claudeus-wp-mcp
Provides a Model Context Protocol (MCP) server that exposes a large set of WordPress management and diagnostics tools (e.g., CRUD for posts/pages/blocks, media, taxonomies, users, comments moderation, menus/navigation, FSE templates/styles/patterns, Astra Pro integrations, plugins/theme/config, WooCommerce, and health checks) usable via Claude Desktop / MCP.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security features are claimed in README (validation/sanitization, schema/type checks, rate limiting support, CSRF protection, SQLi/XSS protection), but no concrete details are provided in the supplied content about implementation specifics. Credentials are handled via wp-sites.json (PASS in config) and are passed via environment to the MCP server; ensure the config file and logs are protected. Auth appears to rely on WordPress application passwords/JWT rather than fine-grained scopes.
⚡ Reliability
Best When
You want an agent-friendly MCP integration to perform structured WordPress operations (including destructive ones with appropriate care) and you can securely supply WP credentials (application passwords/JWT) to the server.
Avoid When
You cannot secure the MCP server host/network or cannot safely handle WP credentials; or you only need simple read-only access and want minimal blast radius.
Use Cases
- • Automating WordPress content creation, editing, and bulk updates from an AI agent
- • Headless CMS-style operations against a WordPress site via MCP tools
- • Site administration workflows (users, menus, widgets, theme settings, plugins)
- • Moderation and comment management through agent-invoked tools
- • WordPress site health diagnostics and connectivity tests
- • WooCommerce product/order/sales automation
- • Multi-site WordPress operations driven by a config file
Not For
- • Untrusted public use without strong network and credential controls
- • Operations requiring strong audit/compliance guarantees unless paired with your own logging/review
- • Environments where application passwords/JWT handling is not acceptable
- • Use as a general-purpose WordPress API replacement when a narrower integration is preferred
Interface
Authentication
README indicates Basic Auth with application passwords and mentions JWT token support, but does not describe granular scopes beyond what the WP user/application password permits.
Pricing
No pricing information provided; appears to be an installable/open-source style package.
Agent Metadata
Known Gotchas
- ⚠ Destructive operations (delete/trash/spam/revoke user/app password) can cause irreversible changes without additional safeguards
- ⚠ Agent-driven bulk operations may be expensive/slow and should be tested on staging
- ⚠ Correctly selecting target site from wp-sites.json is critical in multi-site setups
- ⚠ WP REST API capability/auth failures may manifest as tool-level errors; retry strategy is not clearly documented
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for claudeus-wp-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.