On June 9, WooCommerce published the developer preview of version 10.9, shipping the first canonical domain abilities AI agents can call: product queries, order management, and status updates through a standardized, MCP-exposable interface. Stable lands June 23. The platform has more than 7 million active installations and powers roughly 49% of all sites running a known e-commerce system, across over 4.3 million live stores.
Shopify crossed this line in December and flipped it on by default for 5.6 million stores in March. WooCommerce has now crossed it too, with one structural difference: WooCommerce has no one to flip the switch. Over 4.3 million live stores, and the entity standing closest to the switch, in almost every case, is a hosting provider.
Key facts
- Release: WooCommerce 10.9 beta June 9, stable June 23
- What it does: gives AI agents a standard interface to manage products and orders across 4.3M live stores
- Scope: store management only; consumer checkout is roadmap, not release
- The difference from Shopify: no central switch; the hosting provider is the operator
- Demand: AI traffic to US retail up 393% YoY, converting 42% better than other traffic (Adobe, Q1 2026)
What Actually Ships on June 23
The 10.9 abilities are not another REST endpoint. WooCommerce shipped an MCP beta in version 10.3 last October that wrapped REST routes one-to-one; the team has now deprecated that approach in favor of canonical abilities: schema-backed business operations with permission checks, typed metadata, and declared read/write behavior, designed once and projected into any surface, with public MCP exposure through the shared WordPress MCP adapter. The distinction sounds technical and is strategic: an ability is a contract an agent can reason about, not a URL it has to guess at.
The plumbing has been assembling for three release cycles: the Abilities API merged into WordPress core in 6.9 (December 2025), the official WordPress MCP Adapter followed in February, and WordPress 7.0 (May 20, 2026) put an AI client and Anthropic, Google, and OpenAI connectors into core. Version 10.9 also makes a quiet Store API change: draft orders are no longer persisted on fresh-session requests. It is the kind of change you make when you expect a large population of non-human sessions that browse but rarely buy.
Equally important is what does not ship. The 10.9 abilities are store management, not consumer checkout. A merchant’s agent can restock the catalog and triage orders; a customer’s agent cannot yet buy anything. Consumer-side agentic checkout is on WooCommerce’s published roadmap, explicitly via Stripe’s Agentic Commerce Protocol and a Google partnership, but it is a roadmap item, not a release. The October roadmap post describes the destination plainly: an AI assistant that finds the gift, or reorders the coffee, “without the customer ever visiting your store.” June 23 is the management half of that future arriving in core.
The Demand Side Is Not Waiting
The reason the timeline matters is that the buyer side of agentic commerce is compounding now. Adobe Analytics, measuring over one trillion visits to US retail sites, recorded AI-sourced traffic up 393% year-over-year in Q1 2026, and, more consequentially, reported that in March 2026 AI-referred visitors converted 42% better than other traffic, a complete reversal from a year earlier when they converted 38% worse, with revenue per visit running 37% higher. Among surveyed consumers, 39% have shopped with AI assistance and 85% of those say it improved the experience. Shopify’s first-party Q1 data, covered here in May, points the same direction at platform scale: AI-referral sessions up 8x, AI-referred orders up roughly 13x, conversion about 50% above organic search.
The checkout rails are racing to meet that demand. OpenAI’s Instant Checkout, Microsoft Copilot Checkout, and Google Universal Cart launched across Q4 2025 and H1 2026, each on competing agentic commerce protocols. Every major AI surface now has a buy path. WooCommerce’s 10.9 release is the supply side showing up to meet it, six months behind Shopify’s Agentic Storefronts, but with a structurally different deployment problem.
Nobody Turns It On
When Shopify decided agentic storefronts should be on by default, one company changed one setting and 5.6 million hosted stores became agent-visible overnight. WooCommerce is self-hosted software: the abilities ship in core, but exposing them to an agent requires enabling the feature, provisioning credentials (application passwords today; self-hosted OAuth for MCP connections does not meaningfully exist yet), deciding which abilities are public, and standing up the security posture around an authenticated, write-capable API endpoint on a production store. Multiply that by 4.3 million live stores, most of them small businesses with no developer on staff, and the deployment math is obvious: organic adoption will be a rounding error.
The numbers from the broader web say as much. Cloudflare’s isitagentready.com scan of 200,000 top domains, covered here in April, found 4% declaring AI-usage preferences and fewer than 15 sites total publishing MCP server cards or API catalogs. Agent-readiness exists in specifications and developer blogs; it barely exists in deployment. The gap between “shipped in core” and “operating in production” is the entire game, and in the WordPress economy, the layer that has historically closed that gap is not the merchant and not the platform. It is the host. Managed WordPress hosting exists because SSL, caching, backups, and security hardening were all, at one point, things core shipped and nobody configured. Agent access is the next item on that list, and it is a bigger one, because it carries traffic costs, security exposure, and liability questions the previous items did not.
The Hosts Are Already Choosing Lanes
What makes June 23 a hosting-industry story rather than a WordPress-developer story is that the major providers have spent 2026 building, or fumbling, exactly the capabilities this release activates, as this publication has documented case by case.
Hostinger ships an official MCP server for its hosting API, sells dedicated MCP VPS plans, and embeds an MCP-powered assistant in its VPS dashboard. Bluehost launched GatorClaw in April: managed hosting for OpenClaw agents, a product category that did not exist in 2025, wrapped around an open-source agent framework that accumulated 138 CVEs in three months.
GoDaddy has gone furthest upstream: its Agent Name Service has issued DNS-anchored agent identities since November, the HOL consortium it co-founded indexes 249,000 agents and 24,000 MCP servers, and its April Cloudflare partnership put per-crawler allow/block/charge controls in front of 20 million hosting customers.
WP Engine blocks ClaudeBot and GPTBot at platform level; its own traffic report found AI crawlers consuming up to 70% of resources on some sites. Kinsta has taken the opposite position, refusing platform-level blocking and absorbing the bandwidth. SiteGround provided the cautionary tale: force-installing its AI agent plugin onto a million WordPress sites in May, WooCommerce write-access included, and earning a 1.1-star rating for the consent failure rather than the functionality.
That divergence (charge for agent traffic, block it, absorb it, productize it, force it) is the market working out in real time what June 23 makes urgent: agent access to WooCommerce is now a core capability with no default operator. Every managed WordPress provider will need an answer to four questions, and the answers are products. Who provisions and rotates the agent credentials? Which abilities are exposed, per store, per role? Who meters and prices the traffic? And who holds the audit log when something buys, edits, or deletes?
The Risk Ledger Is Real and Specific
Opening a write-capable agent interface on commerce stores carries real exposure. CVE-2026-3589, a CSRF flaw in batch-request handling patched in 10.6, allowed an unauthenticated attacker riding an admin session to create administrator accounts. Research accepted to IEEE S&P 2026 documents the next layer: prompt injection through content as mundane as product reviews. An agent with order-management permissions that reads attacker-supplied text is a confused deputy waiting for instructions.
When an agent transacts wrongly, the liability question is open: Clifford Chance’s February analysis calls it “the liability gap your contracts may not cover.” The answer is consent mechanics. WordPress.com’s own MCP rollout shipped the template: per-operation toggles, drafts by default, immutable logs. The host that operationalizes that template for self-hosted WooCommerce is not selling a checkbox; it is selling the thing that makes the checkbox survivable.
What the Playbook Looks Like
Sell what shipped, not what’s on the roadmap. The honest June product is the agent-manageable store: catalog operations, order triage, inventory automation through any MCP-speaking assistant. “Your store sells inside ChatGPT” is not yet a WooCommerce claim; consumer checkout awaits the Stripe ACP integration. Providers that conflate the two will spend 2027 walking back marketing copy; providers that ship managed agent access now will own the upgrade path when checkout arrives.
Price agent traffic before it prices you. Agentic crawling grew more than 15x in 2025 by Cloudflare’s measurement; HUMAN Security tracked agentic AI traffic up 7,851% with retail among the most-hit categories; and authenticated MCP sessions are database-heavy in a way page-cache architectures never anticipated; the 10.9 draft-order change is WooCommerce itself admitting as much. Shared-hosting economics were not priced for this. Metered agent-API tiers, rate limits as plan features, and per-crawler monetization via 402 responses (already running at a billion responses daily on Cloudflare’s edge) are the obvious mechanics, and the WP Engine/Kinsta split shows the strategic choice cannot be deferred.
Don’t pick a protocol; be the safe place where all of them terminate. ACP, UCP, and AP2 are fighting a standards war that hosting providers do not need to win; WooCommerce itself is hedged across Stripe and Google. The host’s durable position is the same one GoDaddy is executing upstream: identity, control, and audit for whatever agent shows up. That position appreciates no matter which protocol takes the checkout.
Make consent the feature. SiteGround’s force-install backlash and WordPress.com’s toggle-everything rollout are the controlled experiment, run on the same market in the same quarter: identical capability, opposite consent mechanics, opposite outcomes. Agent access to a revenue-bearing store is precisely the capability merchants will pay to have governed and will punish having imposed.
The Last Mile Has an Owner Now
The platform story of agentic commerce has been told as Shopify versus everyone: a centrally managed platform that can flip 5.6 million stores into the agent economy with a default setting, versus an open-source project that moves in betas and release cycles. June 23 sharpens the real contrast. WooCommerce now has the contract: canonical, typed, transport-neutral, in core. What it lacks, by architecture and by philosophy, is an operator. That absence is not a weakness of the model; it is the business opportunity the model creates, the same one that built managed WordPress hosting out of unconfigured SSL certificates a decade ago. Shopify’s agentic commerce is a product. WooCommerce’s is a responsibility, and responsibilities operated well at scale are what the hosting industry monetizes. The providers that understood that with caching and security are about to find out whether they understand it with agents, and they have until roughly the moment the first customer asks why her store can’t take an order from ChatGPT to decide.
Sources
- WooCommerce 10.9: What's Coming for Developers - WooCommerce Developer Blog (official)
- Introducing Canonical WooCommerce Abilities for Products and Orders - WooCommerce Developer Blog (official)
- Expanding Abilities Across WooCommerce Extensions - WooCommerce Developer Blog (official)
- AI & Agentic Commerce in WooCommerce - WooCommerce Developer Blog (official)
- Abilities API in WordPress 6.9 - Make WordPress Core (official)
- From Abilities to AI Agents: Introducing the WordPress MCP Adapter - WordPress Developer Blog (official)
- WooCommerce Plugin - WordPress.org (official)
- The State of WooCommerce in 2026 - Store Leads
- AI Traffic to US Retailers Rose 393% in Q1 - TechCrunch
- Adobe Digital Insights: AI Traffic Surge - Adobe (official)
- Buy It in ChatGPT: Instant Checkout - OpenAI (official)
- Etsy Pops 16% as OpenAI Announces ChatGPT Instant Checkout - CNBC
- Google Shopping Universal Cart - Google (official)
- Google Donates Agent Payments Protocol to FIDO Alliance - Google (official)
- Microsoft Enters the Agentic Commerce Arms Race - eMarketer
- CVE-2026-3589 - SentinelOne Vulnerability Database
- From LLM to Agentic AI: Prompt Injection Amplification (IEEE S&P 2026 research) - Christian Schneider
- Agentic AI: The Liability Gap Your Contracts May Not Cover - Clifford Chance
- MCP VPS Hosting - Hostinger (official)
- Woo Outlines AI Plans: MCP Support and Stripe ACP Integration - The Repository