Skip to content

MissionSquad/mcp-wordpress

BranchesTags
 
 

Repository files navigation

WordPress MCP Server

@missionsquad/mcp-wp is a stdio MCP server for interacting with WordPress through the WordPress REST API.

This package now supports two runtime modes:

  • MissionSquad hidden-secret mode: per-call hidden credentials injected by MissionSquad
  • local standalone mode: single-site env fallback

Runtime Contract

MissionSquad Hidden-Secret Mode

MissionSquad should register this server with hidden secretNames and inject them per tool call.

Recommended hidden keys:

  • siteUrl
  • username
  • password
  • sqlEndpoint (optional)

These values are intentionally not part of the public tool schema.

The server reads them from FastMCP context.extraArgs.

Local Standalone Mode

For local usage outside MissionSquad, configure a single site with:

WORDPRESS_API_URL=https://your-wordpress-site.com
WORDPRESS_USERNAME=wp_username
WORDPRESS_PASSWORD=wp_app_password
WORDPRESS_SQL_ENDPOINT=/mcp/v1/query

Only one fallback site is supported in env mode.

Legacy numbered WORDPRESS_N_* multi-site env configuration is no longer supported by this runtime.

Features

  • FastMCP stdio server
  • hidden per-call WordPress credentials for MissionSquad compatibility
  • single-site env fallback for local usage
  • unified content tools
  • unified taxonomy tools
  • media, users, comments, plugins, and plugin-repository tools
  • optional SQL query tool with custom endpoint
  • ACF/ACF Pro REST support for exposed field groups on content, taxonomy terms, and users

Tool Surface

Site

  • list_sites
  • get_site
  • test_site

These now describe the current request-scoped site only.

Content

  • list_content
  • get_content
  • create_content
  • update_content
  • delete_content
  • discover_content_types
  • find_content_by_url
  • get_content_by_slug

Content read tools support fields: ["acf"] and acf_format for focused ACF reads. Content create/update tools support a nested acf object for ACF/ACF Pro writes. create_content defaults content to an empty string, so ACF-driven posts can be created with title plus acf without inventing a classic editor body.

Taxonomies

  • discover_taxonomies
  • list_terms
  • get_term
  • create_term
  • update_term
  • delete_term
  • assign_terms_to_content
  • get_content_terms

Term read tools support fields: ["acf"] and acf_format for focused ACF reads. Term create/update tools support a nested acf object for ACF/ACF Pro writes.

ACF

  • get_acf_schema

Use get_acf_schema before writing unknown ACF fields. It checks the WordPress REST OPTIONS schema for content, taxonomy terms, or users and returns only fields exposed by ACF through REST. Use target plus resource, for example { "target": "content", "resource": "post" }, { "target": "content", "resource": "steals" }, { "target": "term", "resource": "category" }, or { "target": "user", "resource": "me" }. ACF writes must be sent under the nested acf object on the relevant create/update tool.

Local ACF schema smoke test:

npm run test:acf-schema
npm run test:acf-schema -- --target content --resource page
npm run test:acf-schema -- --target content --resource steals
npm run test:acf-schema -- --target term --resource category
npm run test:acf-schema -- --target user --resource me

The script loads local .env configuration, invokes the same get_acf_schema handler used by the MCP server, and prints the normalized tool response.

Local ACF content read smoke test:

npm run test:acf-content -- --content-type post --id 123
npm run test:acf-content -- --content-type page --id 456
npm run test:acf-content -- --content-type steals --per-page 10

This reads id,slug,title,acf with acf_format=standard through the same REST helpers used by the MCP content tools.

Media

  • list_media
  • create_media
  • edit_media
  • delete_media

Users

  • list_users
  • get_user
  • create_user
  • update_user
  • delete_user

Comments

  • list_comments
  • get_comment
  • create_comment
  • update_comment
  • delete_comment

Plugins

  • list_plugins
  • get_plugin
  • activate_plugin
  • deactivate_plugin
  • create_plugin

Plugin Repository

  • search_plugins
  • get_plugin_info

SQL

  • execute_sql_query

MissionSquad Registration Example

{
  "name": "mcp-wordpress",
  "transportType": "stdio",
  "command": "node",
  "args": ["/absolute/path/to/build/server.js"],
  "secretNames": ["siteUrl", "username", "password", "sqlEndpoint"],
  "enabled": true
}

Local Development

Install

npm install

Build

npm run build

Test

npm test

GitHub Actions

This package includes MissionSquad-standard GitHub workflows:

  • PR build/test on pull request opened and synchronize
  • npm publish on push to main

The publish workflow targets the @missionsquad npm scope and publishes with:

npm publish --access public

Run

npm start

Dev Mode

npm run dev

SQL Query Tool

execute_sql_query is intended for a custom read-only SQL endpoint on the target WordPress site.

Default endpoint:

/mcp/v1/query

Override order:

  1. hidden sqlEndpoint
  2. WORDPRESS_SQL_ENDPOINT
  3. default /mcp/v1/query

Only read-only queries are allowed.

Security

  • do not expose siteUrl, username, password, or sqlEndpoint in public tool schemas
  • do not log hidden runtime config
  • use HTTPS for WordPress sites
  • use WordPress application passwords instead of primary login credentials

About

MCP Server for WordPress

instawp.com/wordpress-mcp/

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • TypeScript 96.6%
  • JavaScript 3.4%