WordPress MCP Server

Overview Schema Related Servers Score Discussions

update-user

Modify WordPress user details, including username, email, password, display name, and roles, using the 'update-user' tool for streamlined account management on WordPress MCP Server.

Instructions

Update an existing WordPress user

Input Schema

TableJSON Schema

Name	Required	Description
`description`	No	New description of the user
`email`	No	New email address for the user
`firstName`	No	New first name for the user
`lastName`	No	New last name for the user
`locale`	No	New locale for the user
`name`	No	New display name for the user
`newPassword`	No	New password for the user
`newUsername`	No	New login name for the user
`nickname`	No	New nickname for the user
`password`	Yes	WordPress application password
`roles`	No	New roles assigned to the user
`siteUrl`	Yes	WordPress site URL
`slug`	No	New alphanumeric identifier for the user
`url`	No	New URL of the user
`userId`	Yes	User ID or 'me' for current user
`username`	Yes	WordPress username

Implementation Reference

src/index.ts:447-518 (handler)

Handler function that constructs update data from inputs, calls makeWPRequest to POST to /wp-json/wp/v2/users/{userId}, and returns success/error message.

async ({ 
  siteUrl, 
  username, 
  password,
  userId,
  newUsername,
  email,
  newPassword,
  name,
  firstName,
  lastName,
  url,
  description,
  locale,
  nickname,
  slug,
  roles,
}) => {
  try {
    const userData: Record<string, any> = {};

    if (newUsername) userData.username = newUsername;
    if (email) userData.email = email;
    if (newPassword) userData.password = newPassword;
    if (name) userData.name = name;
    if (firstName) userData.first_name = firstName;
    if (lastName) userData.last_name = lastName;
    if (url) userData.url = url;
    if (description) userData.description = description;
    if (locale) userData.locale = locale;
    if (nickname) userData.nickname = nickname;
    if (slug) userData.slug = slug;
    if (roles) userData.roles = roles;

    if (Object.keys(userData).length === 0) {
      return {
        content: [
          {
            type: "text",
            text: "No update data provided. Please specify at least one field to update.",
          },
        ],
      };
    }

    const user = await makeWPRequest<WPUser>({
      siteUrl,
      endpoint: `users/${userId}`,
      method: "POST",
      auth: { username, password },
      data: userData
    });
    
    return {
      content: [
        {
          type: "text",
          text: `Successfully updated user:\nID: ${user.id}\nUsername: ${user.name || newUsername || "Unchanged"}\nEmail: ${email || "Unchanged"}`,
        },
      ],
    };
  } catch (error) {
    return {
      content: [
        {
          type: "text",
          text: `Error updating user: ${error instanceof Error ? error.message : String(error)}`,
        },
      ],
    };
  }
}

src/index.ts:429-446 (schema)

Zod schema defining all input parameters for the update-user tool, including site credentials, user ID, and optional fields to update.

{
  siteUrl: z.string().url().describe("WordPress site URL"),
  username: z.string().describe("WordPress username"),
  password: z.string().describe("WordPress application password"),
  userId: z.union([z.string(), z.number(), z.literal("me")]).describe("User ID or 'me' for current user"),
  newUsername: z.string().optional().describe("New login name for the user"),
  email: z.string().email().optional().describe("New email address for the user"),
  newPassword: z.string().optional().describe("New password for the user"),
  name: z.string().optional().describe("New display name for the user"),
  firstName: z.string().optional().describe("New first name for the user"),
  lastName: z.string().optional().describe("New last name for the user"),
  url: z.string().url().optional().describe("New URL of the user"),
  description: z.string().optional().describe("New description of the user"),
  locale: z.enum(["", "en_US"]).optional().describe("New locale for the user"),
  nickname: z.string().optional().describe("New nickname for the user"),
  slug: z.string().optional().describe("New alphanumeric identifier for the user"),
  roles: z.array(z.string()).optional().describe("New roles assigned to the user"),
},

src/index.ts:426-519 (registration)

Registration of the 'update-user' tool using server.tool() with name, description, input schema, and handler function.

server.tool(
  "update-user",
  "Update an existing WordPress user",
  {
    siteUrl: z.string().url().describe("WordPress site URL"),
    username: z.string().describe("WordPress username"),
    password: z.string().describe("WordPress application password"),
    userId: z.union([z.string(), z.number(), z.literal("me")]).describe("User ID or 'me' for current user"),
    newUsername: z.string().optional().describe("New login name for the user"),
    email: z.string().email().optional().describe("New email address for the user"),
    newPassword: z.string().optional().describe("New password for the user"),
    name: z.string().optional().describe("New display name for the user"),
    firstName: z.string().optional().describe("New first name for the user"),
    lastName: z.string().optional().describe("New last name for the user"),
    url: z.string().url().optional().describe("New URL of the user"),
    description: z.string().optional().describe("New description of the user"),
    locale: z.enum(["", "en_US"]).optional().describe("New locale for the user"),
    nickname: z.string().optional().describe("New nickname for the user"),
    slug: z.string().optional().describe("New alphanumeric identifier for the user"),
    roles: z.array(z.string()).optional().describe("New roles assigned to the user"),
  },
  async ({ 
    siteUrl, 
    username, 
    password,
    userId,
    newUsername,
    email,
    newPassword,
    name,
    firstName,
    lastName,
    url,
    description,
    locale,
    nickname,
    slug,
    roles,
  }) => {
    try {
      const userData: Record<string, any> = {};

      if (newUsername) userData.username = newUsername;
      if (email) userData.email = email;
      if (newPassword) userData.password = newPassword;
      if (name) userData.name = name;
      if (firstName) userData.first_name = firstName;
      if (lastName) userData.last_name = lastName;
      if (url) userData.url = url;
      if (description) userData.description = description;
      if (locale) userData.locale = locale;
      if (nickname) userData.nickname = nickname;
      if (slug) userData.slug = slug;
      if (roles) userData.roles = roles;

      if (Object.keys(userData).length === 0) {
        return {
          content: [
            {
              type: "text",
              text: "No update data provided. Please specify at least one field to update.",
            },
          ],
        };
      }

      const user = await makeWPRequest<WPUser>({
        siteUrl,
        endpoint: `users/${userId}`,
        method: "POST",
        auth: { username, password },
        data: userData
      });
      
      return {
        content: [
          {
            type: "text",
            text: `Successfully updated user:\nID: ${user.id}\nUsername: ${user.name || newUsername || "Unchanged"}\nEmail: ${email || "Unchanged"}`,
          },
        ],
      };
    } catch (error) {
      return {
        content: [
          {
            type: "text",
            text: `Error updating user: ${error instanceof Error ? error.message : String(error)}`,
          },
        ],
      };
    }
  }
);

src/index.ts:158-194 (helper)

Helper function makeWPRequest used by the handler to make authenticated HTTP requests to WordPress REST API endpoints.

async function makeWPRequest<T>({
  siteUrl, 
  endpoint,
  method = 'GET',
  auth,
  data = null,
  params = null
}: {
  siteUrl: string;
  endpoint: string;
  method?: 'GET' | 'POST' | 'PUT' | 'DELETE';
  auth: { username: string; password: string };
  data?: any;
  params?: any;
}): Promise<T> {
  const authString = Buffer.from(`${auth.username}:${auth.password}`).toString('base64');
  
  try {
    const response = await axios({
      method,
      url: `${siteUrl}/wp-json/wp/v2/${endpoint}`,
      headers: {
        'Authorization': `Basic ${authString}`,
        'Content-Type': 'application/json',
      },
      data: data,
      params: params
    });
    
    return response.data as T;
  } catch (error) {
    if (axios.isAxiosError(error) && error.response) {
      throw new Error(`WordPress API error: ${error.response.data?.message || error.message}`);
    }
    throw error;
  }
}

src/index.ts:59-64 (schema)
TypeScript interface WPUser used as return type for makeWPRequest in the handler.
```
interface WPUser {
  id: number;
  name?: string;
  slug?: string;
  roles?: string[];
}
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. 'Update an existing WordPress user' implies a mutation operation but reveals nothing about permissions required, whether changes are reversible, rate limits, error conditions, or what happens when only partial fields are provided. This is inadequate for a mutation tool with 16 parameters.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that states the core purpose without unnecessary words. It's appropriately sized and front-loaded with the essential information. Every word earns its place in this minimal description.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with 16 parameters, no annotations, and no output schema, the description is severely incomplete. It doesn't explain what happens during updates, what permissions are needed, how partial updates work, or what the tool returns. The agent must rely entirely on the schema for understanding, which is insufficient for safe tool invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so all parameters are documented in the schema itself. The description adds no additional parameter information beyond what's in the schema. According to scoring rules, when schema coverage is high (>80%), the baseline is 3 even with no param info in the description.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Update') and resource ('an existing WordPress user'), making the purpose immediately understandable. It distinguishes this from sibling tools like 'create-user' and 'delete-user' by specifying it's for existing users. However, it doesn't specify what aspects of the user can be updated, which prevents a perfect score.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (like authentication), when to use 'update-user' versus 'create-user' or 'delete-user', or any constraints on usage. The agent must infer usage entirely from the tool name and schema.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Related Tools

replaceUser
@molavec/mcp-yaml-api
pb_admin_update_userB
@paullippert/pb_mcp
update_postC
@Leonelberio/the-wordpress-mcp-server
delete-userC
@prathammanocha/wordpress-mcp-server
cldkctl_update_profile
@raffelprama/mcp-cldkctl
update_user
@JurreBrandsenInfoSupport/zendesk-mcp

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/prathammanocha/wordpress-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server