WordPress
WordPress AI integrations: five patterns by client impact
A WooCommerce store, 12,000 SKUs, native search returns nothing for 'mens running shoe size 11'. We have rebuilt this exact problem fourteen times. Here are the five AI patterns that paid back.

A WooCommerce store, 12,000 SKUs, a two-person team in Eindhoven. The native search returns "no results" for mens running shoe size 11 because every product is tagged size 44 EU. The owner emails on a Tuesday asking us to fix it before peak season. This is the WordPress work in 2026: not new plugins, not theme refreshes, but quietly wiring AI into the parts of the site that already exist.
We have built or rebuilt fourteen of these for clients in the last year. The same five patterns keep coming back. Here they are, ranked by how much money or how many hours they actually moved for the business.
1. Vector search inside WooCommerce
The single biggest revenue lever. Native WordPress search is a LIKE %query% against wp_posts.post_title and post_content. It misses synonyms, plurals, sizes, alternate language, and anything sitting in product attributes unless somebody tortured a SearchWP install into shape five years ago.
The pattern that works on every shop we have touched:
- Index every product into a vector store (Pinecone, Weaviate, or pgvector if you already run Postgres alongside MySQL).
- Embed product title, short description, category, and the first few attribute values as one chunk.
- Register a REST route that takes the user query, embeds it, fetches the top 24 IDs, and hydrates them through
wc_get_products()so price, stock, and visibility rules still apply. - Cache hot queries in Redis or a 10-minute transient.
The plumbing is shorter than people expect:
add_action('rest_api_init', function () {
register_rest_route('abn/v1', '/search', [
'methods' => 'GET',
'callback' => 'abn_vector_search',
'permission_callback' => '__return_true',
]);
});
function abn_vector_search(WP_REST_Request $req) {
$q = sanitize_text_field($req->get_param('q'));
if (strlen($q) < 2) {
return rest_ensure_response([]);
}
$key = 'abn_vs_' . md5($q);
$cached = get_transient($key);
if ($cached !== false) {
return rest_ensure_response($cached);
}
$embedding = abn_embed($q); // POST to embeddings API
$ids = abn_pinecone_query($embedding); // returns array of product IDs
if (empty($ids)) {
return rest_ensure_response([]);
}
$products = wc_get_products([
'include' => $ids,
'orderby' => 'post__in',
'status' => 'publish',
'limit' => 24,
]);
$payload = array_map('abn_format_product', $products);
set_transient($key, $payload, 10 * MINUTE_IN_SECONDS);
return rest_ensure_response($payload);
}
On the homeware shop above, the conversion rate on search-driven sessions roughly tripled in the eight weeks after launch. The owner had been blaming Google Ads. The fix was a REST route and a 60-line Node worker that re-indexed nightly.
2. Inbox and lead triage
Second biggest impact, every time. The site already has a contact form. Gravity, CF7, Fluent, it doesn't matter. A submission lands, an office manager spends 90 seconds reading it, decides whether it goes to sales, support, partnerships, press, or trash, and drafts a reply. Multiply by 80 submissions a day.
Replace the manager-as-router with a small worker:
- Hook into
gform_after_submission(orwpcf7_before_send_mail). - Ship the payload to an LLM with a classification system prompt that returns strict JSON.
- Write the category back to a custom field. Route accordingly.
- For sales and support, generate a draft reply and park it in the helpdesk as a draft, not a sent email. Humans approve, humans send.
The classifier costs fractions of a cent per submission. The draft reply costs a few cents. The office manager gets an hour of their day back. The first three weeks you watch the misclassifications and tighten the prompt. After that it just runs.
3. Front-end chat agent
The visible one. A small widget in the corner of the site that answers FAQ, books demos, and qualifies leads against the same rules a junior salesperson would apply. Useful, but ranked third because it only moves the needle on sites with real traffic. For the rest, it is a vanity install.
If you ship this, ship it with three things in place from day one:
- A WordPress REST proxy in front of the model. The API key never goes near the browser.
- A per-IP and per-session rate limit. Use Redis or your object cache, not
wp_options. - Prompt-injection defences. Strip system-prompt-shaped strings from the user message before forwarding, and treat any tool call output as untrusted input on the next turn. The OWASP LLM Top 10 is the reading list, not the optional reading list.
The security ceiling moved this year. The Morris II paper (Cohen, Bitton, Nassi) demonstrated a zero-click, self-propagating worm against GenAI-powered assistants with tool access, by hiding prompts inside content the agent later processes. If your chat widget can read files, hit URLs, or call internal APIs, assume an adversary will try to use it as a jump host. Sandbox tool calls, log them, and rate-limit egress at the network layer, not just inside PHP.
4. In-editor content drafting
Gutenberg has had block extensibility for years. Almost nobody uses it for AI assistance beyond the bolt-on plugins, which all charge per seat and dump generic copy into your editor. A bespoke sidebar panel is a one-week build and the agency keeps the keys.
Three things that earn their keep inside the editor:
- Alt text generation from the featured image. Read the image, return up to 120 characters in the site's voice.
- SEO title and meta description from the post body. Pin tone with three examples from the client's existing top-ranking posts.
- Internal link suggestions. Embed every published post once, then on save, surface the three closest matches with anchor text suggestions. The retrieval problem is the same one image-RAG papers are now solving one layer up; for an editor, the index is your client's own back catalogue.
Register the panel through the PluginDocumentSettingPanel slot. Call your own REST endpoint. Stream the response if the model supports it so the writer sees the output build in real time.
5. Accessibility automation
The European Accessibility Act (Directive 2019/882) entered into force on 28 June 2025. Every commercial site selling into the EU now has to provide accessible alternatives, and "we didn't get round to it" is not a defence. Read the directive before you next argue with a client about alt text budgets.
Three jobs an AI pass closes in a weekend:
- Alt text for the
wp_postmetarows where_wp_attachment_image_altis empty or duplicated from the filename. A vision model labels them in batches of 50. - Button and link labels. Find every
<a>whose visible text is "click here", "read more", or empty inside a wrapper, and propose a real label based on the destination page's<h1>. - Heading hierarchy. Flag posts where
h2followsh4, or where the page has noh1at all. Fix the worst 20 by hand, ship the rest as a queue to the editor.
The trick: do not auto-apply the alt text. Stage it. Let the content lead approve in batches. The cost of one bad alt text on a hero product image is higher than the time saved.
The shared plumbing
All five of these sit behind the same three pieces of infrastructure. Build it once.
A REST namespace (/wp-json/abn/v1/) that owns every model call. Keys live in wp-config.php or, better, in a secrets manager that the PHP-FPM process reads at boot. A Redis or Memcached layer in front of every expensive call. A request log table that records query, model, prompt tokens, completion tokens, and latency, so you can answer "what did this cost last month" in one SQL query.
The agencies winning at this in 2026 are not the ones with the fanciest models. They are the ones who treat the LLM call like any other paid external API: cached, rate-limited, logged, and reversible.
The biggest WordPress AI win this year is not a chatbot in the corner. It is replacing the broken default search with vector embeddings, and giving the office manager an inbox that triages itself.
What to do this week
Open WP-Admin. Go to WooCommerce, Reports, Orders, Search terms (or query wp_options for _transient_woocommerce_reports_search_terms if the report is empty). Pull the top 50 zero-result queries from the last 30 days. Sort by frequency. Show the list to the founder. That spreadsheet is the business case for integration #1, and you will not have to write a slide for it.
When we built the WooCommerce search rebuild for the Eindhoven client above, the gotcha was that all the product attributes lived in serialised PHP arrays inside wp_postmeta. We wrote a one-shot script to flatten them before embedding, which is the unglamorous half of every AI agents project we ship. Most of the work is in the data, not the model.
Key takeaway
The biggest WordPress AI win in 2026 is not a chatbot in the corner. It is replacing the broken default search with vector embeddings.
FAQ
Do we have to leave WordPress to do any of this?
No. All five patterns live inside WordPress: a REST namespace, a small worker for indexing or classification, and a Gutenberg sidebar panel. The model can be hosted anywhere.
Which vector database should a WordPress agency pick?
If you already run Postgres, pgvector is the cheapest path. If your stack is MySQL-only, start with Pinecone or Weaviate's hosted plan. Switching later is one re-index, not a rebuild.
How do we keep the chat widget safe from prompt injection?
Proxy through WordPress, never put the API key in the browser, rate-limit per IP, strip injected system prompts from user input, and treat any tool output as untrusted. Read the OWASP LLM Top 10.
Will any of this break WooCommerce Subscriptions or membership plugins?
Vector search hydrates results through wc_get_products, so subscription products and membership visibility rules still apply. The other four patterns sit alongside the cart entirely.