Skip to content
This repository was archived by the owner on Jan 19, 2026. It is now read-only.
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 53 additions & 47 deletions Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,20 @@

A comprehensive WordPress plugin that implements the [Model Context Protocol (MCP)](https://modelcontextprotocol.io) to expose WordPress functionality through standardized interfaces. This plugin enables AI models and applications to interact with WordPress sites securely using multiple transport protocols and enterprise-grade authentication.

## Features
## Features

- **Dual Transport Protocols**: STDIO and HTTP-based (Streamable) transports
- **JWT Authentication**: Secure token-based authentication with management UI
- **Admin Interface**: React-based token management and settings dashboard
- **AI-Friendly APIs**: JSON-RPC 2.0 compliant endpoints for AI integration
- **Extensible Architecture**: Custom tools, resources, and prompts support
- **WordPress Feature API**: Adapter for standardized WordPress functionality
- **Experimental REST API CRUD Tools**: Generic tools for any WordPress REST API endpoint
- **Comprehensive Testing**: 200+ test cases covering all protocols and authentication
- **High Performance**: Optimized routing and caching mechanisms
- **Enterprise Security**: Multi-layer authentication and audit logging
- 🔄 **Dual Transport Protocols**: STDIO and HTTP-based (Streamable) transports
- 🔐 **JWT Authentication**: Secure token-based authentication with management UI
- 🎛️ **Admin Interface**: React-based token management and settings dashboard
- 🤖 **AI-Friendly APIs**: JSON-RPC 2.0 compliant endpoints for AI integration
- 🏗️ **Extensible Architecture**: Custom tools, resources, and prompts support
- 🔌 **WordPress Feature API**: Adapter for standardized WordPress functionality
- 🧪 **Experimental REST API CRUD Tools**: Generic tools for any WordPress REST API endpoint
- 🧪 **Comprehensive Testing**: 200+ test cases covering all protocols and authentication
- **High Performance**: Optimized routing and caching mechanisms
- 🔒 **Enterprise Security**: Multi-layer authentication and audit logging

## Architecture
## 🏗️ Architecture

The plugin implements a dual transport architecture:

Expand All @@ -42,7 +42,7 @@ WordPress MCP Plugin
| **STDIO** | `/wp/v2/wpmcp` | WordPress-style | JWT + App Passwords | Legacy compatibility |
| **Streamable** | `/wp/v2/wpmcp/streamable` | JSON-RPC 2.0 | JWT only | Modern AI clients |

## Installation
## 🚀 Installation

### Quick Install

Expand All @@ -61,7 +61,7 @@ composer install --no-dev
npm install && npm run build
```

## Authentication Setup
## 🔐 Authentication Setup

### JWT Token Generation

Expand Down Expand Up @@ -164,7 +164,7 @@ npx @modelcontextprotocol/inspector \
}
```

## Usage
## 🎯 Usage

### With MCP Clients

Expand Down Expand Up @@ -196,9 +196,9 @@ The streamable transport provides a direct JSON-RPC 2.0 compliant endpoint, whil
| `prompts/list` | List available prompts | Both |
| `prompts/get` | Get prompt template | Both |

### Experimental REST API CRUD Tools
### 🧪 Experimental REST API CRUD Tools

**EXPERIMENTAL FEATURE**: This functionality is experimental and may change or be removed in future versions.
⚠️ **EXPERIMENTAL FEATURE**: This functionality is experimental and may change or be removed in future versions.

When enabled via `Settings > WordPress MCP > Enable REST API CRUD Tools`, the plugin provides three powerful generic tools that can interact with any WordPress REST API endpoint:

Expand Down Expand Up @@ -232,7 +232,7 @@ When enabled via `Settings > WordPress MCP > Enable REST API CRUD Tools`, the pl
- **Standards Compliant**: Uses standard HTTP methods (GET, POST, PATCH, DELETE)
- **Permission Safe**: Inherits WordPress user capabilities and respects endpoint permissions

## Development
## 🔧 Development

### Project Structure

Expand Down Expand Up @@ -260,17 +260,18 @@ You can extend the MCP functionality by adding custom tools through your own plu
<?php
declare(strict_types=1);

namespace Automattic\WordpressMcp\Tools;
use Automattic\WordpressMcp\Core\RegisterMcpTool;

class MyCustomTool {
public function register(): void {
add_action('wp_mcp_register_tools', [$this, 'register_tool']);
public function __construct() {
add_action('wordpress_mcp_init', [$this, 'register_tools']);
}

public function register_tool(): void {
WPMCP()->register_tool([
public function register_tools(): void {
new RegisterMcpTool([
'name' => 'my_custom_tool',
'description' => 'My custom tool description',
'type' => 'read', // or 'action' for tools that modify data
'inputSchema' => [
'type' => 'object',
'properties' => [
Expand All @@ -279,13 +280,19 @@ class MyCustomTool {
'required' => ['param1']
],
'callback' => [$this, 'execute'],
'permission_callback' => [$this, 'check_permissions'], // optional
]);
}

public function execute(array $args): array {
// Your tool logic here
return ['result' => 'success'];
}

public function check_permissions(): bool {
// Optional: Add custom permission checks
return current_user_can('edit_posts');
}
}
```

Expand All @@ -297,15 +304,15 @@ You can extend the MCP functionality by adding custom resources through your own
<?php
declare(strict_types=1);

namespace Automattic\WordpressMcp\Resources;
use Automattic\WordpressMcp\Core\RegisterMcpResource;

class MyCustomResource {
public function register(): void {
add_action('wp_mcp_register_resources', [$this, 'register_resource']);
public function __construct() {
add_action('wordpress_mcp_init', [$this, 'register_resources']);
}

public function register_resource(): void {
WPMCP()->register_resource([
public function register_resources(): void {
new RegisterMcpResource([
'uri' => 'custom://my-resource',
'name' => 'My Custom Resource',
'description' => 'Custom resource description',
Expand Down Expand Up @@ -350,7 +357,7 @@ npm run build
npm run start
```

## Security
## 🔒 Security

### Best Practices

Expand All @@ -364,14 +371,14 @@ npm run start

### Security Features

- JWT signature validation
- Token expiration and revocation
- User capability inheritance
- Secure secret key generation
- Audit logging for security events
- Protection against malformed requests
- JWT signature validation
- Token expiration and revocation
- User capability inheritance
- Secure secret key generation
- Audit logging for security events
- Protection against malformed requests

## Testing Coverage
## 📊 Testing Coverage

The plugin includes extensive testing:

Expand All @@ -383,7 +390,7 @@ The plugin includes extensive testing:

View detailed testing documentation in [`tests/README.md`](tests/README.md).

## Configuration
## 🔧 Configuration

### Environment Variables

Expand Down Expand Up @@ -413,9 +420,9 @@ The plugin provides granular control over CRUD operations:
- **Enable Delete Tools**: ⚠️ Allow DELETE operations via MCP tools (use with caution)
- **Enable REST API CRUD Tools**: 🧪 Enable experimental generic REST API access tools

**Security Note**: Delete operations can permanently remove data. Only enable delete tools if you trust all users with MCP access.
⚠️ **Security Note**: Delete operations can permanently remove data. Only enable delete tools if you trust all users with MCP access.

## Contributing
## 🤝 Contributing

We welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md).

Expand All @@ -427,7 +434,7 @@ We welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.
4. Set up WordPress test environment
5. Run tests with `vendor/bin/phpunit`

## Documentation
## 📚 Documentation

- **Documentation Overview**: [docs/README.md](docs/README.md)
- **Client Setup Guide**: [docs/client-setup.md](docs/client-setup.md)
Expand All @@ -438,19 +445,18 @@ We welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.
- **Register MCP Tools**: [docs/register-mcp-tools.md](docs/register-mcp-tools.md)
- **Register MCP Prompts**: [docs/register-mcp-prompt.md](docs/register-mcp-prompt.md)
- **Register MCP Resources**: [docs/register-mcp-resources.md](docs/register-mcp-resources.md)
- **Troubleshooting Guide**: [docs/troubleshooting.md](docs/troubleshooting.md)
- **Testing Guide**: [tests/README.md](tests/README.md)

## Support
## 🆘 Support

For support and questions:

- **Documentation**: [docs/README.md](docs/README.md)
- **Bug Reports**: [GitHub Issues](https://github.com/Automattic/wordpress-mcp/issues)
- **Discussions**: [GitHub Discussions](https://github.com/Automattic/wordpress-mcp/discussions)
- **Contact**: Reach out to the maintainers
- 📖 **Documentation**: [docs/README.md](docs/README.md)
- 🐛 **Bug Reports**: [GitHub Issues](https://github.com/Automattic/wordpress-mcp/issues)
- 💬 **Discussions**: [GitHub Discussions](https://github.com/Automattic/wordpress-mcp/discussions)
- ✉️ **Contact**: Reach out to the maintainers

## License
## 📄 License

This project is licensed under the [GPL v2 or later](LICENSE).

Expand Down