Martin Baker – Solutions Architect

The Right Way to Integrate AI into WordPress: Server-Side Proxy Pattern

Written by

martin

in

Most tutorials on adding AI to WordPress get one thing critically wrong: they show you how to call an AI API from the browser. That means your API key — and your bill — are one browser inspection away from being someone else’s problem.

With WordPress 7.0 shipping native AI infrastructure in May 2026 and security researchers immediately flagging API key exposure issues, this topic has never been more relevant. The correct pattern isn’t new, but it’s still widely misunderstood.

This post explains the server-side proxy pattern: what it is, why it matters, and how I implemented it in a production-style WordPress + Symfony demo you can explore right now.

The Problem: Browser-Side API Calls

The naive approach to adding AI to a WordPress site looks something like this:

// ❌ Don't do this
fetch('https://api.openai.com/v1/chat/completions', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk-YOUR-SECRET-KEY', // exposed in browser
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ ... })
})

Anyone who opens DevTools on your site can see that key. They can copy it, use it, and run up charges on your account. This isn’t theoretical — it happens constantly, and it’s exactly the kind of exposure that WordPress 7.0’s new AI Connectors API has already been criticized for enabling if not configured carefully.

The Solution: WordPress as a Secure Server-Side Proxy

The correct pattern keeps the browser out of the conversation with the AI entirely. Instead:

Browser → WordPress (PHP, server-side) → AI Backend → Browser

The browser never talks to the AI directly. WordPress acts as the gatekeeper — validating requests, enforcing rate limits, injecting credentials, and forwarding only what’s appropriate.

What the proxy layer handles

  • Nonce validation — ensures the request came from your WordPress frontend, not a bot or external script
  • Rate limiting — prevents abuse (e.g. 5 requests per 5 minutes per IP)
  • Endpoint allowlisting — only specific backend routes can be reached through the proxy
  • Credential injection — the API key or demo key is added server-side, never sent to the browser
  • Response sanitization — you control what comes back to the client

How I Built It: WordPress + Symfony

In my demo implementation, the full request chain looks like this:

[ Browser UI ]
      |
      ▼
[ WordPress PHP (proxy layer) ]
  - Verifies nonce
  - Enforces rate limit (5 req / 5 min / IP)
  - Validates allowed endpoint path
  - Injects private demo key
      |
      ▼
[ Symfony API Backend ]
  - Validates demo key
  - Runs AI / RAG logic
  - Returns structured JSON with citations
      |
      ▼
[ WordPress returns response to browser ]

The WordPress proxy in PHP

The proxy is a WordPress AJAX handler. It uses wp_remote_post() — WordPress’s built-in HTTP client — rather than raw cURL, which keeps it portable and respects WordPress’s SSL and timeout configuration.

add_action('wp_ajax_nopriv_mrobbieb_ai_query', 'mrobbieb_handle_ai_query');

function mrobbieb_handle_ai_query() {
    // 1. Verify nonce
    check_ajax_referer('mrobbieb_ai_nonce', 'nonce');

    // 2. Rate limiting (transient-based per IP)
    $ip  = $_SERVER['REMOTE_ADDR'];
    $key = 'mrobbieb_rate_' . md5($ip);
    $hits = (int) get_transient($key);
    if ($hits >= 5) {
        wp_send_json_error(['message' => 'Rate limit exceeded. Try again shortly.'], 429);
    }
    set_transient($key, $hits + 1, 5 * MINUTE_IN_SECONDS);

    // 3. Validate and forward to backend
    $question = sanitize_text_field($_POST['question'] ?? '');
    $response = wp_remote_post(MROBBIEB_API_URL . '/ask', [
        'headers' => [
            'X-Demo-Key'   => MROBBIEB_DEMO_KEY, // never sent to browser
            'Content-Type' => 'application/json',
        ],
        'body'    => json_encode(['question' => $question]),
        'timeout' => 30,
    ]);

    // 4. Return sanitized response
    $body = json_decode(wp_remote_retrieve_body($response), true);
    wp_send_json_success($body);
}

Notice that MROBBIEB_API_URL and MROBBIEB_DEMO_KEY are PHP constants defined in wp-config.php or a separate config file — never hardcoded in JavaScript, never visible to the browser.

What This Prevents

  • API key leakage — credentials live in PHP constants, never in JavaScript or the DOM
  • Direct backend abuse — the AI backend is never reachable from the browser directly
  • Open-proxy vulnerabilities — the endpoint allowlist means you can’t use the proxy to hit arbitrary URLs
  • Runaway costs — rate limiting ensures no single user can drain your API quota

Why This Matters More Now: WordPress 7.0

WordPress 7.0 shipped a native AI Connectors API that stores provider credentials in the database and provides a unified interface for AI calls. In theory, this is exactly the right direction — server-side credential management, standardized interfaces, plugin-level abstraction.

In practice, the launch-day security disclosure was a reminder that the pattern only works if every layer of the implementation is careful. Storing keys in the database is better than hardcoding them in JavaScript — but it introduces new attack surfaces (database dumps, plugin vulnerabilities, admin form exposure) that need to be understood and mitigated.

The server-side proxy pattern described here complements WordPress 7.0’s approach: let WordPress manage credentials server-side, and ensure the browser never has a direct line to anything sensitive.

See It Running

The full implementation — WordPress proxy, Symfony backend, rate limiting, nonce validation, and structured JSON responses with citations — is live in my AI Integration Demo. You can interact with it and inspect exactly what the browser sends and receives.

For a more advanced example of the same pattern applied to a real domain (healthcare plan comparison), see the Healthcare Plan RAG Demo — a FastAPI backend with PostgreSQL vector search, where the AI answers strictly from cited plan documents.

Key Takeaways

  1. Never make AI API calls from the browser. Always proxy through server-side PHP.
  2. Store credentials in PHP constants or environment variables, not JavaScript.
  3. Use WordPress nonces to validate that requests come from your own frontend.
  4. Enforce rate limiting server-side using WordPress transients.
  5. Allowlist specific backend endpoints — never build an open proxy.

This pattern scales from a simple OpenAI call to a full RAG pipeline. The browser doesn’t need to know anything about your backend — and it shouldn’t.

Building something like this?

Get a free 30-minute architecture review or a written AI readiness audit — no commitment.

Book a Free Call
Request an Audit
Martin Baker

Martin Baker — Solutions Architect specializing in AI, RAG systems, and WordPress engineering. 15+ years building systems that hold up under real business pressure.

LinkedIn · GitHub · Get in touch

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts