Skip to content

ApiCentraal/FectionWP-MCP-Connector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
includes
includes
Β 
Β 
README.md
README.md
Β 
Β 
mcp-wp-connector.php
mcp-wp-connector.php
Β 
Β 

Repository files navigation

MCP WordPress Connector

GitHub release WordPress PHP License

Lightweight connector plugin for WordPress 6.9+ to allow a Management Control Plane (MCP) to perform safe management actions via REST API and WP-CLI.

✨ Features

  • πŸ”Œ REST API β€” Full remote management via authenticated endpoints
  • πŸ–₯️ WP-CLI β€” Command-line interface for SSH-based automation
  • πŸ”’ Secure β€” API key authentication with env var support
  • πŸ“¦ Plugin Management β€” List, update single, or bulk update all plugins
  • πŸ“ Content Management β€” Create posts remotely
  • 🧹 Cache Control β€” Flush object cache on demand
  • πŸ“‘ Site Registration β€” Register your site with an external MCP server

πŸ“₯ Installation

Via ZIP (recommended)

  1. Download the latest release from GitHub Releases.
  2. In WP Admin go to Plugins β†’ Add New β†’ Upload Plugin, select the zip and click Install Now.
  3. Activate the plugin.

Via Composer

composer require apicentraal/mcp-wp-connector

Via Git / Manual

cd /path/to/wordpress/wp-content/plugins
git clone https://github.com/ApiCentraal/mcp-wp-connector.git

Then activate in WP Admin.

βš™οΈ Configuration

  1. Go to Settings β†’ MCP Connector.
  2. Enter your MCP API URL (e.g. https://mcp.example.com/api).
  3. Enter your MCP API Key (generate with openssl rand -hex 32).
  4. Click Save Changes.
  5. Optionally click Register site to POST site metadata to the MCP.

Environment Variable (recommended for production)

# Add to your server environment or wp-config.php
export MCP_API_KEY="your_64_char_hex_key_here"

The plugin will automatically read from the MCP_API_KEY env var if set.

πŸ”— REST API Endpoints

All endpoints require authentication via Authorization: Bearer <API_KEY> header or X-MCP-API-Key: <API_KEY> header.

Endpoints Overview

Endpoint Method Description
/wp-json/mcp/v1/action/ping POST Returns site URL, WP version, PHP version, time
/wp-json/mcp/v1/action/status POST Returns DB prefix, active plugin count, WP version
/wp-json/mcp/v1/action/create_post POST Create a post
/wp-json/mcp/v1/action/clear_cache POST Flushes object cache
/wp-json/mcp/v1/action/list_plugins POST Returns list of all plugins
/wp-json/mcp/v1/action/update_plugin POST Update single plugin
/wp-json/mcp/v1/action/update_all_plugins POST Update all plugins with available updates
/wp-json/mcp/v1/register POST Register site with MCP server

Request/Response Examples

Ping

curl -X POST https://example.com/wp-json/mcp/v1/action/ping \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "url": "https://example.com",
  "wp_version": "6.9",
  "php_version": "8.2.0",
  "time": "2025-12-13 18:00:00"
}

Create Post

curl -X POST https://example.com/wp-json/mcp/v1/action/create_post \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title": "Hello World", "content": "<p>My content</p>", "status": "draft"}'

Response:

{"post_id": 123}

List Plugins

curl -X POST https://example.com/wp-json/mcp/v1/action/list_plugins \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{
  "plugins": [
    {"slug": "akismet/akismet.php", "name": "Akismet", "version": "5.0", "active": true},
    {"slug": "hello-dolly/hello.php", "name": "Hello Dolly", "version": "1.7", "active": false}
  ]
}

Update Plugin

curl -X POST https://example.com/wp-json/mcp/v1/action/update_plugin \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"plugin": "akismet/akismet.php"}'

Update All Plugins

curl -X POST https://example.com/wp-json/mcp/v1/action/update_all_plugins \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:

{"updated": ["plugin-a/plugin-a.php"], "failed": []}

πŸ–₯️ WP-CLI Commands

If WP-CLI is available, the plugin registers these commands:

Command Description
wp mcp ping Show site info
wp mcp status Show DB prefix, active plugins, WP version
wp mcp clear-cache Flush object cache
wp mcp list-plugins List all plugins with status
wp mcp update-plugin <slug> Update a single plugin
wp mcp update-all-plugins Update all plugins with available updates
wp mcp create-post Create a post
wp mcp register Register site with MCP server

Examples

# Basic info
wp mcp ping
wp mcp status

# Plugin management
wp mcp list-plugins
wp mcp update-plugin akismet/akismet.php
wp mcp update-all-plugins

# Create content
wp mcp create-post --title="New Post" --content="Content here" --status=publish

# Register with MCP
wp mcp register

πŸ”’ Security

Aspect Recommendation
API Key Storage Use MCP_API_KEY env var instead of database
HTTPS Always use HTTPS for API calls
IP Restriction Restrict endpoint access via firewall/Cloudflare
Key Rotation Rotate API keys periodically
Permissions Plugin update endpoints modify files β€” use carefully

Best Practices

  1. Never commit API keys to version control
  2. Use environment variables for sensitive configuration
  3. Restrict IP access to the REST endpoints if possible
  4. Monitor logs for unauthorized access attempts
  5. Keep plugins updated including this connector

πŸ“ File Structure

mcp-wp-connector/
β”œβ”€β”€ mcp-wp-connector.php   # Main plugin loader (v1.1.0)
β”œβ”€β”€ README.md              # This file
β”œβ”€β”€ LICENSE                # MIT License
└── includes/
    β”œβ”€β”€ helpers.php        # API key/URL helpers, registration, auth
    β”œβ”€β”€ admin.php          # WP Admin settings page
    β”œβ”€β”€ rest.php           # REST API routes and handlers
    └── cli.php            # WP-CLI commands

πŸ§ͺ Testing

Quick Test

  1. Activate the plugin
  2. Configure API URL and Key in Settings β†’ MCP Connector
  3. Test with cURL: 
    curl -X POST https://yoursite.com/wp-json/mcp/v1/action/ping \
  -H "Authorization: Bearer YOUR_KEY"

WP-CLI Test

wp mcp ping
wp mcp list-plugins

Full Test Suite

# 1. Ping
curl -s -X POST https://yoursite.com/wp-json/mcp/v1/action/ping \
  -H "Authorization: Bearer $MCP_KEY" | jq

# 2. Status
curl -s -X POST https://yoursite.com/wp-json/mcp/v1/action/status \
  -H "Authorization: Bearer $MCP_KEY" | jq

# 3. List plugins
curl -s -X POST https://yoursite.com/wp-json/mcp/v1/action/list_plugins \
  -H "Authorization: Bearer $MCP_KEY" | jq

# 4. Clear cache
curl -s -X POST https://yoursite.com/wp-json/mcp/v1/action/clear_cache \
  -H "Authorization: Bearer $MCP_KEY" | jq

# 5. Create test post
curl -s -X POST https://yoursite.com/wp-json/mcp/v1/action/create_post \
  -H "Authorization: Bearer $MCP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title":"Test","status":"draft"}' | jq

πŸ“‹ Changelog

1.1.0 (2025-12-13)

  • ✨ Added list_plugins, update_plugin, update_all_plugins REST actions
  • ✨ Added WP-CLI integration (wp mcp ...)
  • πŸ“š Improved README with full documentation

1.0.1 (2025-12-13)

  • ♻️ Refactored into modular structure (includes/)

1.0.0 (2025-12-13)

  • πŸŽ‰ Initial release
  • Basic REST endpoints: ping, status, create_post, clear_cache, register

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

πŸ“„ License

MIT Β© ApiCentraal

πŸ”— Links

1.0.1

  • Refactored into modular structure (includes/).

1.0.0

  • Initial release.

License

MIT Β© ApiCentraal

About

Lightweight connector plugin for WordPress 6.9 to allow a Management Control Plane (MCP) to perform safe management actions.

/fectionlabs.com/FectionWP/Wordpress-MCP-Connector

Topics

wordpress-plugin wordpress-development mcp wordpress-mcp-server

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v1.1.0 Latest
Dec 13, 2025
+ 1 release

Packages

No packages published

Languages