design, and grow faster than ever. And just one of the many ways WordPress.com users will be empowered by AI this year.

The good news? Your WordPress site can show up in both traditional Google results and AI-generated answers with a few practical tweaks.

In fact, most of what AI systems need already exists in WordPress — if you structure and use it properly.

This guide shows you how to optimize your WordPress site for AI search with nine simple steps.

1. Write answer-first content with a clear structure

Start each section with the main point, then add supporting details when creating content for your website. 

AI systems extract information by scanning for direct answers and clear patterns. When you lead with the answer and use structured formatting, AI can quickly identify, extract, and cite your content.

Here’s an example of this answer-first approach: a question-based heading followed by a paragraph that starts with the most relevant details, then adds more context later.

How to do it in WordPress

• Start each page with a direct answer, definition, or takeaway.

• Use Heading, List, Table, and Quote blocks to break content into scannable sections.

• Match your first sentence to your heading. If the heading asks “What is matcha?”, start with “Matcha is…”.

• Keep paragraphs short (2–3 sentences) so AI can extract key points without wading through walls of text.

• Place the most important information in the first 100 words of each page.

2. Organize content into topical clusters and key category pages

Group related content into clear topic areas to demonstrate authority, and explicitly name the people, brands, tools, and concepts you’re discussing.

Entities are the specific elements AI systems look for to understand meaning and context, such as “Monday.com” as a product, “remote teams” as a concept, or “integrations” as a feature category. 

When you organize website content around these entities and use consistent terminology, AI can map relationships between topics and understand your expertise.

Source: Ninja Promo

How to do it in WordPress

• Identify related content around major themes (3–6 is a good start) that your brand owns. For example, a lifestyle blogger might organize their content into clusters such as wellness and self-care, home and organization, work–life balance, personal finance basics, travel, and everyday routines.

• Group related posts and pages into category pages. Here’s what that looks like on the WordPress.com blog: 

• Define each category and add descriptions (e.g., “Here we share practical advice and step-by-step guidance on personal finance”).

• Link category hub pages from your main navigation, and interlink posts within each cluster using clear, entity-focused anchor text (the specific words associated with the hyperlink).

• Use the Query Loop block to automatically show related posts and pages on your hub pages.

3. Add schema to formalize entities and relationships

Add schema markup (structured data) — code that labels what type of content you’re publishing — to tell search engines and AI systems exactly what your pages are about.

For example, you can mark a page as a recipe, product review, or local business listing.

Schema isn’t a magic bullet (few things in SEO/GEO are), but it can help AI better understand your WordPress site and pages. 

For example, a recent Semrush study found a correlation between schema use and AI citations, likely because schema adds context and credibility that AI systems can analyze.

How to do it in WordPress

• Identify the correct schema type for each page (Article, FAQ, Product, Review, LocalBusiness).

• Connect content to authors and organizations using Person and Organization schema.

• Use an SEO WordPress plugin to apply schema without custom code. Some of the best WordPress plugins that offer this feature include All in One SEO, Schema & Structured Data for WP, Yoast SEO, and Rank Math SEO.

4. Add FAQs and structured sections AI can quote

Add FAQ sections with clear question-and-answer pairs that AI systems can easily extract and quote.

FAQs work well for AI search because they mirror how people ask questions conversationally. They also let you control how your answers are framed and presented.

For example, you can use FAQs to communicate your brand positioning in a structured way, such as in this article about picking a cloud GPU provider:

How to do it in WordPress

• Write one clear question followed by one focused answer.

• Start each answer with the main point, then add details.

• Keep answers helpful, not salesy, especially for neutral questions like “What is X?”.

• Place FAQs at the end of your content or where readers make decisions.

• Use the Accordion block to organize FAQs neatly:
  

• For larger help centers, such as software documentation, try the BetterDocs plugin.

5. Make authorship, experience, and E-E-A-T signals explicit

Add author information, credentials, and original thoughts to your website content so readers and AI tools know who wrote it and why they’re credible.

When you clearly show practical experience and expertise — what Google calls E-E-A-T (Experience, Expertise, Authoritativeness, and Trustworthiness) — both search engines and AI tools are more likely to trust and cite your content.

For example, DigitalOcean published original research testing AI detector accuracy on its company blog. It became one of the company’s top traffic drivers and eventually earned a citation from Cornell University.

How to do it in WordPress

• Use the Authors Widget to display the post author’s name on your blog.

• Link author names to detailed author pages showcasing their background.

For example, iFixit — an e-commerce and how-to site — extensively highlights the expertise of its writers:

This helps users trust the site when getting tips on fixing their electronics and sends positive signals to AI search engines.

• Interview subject matter experts and weave in their insights to support E-E-A-T and add uniqueness.

• Conduct original research and include up-to-date statistics to demonstrate credibility and substantiate claims. 

6. Strengthen site-level trust

Create clear, comprehensive About and Contact pages so visitors and AI systems can verify that you’re legitimate.

AI doesn’t just evaluate individual posts — it looks at your entire WordPress site to determine if you’re a trustworthy source. 

Websites with transparent information about who runs them, how to reach them, and what they stand for earn more trust from both readers and search engines.

Here’s another great example of the About Us page from iFixit:

How to do it in WordPress

• Create a clear About page explaining who you are, what you do, and who you serve.

• Use Organization schema (via an SEO plugin such as AIOSEO) to formally tell search engines your business name, location, and what you do.

• Add a dedicated Contact page with real, verifiable business details.

• Surface About and Contact pages in site-wide navigation, such as in the footer and header.

Pro tip: Your WordPress site’s trustworthiness also stems from external signals. To prove to AI search engines and Google that you’re credible, you need mentions and backlinks from outside sources, such as guest posts, media coverage, content creators, partners, and community platforms like Reddit.

7. Reinforce local and business credibility 

If you run a local business, add location details, business hours, and customer reviews to show you’re a real, legitimate company.

Local business information strengthens trust for both physical storefronts and service-based businesses. 

When AI search tools see consistent contact details, genuine reviews, and clear location data, they’re more confident mentioning your brand.

For example, here’s how Cha Cha Matcha showcases its address and other details on its website:

How to do it in WordPress

• Keep your business name, address, and phone number consistent across your site and Google Business Profile.

• Claim and optimize your Google Business Profile with accurate hours, photos, and services.

• Implement LocalBusiness schema via the AIOSEO plugin.

• Display customer reviews and testimonials using the Testimonial block and the Google Business Reviews and Rating plugin.

• Embed a map on your Contact or Location page.

8. Make sure search engines can access and crawl your site

Remove technical barriers so search engines and AI tools can find and index your content.

For example, if your site blocks crawlers, loads slowly, or isn’t indexed, even great content stays invisible. 

Reliable WordPress hosting solves most of these issues automatically by maintaining site speed, enforcing HTTPS, and ensuring reliable uptime.

Tip: For the best foundation, invest in a WordPress host that prioritizes performance and security. Managed WordPress hosting on WordPress.com includes caching, automated software updates, security, and performance optimization.

How to do it in WordPress

• Enable indexing in Settings → Reading. This tells search engines they’re allowed to find and list your site in search results.

• Configure robots.txt correctly using a plugin such as AIOSEO. This file tells bots which parts of your site to crawl and which to skip, such as admin pages.

• Submit an XML sitemap via your SEO plugin. This file lists all your important pages, making it easier for search engines to find them. For WordPress.com users, sitemaps are activated by default.

• Ensure HTTPS is active by looking for the padlock icon in your browser’s address bar. This shows your site is secure, which search engines and AI systems require before indexing your content.

• Optimize site speed and uptime by compressing images, using caching, and choosing lightweight themes. 

Tip: AI search relies on standard indexing, so avoid blocking AI bots unless the content is proprietary, paywalled, or sensitive. You can use the Block AI Crawlers plugin or Better Robots TXT plugin if needed.

9. Use visuals as explanatory assets

Add images, diagrams, and screenshots that help readers understand your content, not just decorative stock photos.

Clear, explanatory visuals make complex topics easier to grasp. AI systems are also moving toward multimodal search, meaning they’ll increasingly interpret visual content directly.

For example, this article on how to use Google Colab for non-developers includes step-by-step screenshots that walk readers through the entire process:

How to do it in WordPress

• Use descriptive file names and alt text. For example, name your file “wordpress-dashboard-settings.jpg” instead of “IMG_1234.jpg,” and write alt text that describes what the image shows for search engines and screen readers.

• Add captions to provide additional context for readers.

• Reference visuals in your text. Don’t just drop in an image — mention it (for example, “as shown in the screenshot below”).

• Use Image, Gallery, and Table blocks to add diagrams, screenshots, and process flows.

• Organize assets in the Media Library so you can reuse images across multiple posts.

Pro tip: Guide AI search tools to your most important content.

An llms.txt file is an experimental way to tell AI tools which pages on your site matter most, such as your best guides, category hubs, and About page.

This isn’t a requirement, and AI systems aren’t obligated to follow it. Think of it like the early days of robots.txt — a suggestion, not a control mechanism. 

Here’s how to do it in WordPress:

• Create an llms.txt file using the Website llms.txt plugin.
• List your most important URLs, such as key guides, category pages, and your About page.

Stay visible in modern search with WordPress.com

We explored the core steps to make your WordPress site visible in AI search: clear structure, credible authorship, organized content, and strong technical foundations.

Start with steps 1–5, then expand as you grow. The sooner you adapt to AI-driven search, the stronger your long-term visibility will be.

You don’t need a new strategy — just a more intentional approach. When your expertise is clear and your site is technically sound, AI systems can better understand and surface your content.

WordPress.com further supports this with secure managed hosting and publishing tools built for performance and reliability.

Today, we’re releasing new Skills and a Claude Cowork plugin designed for vibe coders and anyone who wants to create WordPress themes, generate sites, and experiment with AI-assisted development. You’ll find that you don’t need to be technical at all.

These tools are in rapid development and changing constantly, but we wanted to get them into your hands now. 

We believe this is where site building is headed.

WordPress site creator plugin for Claude Cowork

This new Claude Cowork plugin turns a conversation with Claude into a fully built WordPress site. Describe what you want, and it creates a complete block theme and deploys it to a local site running in WordPress Studio.

For example:

/create-site A website for my fitness coaching business. I help busy professionals get strong without living at the gym. I want to book discovery calls and share workout tips.

Claude kicks off by asking you about your site and then provides multiple design options. Iterate until you are happy, and then a few minutes later, you have a full WordPress block theme.

WordPress Studio provides you with a preview link you can send to anyone, and it also allows you to easily sync your completed site with WordPress.com.

How to get started with the plugin

There are two parts to set up: WordPress Studio (which runs your site locally) and the Cowork plugin (which generates the theme). The whole process takes about 10 minutes.

First, download and install WordPress Studio (macOS only for now). Open Studio, go to Settings → Preferences, and click “Enable the studio command in the terminal.” 

Then open your terminal and run:

studio --version

This confirms it’s working.

Next, connect Studio to Claude Desktop so Claude can create and manage your local WordPress sites. 

In Claude Desktop, go to Settings → Developer → Edit Config, and add the following to your configuration file:

{
"mcpServers": {
"wordpress-studio-mcp-server": {
"command": "node",
"args": [
"/ABSOLUTE/PATH/TO/wordpress-studio-mcp-server/dist/index.js"
]
}
}
}

From here, replace /ABSOLUTE/PATH/TO/ with the actual path where you cloned the wordpress-agent-skills repo on your computer. For example:

/Users/yourname/projects/wordpress-agent-skills/studio-mcp/dist/index.js

Quit Claude Desktop and reopen it.

Finally, install the Cowork plugin. In Cowork, open the plugins menu at the bottom of the left sidebar, select Add to marketplace from GitHub, and paste:

https://github.com/Automattic/wordpress-agent-skills

Install the Create WP Site plugin.

That’s it.

Run the /create-site command in Cowork (or select it from the plugins menu) and describe the site you want to build.

*Note: This is a developer preview. Things will break, and results will vary. That’s expected — we’re sharing it early because we want your feedback. If you run into issues, file them on GitHub. 

Skills that power it

Alongside the plugin, we’re sharing the Skills that make it work. Skills are reusable instruction sets that teach AI assistants how to perform specific tasks — think of them as the next evolution of prompts.

We have skills for:

• Site Specification, collecting important context and info about the site being created
• Site Design, creating multiple design options and helping with fonts, colors, and style
• WordPress Theme Creation, sticking to best practices to generate a working block theme

The best part is you can use these Skills just about anywhere, including ChatGPT, Codex, or your favorite vibe coding tool.

These Skills are in active development and changing weekly. But they’re already producing themes worth shipping, and we expect results to only improve.

Build with us

We’re in a significant period of change. There’s uncertainty. But there’s also opportunity, especially for site builders willing to experiment.

Try the new tools. Break them. Tell us what’s missing. Help us make them better.

We have the hosting solutions to make it easy to take your AI-created sites and share them with the world.

And watch this space. Claude Cowork is just the start; we want to help you build WordPress sites with your AI agent of choice. 

This guide shows you how to set up Claude Code and WordPress Studio to create working plugins with text prompts.

Claude Code is Anthropic’s AI coding assistant. WordPress Studio is a free local WordPress environment. Together, they let you go from idea to a working plugin in minutes — no deep coding knowledge required.

This walkthrough covers the complete setup and shows you how to build your first plugin.

1. Install Claude Code

Head to Claude Code and sign up for an account — you can choose any paid plan available. 

Run the native installer from the setup page and follow the on-screen instructions to complete the installation.

The installation runs for a minute or two. When it finishes, Claude Code is ready to use.

2. Install WordPress Studio

Download WordPress Studio — it’s completely free and works on both Mac and Windows.

Install it, then create a new site. Give it any name you want — e.g., “My WordPress Website” works fine.

Because Studio runs locally on your computer, everything you build stays safely contained on your machine — so you can experiment with AI-generated plugins without risking a live website.

3. Start Claude Code

Using the Open in… options on the Overview tab in Studio, click Terminal. This will open a terminal window at your project file’s location.

Then, type claude. If it’s your first time, you’ll be prompted to log in to your Claude account and confirm that you trust the files in this folder.

Click Enter/Return on your keyboard to trust the folder, and you’ll see the welcome message.

4. Build your first plugin

In the Claude terminal, describe what you want. Give it some context about where you are and what you need. For example:

“We are in the root of the WordPress site folder. I want a simple plugin that prints out ‘Hello [Your Name]’ in the admin of the site.”

From here, Claude will ask some follow-up questions, create a plugin folder, and generate the complete plugin file with proper WordPress structure.

5. Activate and test

Go back to WordPress Studio and open your WordPress admin. Navigate to Plugins, find your new plugin, and activate it.

If the plugin works correctly, your custom message will appear at the top of the admin area — in our case, “Hello Nick” shows up as an admin notice. 

If you haven’t changed your name, you may see it say “Hello admin.” Simply go to your Users list and change the name of your default user.

This is the simplest plugin possible, but it shows how fast you can build with Claude and WordPress.

6. Keep building

From here, you can add more features. 

Go back to the Terminal in your editor and ask Claude to add new functionality — settings pages, custom blocks, whatever you need.

As with any AI tool, experimenting with prompting will help you achieve better results:

• Give Claude context about where you are in the file structure
• Be specific about what you want the feature to do
• Break complex features into smaller steps
• Ask Claude to explain the generated code if something doesn’t make sense

Bonus tip: Telex — an alternative for WordPress blocks

Telex is another unique tool that helps you generate WordPress blocks with AI — and it’s completely free to use.

Just describe what WordPress block you want, and Telex builds it with a live preview in WordPress Playground.

Test it, refine it with follow-up prompts, then download it as a plugin and install it on your WordPress site.

You’re ready to build with AI

You now have an AI-powered setup for building plugins for your WordPress site.

• Describe the plugin you want to build, and watch Claude generate working code inside your WordPress Studio site.
• Experiment with Telex to create entire WordPress blocks.
• Keep experimenting and trying new things.

Start simple, then tackle more complex projects as you get comfortable.

And if you build something fun, share it in the comments — we’d love to see what you make.