CMS integrations
effectly.ai writes natively to your CMS. No JavaScript injection. No pixel scripts. We connect via REST API, SSH, or Git. Your content lives in your systems. Cancel your subscription — the changes stay.
Setup overview
For WordPress: use Application Passwords (built into WP 5.6+). Create a new application password in Users → Profile, grant it to effectly.ai, and paste the token. We need editor role only — never admin. For Contentful or Sanity: create an API token with content write scope. For Git: use a fine-grained GitHub Personal Access Token with contents:write on the target repo. We clone, branch, commit, and open a PR. Production is never touched until you merge.
Model A — REST API (Tier 1)
Covers WordPress, Contentful, Sanity, Webflow, and Shopify. We use Application Passwords for WordPress (built into WP 5.6+, no plugin needed). API keys for headless CMSs. We write title tags, meta descriptions, schema JSON-LD, canonical URLs, Yoast/RankMath meta, new posts, and slug rewrites. Editor role only — we never hold master admin passwords. You revoke access from your own dashboard.
Model B — SSH (Tier 2)
Covers WordPress on VPS, custom PHP CMS, Laravel, custom Next.js sites. We use scoped SSH keypairs. You add the public key to ~/.ssh/authorized_keys with a command= restriction — we execute only the wrapper script, no open shell. We write theme files, functions.php, template files, real PHP/template code. Path-restricted to /var/www/site/ only. No sudo.
Model C — Git/GitHub (Tier 3)
Covers Next.js, Vercel, Netlify, Cloudflare Pages, any Jamstack/headless site. We use fine-grained GitHub Personal Access Tokens — contents:write on target repo only. Flow: clone → branch → commit → PR with description of every change + expected score delta → CI runs Lighthouse + schema validation → auto-merge if all checks pass. Production is never touched until the PR merges. Full audit trail. Safest model.
What each CMS gets written
| CMS | What effectly.ai writes |
|---|---|
| WordPress | functions.php, Yoast meta via API, theme templates |
| Headless CMS | Content entries via API, schema.org JSON-LD, slug rewrites |
| Next.js / Vercel | metadata.ts files, sitemap.ts, robots.txt, hreflang |
| Shopify | Liquid templates, product meta via API, structured data |
Our MCP server runs in our cloud (Railway). Never on your server. No JS injection ever. Custom or legacy CMS? We say "give me the credentials" — we support REST, SSH, and Git.
Security and revocation
All credentials are encrypted at rest. We use them only to perform authorized writes. You can revoke access anytime from your dashboard or by deleting the token in your CMS. For Git, revoke the token in GitHub. For WordPress, delete the application password. Changes we've already made stay — they live in your content. We never hold master admin passwords or SSH keys with shell access.