{"id":"deus-h-claudeus-wp-mcp","name":"claudeus-wp-mcp","homepage":"https://deusware.se/en/projects/cwpmcp","repo_url":"https://github.com/deus-h/claudeus-wp-mcp","category":"cms","subcategories":[],"tags":["wordpress","mcp","model-context-protocol","claude-desktop","typescript","cms","automation","site-management","fse","woocommerce"],"what_it_does":"Provides a Model Context Protocol (MCP) server that exposes a large set of WordPress management and diagnostics tools (e.g., CRUD for posts/pages/blocks, media, taxonomies, users, comments moderation, menus/navigation, FSE templates/styles/patterns, Astra Pro integrations, plugins/theme/config, WooCommerce, and health checks) usable via Claude Desktop / MCP.","use_cases":["Automating WordPress content creation, editing, and bulk updates from an AI agent","Headless CMS-style operations against a WordPress site via MCP tools","Site administration workflows (users, menus, widgets, theme settings, plugins)","Moderation and comment management through agent-invoked tools","WordPress site health diagnostics and connectivity tests","WooCommerce product/order/sales automation","Multi-site WordPress operations driven by a config file"],"not_for":["Untrusted public use without strong network and credential controls","Operations requiring strong audit/compliance guarantees unless paired with your own logging/review","Environments where application passwords/JWT handling is not acceptable","Use as a general-purpose WordPress API replacement when a narrower integration is preferred"],"best_when":"You want an agent-friendly MCP integration to perform structured WordPress operations (including destructive ones with appropriate care) and you can securely supply WP credentials (application passwords/JWT) to the server.","avoid_when":"You cannot secure the MCP server host/network or cannot safely handle WP credentials; or you only need simple read-only access and want minimal blast radius.","alternatives":["Direct WordPress REST API integration (custom code using WP endpoints)","Dedicated WordPress admin automation scripts (wp-cli, custom tooling)","Other MCP servers for specific domains (e.g., content-only or read-only MCP integrations)","GraphQL-based WordPress headless solutions (when available)"],"af_score":64.0,"security_score":56.2,"reliability_score":33.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:45:22.254935+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Basic Auth using WordPress Application Passwords","JWT token support"],"oauth":false,"scopes":false,"notes":"README indicates Basic Auth with application passwords and mentions JWT token support, but does not describe granular scopes beyond what the WP user/application password permits."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided; appears to be an installable/open-source style package."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":64.0,"security_score":56.2,"reliability_score":33.8,"mcp_server_quality":85.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":30.0,"tls_enforcement":70.0,"auth_strength":60.0,"scope_granularity":35.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"Security features are claimed in README (validation/sanitization, schema/type checks, rate limiting support, CSRF protection, SQLi/XSS protection), but no concrete details are provided in the supplied content about implementation specifics. Credentials are handled via wp-sites.json (PASS in config) and are passed via environment to the MCP server; ensure the config file and logs are protected. Auth appears to rely on WordPress application passwords/JWT rather than fine-grained scopes.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":35.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":"The README describes many CRUD and destructive tools but does not document which operations are idempotent or how to safely retry after partial failures.","pagination_style":"standard","retry_guidance_documented":false,"known_agent_gotchas":["Destructive operations (delete/trash/spam/revoke user/app password) can cause irreversible changes without additional safeguards","Agent-driven bulk operations may be expensive/slow and should be tested on staging","Correctly selecting target site from wp-sites.json is critical in multi-site setups","WP REST API capability/auth failures may manifest as tool-level errors; retry strategy is not clearly documented"]}}