Comprehensive WordPress and WooCommerce control via Model Context Protocol (MCP). Manage posts, pages, media, templates, and products through natural language with Claude Desktop.
- π Complete WordPress Control - Posts, pages, media, users
- π WooCommerce Integration - Products, orders, customers
- π Template Editing - Direct theme file editing with backups
- π Security First - Application passwords, rate limiting, input sanitization
- β‘ Async Operations - Fast, non-blocking API calls
- π Bulk Operations - Update multiple items efficiently
- WordPress 5.6+ with Application Passwords enabled
- Python 3.8+
- Claude Desktop
- Clone the repository:
git clone https://github.com/Breuk-AI/wordpress-mcp.git
cd wordpress-mcp-
Install the WordPress plugin:
- Upload
wp-mcp-pluginfolder to/wp-content/plugins/ - Activate "WordPress MCP Integration" in WordPress admin
- Upload
-
Configure the MCP server:
Use for easy 1-click installation and configuration
dxt install https://github.com/Breuk-AI/wordpress-mcp
or
cd mcp-server
cp .env.example .env
# Edit .env with your WordPress credentials- Add to Claude Desktop config:
{
"wordpress": {
"command": "python",
"args": ["E:\\path\\to\\wordpress-mcp\\mcp-server\\server.py"],
"env": {
"WP_SITE_URL": "https://your-site.com",
"WP_USERNAME": "your-username",
"WP_APP_PASSWORD": "xxxx xxxx xxxx xxxx xxxx xxxx"
}
}
}- Posts - Create, read, update, delete, search posts
- Pages - Full page management
- Media - Upload and manage media library
- Templates - Edit theme files with automatic backups
- Users - User management and capabilities
- System - WordPress configuration and status
- Products - Complete product management
- Orders - Order processing and updates
- Customers - Customer data management
- Bulk Operations - Update prices, stock, etc.
- β Path Traversal Protection - Validated file access
- β Authentication Security - Hashed password storage
- β Rate Limiting - Prevents API abuse
- β Input Sanitization - Protects against injection
- β HTTPS Enforcement - Secure connections required
- β File Extension Validation - Only .php files editable
WordPress MCP respects your privacy and data:
- Local Operation Only - All operations occur between Claude Desktop and your WordPress site
- No Data Collection - We do not collect, store, or transmit any user data or conversation data
- No Third-Party Services - No external services are used beyond your WordPress site
- Secure Credential Storage - Application passwords are stored securely in your OS keychain
- Your Data Stays Yours - All WordPress content remains on your server
- No Analytics or Tracking - Zero telemetry or usage tracking
- Open Source Transparency - All code is publicly auditable on GitHub
The only data accessed is:
- Your WordPress site content (posts, pages, products) - only when you request it
- WordPress configuration needed for operations
- Theme files when using template editing features
All data transmission uses secure HTTPS connections directly to your WordPress site.
- WordPress 5.6 or higher
- PHP 7.4 or higher
- Application Passwords enabled
- SSL certificate (recommended)
pip install -r mcp-server/requirements.txtContributions are welcome! Please read our Contributing Guide for details.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with Model Context Protocol
- Powered by WordPress REST API
- Created with Claude AI assistance
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Security: See SECURITY.md for reporting vulnerabilities
- β Production Ready (v1.1.1)
- β Security Audited
- β CI/CD Pipeline Active
- β Documentation Complete
Made with β€οΈ by Breuk & Claude