I shipped a thing. A WordPress Osaurus AI Provider is now on the WordPress.org plugin directory. It wires Osaurus, a local LLM runtime, into the AI Client that ships with WordPress 7.0, so the new and experimental AI features in your editor can run on a model sitting on your own Mac instead of phoning a cloud account. This post covers the why, the how, and the part I actually care about: why this is a much safer way to use AI in WordPress.
What Osaurus is
Osaurus AI is a local AI runtime for Apple Silicon. It runs AI models right on your Mac and exposes them over an OpenAI-compatible HTTP API, which is the part that matters for tooling: anything that already knows how to talk to OpenAI can talk to Osaurus by pointing at a different URL. No special client, no rewrite.
Osaurus can also handle your OpenAI, Anthropic, or Vertex keys (even Open Router), and it will send requests out to them when you want top-tier output. The keys live inside Osaurus, in the macOS Keychain, on your machine. So you get a single endpoint that serves either a free local model or a big hosted one, and the keys for the hosted ones never have to live anywhere except your own Mac. Hold that thought.
Like Ollama?
Yes, and I love Ollama. I have run it for more than two years; it is great, and nothing here is a dunk on it. But on Apple hardware specifically, Osaurus has an edge that is built in rather than a benchmark of the week. It is native Swift, built only for Apple Silicon, running on MLX from the ground up instead of having MLX bolted on later. The whole thing is tiny and feels like a Mac app rather than a daemon you babysit. Ollama has since added an MLX backend of its own, and the speed gap has narrowed.
Simple example: I’m running Qwen3.5 35B MLX on my M4 Mac mini. On Ollama’s default backend, I get 30 to 40 tokens per second. On Osaurus it’s more like 50 to 60. Same machine, same model, same me staring at it.
How the plugin works
First thing to get out of the way: this is for a local WordPress install, not your live site. That is the whole idea. You write on a copy running on your own machine. The easiest way to get one is WP Studio, which spins up a local WordPress in a couple of clicks and is free. If you already use Local, Valet, MAMP, or Docker, those work too. Whatever gets you a WordPress on your Mac.
WordPress 7.0 ships with an AI Client, a standard way for plugins and core features to ask for AI without each one hardcoding a provider. My plugin registers Osaurus as one of those providers.
Once it is active, anything that calls the AI Client routes through Osaurus. The rephrase, shorten, and expand buttons in the block editor, any plugin built on the same client, your own code, all of it can go to a model on your machine. WordPress talks to http://127.0.0.1:1337/v1 by default, which just works if WordPress and Osaurus are on the same Mac. If they are not, there is a field for a custom URL, so the box running WordPress can still find Osaurus wherever you put it.
There is no API key on the WordPress side. None. The plugin registers a placeholder credential so the connectors screen stops nagging, then talks to a local server that does not ask for one. Which is the whole point of what comes next.
Why this is the safer way to do it
The common way people add AI to WordPress is to paste an OpenAI or Anthropic key into a plugin on their live site. It works. It is also a stack of risks you do not have to take.
A hallucinating model on your live site can break your live site. If the thing writing or rewriting content has its hands on production, a confidently wrong output is not a funny screenshot; it is your homepage. Keeping the AI work local and off production means the worst case stays a draft, not a 2 a.m. phone call.
A hacked site with a key on it is a hacked site with your money on it. Get hacked while a provider key is sitting there, and you are not just cleaning up WordPress. You could be eating a very large bill from OpenAI or Anthropic for whatever the attacker decided to run on your dime. A key that was never on the box cannot be stolen from the box. This is where the brokering earns its keep: even when you do want a paid model, the key for it lives inside Osaurus on your machine, and WordPress reaches it through the connector without ever holding a copy. You get the good models, and the live site stays a place where there is no key to steal. The old tradeoff, good output or safe keys, just stops being a tradeoff.
One honest note, because this bit deserves it. When you route to a hosted model, your prompt still leaves the machine and goes to that provider under their terms. What is solved is the key getting stolen, not “nothing ever leaves.” If you want truly nothing leaving, that is the local-model path, covered below. The brokering path fixes the exact fear in this bullet, which is handing your key to whoever breaks into your site.
You should not be playing with AI on live content anyway. Writing and editing against your production database, on the server that serves real visitors, is asking for trouble for reasons that have nothing to do with AI. Doing the AI part locally keeps the messing-around where messing-around belongs.
And if money is the worry, local models are free. Osaurus runs the model on hardware you already own. No metered requests, no per-token cost, no card on file. If the reason you have not added AI to your workflow is that you did not want yet another subscription, that reason is gone.
Getting the finished post to the live site
So you have written and edited the thing locally, the AI did its job on your machine, and now it needs to go live. The low-tech way works fine: open the post, copy it, paste it into the editor on your real site, hit publish. No shame in copy and paste. It has never once let me down.
If you do this often enough that copy and paste starts to feel like a chore, you can have a Claude skill push the finished post to your live site over the WordPress REST API instead. The point for now is that the local-to-live step is a solved problem, by hand or automated, whichever you are in the mood for.
The insecure WordPress myth
Everyone loves to say WordPress is insecure by nature. I disagree, and this is a small piece of why. The platform gives you the room to build a flow where the AI never even leaves your device. You can write a post on a plane with no wifi, on a local model running on your laptop, and push it live when you land. The keys stay on your machine. The writing stays on your machine. WordPress just publishes the result.
And yes, I know we are talking about WordPress plugins being insecure; here is one I uninstalled a long time ago.
Give Osaurus a try
- Install Osaurus AI
- Get a local AI model that can run
- Grab it from the plugin directory and set it on the Connectors page.
- Install the AI experiments plugin and enable the AI Features in WordPress
- Go to your editor and play with the AI Features like:
- Shorten/Expand/Rephrase sentences
- Generate Post notes
- Generate Post summaries
- Success
Leave a Reply