Secure WordPress comment moderation with OpenClaw + Telegram human-in-the-loop.
Build a fast, secure, and publishable portfolio project where:
- WordPress sends signed webhook events for new comments.
- OpenClaw moderation API classifies comments.
- High-confidence decisions are auto-applied to WordPress.
- Uncertain decisions are escalated to Telegram for owner approval/block.
Phase 1 focuses on a solid, runnable MVP with security-first defaults.
- Runtime: Node.js + TypeScript
- API: Express
- Validation: zod
- Optional DB: Prisma + MariaDB (Phase 2 unless required earlier)
- Integration: WordPress REST API + Telegram Bot API
- Published documentation lives under
docs/public/. - Security and architecture updates are documented there as features evolve.
- Signed WordPress webhook receiver (
POST /hooks/wp-comment) - HMAC validation + zod validation
- Moderation decision flow:
approve | block | needs_review - Telegram escalation for uncertain decisions
- WordPress status update via REST API + Application Passwords
- Security baseline and public runbook docs
See the detailed plan in:
docs/public/architecture.mddocs/public/security-baseline.mddocs/public/phase1-production-checklist.mddocs/public/deployment-vps.mdwordpress-plugin/README.mddocker/local/README.md
- Go to
automation-api/. - Copy
.env.exampleto.envand set real values. - Install dependencies with
npm install. - Validate configuration with
npm run check:env. - Start API in dev mode with
npm run dev. - Configure WordPress webhook to
POST /hooks/wp-commentwith shared HMAC secret. - Configure Telegram bot webhook to
POST /telegram/callback. - Submit test comments and verify Telegram + WordPress status updates.
Phase 1 and Phase 1.5 are runnable
in local/dev with secure webhook flow, Telegram callback handling, OpenClaw-backed moderation provider mode with confidence-based needs_review routing, and WordPress action-path fallback handling for auth mismatch failures.
Hisham Alrashdan
For questions or consulting inquiries: hisham@infogleam.com