wordpress-mcp-server

Provides an MCP server (WordPress MCP server) that enables AI agents to manage a self-hosted or WordPress.com site via 190+ MCP tools, including content management, theme/plugin/file operations, WooCommerce, Gutenberg blocks, SEO, security/health checks, performance tasks, and backups/migrations. Requires installing a companion WordPress plugin to enable file-system and advanced operations.

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ DevTools mcp wordpress cms typescript automation content-management file-system themes plugins woo-commerce gutenberg seo security backup
⚙ Agent Friendliness
56
/ 100
Can an agent use this?
🔒 Security
50
/ 100
Is it safe for agents?
⚡ Reliability
32
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
62
Error Messages
0
Auth Simplicity
55
Rate Limits
10

🔒 Security

TLS Enforcement
70
Auth Strength
65
Scope Granularity
25
Dep. Hygiene
45
Secret Handling
40

README claims multiple security controls for file operations (allowed directories, safe extensions, malware pattern detection, PHP syntax validation, automatic backups, and a 10MB file size limit). However, detailed guarantees, threat model, and structured security error reporting are not provided in the captured content. Authentication appears to rely on providing WordPress credentials/application password via MCP client env; secret-handling hygiene and logging behavior are not explicitly described. Tool-level authorization granularity beyond WordPress capabilities is not described.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
40
Error Recovery
35
AF Security Reliability

Best When

You need agent-driven automation for WordPress development/maintenance with a trusted operator, and you can install and secure the companion WordPress plugin with appropriate WordPress credentials (e.g., application passwords).

Avoid When

You cannot ensure strong authentication, safe environment variables handling, and appropriate access control for file/theme/plugin operations; or you need fine-grained per-tool authorization separate from WordPress roles.

Use Cases

  • AI-assisted WordPress site administration (create/edit/publish posts and pages)
  • Theme customization automation (child themes, theme.json, templates, CSS edits)
  • Plugin management automation (activate/deactivate and file-level edits)
  • Programmatic navigation changes (menus, menu items, locations)
  • E-commerce management via WooCommerce tooling (products/orders/customers/inventory)
  • SEO automation (metadata, redirects, schema/Open Graph-related tasks)
  • Operational tasks like backups, migrations, cache cleanup, and cron scheduling
  • Security monitoring and integrity checks via WordPress health/debug tooling

Not For

  • Use on sites where you cannot grant the required WordPress capabilities (e.g., edit_themes/edit_plugins)
  • Untrusted agents or environments where arbitrary file operations would be unacceptable without additional governance
  • Scenarios requiring strict auditability or least-privilege enforcement at per-action granularity (beyond what WordPress roles provide)
  • Production automation without testing/backup verification

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: WordPress application password (via companion plugin) for self-hosted WordPress with Basic Auth plugin guidance
OAuth: No Scopes: No

Auth appears to be based on providing WORDPRESS_URL/username/password (app password) via MCP client env. Tool-level scope granularity is not described; authorization likely relies on WordPress capabilities (e.g., edit_themes/edit_plugins) and plugin behavior.

Pricing

Free tier: No
Requires CC: No

No pricing tiers or usage costs documented in the provided README content.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • State-changing operations (create/publish/activate/write/delete) may not be idempotent; retries could cause duplicates or unintended changes.
  • File-system tools can write/delete/modify PHP/CSS/JS in themes/plugins; ensure backups and restrict agent permissions.
  • WordPress capability requirements (e.g., edit_themes/edit_plugins) must be satisfied or tools may fail.
  • Large write operations may hit file size limits (10MB claimed), so agents should chunk work.

Alternatives

Direct WordPress REST API + custom tooling/automation scripts WordPress CLI (wp-cli) combined with secure automation/orchestration Other MCP servers or agent integrations focused on narrower WordPress tasks (e.g., content-only) GraphQL/middleware wrappers around WordPress APIs

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for wordpress-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered