WordPress and WooCommerce access

Before requesting WordPress or WooCommerce access

Use this page when a report finding may need WordPress, WooCommerce, theme or plugin context and repository remediation is not the right access path. The access request should stay scoped to the customer-owned site and the smallest review permission needed for the fix. Do not ask for WordPress admin credentials, WooCommerce customer/order data or broad plugin access. The product flow should request structured access or route to ticket_only_fallback when safe access is unavailable.

Request scoped CMS access

Follow the path `Report fix workflow → Platform access option → WordPress/WooCommerce scope → Customer grant or ticket-only fallback → Revoke path`.

1. Open /reports/{report} and review the automated fix workflow platform access options. Result: wordpress_woocommerce appears only when the finding may need WordPress, WooCommerce, theme or plugin context.
2. Choose the WordPress/WooCommerce access option for the customer-owned project. Result: platform_access_mode and requested_permission are set to wordpress_woocommerce_review.
3. Confirm the minimum role or scope the task needs, such as theme or plugin review rather than full admin. Result: wordpress_role and woocommerce_scope describe limited access before the customer grants anything.
4. Review connector_status and plain_text_sensitive_values_allowed before sharing instructions. Result: the page explains structured request only and blocks credentials in chat, tickets or documentation.
5. Use ticket_only_fallback when admin, order, customer data or broad plugin access would be unsafe. Result: remediation can continue with customer-applied WooCommerce/WordPress instructions.
6. After access is granted or fallback is chosen, continue to Access modes and required scopes. Result: the customer understands the exact mode, revoke path and next safe action.

Ready WordPress/WooCommerce states

Continue only when the product shows a scoped and customer-safe state.

• Structured request ready means platform_access_mode is wordpress_woocommerce and requested_permission is wordpress_woocommerce_review.
• Limited role identified means wordpress_role describes the minimum WordPress role or plugin/theme review scope needed.
• WooCommerce scope clear means woocommerce_scope excludes customer orders, payment data and unrelated store administration.
• No plain-text credentials means plain_text_sensitive_values_allowed is false and the customer uses the product flow instead of chat or tickets.
• Fallback available means ticket_only_fallback can carry customer-applied instructions when connected access is unsafe.

Blocked or unsafe access states

Do not work around unsafe CMS access. Use fallback or a narrower scope before the customer shares anything sensitive.

• Admin credential request means stop and choose ticket_only_fallback or a structured scoped request.
• WooCommerce customer/order data request means reject the access mode because remediation does not need customer records.
• Broad plugin access means narrow the request to the affected plugin, theme or configuration area.
• Expired plugin access means reconnect through the product flow or use Safe fallback paths.
• Self-hosted connectivity blocked means use Cloud and self-hosted distinctions before requesting another access path.
• Secret boundary risk means use Revoke and no-secret boundaries before source snippets, tokens or credentials enter artifacts.

Continue from WordPress/WooCommerce access

Continue to Access modes and required scopes after the customer has chosen a scoped WordPress/WooCommerce access path or ticket-only fallback. Use WordPress and WooCommerce diagnostics when the customer needs plugin-provided evidence instead of connected admin access. Use Safe fallback paths when any admin, order data, credential or self-hosted network boundary makes connected access unsafe.