Connect your WordPress site to Cowork in three steps. Do step 1 first — without it, every plugin call returns blocked-by-allowlist.
Step 1 — Add your WordPress domain to the Cowork allowlist. In Claude Desktop, open Settings → Cowork → Network → Allowed Domains and add your site (e.g. yourdomain.com). Fully close and reopen Claude Desktop — the allowlist is cached at session start, so changes don’t take effect mid-session.
Step 2 — Install the Cowork plugin. After purchase you receive a .plugin file. Drag the .plugin file directly into the Cowork chat window in Claude Desktop and Cowork installs it automatically. (Alternative: Settings → Plugins → drag the file there.)
Step 3 — Run /wp-setup in Cowork. The plugin will prompt you for three things, in order:
- Your site URL — paste
https://yourdomain.com. - Your license key — copy it from your purchase email or the order receipt page on wordpressforcowork.com.
- A WordPress Application Password — generate one in your WordPress admin under Users → Profile → Application Passwords: name it
Cowork, click Add New Application Password, copy the 24-character password, then paste it back into the Cowork prompt.
Cowork will run a connection test and confirm. You’re ready to manage the site through conversation.
Notes: Your site must run on HTTPS — Application Passwords are not available over plain HTTP. If /wp-setup fails after the App Password step, the most common cause is a security plugin or host firewall blocking REST API authentication — see the Security plugin is blocking the connection KB article for fixes.
What you do NOT need: You do not need to upload a .zip file in wp-admin. You do not need a Chrome extension. WordPress for Cowork is a Cowork plugin (it installs into Claude Desktop’s Cowork mode), not a WordPress plugin.
Why this is manual — and where your credentials live. WordPress for Cowork doesn”’t log into your wp-admin on your behalf. The only credential Cowork ever sees is the Application Password you generate yourself and paste into /wp-setup. All credentials are saved on your computer — site URL, license key, and Application Password live only in Cowork”’s local secret store on your machine. We don”’t save anything on our side. Revoke the Application Password from wp-admin at any time to disconnect Cowork cleanly without changing your main login.