wordpress-mcp-server

kungtekno/wordpress-mcp-server

3.2

If you are the rightful owner of wordpress-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The WordPress MCP Server is a TypeScript-based server that facilitates interaction between AI assistants and WordPress sites using the Model Context Protocol (MCP).

Tools

  1. create_post

    Create a new blog post

  2. update_post

    Update an existing post

  3. delete_post

    Delete a post

  4. get_post

    Retrieve a specific post

  5. list_posts

    List posts with filtering options

WordPress MCP Server

npm version License: MIT TypeScript Code Coverage Downloads

A comprehensive TypeScript-based STDIO MCP (Model Context Protocol) server for WordPress integration that enables AI assistants to interact with WordPress sites through a standardized interface. Built with enterprise-grade security, performance optimization, and extensibility in mind.

Features

  • Full WordPress REST API Integration - Complete access to posts, pages, media, users, comments, and more
  • MCP Protocol Compliant - Standard JSON-RPC over STDIO communication
  • Type-Safe - Built with TypeScript for reliability and developer experience
  • Caching - Multi-level caching for optimal performance
  • Error Handling - Comprehensive error handling with detailed logging
  • Configuration Management - Flexible configuration via files, environment variables, or CLI args
  • Security - Built-in authentication, rate limiting, and security features
  • Zero External Dependencies - Minimal dependencies for maximum reliability

Quick Start

Installation

# Install globally
npm install -g wordpress-mcp-server

# Or run directly with npx
npx wordpress-mcp-server

Configuration

Create a config.json file:

{
  "wordpress": {
    "url": "https://your-wordpress-site.com",
    "username": "your-username",
    "password": "your-application-password"
  }
}

Usage

# Start the MCP server
wordpress-mcp-server

# Or with custom config
wordpress-mcp-server --config /path/to/config.json

# Environment variables
WP_URL=https://example.com WP_USERNAME=admin WP_PASSWORD=pass wordpress-mcp-server

Configuration

File-based Configuration

The server looks for configuration files in this order:

  1. ./config.json (current directory)
  2. ~/.wordpress-mcp-config.json (home directory)
  3. Default configuration

Environment Variables

  • WP_URL - WordPress site URL
  • WP_USERNAME - WordPress username
  • WP_PASSWORD - WordPress password or application password
  • LOG_LEVEL - Logging level (TRACE, DEBUG, INFO, WARN, ERROR, FATAL)
  • CACHE_ENABLED - Enable/disable caching (true/false)
  • NODE_ENV - Environment (development, production, test)

Command Line Arguments

wordpress-mcp-server \\
  --wp-url https://example.com \\
  --wp-username admin \\
  --wp-password password \\
  --log-level DEBUG \\
  --cache-enabled

Available Tools

The server provides the following MCP tools:

Content Management

  • create_post - Create a new blog post
  • update_post - Update an existing post
  • delete_post - Delete a post
  • get_post - Retrieve a specific post
  • list_posts - List posts with filtering options

Page Management

  • create_page - Create a new page
  • update_page - Update an existing page
  • delete_page - Delete a page
  • get_page - Retrieve a specific page
  • list_pages - List pages with filtering options

Media Management

  • upload_media - Upload media files
  • get_media - Retrieve media information
  • list_media - List media files
  • delete_media - Delete media files

User Management

  • get_user - Retrieve user information
  • list_users - List users
  • create_user - Create new users
  • update_user - Update user information

Comment Management

  • get_comment - Retrieve comment information
  • list_comments - List comments
  • approve_comment - Approve comments
  • delete_comment - Delete comments

Analytics (if enabled)

  • get_site_stats - Retrieve site statistics
  • get_popular_posts - Get most popular posts
  • get_recent_activity - Get recent site activity

Available Resources

The server exposes these MCP resources:

  • wordpress://posts - Dynamic list of posts
  • wordpress://pages - Dynamic list of pages
  • wordpress://media - Dynamic list of media files
  • wordpress://users - Dynamic list of users
  • wordpress://site-info - WordPress site information

Development

Prerequisites

  • Node.js 18+
  • npm 8+

Setup

# Clone the repository
git clone https://github.com/wordpress-mcp/wordpress-mcp-server.git
cd wordpress-mcp-server

# Install dependencies
npm install

# Build the project
npm run build

# Run tests
npm test

# Start in development mode
npm run dev

Project Structure

src/
ā”œā”€ā”€ index.ts              # Main entry point
ā”œā”€ā”€ server.ts             # MCP server implementation
ā”œā”€ā”€ config/               # Configuration management
ā”œā”€ā”€ handlers/             # MCP request handlers
ā”œā”€ā”€ tools/                # WordPress tool implementations
ā”œā”€ā”€ resources/            # MCP resource providers
ā”œā”€ā”€ wordpress/            # WordPress API client
ā”œā”€ā”€ utils/                # Utilities (logging, caching, etc.)
ā””ā”€ā”€ cli/                  # CLI commands

Testing

# Run all tests
npm test

# Run tests with coverage
npm run test:coverage

# Run tests in watch mode
npm run test:watch

# Run specific test file
npm test -- --testPathPattern=posts.test.ts

Security

Authentication

The server supports WordPress application passwords for secure authentication:

  1. Go to your WordPress admin ā†’ Users ā†’ Profile
  2. Scroll down to "Application Passwords"
  3. Create a new application password
  4. Use this password in your configuration

Rate Limiting

Built-in rate limiting prevents API abuse:

{
  "wordpress": {
    "rateLimit": {
      "maxRequests": 100,
      "windowMs": 60000
    }
  }
}

Security Features

  • IP allowlisting
  • API key authentication
  • Request timeout limits
  • Input validation
  • Error message sanitization

Performance

Caching

Multi-level caching improves performance:

  • Memory Cache: LRU cache for frequently accessed data
  • Request Cache: Per-request caching to avoid duplicate API calls
  • Response Cache: HTTP response caching with ETags

Configuration

{
  "cache": {
    "enabled": true,
    "ttl": 300,
    "maxSize": 1000,
    "strategy": "lru"
  }
}

Monitoring

Logging

Structured logging with multiple levels:

{
  "logging": {
    "level": "INFO",
    "format": "json",
    "colorize": false
  }
}

Metrics

Enable metrics collection:

{
  "server": {
    "enableMetrics": true
  }
}

Troubleshooting

Common Issues

  1. Connection Failed

    • Verify WordPress URL is correct
    • Check if WordPress REST API is enabled
    • Ensure application password is valid

  2. Permission Denied

    • Verify user has necessary capabilities
    • Check WordPress user role permissions
    • Ensure application password is for correct user

  3. Rate Limited

    • Reduce request frequency
    • Adjust rate limit settings
    • Check WordPress server limits

Debug Mode

Enable debug logging:

LOG_LEVEL=DEBUG wordpress-mcp-server

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests
  5. Submit a pull request

License

MIT License - see file for details.

Support