WordPress-MCP
Verified Safeby NemesisGuy
Overview
Enables local-first LLM agents to create, edit, and organize WordPress content through a Model Context Protocol (MCP) interface.
Installation
node build/index.jsEnvironment Variables
- WORDPRESS_URL
- WORDPRESS_USERNAME
- WORDPRESS_APP_PASSWORD
Security Notes
The server uses WordPress Application Passwords for authentication, which is a secure method. Communication is primarily over stdio, reducing direct network exposure. Arguments are type-checked and passed to a robust WordPress REST API client (axios). The `wordpress_upload_media` tool allows specifying `filePath` to read local files, which could pose an information disclosure risk if a malicious prompt could trick the LLM agent into requesting unauthorized files from the server's host system. However, this risk is mitigated by the local-first, agent-driven nature of the server where the user implicitly trusts and controls their agent.
Similar Servers
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
context-engine
Provides an agent-agnostic local context engine via Model Context Protocol (MCP) for coding agents, enabling semantic search, planning, code review, and prompt enhancement with AI integration.
mcp-for-woocommerce
Connects WordPress and WooCommerce to AI systems via Model Context Protocol, enabling AI agents to query and manage e-commerce data (products, orders, categories, shipping, payments, taxes) and content (posts, pages).
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.