Back to Blog
wordpress-ai ai-governance wordpress-org plugin-release site-owners

We're Submitting AI Governance for WordPress to WordPress.org — Here's What's Coming for Early Users

Axtolab

We’re submitting the AI Governance plugin for WordPress to WordPress.org.

That’s not a soft launch or a waitlist — it’s a formal submission to the official plugin directory, which means going through WordPress.org’s review process, meeting their coding and security standards, and coming out the other side as a listed plugin that any WordPress site owner can find, install, and use from their dashboard.

Here’s what that means, what the plugin does, and what you can expect as an early user.

Why WordPress.org Matters for This Plugin

Most plugins that target a new WordPress feature get discovered two ways: developers find them through GitHub or a blog post, and everyone else finds them through the WordPress.org directory.

The directory is where WordPress site owners actually look. If you’ve ever opened your wp-admin, gone to Plugins → Add New, and searched for something — that’s WordPress.org. It’s the default discovery channel for the 40+ million sites running WordPress.

AI spend control is a problem that will affect all of those sites once AI is enabled. The logging dashboard coming in WordPress core’s AI plugin will show owners what they spent. But it won’t stop anything. WordPress.org is where they’ll look when they want to do something about it.

Being listed there — with a proper readme, screenshots, support forum, and rating history — is what turns a useful tool into something people actually find and trust.

What the Plugin Does

The AI Governance plugin sits between WordPress’s centralised AI client and the plugins that use it. Every time a plugin on your site tries to make an AI call, the governance plugin intercepts it, checks whether that plugin has budget remaining for the current month, and either allows or blocks the call accordingly.

The core mechanism is wp_ai_client_prevent_prompt — a native WordPress 7.0 filter that fires before every outbound AI request. It’s the right interception point: early enough to prevent the call, specific enough to identify which plugin triggered it.

What this gives you in practice:

Per-plugin token budgets. Each plugin gets its own monthly allocation. When a WooCommerce description generator burns through its budget, it stops — without touching the budget for your site’s other AI features. One plugin misbehaving doesn’t drain the shared pool.

Hard stops, not just visibility. The upcoming AI Request Logs dashboard in WordPress core will show you what your site spent. The governance plugin stops what’s about to happen. Both layers are useful; they do different things.

A spend dashboard that shows plugin-level attribution. Which plugin made the most calls this month? Which one is over budget? The dashboard answers those questions with per-plugin breakdowns, estimated costs, and budget status.

Free and Pro Tiers

The plugin is freemium. The free tier is a genuine tool — not a stripped-down teaser.

Free:

  • Full spend dashboard with per-plugin usage and estimated costs
  • Audit log showing every AI call, with plugin attribution
  • Read-only visibility into everything your site is spending on AI

Pro ($39/year):

  • Budget enforcement — the hard stops that block calls when a plugin hits its limit
  • Export your audit log data
  • Priority support

The pricing is intentional. Visibility is free because every site running WordPress AI features deserves to see what’s happening. Enforcement is Pro because it requires more infrastructure and ongoing maintenance, and $39/year is a straightforward trade for protection against an unexpected API bill that could cost twenty times that in a single night.

What the WordPress.org Submission Process Involves

WordPress.org plugin review is thorough. The team reviews code for security issues, checks that plugin files follow WordPress coding standards, verifies that the readme accurately describes what the plugin does, and looks for anything that could affect site owners negatively.

The review can take a few weeks depending on queue depth. For a security-adjacent plugin that intercepts outbound API calls, we expect reviewers to look closely at how data is handled — specifically that prompt content isn’t stored (we hash it, not store it), that the plugin doesn’t modify or log credentials, and that the enforcement mechanism is clearly scoped to AI calls.

We’ll be submitting with a complete readme, screenshots of the dashboard and settings pages, a proper changelog, and a support forum ready for questions. The goal is to pass review on the first submission.

What Early Users Get

If you sign up for early access before the WordPress.org listing goes live, you get:

  • Access to the plugin before it’s publicly listed
  • A direct line to flag issues — plugins this close to a major WordPress release benefit from real-world testing more than most
  • Your feedback actually shapes the v0.2 roadmap

There are a handful of things on the v0.2 shortlist that came directly from early feedback: a real-time spend gauge in the dashboard (rather than a monthly summary), email alerts when a plugin hits 80% of its budget, and network-level controls for multisite installs. None of those are promises — they’re the directions we’re seriously considering.

The Timing

WordPress 7.0 is launching mid-to-late May 2026. That’s the version that ships the centralised AI client as a stable feature — meaning AI calls from any installed plugin go through one shared infrastructure layer for the first time.

The enforcement problem this plugin solves gets more pressing with every plugin that starts using the native AI client. Right now, AI-enabled plugins are relatively rare. By late 2026, they’ll be common. Getting the governance layer in place before that happens is the whole point of building this now.

We’re targeting a WordPress.org submission before the WP 7.0 launch window. If the review process runs on the longer end, the plugin will be available for direct install in the interim.

How to Get Early Access

You can join the early access list at axtolab.com/pricing. No spam, no commitment — just a heads-up when access opens and any relevant updates before the public listing.

If you’re a developer who wants to look at the code or flag something before submission, reach out through the contact on the pricing page. We’d rather hear about an edge case before review than after.

The Short Version

WordPress is adding AI to the core platform. That’s good. It also means every plugin on your site can now make outbound API calls that cost real money. The logging dashboard coming in core will show you what you spent. The AI Governance plugin will stop what’s over budget.

We’re submitting to WordPress.org so this is findable by the people who need it — not just developers reading blogs, but the store owners and site admins who search the plugin directory when they have a problem to solve.

Early access is open. Join the list if you want in before it’s publicly listed.

Back to Blog