Skip to main content
Glama

WP-MCP

MCP server that wraps the WordPress REST JSON API. It dynamically discovers all available routes from your WordPress site and exposes each as an MCP tool.

Features

  • Automatic route discovery from /wp-json — all core and plugin endpoints are exposed

  • Authentication via WordPress Application Passwords

  • Optional SSL certificate verification bypass for local/dev environments

  • One tool per route with method as a parameter (GET, POST, PUT, PATCH, DELETE)

  • Clean tool names: posts, posts.id, categories, media.id, etc.

Related MCP server: WordPress MCP Proxy

Configuration

The server is configured via environment variables passed through your MCP client:

Variable

Required

Description

WP_URL

Yes

WordPress site URL (e.g. https://example.com)

WP_USERNAME

No

WordPress username for authenticated requests

WP_APP_PASSWORD

No

WordPress Application Password

WP_IGNORE_SSL

No

Set to "true" to skip SSL certificate verification

WP_TOOL_MODE

No

Tool exposure strategy: all (default), compact, allowlist, or blocklist

WP_TOOL_FILTER

No

Comma-separated list of tool names or route patterns for allowlist/blocklist modes

WP_DESCRIPTION_MODE

No

verbose or minimal (default). Minimal strips property descriptions to reduce token usage

Generating an Application Password

  1. In your WordPress admin, go to Users > Profile

  2. Scroll to Application Passwords

  3. Enter a name (e.g. "wp-mcp") and click Add New Application Password

  4. Copy the generated password

Setup

Build from source

npm install
npm run build

MCP client configuration

Add to your MCP client settings (e.g. Claude Desktop claude_desktop_config.json or VS Code settings.json):

{
  "mcpServers": {
    "wordpress": {
      "command": "node",
      "args": ["/path/to/wp-mcp/dist/index.js"],
      "env": {
        "WP_URL": "https://example.com",
        "WP_USERNAME": "admin",
        "WP_APP_PASSWORD": "xxxx xxxx xxxx xxxx",
        "WP_IGNORE_SSL": "false"
      }
    }
  }
}

How it works

On startup the server fetches the WordPress REST API index at WP_URL/wp-json, which returns all registered routes with their methods, arguments, and schemas. Each route becomes an MCP tool:

WP Route

Tool Name

/wp/v2/posts

posts

/wp/v2/posts/(?P<id>[\d]+)

posts.id

/wp/v2/categories

categories

/wp/v2/media/(?P<id>[\d]+)

media.id

/wc/v3/products

wc.v3.products

The wp/v2/ prefix is stripped from core routes for cleaner names. Plugin namespaces are preserved to avoid collisions.

Every tool accepts a required method parameter (enum of the HTTP methods that route supports) plus the route's own arguments as additional parameters.

Built-in parameters

These parameters are injected into every tool's schema by the MCP server.

_fields — Added to all tools. Comma-separated list of fields to include in the response (e.g. id,title,slug). This is a native WordPress query parameter that reduces response size — it is passed through to WordPress.

The following parameters are intercepted by the MCP server and not sent to WordPress:

_save_response — Added to all tools. File path to save the response to instead of returning it inline. When set, the tool returns a compact summary (file path, size, and identifying fields like id/title/type) instead of the full response body. Useful for large responses that would waste context tokens.

_save_response_field — Added to all tools. Used with _save_response. Dot-notation path to extract a specific field before saving (e.g. content.rendered). Only the extracted value is written to the file — string values are written raw (not JSON-quoted), so you get clean HTML/text.

_file_params — Added to writable tools (POST/PUT/PATCH/DELETE). An object mapping parameter names to file paths. Each file is read and its contents used as the string value for that parameter. Example: {"content": "/tmp/page.html", "excerpt": "/tmp/excerpt.txt"}.

_body_file — Added to writable tools. Path to a JSON file whose contents are parsed and merged into the request body. Precedence: _file_params > explicit inline parameters > _body_file.

File-based content workflow

When working with large content (e.g. editing a WordPress page), agents can use these parameters to keep content out of the conversation context entirely:

1. GET  pages.id  { "id": 42, "_save_response": "/tmp/page.json" }
   → returns: {"saved_to":"/tmp/page.json","size":"24.3KB","id":42,"title":"About Us","type":"page"}

2. Agent reads /tmp/page.json, edits it locally

3. POST pages.id  { "id": 42, "method": "POST", "_body_file": "/tmp/page.json" }
   → MCP reads the file and sends its contents as the request body

Or to work with just the content field:

1. GET  pages.id  { "id": 42, "_save_response": "/tmp/content.html", "_save_response_field": "content.rendered" }
   → saves raw HTML to file, returns compact summary

2. Agent edits /tmp/content.html

3. POST pages.id  { "id": 42, "method": "POST", "_file_params": { "content": "/tmp/content.html" } }
   → MCP reads the HTML file and sends it as the content parameter

Other features

  • Media uploads: The media tool accepts a file_path parameter for uploading local files.

  • ACF support: When Advanced Custom Fields is detected, writable tools on core routes get an acf object parameter for setting custom field values.

  • refresh_tools: A built-in tool that re-discovers all WordPress REST API routes. Use after installing plugins or registering new post types.

F
license - not found
-
quality - not tested
D
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/LAPSrj/WP-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server