Oliver Sild, founder of security company Patchstack WordPress, has shared his concerns about the security of AI API keys in WordPress 7.0, sharing that “there will be an absolute rush from hackers to steal API keys.” To emphasize this point, a real security bug was discovered in WordPress 7.0 that exposes API keys.
AI API keys are valuable
AI API keys are secure passwords (keys) that allow a WordPress plugin or theme to interact with an AI like Claude, OpenAI or Gemini. An API key allows an AI company to charge users for the use of their systems, which is separate from and in addition to the all-you-can-eat model of their monthly plans.
AI API keys are very valuable assets that can be worth tens of thousands of dollars. Hackers steal AI API keys to power AI botnets that engage potential victims on social media and dating apps, running thousands of conversations with their targets. They also use stolen AI API keys to carry out large-scale phishing campaigns, write malware, and can also be used to access sensitive data related to the implementation of AI in a WordPress site.
Patchstack founder Oliver Sild has warned that WordPress vulnerabilities could become much more valuable to attackers now that websites are increasingly connected to large language models and paid AI APIs.
herring job on X:
“WordPress 7.0 combined with plugin vulnerabilities = free AI tokens. Hackers will absolutely rush to steal API keys.”
WordPress co-founder Matt Mullenweg has pushed back against the notion that WordPress sites are generally insecure, insisting that the “vast majority” of WordPress sites are secure and saying he has run some WordPress sites for over 20 years that have never been hacked.
That may be true, but Automattic’s WordPress.com servers had a security incident in 2011 who exposed sensitive information.
WordPress 7.0 AI Security Bug Surfaces
A recently reported WordPress 7.0 security bug involving exposure of AI API keys shows that the potential for security issues is real. This specific security issue appeared in the AI integration setup form which allows a browser to automatically fill in the AI API key, visually exposing it in the browser window. The report explains that the issue could expose credentials when screen sharing, on shared computers, or to anyone with access to an active browser session.
The official WordPress GitHub report explains what the security problem is:
“When entering an API key in the integration setup form (Anthropic provider), the value of the API key appears in the browser’s autocomplete/autofill suggestions dropdown in plain text. This may expose sensitive credentials to anyone with access to the browser session or screen.
The API key field should behave like a secure password field and should not display previously entered values as suggestions.
A new era of WordPress attacks
Oliver Sild also raised concerns in the Dynamic WordPress Facebook group about how AI integrations could change the economics of running WordPress sites.
Sild argued that software vulnerabilities are already the leading cause of security breaches and warned that AI-connected WordPress sites are now much more attractive targets because they may contain access to valuable AI services and API credentials.
He also predicted that more bad actors would begin targeting WordPress sites specifically for credentials and AI-related services.
Other developers joined the discussion and expanded it beyond individual vulnerabilities to include broader software architecture concerns about how WordPress handles secrets, plugin permissions, and database access.
Andrei Lupu warned that once attackers gain access to the database, protecting secrets becomes extremely difficult:
“The reality is that once they have access to the database, you’re doomed. We need to work on best practices to avoid this.”
Equalize Digital’s Steve Jones suggested that WordPress may eventually need a more granular permissions model controlling which plugins and themes can access sensitive services or credentials.
Sild responded that fixing the issue would likely require a major architectural overhaul, as vulnerabilities in plugins that expose database access or administrator privileges effectively compromise the entire site.
Brian Coords, developer advocate at WooCommerce, joined the discussion to explore whether there are practical ways to isolate API keys without redesigning WordPress itself. But he also acknowledged that arbitrary PHP execution makes the problem difficult to fix because malicious code could still call API calls directly from the compromised site.
He shared:
“This applies pretty generally to WordPress secrets. Is there a solution that doesn’t require a complete architectural overhaul?”
…Come to think of it, even if you could theoretically hide the keys and connections themselves outside of the environment, even the ability to add PHP to a site means you could still include malicious code to make the calls from the site itself.
The Architecture of the AI Age of WordPress
The problem for WordPress is that its plugin trust model was designed before websites contained monetizable AI credentials, connected to automation systems, or considered direct access to third-party LLM services.
This does not mean that WordPress 7.0 is not secure by default. As Mullenweg pointed out, properly maintained WordPress sites can remain secure. But keeping a site frequently updated does not guarantee that a WordPress site will escape hacking. A recent report from Patchstack indicates that hackers are increasing the speed at which they attack websites in order to exploit the brief window of opportunity between when a vulnerability is discovered and when the site owner updates their site.
AI API Keys Make WordPress a Bigger Target
One of the takeaways here is that many site owners are unaware of how API keys work and that they are not free to use. Using AI on a WordPress site can potentially lead to the theft of thousands of dollars in AI usage. Even a site that doesn’t have sensitive information to steal now becomes a valuable target if it uses an AI key to accomplish tasks like scaling meta descriptions on a site or to help build the website itself.
Featured image by Shutterstock/Yuriy2012
