WordPress for Cowork works on every self-hosted Linux VPS we’ve tested — DigitalOcean, Linode, Hetzner, AWS Lightsail, your own metal. Three things to verify before installing.
1. HTTPS with a valid certificate
WordPress Application Passwords (which Cowork Bridge uses for the Application Password handoff during /wp-setup) only work over HTTPS. Let’s Encrypt is free and takes minutes.
2. /wp-json is reachable from the internet
Open https://yourdomain.com/wp-json/ in a browser. You should see a JSON response. If you get a 404, check:
- Your Nginx or Apache config isn’t blocking
/wp-json. - Your
.htaccessdoesn’t have a rule rejecting it. - Permalinks are set to anything other than “Plain” (Settings → Permalinks).
3. Application Passwords are enabled
They’re ON by default in WordPress 5.6+. Verify under Settings → General → WordPress Address matches what you’re visiting.
Cloudflare in front of your VPS
If you proxy through Cloudflare, enable Bot Fight Mode cautiously — it can challenge legitimate Cowork requests. See Cloudflare blocking the plugin for the surgical bypass rule.
Install
wp-admin → Plugins → Add New → Upload Plugin, upload cowork-bridge.zip, Activate. Run /wp-setup in Cowork.