wordpress-mcp
Verified Safeby garethcull
Overview
Connects AI tools to WordPress for content creation, publishing, and media asset management.
Installation
python app.pyEnvironment Variables
- WORDPRESS_SITE_URL
- WORDPRESS_USERNAME
- APPLICATION_PASSWORD
- MCP_TOKEN
Security Notes
The server uses environment variables for sensitive credentials (WordPress username, application password, MCP token), which is good practice. Authentication is via a shared MCP_TOKEN. The 'upload_image_to_wordpress' tool fetches images from provided URLs; while it includes content type checks, this could pose a limited Server-Side Request Forgery (SSRF) risk if a malicious URL bypasses checks, though no arbitrary command execution is apparent. The optional 'page-full-html.php' template removes WordPress content filters, which is a documented feature for full HTML fidelity but users should be aware of its implications for content security.
Similar Servers
mcp-wordpress
AI-driven SEO optimization and comprehensive management for WordPress sites via a Model Context Protocol (MCP) server.
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
contentful-mcp-server
Provides AI assistants with comprehensive tools to interact with Contentful APIs for content creation, management, asset organization, workflow automation, and content modeling.
mcp-for-woocommerce
Connects WordPress and WooCommerce to AI systems via Model Context Protocol, enabling AI agents to query and manage e-commerce data (products, orders, categories, shipping, payments, taxes) and content (posts, pages).