home / mcp / wordpress mcp server

WordPress MCP Server

Provides MCP-based access to WordPress features using OAuth 2.1, JWT, and WordPress application passwords with automatic token management and multi-instance coordination.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

{
  "mcpServers": {
    "automattic-mcp-wordpress-remote": {
      "command": "npx",
      "args": [
        "-y",
        "@automattic/mcp-wordpress-remote"
      ],
      "env": {
        "OAUTH_HOST": "127.0.0.1",
        "WP_API_URL": "https://your-wordpress-site.com",
        "OAUTH_ENABLED": "true",
        "WP_OAUTH_CLIENT_ID": "your-client-id",
        "OAUTH_CALLBACK_PORT": "7665"
      }
    }
  }
}

You can seamlessly connect AI assistants to your WordPress sites using the MCP WordPress Remote server. It supports multiple authentication methods, secure token management, and automatic endpoint discovery to streamline access for your AI workflows while keeping credentials protected.

How to use

To use this MCP server, you run it locally or in your environment and connect your MCP client (such as Claude Desktop) to your WordPress site. Choose an authentication method that fits your setup, then start performing WordPress actions through your AI assistant. The server handles token management, secure storage, and coordination across multiple client instances.

How to install

Prerequisites you need before installing this MCP server are Node.js version 22 or newer and a WordPress site with the wordpress-mcp plugin installed and activated.

Install the MCP WordPress Remote package using npm.

npm install @automattic/mcp-wordpress-remote

Additional setup and usage

Configure the MCP client to connect to the WordPress site by specifying the MCP server in your client configuration. For example, you can configure Claude Desktop to load the MCP server using the following settings.

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com"
      }
    }
  }
}

Custom headers and authentication concepts

You can include custom headers for all API requests, OAuth discovery, token exchange, and client registration by setting the CUSTOM_HEADERS environment variable in JSON configuration or via a shell command.

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "CUSTOM_HEADERS": "{\"X-MCP-API-Key\": \"your-api-key\", \"X-Custom-Header\": \"value\"}"
      }
    }
  }
}

First run

Start your MCP client (for example, Claude Desktop). Then choose an authentication method that fits your site and preference.

- OAuth 2.0: browser-based authorization. - JWT Token: set a JWT_TOKEN environment variable. - Application Password: set WP_API_USERNAME and WP_API_PASSWORD.

Once authenticated, you can begin using WordPress features through your AI assistant.

Available tools

OAuth 2.1 with PKCE

OAuth 2.1 authorization code flow with PKCE for secure user authorization within MCP integrations.

Dynamic Client Registration

Dynamic client registration support to register clients automatically where supported.

Resource Indicators

RFC 8707 compliant resource indicators to bind tokens to their intended audience.

Protected Resource Metadata Discovery

Automatic discovery of provider metadata for MCP-enabled resources.

Token Management

Automatic handling of token validation, refreshing, and cleanup.

Token Storage

Persistent and secure storage of OAuth and access tokens with per-version isolation.

Multi-instance Coordination

Lockfiles and coordination mechanisms to prevent concurrent authentication flows.

Custom Headers

Support for adding custom headers to all API requests, including authentication and API keys.

Logging and Error Handling

Structured logging with detailed error messages and categorization.