WordPress Agent Readiness: Why 43% of the Internet Fails
WordPress powers 43% of all websites on the internet (W3Techs, 2026). In our scans, WordPress-detected sites without WooCommerce average below 30 on the Agent Readiness Score — firmly below Bronze. The problem is not WordPress itself. It is that the default stack is optimized for human eyeballs, not agent tool calls. Here is the plugin, endpoint, and file checklist that turns a vanilla WordPress site into an agent-operable surface.
The 43% Problem
Of every 100 websites on the internet, 43 run on WordPress. The number has been climbing steadily since 2015 and shows no signs of slowing — WordPress is cheap to host, has a dominant plugin ecosystem, and has become the default choice for small businesses, marketing sites, blogs, and increasingly e-commerce stores via WooCommerce.
That makes WordPress the single largest lever in the entire agent readiness market. If WordPress sites average 30 on the Agent Readiness Score, the internet as a whole averages below 50. If WordPress sites average 60, the whole agent economy shifts upward. No other platform controls anywhere near this much of the surface area.
The AgentHermes scanner has seen this pattern repeatedly across 500 businesses scanned: WordPress-detected sites without WooCommerce average below 30, while WordPress-plus-WooCommerce sites average above 45 and the best-tuned stacks push into Silver (60+). The platform is not the problem. The default configuration is.
Why Vanilla WordPress Scores So Low
A default WordPress install with a popular theme hits only a handful of the 9 Agent Readiness dimensions. Here is what the scanner actually sees:
D1 Discovery
WeakRobots.txt present, sitemap.xml usually present, Open Graph tags depend on theme. No llms.txt, no agent-card.json.
D2 API Quality (weight 0.15)
Near Zerowp-json/wp/v2 endpoints exist but are often auth-walled by security plugins. No OpenAPI spec exposed. Transactional endpoints absent without WooCommerce.
D3 Onboarding
WeakNo agent-oriented docs, no AGENTS.md, no onboarding flow for programmatic clients.
D6 Data Quality
Theme-DependentStructured data limited to what the theme outputs. Most themes output Open Graph and maybe breadcrumb schema. No product schema, no FAQ schema.
D9 Agent Experience
PoorHTML-first rendering. Agents must parse page output. No machine-readable capability declaration. No MCP. No A2A.
This is not a WordPress flaw — it is a scope mismatch. WordPress was designed for 2005 blogging and extended for 2015 marketing sites. Agent readiness is a 2025-onward requirement that never shaped the default stack. Fixing it is mostly a matter of adding the right plugins and a few static files to the root.
The WooCommerce Difference
WooCommerce is the single highest-leverage plugin in the WordPress ecosystem for agent readiness. It ships with the Store API — a public, read-optimized REST surface at /wp-json/wc/store/v1/* — that exposes products, variants, pricing, stock levels, categories, cart operations, and checkout. Agents can discover inventory, check availability, build a cart, and apply coupons without authentication.
That single plugin moves a WordPress site from “nothing structured to transact with” to “structured product catalog and checkout endpoints.” The scanner picks up real points across D2 API Quality (0.15 weight), D4 Pricing Transparency (0.05), D5 Payment (0.08), and D6 Data Quality (0.10) — four dimensions totaling 38% of the score.
AgentHermes also ships a dedicated WooCommerce detector that fingerprints the Store API, verifies endpoint health, and auto-generates MCP tools matching the live catalog. No configuration required — if WooCommerce is running and the Store API is reachable, the adapter does the rest.
Plugins That Help
Install these in order of impact. Most sites can install all four in under an hour.
WooCommerce
The single biggest score lever for any WordPress site selling products or services. Exposes the Store API with structured products, variants, pricing, stock, and checkout endpoints — exactly the shape agents need to transact.
WP REST API Cache
Caches wp-json responses so agents can hit the API without overwhelming origin. Improves D8 Reliability and removes the “slow first call” penalty many agent pipelines apply.
Yoast SEO / Rank Math
Outputs JSON-LD schema.org markup for posts, products, FAQs, and breadcrumbs. Agents pull this structured data directly instead of parsing HTML, improving D1 Discovery and D6 Data Quality.
WooCommerce Store API extensions
Plugins that expose additional Store API routes — coupons, shipping zones, tax rules, subscription management. Each route is one more tool an MCP client can call.
Plugins and Configurations That Hurt
Most of these are fixable with configuration rather than removal. Do not rip out your page builder — tune it.
Heavy page builders without schema
Builders like Elementor Pro and Divi render complex HTML that is beautiful for humans and illegible for agents. Unless paired with a schema plugin, they bury content in nested divs that scanners cannot extract.
Auth walls on wp-json
Security plugins that require authentication to reach /wp-json/wp/v2/posts block agents from basic discovery. The cure is worse than the disease — a few hundred extra bot hits per day in exchange for total invisibility.
Aggressive caching without API exemptions
Full-page cache plugins that also cache wp-json endpoints return stale inventory or closed-status errors to agents that are trying to transact in real time.
The Agent-Ready WordPress Stack
Six steps, in order. Each one is independently verifiable — scan after each and watch the score rise.
WooCommerce installed and active
Not optional if you sell anything. Store API at /wp-json/wc/store/v1/products exposes structured catalog data. The Store API is public by design — no auth required for reads.
wp-json publicly reachable
Verify /wp-json/ returns the root discovery document. If a security plugin is blocking it, allow-list unauthenticated GET requests on /wp-json/wp/v2/posts and /wp-json/wc/store/v1/*.
Schema plugin (Yoast or Rank Math) outputting JSON-LD
Products, posts, FAQ pages, and breadcrumbs all emit structured data. Agents pick this up directly during a scan and skip HTML parsing entirely.
agent-card.json at /.well-known/
WordPress ships static files from the root. Drop an agent-card.json listing your WooCommerce endpoints and A2A skills. AgentHermes generates this for you from your WooCommerce catalog.
llms.txt and AGENTS.md at the root
Two markdown files: llms.txt points to your key pages, AGENTS.md documents your shop for LLM consumption (product categories, checkout flow, shipping options).
OpenAPI spec exposed
The WooCommerce REST API already has an OpenAPI definition — publish a link to it in AGENTS.md and in the agent card. D2 API Quality is the 0.15-weight dimension; a published OpenAPI adds 8-12 points on its own.
Shortcut: connect your WordPress site through AgentHermes and steps 4-6 are auto-generated. We read your WooCommerce catalog, generate agent-card.json, llms.txt, and AGENTS.md, and host an MCP endpoint wrapping your Store API. No plugin install required.
How the AgentHermes Scanner Detects WordPress (and WooCommerce)
WordPress fingerprints
meta generator tag, /wp-content/ path patterns, wp-json root discovery, common admin endpoints. Detection is near-100% across the WP-powered half of the web.
WooCommerce fingerprints
Store API at /wp-json/wc/store/v1/, WooCommerce script handles, the wc- CSS class prefix. We hit the Store API directly and confirm endpoint health.
Adjusted scoring weights
When WordPress is detected, D2 API Quality is evaluated against the expected wp-json + Store API surface. Sites that have WooCommerce but block it via auth walls are flagged and lose points.
Plugin hints in the verdict
The audit report recommends specific plugins based on what is missing. Yoast for schema. WP REST API Cache for speed. And the three discovery files for D1 + D3 + D9.
The scanner is WordPress-aware but not WordPress-forgiving. A WordPress site with the right plugins scores like any other site with the same capabilities. A WordPress site with the wrong configuration scores worse than a custom build with equivalent surface area, because the platform signals expectations the scanner checks against.
Frequently Asked Questions
Why do most WordPress sites score below 30 on agent readiness?
Vanilla WordPress is HTML-first. Without plugins, the only structured data an agent can reach is whatever the theme happens to output — usually a thin layer of Open Graph tags. There are no transactional endpoints, no typed product data, no agent-card.json, and no llms.txt. The AgentHermes scanner sees a human-oriented HTML site with weak structured data, which lands in Bronze or below.
Does WooCommerce alone make WordPress agent-ready?
WooCommerce is the single biggest lift you can install, but “agent-ready” requires more than transactional endpoints. A WooCommerce site with no schema plugin, no llms.txt, no agent-card.json, and an auth-walled wp-json will still struggle to crack Silver. The full stack is WooCommerce + Yoast/Rank Math + unblocked wp-json + the three agent discovery files (agent-card.json, llms.txt, AGENTS.md).
What is the fastest way to raise a WordPress site's Agent Readiness Score?
Install WooCommerce (if you sell anything). Confirm /wp-json/wc/store/v1/products returns real data. Install Yoast or Rank Math and enable JSON-LD output. Upload an agent-card.json, llms.txt, and AGENTS.md to your root directory. Re-scan at agenthermes.ai/audit. Most sites move 15-25 points in an afternoon with this checklist.
Do page builders like Elementor or Divi hurt agent readiness?
Yes, unless paired with a schema plugin. Page builders prioritize visual fidelity and render nested HTML that scanners cannot extract reliably. The fix is not to remove the builder — most businesses depend on it — but to pair it with Yoast or Rank Math so the structured data layer is clean even when the visual layer is complex. The scanner reads the JSON-LD first and the HTML second.
How does AgentHermes detect WordPress during a scan?
The scanner checks for wp-json endpoints, WordPress-specific meta generators, and common plugin fingerprints. When WordPress is detected we apply adjusted weights: D2 API Quality is evaluated against the WooCommerce Store API spec, D6 Data Quality gives credit for schema plugin output, and D3 Onboarding expects a public wp-json discovery document. The same scoring rubric applies, but with WordPress-aware detection logic.
Scan your WordPress site in 60 seconds
See exactly which of the 9 dimensions are weak, which plugins to install, and whether WooCommerce is properly exposed. Then connect through AgentHermes and get the discovery files generated automatically.