Connects to WordPress 6.9+ sites to dynamically discover and execute abilities through the WordPress Abilities API, enabling interaction with site information, environment details, and any custom abilities registered by plugins.
mcp-wp-abilities
MCP server for the WordPress 6.9+ Abilities API. Dynamically discovers and exposes WordPress abilities as AI-accessible tools.
What is this?
WordPress 6.9 introduced the Abilities API, a standardized framework for exposing WordPress capabilities through REST endpoints in a machine-readable format. This MCP server connects to any WordPress 6.9+ site and automatically discovers and exposes all registered abilities as MCP tools.
Key features:
Dynamic discovery - Tools are discovered at runtime from your WordPress site
Zero configuration - No hardcoded tools; the server adapts to your site's capabilities
Full schema support - Input/output validation via JSON Schema
Smart method handling - Automatically uses GET for readonly abilities, POST for mutations
Plugin extensibility - Any WordPress plugin that registers abilities becomes available
Requirements
Node.js 18+
WordPress 6.9+ with Abilities API enabled
WordPress Application Password for authentication
Installation
Configuration
The server requires three environment variables:
Variable | Description |
| Your WordPress site URL (e.g., |
| WordPress username |
| Application password (Settings → Security → Application Passwords) |
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
Claude Code
Available Tools
Tools are dynamically discovered from your WordPress site. Core WordPress 6.9 includes:
Tool | Description |
| Get site name, description, URL, version, language, etc. |
| Get PHP version, database info, environment type |
Additional abilities registered by plugins will appear automatically.
How it Works
On startup, the server connects to your WordPress Abilities API
It fetches all registered abilities with their schemas
Each ability is converted to an MCP tool with:
Name:
wp_{category}_{ability_name}(e.g.,wp_core_get_site_info)Description: From the ability's label and description
Input schema: Converted from WordPress JSON Schema
Annotations:
readOnlyHint,destructiveHint,idempotentHint
When a tool is called, the server executes the corresponding WordPress ability
Creating WordPress Application Password
Log in to your WordPress admin
Go to Users → Profile (or the specific user's profile)
Scroll to Application Passwords
Enter a name (e.g., "MCP Server") and click Add New Application Password
Copy the generated password (shown only once)
Security Notes
Application passwords grant full API access for that user
Use a dedicated user with minimal required capabilities
Store credentials securely using environment variables
The server only reads abilities and executes them; it doesn't modify WordPress core
Extending with Custom Abilities
WordPress plugins can register custom abilities that will automatically appear as MCP tools:
Troubleshooting
"Missing required environment variables"
Ensure all three environment variables are set
"Failed to discover abilities: 401"
Check username and application password are correct
Verify the user has API access
"Failed to discover abilities: 404"
Confirm your WordPress version is 6.9+
Check that Abilities API is enabled
No tools appearing
Verify abilities are registered with
show_in_rest: trueCheck user has permission to access the abilities
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Changelog
See CHANGELOG.md for release history.
License
MIT