mcp-server
Verified Safeby mcp-wp
Overview
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
Installation
No command providedSecurity Notes
The server leverages WordPress's authentication mechanisms (user login or application passwords) for API access, which is a strong security practice. It uses `logiscape/mcp-sdk-php` for JSON-RPC message handling, delegating core protocol parsing security to the SDK. The `RestController` includes `Access-Control-Allow-Origin: *` header, noted as a 'workaround for MCP Inspector', which can be a security risk (e.g., CSRF vulnerability) if not strictly controlled or intended for production. The `MediaManager::upload_to_media_library` function accepts a `$media_path` parameter directly, which could be a vulnerability if an MCP tool exposes this functionality without robust sanitization of the path. The `RestApi::rest_callable` function dynamically constructs REST API routes and dispatches requests, relying on WordPress's internal API validation for safety.
Similar Servers
php-mcp
Implements the Model Context Protocol (MCP) to enable seamless integration between LLM applications and external data sources and tools, providing a server-side framework in PHP.
php-mcp-sdk
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.
mcp-server
A Hyperf-based server implementation of the Model Context Protocol (MCP) to manage and serve AI tools, resources, and prompts.
mcp-for-woocommerce
Connects WordPress and WooCommerce to AI systems via Model Context Protocol, enabling AI agents to query and manage e-commerce data (products, orders, categories, shipping, payments, taxes) and content (posts, pages).