{"id":185,"date":"2026-01-21T07:21:47","date_gmt":"2026-01-21T06:21:47","guid":{"rendered":"https:\/\/helloblog.io\/fr\/wp-cli-abilities-api-wordfence-terminal-agents-ia\/"},"modified":"2026-01-21T07:36:14","modified_gmt":"2026-01-21T06:36:14","slug":"wp-cli-abilities-api-wordfence-terminal-agents-ia","status":"publish","type":"post","link":"https:\/\/helloblog.io\/fr\/wp-cli-abilities-api-wordfence-terminal-agents-ia\/","title":{"rendered":"WP-CLI et Abilities API : piloter Wordfence depuis le terminal (et le rendre accessible aux agents IA)"},"content":{"rendered":"\n<p>Administrer la s\u00e9curit\u00e9 WordPress via l\u2019interface d\u2019admin, c\u2019est pratique\u2026 jusqu\u2019au jour o\u00f9 tu dois maintenir une flotte de sites, industrialiser des contr\u00f4les, ou brancher des outils d\u2019automatisation. Un plugin open-source r\u00e9cent propose exactement \u00e7a : il ajoute un jeu de commandes <strong>WP-CLI<\/strong> \u00e0 Wordfence Security, et &#8211; point plus rare &#8211; il impl\u00e9mente l\u2019<strong>Abilities API<\/strong> introduite avec <strong>WordPress 6.9<\/strong> pour rendre ces actions d\u00e9couvrables et actionnables par des outils d\u2019automatisation et des agents IA.<\/p>\n\n\n\n<p>Le d\u00e9p\u00f4t GitHub du projet : <a href=\"https:\/\/github.com\/trueqap\/wpcli-for-wordfence\">github.com\/trueqap\/wpcli-for-wordfence<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ce que le plugin apporte concr\u00e8tement<\/h2>\n\n\n\n<p>Une fois activ\u00e9, le plugin ajoute un nouveau namespace de commandes WP-CLI : <code>wp wfsec<\/code>. L\u2019objectif est clair : donner un acc\u00e8s complet aux op\u00e9rations Wordfence sans passer par le back-office.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Lancer et suivre des scans de s\u00e9curit\u00e9<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>D\u00e9marrer un scan malware \u00ab quick \u00bb ou \u00ab full \u00bb<\/li>\n\n\n<li>Suivre l\u2019avancement du scan en temps r\u00e9el<\/li>\n\n\n<li>Consulter l\u2019historique des scans et des logs d\u00e9taill\u00e9s<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) G\u00e9rer le pare-feu (WAF) et les blocages IP<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Bloquer ou d\u00e9bloquer des adresses IP<\/li>\n\n\n<li>D\u00e9finir une dur\u00e9e de blocage et une raison (utile pour l\u2019audit)<\/li>\n\n\n<li>V\u00e9rifier si une IP donn\u00e9e est bloqu\u00e9e<\/li>\n\n\n<li>Activer ou d\u00e9sactiver la protection WAF<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Suivre et traiter les \u00ab issues \u00bb (alertes \/ menaces d\u00e9tect\u00e9es)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Lister toutes les issues d\u00e9tect\u00e9es<\/li>\n\n\n<li>Filtrer par statut (new, ignored, resolved)<\/li>\n\n\n<li>Supprimer ou g\u00e9rer des menaces individuellement<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Configuration et licence<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Lire et modifier des r\u00e9glages Wordfence<\/li>\n\n\n<li>V\u00e9rifier le statut de la licence<\/li>\n\n\n<li>Exporter et importer des configurations<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Exemples rapides en WP-CLI<\/h2>\n\n\n\n<p>Voici quelques commandes typiques pour v\u00e9rifier l\u2019\u00e9tat, lancer un scan, g\u00e9rer les issues et bloquer une IP. Le namespace \u00e9tant <code>wfsec<\/code>, tout se pilote depuis la console :<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># V\u00e9rifier l\u2019\u00e9tat global de Wordfence\nwp wfsec status\n\n# D\u00e9marrer un scan complet\nwp wfsec scan start --type=full\n\n# Suivre l\u2019avancement du scan\nwp wfsec scan status\n\n# Lister toutes les issues de s\u00e9curit\u00e9\nwp wfsec issues ls --status=all\n\n# Bloquer une IP pendant 24h (86400 secondes)\nwp wfsec firewall block 192.168.1.100 --duration=86400 --reason=&quot;Brute force attempt&quot;\n\n# V\u00e9rifier le statut de la licence\nwp wfsec license status\n\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\"># V\u00e9rifier l\u2019\u00e9tat global de Wordfence<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># D\u00e9marrer un scan complet<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> scan<\/span><span style=\"color:#9ECBFF\"> start<\/span><span style=\"color:#79B8FF\"> --type=full<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Suivre l\u2019avancement du scan<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> scan<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Lister toutes les issues de s\u00e9curit\u00e9<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> issues<\/span><span style=\"color:#9ECBFF\"> ls<\/span><span style=\"color:#79B8FF\"> --status=all<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Bloquer une IP pendant 24h (86400 secondes)<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> firewall<\/span><span style=\"color:#9ECBFF\"> block<\/span><span style=\"color:#79B8FF\"> 192.168.1.100<\/span><span style=\"color:#79B8FF\"> --duration=86400<\/span><span style=\"color:#79B8FF\"> --reason=<\/span><span style=\"color:#9ECBFF\">\"Brute force attempt\"<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># V\u00e9rifier le statut de la licence<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> license<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<p>\u00c0 noter : <strong>toutes les commandes supportent <code>--format=json<\/code><\/strong>, ce qui est particuli\u00e8rement utile pour du scripting (bash, CI\/CD) ou pour alimenter un outil interne (dashboard, alerting, etc.).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Le vrai \u00ab twist \u00bb : support de l\u2019Abilities API (WordPress 6.9)<\/h2>\n\n\n\n<p>L\u00e0 o\u00f9 ce plugin se d\u00e9marque, c\u2019est son int\u00e9gration de l\u2019<strong>Abilities API<\/strong>. Introduite dans <strong>WordPress 6.9<\/strong>, cette API vise \u00e0 fournir une <strong>interface standardis\u00e9e<\/strong> permettant \u00e0 des outils (y compris des agents IA) de <strong>d\u00e9couvrir<\/strong> des capacit\u00e9s (abilities) offertes par un site WordPress et de les <strong>ex\u00e9cuter<\/strong> via un m\u00e9canisme auto-descriptif et valid\u00e9 par sch\u00e9ma.<\/p>\n\n\n\n<p>En pratique, au lieu d\u2019\u00e9crire une int\u00e9gration \u201csur mesure\u201d pour chaque plugin, un agent ou un outil d\u2019automatisation peut s\u2019appuyer sur des abilities publi\u00e9es, avec une structure pr\u00e9visible. Le plugin se positionne ainsi comme l\u2019un des premiers exemples concrets de fonctionnalit\u00e9s de s\u00e9curit\u00e9 WordPress expos\u00e9es via cette approche.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Les 7 abilities expos\u00e9es par le plugin<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>scan-status<\/strong> &#8211; R\u00e9cup\u00e9rer l\u2019\u00e9tat actuel d\u2019un scan et sa progression<\/li>\n\n\n<li><strong>scan-start<\/strong> &#8211; D\u00e9marrer un scan de s\u00e9curit\u00e9 de mani\u00e8re programmatique<\/li>\n\n\n<li><strong>issues-list<\/strong> &#8211; R\u00e9cup\u00e9rer la liste des issues d\u00e9tect\u00e9es<\/li>\n\n\n<li><strong>issues-count<\/strong> &#8211; Obtenir un d\u00e9compte des issues par s\u00e9v\u00e9rit\u00e9<\/li>\n\n\n<li><strong>firewall-status<\/strong> &#8211; V\u00e9rifier l\u2019\u00e9tat du WAF<\/li>\n\n\n<li><strong>firewall-block<\/strong> &#8211; Bloquer des IP via l\u2019API<\/li>\n\n\n<li><strong>license-status<\/strong> &#8211; Interroger les informations de licence<\/li>\n\n<\/ul>\n\n\n\n<p>Ce que \u00e7a d\u00e9bloque c\u00f4t\u00e9 usage : du monitoring de s\u00e9curit\u00e9 \u00ab AI-powered \u00bb, l\u2019int\u00e9gration de Wordfence dans des dashboards sur mesure, ou encore des automatisations pour ex\u00e9cuter des contr\u00f4les routiniers sans intervention manuelle &#8211; le tout via une API standardis\u00e9e, auto-descriptive et valid\u00e9e par sch\u00e9ma, que des agents peuvent d\u00e9couvrir et utiliser sans code d\u2019int\u00e9gration sp\u00e9cifique au plugin.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Authentification : Application Passwords + Basic Auth<\/h3>\n\n\n\n<p>Pour l\u2019authentification, le plugin s\u2019appuie sur les <strong>WordPress Application Passwords<\/strong> (mots de passe d\u2019application) via <strong>Basic Auth<\/strong>. C\u2019est un choix pragmatique pour des int\u00e9grations serveur-\u00e0-serveur ou des outils internes, avec une gestion par utilisateur WordPress et des identifiants d\u00e9di\u00e9s.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Pr\u00e9requis techniques<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>WordPress <strong>6.9+<\/strong><\/li>\n\n\n<li>PHP <strong>8.0+<\/strong><\/li>\n\n\n<li>WP-CLI <strong>2.5+<\/strong><\/li>\n\n\n<li>Plugin <strong>Wordfence Security<\/strong> (version gratuite ou premium)<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">T\u00e9l\u00e9chargement et installation<\/h2>\n\n\n\n<p>La version packag\u00e9e est disponible en ZIP. Il suffit de la t\u00e9l\u00e9charger puis de l\u2019uploader dans le r\u00e9pertoire <code>\/wp-content\/plugins\/<\/code> :<\/p>\n\n\n<a href=\"https:\/\/github.com\/trueqap\/wpcli-for-wordfence\/releases\/download\/v1.0.0\/wpcli-for-wordfence-1.0.0.zip\" class=\"download-card\" download>\n                <span class=\"download-icon\"><i class=\"fa-duotone fa-file-zipper\"><\/i><\/span>\n                <span class=\"download-info\">\n                    <span class=\"download-title\">Download WP CLI for Wordfence v1.0.0<\/span>\n                    <span class=\"download-meta\"><span class=\"download-filename\">wpcli-for-wordfence-1.0.0.zip<\/span><\/span>\n                <\/span>\n                <span class=\"download-action\"><i class=\"fa-duotone fa-arrow-down-to-line\"><\/i><\/span>\n            <\/a>\n\n\n<p>Le projet peut aussi \u00eatre install\u00e9 via <strong>Composer<\/strong> si tu es sur une stack type <strong>Bedrock<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ce qu\u2019il faut retenir<\/h2>\n\n\n\n<p>Avec <code>wp wfsec<\/code>, ce plugin rend Wordfence vraiment pilotable en ligne de commande : scans, pare-feu, gestion des issues et configuration. Et surtout, en exposant ces actions via l\u2019<strong>Abilities API<\/strong> de WordPress 6.9, il ouvre la voie \u00e0 des int\u00e9grations plus standardis\u00e9es avec des outils d\u2019automatisation et des agents IA, sans r\u00e9inventer une API ad hoc pour chaque besoin.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>R\u00e9f\u00e9rences \/ Sources<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/github.com\/trueqap\/wpcli-for-wordfence\" target=\"_blank\" rel=\"noopener noreferrer\">WP-CLI &amp; Abilities API for Wordfence: Manage Security from Terminal and AI Agents<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>Un nouveau plugin open-source ajoute une vraie interface WP-CLI \u00e0 Wordfence et expose ses actions cl\u00e9s via l\u2019Abilities API de WordPress 6.9 : scans, pare-feu, issues et licence, le tout automatisable.<\/p>\n","protected":false},"author":14,"featured_media":186,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[63],"tags":[84,11,15,10,76],"class_list":["post-185","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ecosysteme-wordpress","tag-automation","tag-securite","tag-wordfence","tag-wordpress","tag-wp-cli"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/posts\/185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/comments?post=185"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/posts\/185\/revisions"}],"predecessor-version":[{"id":187,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/posts\/185\/revisions\/187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/media\/186"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/media?parent=185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/categories?post=185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/fr\/wp-json\/wp\/v2\/tags?post=185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}