TraceWP
Give AI the context it needs to actually help with your WordPress site. One-click export of your theme, plugins, server config, and page data. Paste into ChatGPT, Claude, or any LLM and skip the back-and-forth.
No configuration required for the export. Optionally connect an OpenRouter API key for a built-in AI investigator that can read your site files and suggest fixes directly from your dashboard. Your key stays on your server. AI requests are proxied, never sent from the browser.
Free and open source · GPL v2 · read-only, never modifies your site
# WordPress Site Context | TraceWP ## Site Info Active Theme: Astra 4.7.2 (child theme: yes) WordPress: 6.5.3 PHP: 8.1.27 Server: LiteSpeed / Linux ## Active Plugins (14) [ok] WooCommerce 8.9.2 [ok] Elementor 3.22.0 [!] Yoast SEO 22.7 ← update available [ok] WP Rocket 3.15.4 ... 10 more ## Server Environment PHP extensions: curl, gd, mbstring, openssl, zip wp-config: WP_DEBUG=false, DISALLOW_FILE_EDIT=true
Context export
One-click structured export: theme, plugins with versions and pending updates, server config, customizer settings, cron, debug log, .htaccess, and 15+ more data points. Output is markdown, ready to paste into any AI tool.
Front-end inspector
Click any element on your live site to capture its selector, classes, attributes, and parent chain, packaged automatically for the AI. No manual digging through source markup.
AI investigator
Built-in chat via your OpenRouter API key. The AI can read theme files, check database options, fetch rendered HTML, and trace template hierarchy, all read-only. Free tier models supported.
Who it's for
Good fit
- You manage WordPress sites and sometimes need AI help with theme, plugin, or layout issues
- You paste questions into ChatGPT or Claude and get tired of re-explaining your setup every time
- You're a freelancer or consultant working across multiple client sites
- You want a faster way to give AI context than manually listing your plugins and theme
Probably not for you
- You're a developer who's comfortable reading source files directly
- You need an AI that can make changes to your site (TraceWP is read-only)
- You don't use AI tools at all for WordPress work
FAQ
Does it change anything on my site?
No. TraceWP is completely read-only. It reads files and settings to provide context but never modifies anything.
Do I need an API key?
No. The context export works without any API key. The AI investigator requires an OpenRouter key, which has a free tier.
Where do AI requests go?
Your WordPress server proxies all AI requests to OpenRouter. Your API key never reaches the browser. The server only handles read-only file reads and site data for the AI's tool calls.
Is my API key safe?
Your key is encrypted with AES-256-CBC + HMAC-SHA256 (encrypt-then-MAC), stored in the database, and never sent to the browser. All AI requests are proxied server-side so your key never leaves your server. Legacy keys are automatically upgraded to the new authenticated format.
What data is included in the export?
Site info, active theme with customizer settings, all active plugins with versions and pending updates, server environment, wp-config constants, .htaccess, page content and blocks, widget areas, menu structure, registered shortcodes, image sizes, template overrides, active hooks, cron schedules, and debug log, if available.
What AI models can I use?
Any model on OpenRouter. The plugin fetches the live model list with pricing. Free models are enabled by default.
Changelog
- AI requests now proxied server-side. Your API key never reaches the browser.
- Server-side validation on all tool endpoints: extension allowlists, blocked sensitive files, SSRF protection, size limits.
- All settings actions moved to REST endpoints with proper CSRF protection (no more exposed nonces in page HTML).
- API key encryption upgraded to encrypt-then-MAC (AES-256-CBC + HMAC-SHA256) with constant-time verification.
- Rate limits scoped per endpoint type so chat won't block exports.
- Request size limits on all endpoints.
- Content-Security-Policy headers on admin pages.
Bug fixes.
Design updates and bug fixes.
- First stable public release. Context export with 15+ data points, markdown output with table of contents.
- Front-end element inspector, AI investigator with 7 read-only tools, OpenRouter integration with free tier.
- API keys encrypted with AES-256-CBC. File access jailed to ABSPATH. All AI output HTML-escaped.
Pre-release. AI investigator, front-end inspector with embedded chat, OpenRouter integration.
Early development. Context export, plugin and theme detection, front-end element inspector.