mcp-local-wp

The server implements strong security measures for database interaction. Read-only queries are strictly enforced (SELECT/SHOW/DESCRIBE/EXPLAIN). Write operations (INSERT/UPDATE/DELETE) are opt-in via environment variable (`MYSQL_ALLOW_WRITES=true`) and require parameterized WHERE clauses for UPDATE/DELETE, preventing broad data modification. Schema modification operations (CREATE/DROP/ALTER/TRUNCATE) are explicitly blocked. All queries are limited to single statements, and subqueries are disallowed in write operations. SQL parameterization is used to prevent injection. Local by Flywheel site detection uses `ps aux` and file system access, which is standard for such utilities and does not process user-provided paths in a risky manner. Default MySQL credentials `root`/`root` are typical for a local development environment and can be overridden by environment variables.