Skip to main content
WPN

Governance-First By Design

Your WordPress site stays under your control. Always. Every AI action requires explicit approval with full transparency.

100% Human-Approved Actions

Our Security Principles

These aren't just marketing claims. They're technical design decisions built into the core architecture of WP Navigator.

Approval Required

Every AI action must pass policy checks and receive explicit human approval before execution. No autonomous changes, ever.

Diff Before Apply

See exactly what will change before it happens. Full diff previews for every action with clear before/after comparisons.

Complete Audit Trail

Every action logged with timestamp, agent, policy check, and approval status. Full transparency and accountability.

WordPress Permissions & Security

WP Navigator uses WordPress's built-in security features. Here's exactly how the plugin accesses your site and why each permission is needed.

Authentication & Access Control

Application Passwords

Purpose: Secure API authentication without sharing your WordPress password

Security: Revocable anytime, site-specific, no impact on main account security

WordPress REST API

Purpose: Standard WordPress API for all plugin operations

Security: Rate limited (60 req/min), policy-controlled, fully audited

Security Note: All API requests use HTTPS encryption and WordPress's built-in authentication. No custom security bypasses or backdoors.

8-Category Policy System (PRO)

Posts & Pages

What it controls: Blog posts, pages, custom post types

Policy levels: DENY → READ → EDIT → WRITE

Use case: Content updates, SEO optimization, bulk formatting

Plugins & Themes

What it controls: Plugin installation, activation, settings changes

Security: Highest risk category - typically set to READ or DENY

Use case: Plugin audits, automated configuration standardization

Database Access

What it controls: Direct SQL query execution

Security: Rarely needed - use REST API instead

Recommendation: Keep at DENY unless advanced automation required

View complete policy documentation →

Verify Our Security

Don't just trust us. Here's how you can independently verify that WP Navigator enforces governance and maintains complete control over your WordPress site.

1

Review Audit Logs

Check the complete history of all AI actions attempted on your WordPress site.

How to check:

  1. 1. Log in to WordPress admin
  2. 2. Go to WP Navigator → Audit Log
  3. 3. Review timestamp, agent, action, and approval status
  4. 4. Verify: Every action is logged with complete details
2

Test Policy Enforcement

Verify that policy rules actually block unauthorized actions from AI agents.

How to test:

  1. 1. Set a category policy to DENY (e.g., Plugins)
  2. 2. Ask AI agent to perform a plugin action
  3. 3. Observe policy block with clear error message
  4. 4. Verify: No action executed without proper policy level
3

Monitor Application Passwords

Review active Application Passwords and verify agent access is properly controlled.

How to monitor:

  1. 1. Go to WordPress → Users → Your Profile
  2. 2. Scroll to Application Passwords section
  3. 3. Review active passwords and last used times
  4. 4. Verify: Revoke unused passwords to maintain security

How Local-Only Processing Works

A visual representation of how our extensions process data entirely within your browser.

Interactive Diagram Coming Soon

We're creating a visual diagram that shows exactly how data flows through our extensions without ever leaving your device. This will illustrate the technical architecture behind our privacy-first approach.

1

Input Data

Your data enters the extension (colors, text, files, etc.)

2

Local Processing

All computation happens in your browser using JavaScript

3

Output Results

Results displayed or downloaded - never transmitted

Privacy Questions & Answers

Why should I trust your privacy claims?

Don't trust us - verify us! We provide specific technical instructions above to verify our claims. You can monitor network traffic, test offline functionality, and review permissions yourself. Our commitment to privacy isn't just a policy - it's verifiable through browser developer tools.

Do you collect any analytics or usage data?

No. We don't collect analytics, usage statistics, error reports, or any other form of telemetry. We have no idea how you use our extensions, which features you prefer, or when you use them. This is by design - we can't misuse data we never collect.

What about updates and bug reports?

Extension updates are handled through the Chrome Web Store's standard mechanism. We rely on user feedback through our contact form or GitHub issues for bug reports. We don't automatically collect crash reports or usage patterns - everything is opt-in and manual.

How do you make money without ads or data collection?

We believe privacy-first software can be sustainable through direct user support. Our extensions are free to use, and we may offer premium features or accept donations in the future. We'll never compromise on privacy for revenue.

What permissions do your extensions need?

Each extension requests only the minimal permissions needed for its functionality. For example, PaletteKit needs access to the current tab to extract colors, but doesn't need access to your browsing history or other tabs. All permissions are documented on each extension's page.

Ready to try privacy-first extensions?

Experience the peace of mind that comes with extensions that respect your privacy and work entirely offline.

Browse Extensions Ask Questions