server-wp

The WordPress MCP Server is an integration layer that lets AI assistants interact with one or more WordPress sites through the REST API. It supports multi-site configurations, secure authentication via WordPress application passwords, and dynamic endpoint discovery so you can see what operations are available for each site. Through the provided tools, you can list, query, create, update, and delete WordPress content, manage users and plugins, and retrieve site settings. The server exposes commands such as wp_discover_endpoints to map available REST endpoints for a site and wp_call_endpoint to perform authenticated API requests against a chosen endpoint with a specified HTTP method and parameters. This enables natural-language style prompts to translate into concrete WordPress actions across multiple sites with consistent behavior.

Prerequisites:

• Node.js (LTS) and npm installed on your machine
• A WordPress installation (5.6+ for Application Passwords) with HTTPS enabled if possible
• An application password created for the MCP server from WordPress Users > Profile > Application Passwords

Installation steps:

1. Install the MCP server package (manual):

npm install server-wp-mcp

2. If you want to install via Smithery for Claude Desktop automation:

npx -y @smithery/cli install server-wp-mcp --client claude

3. Prepare your WordPress site configuration file (wp-sites.json) containing site URL, user, and application password as described in the README. Example:

{
  "myblog": {
    "URL": "https://myblog.com",
    "USER": "yourusername",
    "PASS": "abcd 1234 efgh 5678"
  }
}

4. Run the MCP server with the appropriate configuration path (example):

node path/to/server/dist/index.js

5. Ensure the environment variable WP_SITES_PATH points to the absolute path of your wp-sites.json file, as shown in the mcp_config example.

Tips and common considerations:

• Keep your wp-sites.json securely stored and exclude it from version control. Consider using environment variables for sensitive data in production.
• Ensure HTTPS is used for WordPress sites to protect credentials transmitted to the REST API.
• The configuration key (alias) you provide in wp-sites.json becomes the site identifier used by the MCP tools (e.g., myblog, testsite).
• If you enable multiple sites, you can discover endpoints per site using wp_discover_endpoints and then call specific endpoints with wp_call_endpoint.
• Remember to rotate application passwords periodically and grant only the minimum required capabilities per site.
• If you encounter authentication errors, verify the application password is correctly copied (spaces are typically trimmed by the client) and that the WordPress user has appropriate permissions.