WP-MCP
Provides tools for interacting with the WordPress REST API, enabling management of posts, pages, categories, media, and other content types on a WordPress site.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@WP-MCPlist the latest 5 posts"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
WP-MCP
MCP server that wraps the WordPress REST JSON API. It dynamically discovers all available routes from your WordPress site and exposes each as an MCP tool.
Features
Automatic route discovery from
/wp-json— all core and plugin endpoints are exposedAuthentication via WordPress Application Passwords
Optional SSL certificate verification bypass for local/dev environments
One tool per route with
methodas a parameter (GET, POST, PUT, PATCH, DELETE)Clean tool names:
posts,posts.id,categories,media.id, etc.
Related MCP server: WordPress MCP Proxy
Configuration
The server is configured via environment variables passed through your MCP client:
Variable | Required | Description |
| Yes | WordPress site URL (e.g. |
| No | WordPress username for authenticated requests |
| No | WordPress Application Password |
| No | Set to |
| No | Tool exposure strategy: |
| No | Comma-separated list of tool names or route patterns for allowlist/blocklist modes |
| No |
|
Generating an Application Password
In your WordPress admin, go to Users > Profile
Scroll to Application Passwords
Enter a name (e.g. "wp-mcp") and click Add New Application Password
Copy the generated password
Setup
Build from source
npm install
npm run buildMCP client configuration
Add to your MCP client settings (e.g. Claude Desktop claude_desktop_config.json or VS Code settings.json):
{
"mcpServers": {
"wordpress": {
"command": "node",
"args": ["/path/to/wp-mcp/dist/index.js"],
"env": {
"WP_URL": "https://example.com",
"WP_USERNAME": "admin",
"WP_APP_PASSWORD": "xxxx xxxx xxxx xxxx",
"WP_IGNORE_SSL": "false"
}
}
}
}How it works
On startup the server fetches the WordPress REST API index at WP_URL/wp-json, which returns all registered routes with their methods, arguments, and schemas. Each route becomes an MCP tool:
WP Route | Tool Name |
|
|
|
|
|
|
|
|
|
|
The wp/v2/ prefix is stripped from core routes for cleaner names. Plugin namespaces are preserved to avoid collisions.
Every tool accepts a required method parameter (enum of the HTTP methods that route supports) plus the route's own arguments as additional parameters.
Built-in parameters
These parameters are injected into every tool's schema by the MCP server.
_fields — Added to all tools. Comma-separated list of fields to include in the response (e.g. id,title,slug). This is a native WordPress query parameter that reduces response size — it is passed through to WordPress.
The following parameters are intercepted by the MCP server and not sent to WordPress:
_save_response — Added to all tools. File path to save the response to instead of returning it inline. When set, the tool returns a compact summary (file path, size, and identifying fields like id/title/type) instead of the full response body. Useful for large responses that would waste context tokens.
_save_response_field — Added to all tools. Used with _save_response. Dot-notation path to extract a specific field before saving (e.g. content.rendered). Only the extracted value is written to the file — string values are written raw (not JSON-quoted), so you get clean HTML/text.
_file_params — Added to writable tools (POST/PUT/PATCH/DELETE). An object mapping parameter names to file paths. Each file is read and its contents used as the string value for that parameter. Example: {"content": "/tmp/page.html", "excerpt": "/tmp/excerpt.txt"}.
_body_file — Added to writable tools. Path to a JSON file whose contents are parsed and merged into the request body. Precedence: _file_params > explicit inline parameters > _body_file.
File-based content workflow
When working with large content (e.g. editing a WordPress page), agents can use these parameters to keep content out of the conversation context entirely:
1. GET pages.id { "id": 42, "_save_response": "/tmp/page.json" }
→ returns: {"saved_to":"/tmp/page.json","size":"24.3KB","id":42,"title":"About Us","type":"page"}
2. Agent reads /tmp/page.json, edits it locally
3. POST pages.id { "id": 42, "method": "POST", "_body_file": "/tmp/page.json" }
→ MCP reads the file and sends its contents as the request bodyOr to work with just the content field:
1. GET pages.id { "id": 42, "_save_response": "/tmp/content.html", "_save_response_field": "content.rendered" }
→ saves raw HTML to file, returns compact summary
2. Agent edits /tmp/content.html
3. POST pages.id { "id": 42, "method": "POST", "_file_params": { "content": "/tmp/content.html" } }
→ MCP reads the HTML file and sends it as the content parameterOther features
Media uploads: The
mediatool accepts afile_pathparameter for uploading local files.ACF support: When Advanced Custom Fields is detected, writable tools on core routes get an
acfobject parameter for setting custom field values.refresh_tools: A built-in tool that re-discovers all WordPress REST API routes. Use after installing plugins or registering new post types.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/LAPSrj/WP-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server