wp-blocks-mcp
Verified Safeby Akungapaul
Overview
This server provides a set of tools to interact with WordPress block patterns and reusable blocks via the Model Context Protocol.
Installation
npx wp-blocks-mcpEnvironment Variables
- WORDPRESS_URL
- WORDPRESS_USERNAME
- WORDPRESS_APP_PASSWORD
Security Notes
The server uses environment variables (WORDPRESS_URL, WORDPRESS_USERNAME, WORDPRESS_APP_PASSWORD) for authentication, which is good practice. However, it requires write access to the WordPress instance (e.g., to create/delete posts for rendering, create reusable blocks). A compromise of this server or its environment variables could lead to manipulation of the connected WordPress site. Input validation for tool arguments is performed using Zod, which helps mitigate direct injection risks for these specific inputs. The `JSON.parse` operation in `parse_blocks` relies on content from the WordPress API; while standard for block attributes, it could be a vector if the WordPress content itself is maliciously crafted by an attacker.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.
wp-mcp-server-demo
A WordPress plugin acting as a configuration layer to create a custom Model Context Protocol (MCP) server, exposing pre-defined abilities from the WP Abilities API Demo plugin for AI integration.