WordPress 7.0 ships May 20, 2026. It carries two changes WooCommerce store owners should care about more than they do: the JavaScript Abilities API and a new Connectors UI Dashboard buried under Settings → Connectors. Together, they make every WooCommerce store on auto-update agent-discoverable within 30 days of release.

The tracking-layer consequence is simple. AI agents invoking registered abilities don’t fire your Meta Pixel. They don’t fire your Google Ads tag. They don’t show up in GA4 unless capture has already moved off the browser.

What Actually Arrives On May 20#

WordPress 7.0 was originally scheduled for April 9, 2026, then delayed to May 20 to fix Real-Time Collaboration storage architecture (Make WordPress Core, April 22 2026). Beta 1 has been available for testing since February 19. The release window is locked.

Two features ship that change how AI agents interact with your store.

The Abilities API (JavaScript counterpart)

The PHP version shipped quietly in WordPress 6.9 in January. The JavaScript counterpart lands in 7.0. The API is a registry: plugins, themes, and core can register named capabilities — create_order, list_products, get_inventory — each with input/output schemas, permission callbacks, and structured annotations. The WordPress Core developer blog describes the JavaScript counterpart as laying the groundwork for browser agents and WebMCP integration.

The Connectors UI Dashboard

A new screen at Settings → Connectors where site owners (or, more accurately, anyone with the right capability) can add, remove, and update external AI connections from one place. Think of it as the opt-in surface for letting external agents talk to your site through abilities.

Both features ship on by default to every store running WordPress auto-update. WordPress powers 43.5% of all websites (W3Techs, 2024). The math on rollout is brutal: roughly 4.7 million WooCommerce stores will receive 7.0 within 30 days of release, most of them without anyone reading a changelog.

The Tracking Gap This Opens#

Here’s the part nobody is writing about yet. When an AI agent invokes a registered ability — say, a Claude agent calling woocommerce/get_product or woocommerce/checkout through WebMCP — it talks to a structured PHP/REST endpoint. It does not load example.com/product/widget/ in a browser tab. It does not execute your theme’s JavaScript. It does not fire Meta Pixel. It does not fire your Google Ads tag. It does not get bucketed by GA4.

This is the third browser-bypass channel for WooCommerce traffic. The first was ad blocker traffic — 31.5% of global users run blockers that drop client-side tracking (Statista, 2024). The second is Stripe Agentic Commerce: agent-routed orders arrive directly at your Stripe webhook with no browser session at all. We covered that in Stripe Agentic Commerce Suite Just Went Live for WooCommerce. The Abilities API is the third.

And it’s the first one that’s structural. The agent isn’t dodging your tracker. The agent never had a browser to fire it from.

40% of Americans have already made a purchase they would not have considered because of an AI agent (Visa / Morning Consult, 2026). McKinsey projects $900 billion to $1 trillion in US B2C agentic commerce revenue by 2030. The traffic source most marketers cannot count yet is also the fastest-growing one.

Why “Just Block It” Won’t Work#

The first instinct after reading this is to disable the Connectors UI and hope no one finds it. Two problems with that.

First, the Abilities API itself ships regardless of the dashboard. The dashboard is the configuration surface; the registry is in core. Plugins are already registering abilities — WooCommerce, Pixel Manager, Cherry Tree by Seresa, others on the way. Disabling the UI does not unregister the abilities.

Second, the agentic traffic isn’t waiting for permission. Bots are already crawling WooCommerce checkout pages — we documented one ChatGPT crawler hitting a single store’s checkout 40 times in a week in ChatGPT Just Crawled Your WooCommerce Checkout 40 Times This Week. The Abilities API replaces some of that brute-force crawling with structured, intentional endpoint calls. The traffic doesn’t go away. It gets cleaner — and harder to see.

The question isn’t whether agents will visit your store. The question is whether your tracking layer will see them when they do.

How Server-Side Capture Closes The Gap#

WooCommerce fires the same hooks regardless of who placed the order. woocommerce_payment_complete and woocommerce_order_status_changed fire when payment succeeds — whether the buyer was a human filling a checkout form, a Stripe ACS agent posting a charge, or a Claude agent invoking a registered ability through WebMCP.

That hook layer is below the browser. It runs in PHP, on your server, every time. If you capture conversions there — at the hook — you record the order. If you capture them in the browser, you record only the orders that came through a browser. The Abilities API just made the second strategy worse.

Translation: the only durable answer is to move capture off the browser entirely.

What “Off The Browser” Actually Means

Server-side tracking, done right, doesn’t mean GTM Server-Side. GTM Server-Side is still GTM — it just runs in a container you rent. You still configure it, debug it, and explain it to your developer. The point of moving off the browser is to stop maintaining tag managers at all.

What you actually want: a small WordPress plugin that listens to WooCommerce hooks, batches the events, and sends them via authenticated API to a separate Node.js server running on your own subdomain. That server then formats each event for each destination — GA4 Measurement Protocol, Meta CAPI, Google Ads Enhanced Conversions, BigQuery streaming insert — and sends them out. One capture point. Every destination. Every order, regardless of who placed it.

How Seresa Captures Agent Orders#

Transmute Engine™ is a first-party Node.js server that runs on your subdomain (for example, data.yourstore.com). The inPIPE WordPress plugin listens at the WooCommerce hook layer — woocommerce_payment_complete, woocommerce_order_status_changed — and sends events via API to the Transmute Engine server, which routes them simultaneously to GA4, Meta CAPI, Google Ads, and BigQuery. Whether the order came from a human, a Stripe ACS agent, or a Claude agent invoking a WordPress 7.0 ability, the same hook fires and the same event reaches your platforms.

Key Takeaways#

• May 20, 2026 — WordPress 7.0 final release. The Abilities API JavaScript counterpart and Connectors UI Dashboard ship to every WooCommerce store on auto-update.
• The Abilities API is a capability registry, not just a developer feature. Plugins register named abilities (create_order, list_products) that AI agents can invoke through WebMCP without ever loading a page in a browser.
• Pixel-based tracking does not see agent visits. No Meta Pixel fire, no Google Ads tag fire, no GA4 hit unless capture has already moved server-side.
• 40% of Americans report making AI-agent-influenced purchases. McKinsey projects $900B-$1T in US B2C agentic commerce by 2030. The channel you cannot count is also the fastest-growing one.
• WooCommerce hooks fire identically for human and agent orders. Capturing at the hook layer — not the browser — closes all three browser-bypass channels (ad blockers, ACS, Abilities API) at once.

FAQ#

Agent traffic is structural now, not optional. Capture below the browser or stop counting it. See how Transmute Engine captures every WooCommerce order at the hook layer.