Full access. Full responsibility.
Your AI runs PHP inside WordPress with full access. Here is what that means and how you stay in control.
The AI runs PHP inside your WordPress process.
Full access to every function, the database, and the filesystem. There is no abstraction layer, no restricted API. The AI calls WordPress functions directly.
File operations are sandboxed: PHP writes go to a dedicated directory (wp-content/novamira-sandbox/), and crashes are auto-recovered. Direct code execution via eval() bypasses these guardrails. Any code the AI runs can do anything PHP can do.
No anonymous access. Ever.
Every request requires a WordPress Application Password over HTTPS. Only admin users can connect. The credentials are generated per-user and can be revoked at any time from the WordPress dashboard.
Novamira does not phone home, does not proxy through third-party servers, and does not store credentials. The connection is direct: your AI client talks to your WordPress site.
Safety nets
Things break. You recover.
Crash recovery
If a sandbox file causes a fatal error, Novamira detects it, disables the file so your site keeps running. Database changes or wp-config.php edits via eval() are beyond its reach. But for the PHP it writes, your site comes back.
Safe mode
Append ?novamira_safe_mode=1 to any URL and all sandbox files are bypassed instantly. Manual kill switch when you need it.
30-second limit
Every eval() call has a hard time limit. No runaway scripts, no infinite loops eating your server.
Sandbox dashboard
Every file the AI creates is listed in the admin panel. Inspect, disable, or delete them one by one. You stay in control.
Start on staging.
Novamira is for development and staging environments only. Always keep backups. You choose the AI model, you provide the API key, you review the output. We provide the plugin.
Novamira is open source. You can audit every line of code on GitHub.
Your WordPress. Your AI.
Nothing in between.
Free and open source. Built for WordPress 6.9+.