{"id":"raheesahmed-wordpress-mcp-server","name":"wordpress-mcp-server","homepage":null,"repo_url":"https://github.com/RaheesAhmed/wordpress-mcp-server","category":"devtools","subcategories":[],"tags":["mcp","wordpress","cms","typescript","automation","content-management","file-system","themes","plugins","woo-commerce","gutenberg","seo","security","backup"],"what_it_does":"Provides an MCP server (WordPress MCP server) that enables AI agents to manage a self-hosted or WordPress.com site via 190+ MCP tools, including content management, theme/plugin/file operations, WooCommerce, Gutenberg blocks, SEO, security/health checks, performance tasks, and backups/migrations. Requires installing a companion WordPress plugin to enable file-system and advanced operations.","use_cases":["AI-assisted WordPress site administration (create/edit/publish posts and pages)","Theme customization automation (child themes, theme.json, templates, CSS edits)","Plugin management automation (activate/deactivate and file-level edits)","Programmatic navigation changes (menus, menu items, locations)","E-commerce management via WooCommerce tooling (products/orders/customers/inventory)","SEO automation (metadata, redirects, schema/Open Graph-related tasks)","Operational tasks like backups, migrations, cache cleanup, and cron scheduling","Security monitoring and integrity checks via WordPress health/debug tooling"],"not_for":["Use on sites where you cannot grant the required WordPress capabilities (e.g., edit_themes/edit_plugins)","Untrusted agents or environments where arbitrary file operations would be unacceptable without additional governance","Scenarios requiring strict auditability or least-privilege enforcement at per-action granularity (beyond what WordPress roles provide)","Production automation without testing/backup verification"],"best_when":"You need agent-driven automation for WordPress development/maintenance with a trusted operator, and you can install and secure the companion WordPress plugin with appropriate WordPress credentials (e.g., application passwords).","avoid_when":"You cannot ensure strong authentication, safe environment variables handling, and appropriate access control for file/theme/plugin operations; or you need fine-grained per-tool authorization separate from WordPress roles.","alternatives":["Direct WordPress REST API + custom tooling/automation scripts","WordPress CLI (wp-cli) combined with secure automation/orchestration","Other MCP servers or agent integrations focused on narrower WordPress tasks (e.g., content-only)","GraphQL/middleware wrappers around WordPress APIs"],"af_score":56.2,"security_score":50.0,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:24:54.047981+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["WordPress application password (via companion plugin) for self-hosted WordPress with Basic Auth plugin guidance"],"oauth":false,"scopes":false,"notes":"Auth appears to be based on providing WORDPRESS_URL/username/password (app password) via MCP client env. Tool-level scope granularity is not described; authorization likely relies on WordPress capabilities (e.g., edit_themes/edit_plugins) and plugin behavior."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":["Not specified; appears to be an npm package (MIT) with no usage-based pricing described."],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing tiers or usage costs documented in the provided README content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":56.2,"security_score":50.0,"reliability_score":32.5,"mcp_server_quality":78.0,"documentation_accuracy":62.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":65.0,"scope_granularity":25.0,"dependency_hygiene":45.0,"secret_handling":40.0,"security_notes":"README claims multiple security controls for file operations (allowed directories, safe extensions, malware pattern detection, PHP syntax validation, automatic backups, and a 10MB file size limit). However, detailed guarantees, threat model, and structured security error reporting are not provided in the captured content. Authentication appears to rely on providing WordPress credentials/application password via MCP client env; secret-handling hygiene and logging behavior are not explicitly described. Tool-level authorization granularity beyond WordPress capabilities is not described.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":40.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"No explicit idempotency guarantees are documented; many tools perform state-changing operations (create/write/delete/activate), so agents should assume retries could duplicate or partially apply changes.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["State-changing operations (create/publish/activate/write/delete) may not be idempotent; retries could cause duplicates or unintended changes.","File-system tools can write/delete/modify PHP/CSS/JS in themes/plugins; ensure backups and restrict agent permissions.","WordPress capability requirements (e.g., edit_themes/edit_plugins) must be satisfied or tools may fail.","Large write operations may hit file size limits (10MB claimed), so agents should chunk work."]}}