One login per site doesn’t scale
Every site is its own door, its own password, its own tab. The bigger the fleet, the slower every change — and the more places a key can leak.
Your AI does the work across every site. Your credentials stay locked server-side — and never reach it.
For agencies running dozens to hundreds of WordPress sites. No spam.
02 — The problem
Dozens of WordPress sites. Dozens of logins. And now an AI that wants the keys to all of them.
Every site is its own door, its own password, its own tab. The bigger the fleet, the slower every change — and the more places a key can leak.
Hand an AI agent a WordPress password and you’ve handed it the whole site — forever, everywhere, with no way to scope it or take it back cleanly.
Pasting credentials into an AI config is custody by hope. You can’t see what it can reach, and you can’t pull access without a fire drill.
03 — How it works
You bring the AI. Portcullis decides what it’s allowed to touch.
Connect
Use Claude or any MCP client you already trust. It authenticates to Portcullis over OAuth 2.1 with PKCE — no new app to install, no per-site code to deploy.
Gate
The AI never sees a WordPress password. Portcullis holds each site’s credential server-side and hands the AI access — not keys. Pass through the gate, or don’t pass at all.
Govern
Connect a site, scope its access, rotate its credential by reconnecting, or revoke in one call: tokens dropped and the stored credential deleted. You hold the controls; the AI holds nothing.
04 — The approach
Not another dashboard. A gate that stands between your AI and your fleet — and answers to you.
One place
Connect each WordPress site once. From then on, one instruction reaches the whole fleet. No wp-admin marathon, no tab graveyard.
AI does the work
Tell your AI what you want — “list what each site can do,” “draft a post for every clinic.” Portcullis carries the request to each site through the gate.
You hold the keys
Keys live server-side, encrypted per site. The AI gets scoped, revocable access — never the password. Scope, rotate, or revoke any site whenever you want.
05 — Custody, not trust
Every claim below is shipping today — not roadmap.
The secure bridge is live now. The fleet console pictured up top is in active build with our design partners — request access to help shape it.
06 — Questions
What Portcullis does, what it doesn’t touch, and who it’s for.
No. Credential exchange happens server-side. The client and the AI never receive a WordPress password or any token that reaches WordPress — not once, not ever.
No. Portcullis talks to stock WordPress through the built-in Abilities REST API, so there is no plugin to install and no per-site code to deploy.
Claude, or any MCP client you already trust. The client authenticates to Portcullis over OAuth 2.1 with PKCE — it never talks to WordPress directly.
Yes, instantly. One call kills the token chain and deletes the stored credential for that site: access gone, key gone. You can also rotate a credential by reconnecting.
Agencies and organizations running many WordPress sites — dozens to hundreds — who need to govern what AI is allowed to touch across the whole fleet from one place.
Each site’s App Password is AES-GCM encrypted with a per-tenant key, so cross-tenant decryption fails closed — one tenant can never read another’s credentials.
07 — Early access
Early access is opening for agencies running many WordPress sites. Bring your AI — keep your keys.
We’ll email you when your spot opens. No spam.