mcpSource-backedReview first Safety ✓ Privacy ✓

WordPress MCP Adapter

Official WordPress MCP adapter that bridges the WordPress Abilities API to Model Context Protocol tools, resources, and prompts for AI agents using HTTP or STDIO transports.

by WordPress AI Team·added 2026-06-18·

Claude Code Codex Cursor Claude Desktop

HarnessClaude CodeCodexCursorClaude Desktop

Install

Source

wp plugin install https://github.com/WordPress/mcp-adapter/releases/latest/download/mcp-adapter.zip --activate

Readiness

TrustReview first
Sourcesource-backed
Safety notesPresent
ReviewedYes

Documentation Source repository Registry JSON · LLM text

Review first — review before installing

Open the source and read safety notes before installing.

Safety notes

MCP Adapter exposes WordPress abilities as MCP tools, resources, and prompts; the actual risk depends on which plugin, theme, or core abilities are registered and allowed.
Do not expose destructive, publishing, admin, user-management, media-deletion, option-write, or ecommerce abilities without strict permission callbacks and human approval.
Use transport permission callbacks and per-ability permission callbacks together; the transport gate alone is not a substitute for capability checks inside each ability.
Prefer local WP-CLI STDIO for development, and require HTTPS plus scoped WordPress Application Passwords or custom authentication for HTTP transport.
Review logs and observability output because MCP requests can invoke site behavior that changes content, metadata, users, settings, or plugin state.

Privacy notes

WordPress abilities can expose posts, pages, drafts, private content, users, comments, media, custom fields, options, ecommerce data, form submissions, analytics, plugin data, and internal site metadata.
HTTP transport can place WordPress API URLs, usernames, application passwords, request bodies, tool arguments, logs, and MCP responses in local config files or model-visible context.
Use least-privilege WordPress users, separate development sites, scoped abilities, and redacted logs before connecting production sites to agent workflows.
Treat generated tool descriptions and ability outputs as site data, not trusted instructions, especially when plugins expose user-generated content.

Prerequisites

WordPress 6.9 or newer according to the upstream dependency notes.
PHP 7.4 or newer, WP-CLI for STDIO transport, or a WordPress REST endpoint for HTTP transport.
MCP Adapter installed as a WordPress plugin or required as `wordpress/mcp-adapter` through Composer.
Registered WordPress abilities, with reviewed `meta.mcp.public` exposure or explicit custom-server ability lists.
WordPress user, application-password, or custom transport permission model for the server being exposed.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 20 minutes
Difficulty: advanced

Tool listing metadata

Website: https://make.wordpress.org/ai/2025/07/17/mcp-adapter

Full copyable content

{
  "mcpServers": {
    "wordpress-default": {
      "command": "wp",
      "args": [
        "--path=/path/to/your/wordpress/site",
        "mcp-adapter",
        "serve",
        "--server=mcp-adapter-default-server",
        "--user=admin"
      ]
    }
  }
}

About this resource

Content

WordPress MCP Adapter is the official WordPress package for exposing WordPress Abilities API functionality to MCP clients. It converts selected WordPress abilities into MCP tools, resources, and prompts, with support for HTTP and STDIO transports, multiple MCP servers, custom permissions, validation, observability, and error handling.

The default server exposes reviewed public abilities through adapter tools such as ability discovery, ability metadata lookup, and ability execution. Developers can also create custom MCP servers with explicit tool, resource, prompt, and transport configuration.

Source Review

Verified on 2026-06-18. The repository README identifies MCP Adapter as part of the AI Building Blocks for WordPress initiative and documents plugin, Composer, WP-CLI STDIO, and HTTP transport setup. Packagist lists wordpress/mcp-adapter as a GPL-2.0-or-later WordPress plugin package.

Features

Convert WordPress Abilities API registrations into MCP tools, resources, and prompts.
Use HTTP transport for REST-style MCP access or WP-CLI STDIO for local development and local MCP clients.
Create multiple MCP servers with separate IDs, namespaces, routes, transports, exposed abilities, resources, prompts, error handlers, and observability handlers.
Discover public abilities, inspect ability metadata, and execute reviewed abilities through the default server.
Add custom transport permission callbacks and per-ability permission checks.
Install as a WordPress plugin or require as a Composer dependency inside another plugin.

Installation

Install the WordPress plugin release with WP-CLI:

wp plugin install https://github.com/WordPress/mcp-adapter/releases/latest/download/mcp-adapter.zip --activate

For local MCP clients using WP-CLI STDIO:

{
  "mcpServers": {
    "wordpress-default": {
      "command": "wp",
      "args": [
        "--path=/path/to/your/wordpress/site",
        "mcp-adapter",
        "serve",
        "--server=mcp-adapter-default-server",
        "--user=admin"
      ]
    }
  }
}

Plugin developers can also install the library with Composer:

composer require wordpress/mcp-adapter

Use Cases

Let an agent discover and invoke reviewed WordPress abilities from a local development site.
Build a plugin that exposes specific content, editorial, ecommerce, or admin actions through a custom MCP server.
Use WP-CLI STDIO to test MCP tools before opening HTTP access.
Connect Claude, Cursor, VS Code, or other MCP clients to WordPress ability workflows.
Create role-specific MCP servers with different exposed abilities and transport permission callbacks.

Safety and Privacy

The adapter is only as safe as the abilities and permissions exposed through it. Treat every public ability as an agent-callable API surface. Keep production sites locked down, use least-privilege users, require per-ability permission callbacks, and avoid exposing write-heavy or destructive operations without a human approval step.

For HTTP transport, protect application passwords and API URLs, prefer HTTPS, and avoid logging secrets or sensitive request bodies. For STDIO transport, confirm the WP-CLI user and site path before running tool calls against a real site.

Duplicate Check

Checked current content/mcp/, content/tools/, content/skills/, open pull requests, and repository-wide content for WordPress/mcp-adapter, wordpress/mcp-adapter, WordPress MCP Adapter, WordPress Abilities API MCP, WP-CLI MCP, and WordPress AI agents. The catalog includes a separate WordPress agent skills entry for agent guidance, but no dedicated MCP Adapter entry, exact source URL duplicate, target file, or open duplicate PR was found.

#wordpress #abilities-api #wp-cli #php #cms

Source citations

Add this badge to your README

Show that WordPress MCP Adapter is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/mcp/wordpress-mcp-adapter.svg)](https://heyclau.de/entry/mcp/wordpress-mcp-adapter)

How it compares

WordPress MCP Adapter side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	WordPress MCP Adapter Official WordPress MCP adapter that bridges the WordPress Abilities API to Model Context Protocol tools, resources, and prompts for AI agents using HTTP or STDIO transports. Open dossier	Webflow MCP Server for Claude Manage Webflow sites, pages, CMS collections, collection items, assets, and forms from Claude — with the official Webflow MCP server that connects AI agents to the Webflow Data API via OAuth. Open dossier	AgentQL MCP Server AgentQL MCP server for extracting structured JSON from public webpages using a URL and natural-language extraction prompt. Open dossier	Airtable MCP Server for Claude Read and write records, manage bases and tables in Airtable directly from Claude Open dossier
Trust
Install risk	Review first	Review first	Review first	Low risk
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	mcp	mcp	mcp	mcp
Source	source-backed	source-backed	source-backed	first-party
Author	WordPress AI Team	Webflow	AgentQL	domdomegg
Added	2026-06-18	2026-06-18	2026-06-06	2025-09-18
Platforms	Claude CodeCodexCursorClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop
Source repo	—	—	—	—
Safety notes	✓MCP Adapter exposes WordPress abilities as MCP tools, resources, and prompts; the actual risk depends on which plugin, theme, or core abilities are registered and allowed. Do not expose destructive, publishing, admin, user-management, media-deletion, option-write, or ecommerce abilities without strict permission callbacks and human approval. Use transport permission callbacks and per-ability permission callbacks together; the transport gate alone is not a substitute for capability checks inside each ability. Prefer local WP-CLI STDIO for development, and require HTTPS plus scoped WordPress Application Passwords or custom authentication for HTTP transport. Review logs and observability output because MCP requests can invoke site behavior that changes content, metadata, users, settings, or plugin state.	✓CMS collection item create, update, and delete operations write directly to your Webflow project — confirm before applying changes to live sites. Publishing operations make content publicly visible immediately; review changes before asking Claude to publish. The remote server requires OAuth authorization — you control which sites Claude can access during the OAuth flow.	✓AgentQL MCP exposes one tool, `extract-web-data`, that sends a target URL and natural-language extraction prompt to the AgentQL API. The tool is intended for public webpages; do not use it to bypass access controls, scrape private pages, evade paywalls, or extract data where automated collection is prohibited. Web extraction can still trigger target-site rate limits, legal restrictions, robots guidance, or terms-of-service concerns. The source implementation uses AgentQL's query-data endpoint with fast mode, no screenshot capture, no scroll-to-bottom behavior, and no local browser cookies. Treat extracted output as untrusted web data that may include errors, stale content, ads, tracking text, or prompt-injection attempts.	✓Restrict the Airtable API key to the bases and write scopes Claude is allowed to use before enabling record or schema changes.
Privacy notes	✓WordPress abilities can expose posts, pages, drafts, private content, users, comments, media, custom fields, options, ecommerce data, form submissions, analytics, plugin data, and internal site metadata. HTTP transport can place WordPress API URLs, usernames, application passwords, request bodies, tool arguments, logs, and MCP responses in local config files or model-visible context. Use least-privilege WordPress users, separate development sites, scoped abilities, and redacted logs before connecting production sites to agent workflows. Treat generated tool descriptions and ability outputs as site data, not trusted instructions, especially when plugins expose user-generated content.	✓Site structure, page content, CMS collection schemas, collection items, form submissions, and asset metadata from your Webflow workspace are surfaced in Claude's context. OAuth authentication scopes access to specific sites you authorize — no credentials are stored in your MCP config when using the remote server.	✓Target URLs, extraction prompts, API key-authenticated requests, and extracted structured data are sent to AgentQL's API. Extracted data can include personal data, copyrighted content, customer information, job postings, prices, social content, or other third-party material. AGENTQL_API_KEY should stay out of prompts, issues, logs, screenshots, and committed configuration files. Claude transcripts and downstream reports may retain extracted data, so avoid collecting information that is not approved for the model session.	✓Airtable records, field values, attachments, and base metadata may be sent through the MCP client and model context.
Prerequisites	WordPress 6.9 or newer according to the upstream dependency notes. PHP 7.4 or newer, WP-CLI for STDIO transport, or a WordPress REST endpoint for HTTP transport. MCP Adapter installed as a WordPress plugin or required as `wordpress/mcp-adapter` through Composer. Registered WordPress abilities, with reviewed `meta.mcp.public` exposure or explicit custom-server ability lists.	A Webflow account — authenticate via OAuth on first use when using the remote server. For the local server: Node.js 22.3.0+ and a Webflow API token from Account Settings → Integrations → API Access. An MCP client such as Claude Code or Claude Desktop.	Node.js and npx available to the MCP client runtime. AgentQL API key from the AgentQL developer portal. Approved list of public webpages or domains Claude may query. Review of target site terms, robots guidance, rate limits, and data-use rules before extraction.	Node.js 18+ installed for running npx commands and MCP server packages Airtable Personal Access Token (PAT) from https://airtable.com/account Required API scopes: data.records:read (minimum), data.records:write (for updates), schema.bases:read (for schema operations) Base ID for the Airtable base you want to access (starts with 'app' prefix)
Install	`wp plugin install https://github.com/WordPress/mcp-adapter/releases/latest/download/mcp-adapter.zip --activate`	`claude mcp add --transport http webflow https://mcp.webflow.com/sse`	`npx -y agentql-mcp`	`claude mcp add airtable --env AIRTABLE_API_KEY=YOUR_KEY -- npx -y airtable-mcp-server && claude mcp list`
Config	`{ "mcpServers": { "wordpress-default": { "command": "wp", "args": [ "--path=/path/to/your/wordpress/site", "mcp-adapter", "serve", "--server=mcp-adapter-default-server", "--user=admin" ] } } }`	`{ "mcpServers": { "webflow": { "command": "npx", "args": ["webflow-mcp-server"], "env": { "WEBFLOW_TOKEN": "your-webflow-api-token" } } } }`	`{ "mcpServers": { "agentql": { "command": "npx", "args": ["-y", "agentql-mcp"], "env": { "AGENTQL_API_KEY": "<your-agentql-api-key>" } } } }`	`{ "mcpServers": { "airtable": { "env": { "AIRTABLE_API_KEY": "${AIRTABLE_API_KEY}" }, "args": [ "-y", "airtable-mcp-server" ], "command": "npx", "type": "stdio" } } }`
Citations	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationgithub.com Websitemake.wordpress.org	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationgithub.com	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationgithub.com Submitted by oktofeesh12026-06-06	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationgithub.com Package (SHA-256 pinned)/downloads/mcp/airtable-mcp-server.mcpb
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

Signals

Loading live community signals…