# WordPress Toolkit
Manage WordPress applications from ServerAvatar without using wp-admin: overview data, updates, themes, plugins, cron, security hardening, debug settings, and site settings.
# Prerequisites
- WordPress Toolkit add-on — The organization owner's account must have an active WordPress Toolkit add-on, purchased from the ServerAvatar dashboard (Add-ons). Add-on purchase and payment are not available through the API.
- WordPress application — The target application
frameworkmust bewordpress. - Permission — The API token must have the wordpress-toolkit permission at the application level.
If the add-on is not active, toolkit endpoints return:
{
"message": "Please purchase the WordPress toolkit add-on to use this feature."
}
# Base URL
All toolkit routes use this prefix:
https://api.serveravatar.com/organizations/{organization}/servers/{server}/applications/{application}/wordpress-toolkit
Replace {organization}, {server}, and {application} with numeric IDs.
# Endpoints
| Section | Documentation |
|---|---|
| Summary & overview | Summary |
| Updates (core & database) | Update |
| Performance (cache & rewrite) | Performance |
| Object Cache Pro | Object Cache Pro |
| Search & replace | Search & Replace |
| Themes | Themes |
| Plugins | Plugins |
| WP Cron (mode & run) | Cron |
| Security | Security |
| Debug | Debug |
| Site settings | Settings |
| Blueprints (CRUD & apply on create) | WordPress Blueprints |
# Common errors
| HTTP | Message | Cause |
|---|---|---|
| 404 | Server not found. | Server does not belong to the organization |
| 404 | Application not found. | Application is not on the server |
| 422 | This action is only valid for WordPress applications. | Application is not WordPress |
| 403 | Permission denied | Missing wordpress-toolkit permission |
| 500 | Add-on message | WordPress Toolkit add-on not purchased |
Successful operations typically return a response object with command output.