In April I handed the routine maintenance of a production WordPress site — updates, backups, broken-link triage — to an AI agent with shell access to the staging box. This is what three months of that actually looks like.
The setup
Everything runs through WP-CLI. The agent never touches the admin UI; every change is a command, and every command is logged to an append-only file the agent can’t edit.
$ wp plugin update --all --dry-run
$ wp db export backups/$(date +%F).sql
$ wp core verify-checksumsNOTEDry-run first, always. The one incident in three months came from skipping it.
What the agent handles well
Plugin updates are the obvious win: 41 of 44 went through without human review. The agent reads the changelog, runs the update on staging, diffs the rendered critical pages, and only then promotes.

Where it fails silently
Visual regressions in areas the diff doesn’t cover — a widget in the footer, an embed behind a consent banner. The agent reports “no changes detected” and moves on. You need a human pass on anything the crawler can’t see.
Guardrails that earned their keep
Read-only production credentials, a staging-first rule enforced at the SSH config level, and a hard cap on database operations per session. Boring, and exactly why it works.