wp-mcp-shared
by Akungapaul
Overview
Provides shared utilities and client abstractions for building WordPress Model Context Protocol (MCP) servers.
Installation
No command providedEnvironment Variables
- WORDPRESS_URL
- WORDPRESS_USERNAME
- WORDPRESS_APP_PASSWORD
- ENABLE_WP_CLI
- WP_CLI_PATH
- WORDPRESS_PATH
- SSH_HOST
- SSH_PORT
- SSH_USER
- SSH_KEY_PATH
- CACHE_ENABLED
- CACHE_TTL
- LOG_LEVEL
Security Notes
The `WPCLIClient` heavily relies on `child_process.exec` to run shell commands. Many methods (e.g., `dbQuery`, `searchReplace`, `installPlugin`, `createUser`, `setOption`) construct these commands by directly interpolating argument strings. This creates significant command injection vulnerabilities if the inputs to these methods are not meticulously validated and sanitized by the consuming MCP server. While `dbQuery` has basic escaping for double quotes, it is insufficient against all forms of injection. The library provides dangerous primitives without robust internal sanitization, placing a high burden on consumers for secure implementation. WordPress REST API client (`WordPressRestClient`) authentication with app passwords is standard, and its logging does not appear to expose credentials directly.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.
wp-mcp-server-demo
A WordPress plugin acting as a configuration layer to create a custom Model Context Protocol (MCP) server, exposing pre-defined abilities from the WP Abilities API Demo plugin for AI integration.