How to Connect Your WordPress Site to SEOmatic

Written By Minh

Last updated 1 day ago

Minimum Requirements

  • A self-hosted WordPress site (WordPress.org, not WordPress.com)

  • WordPress 5.6 or higher

  • An Administrator or Editor account

  • Your site running on HTTPS

If you use any security plugins (Wordfence, iThemes Security, Sucuri, etc.) or Cloudflare, make sure they aren't blocking the WordPress REST API. The REST API needs to be accessible at yoursite.com/wp-json/wp/v2/.

Step 1: Go to Connections

In your dashboard, go to Connections from the sidebar (or click the "Missing connection" warning in the header if you see one).

Step 2: Enter Your Website Address

Click Connect WordPress and type your domain name - just the domain, no https://:

Example: mywebsite.com

If your site is behind HTTP Basic Authentication (common on staging sites), expand the optional section and enter those credentials too.

Click Connect.

Step 3: Approve the Connection on WordPress

SEOmatic will redirect you to your WordPress login page. Log in with your WordPress admin account.

You'll see an "Authorize" screen. WordPress will automatically create a secure Application Password for SEOmatic - this is a separate password that only SEOmatic can use, and you can revoke it anytime.

Click "Yes, I approve this connection".

Step 4: You're Connected

You'll be redirected back to SEOmatic. On the Connections page, you should now see your WordPress site listed with a green "active" status - that means you're connected and ready to publish.

Troubleshooting

Problem

Solution

Application Passwords are not enabled

This feature requires HTTPS and WordPress 5.6+. If your site meets both requirements and you still see this error, your hosting provider may have disabled it. Contact them and ask to enable Application Passwords, or check if a security plugin is turning it off

A security plugin is blocking API access

Plugins like Wordfence, iThemes Security, or Sucuri can block SEOmatic from reaching your site. In your plugin's settings, look for REST API restrictions or firewall rules and whitelist /wp-json/* endpoints. You don't need to disable the plugin entirely.

Cloudflare is blocking the connection

If your site uses Cloudflare, go to Security > Bots and turn off Bot Fight Mode. You can also create a WAF rule to allow requests to /wp-json/*. If you're just testing, switching to Development Mode temporarily works too.

REST API is not accessible

This usually means your permalinks are set to "Plain." In your WordPress admin, go to Settings > Permalinks and pick any other option (like "Post name"). Save, and try connecting again.

This doesn't appear to be a WordPress site

Double-check that you typed the right domain and that WordPress is installed at the root. If WordPress is in a subdirectory (like mysite.com/blog), enter the full path. This error also appears for WordPress.com sites β€” SEOmatic only works with self-hosted WordPress (WordPress.org).

Site requires HTTP Basic Authentication

Some staging or development sites are password-protected at the server level (a browser popup asking for credentials). If that's your case, expand the "HTTP Basic Auth" section in the connection form and enter those credentials. This is separate from your WordPress login.

SSL certificate error

Your site's SSL certificate may be expired, self-signed, or misconfigured. Check with your hosting provider. SEOmatic requires a valid HTTPS connection.

Connection keeps timing out

Your server might be slow to respond. Try again in a few minutes. If it persists, check that your hosting provider isn't rate-limiting or blocking external requests.