If you use WordPress’s official AI plugin to connect ChatGPT, Claude, or Gemini to your site, an update just landed that protects the keys you handed over to do it.
What changed
The AI plugin, the canonical WordPress.org plugin that previews AI features before they reach core, shipped version 1.1.0 this week. The release adds two new opt-in experiments.
Key Encryption scrambles the API keys you enter for AI providers before storing them in your site’s database, then decrypts them only when needed. Until now, those keys sat in the database in plain text, readable by anyone who got access to a database backup or export. If you turn off the experiment or deactivate the plugin, your keys switch back automatically so nothing breaks.
Type-ahead Text brings writing suggestions into the block editor. While you type a paragraph, it can show grayed-out “ghost text” suggesting how to continue the sentence, based on the surrounding content and your site’s saved Guidelines. Accept it with a keystroke, dismiss it, or ignore it entirely. It only appears if you turn it on.
Other fixes worth knowing
The update stops AI tools like Summarization and Classification from appearing before you have written enough content for them to work on. It also lets admins turn off automatic AI moderation checks on comments from logged-out visitors, and skips re-checking comments already marked as spam or trash.
What to do
Both experiments are optional. If you use the AI plugin, update to 1.1.0 and turn on Key Encryption in settings. It is the easy win since it just protects data you are already storing. Type-ahead Text is worth trying if you want writing help while drafting posts, but skip it if you would rather write without suggestions popping up.
The release also adds a core/read-settings ability, part of the same Abilities API framework we covered six days ago, when a WordPress 7.1 proposal suggested letting AI agents read site settings, content, and users through permission-checked channels.
End of article