WordPress Remote
OfficialConnects AI assistants to WordPress websites through REST API calls, allowing content management and data access with multiple authentication methods including OAuth 2.0 and JWT tokens.
Bridges WordPress websites and WooCommerce data with local clients through REST API calls, enabling content access without direct streaming connections.
What it does
- Access WordPress content via REST API
- Authenticate using OAuth 2.0, JWT, or application passwords
- Manage WooCommerce data remotely
- Handle automatic token validation and refresh
- Register clients dynamically
- Discover endpoints automatically
Best for
About WordPress Remote
WordPress Remote is an official MCP server published by automattic that provides AI assistants with tools and capabilities via the Model Context Protocol. WordPress Remote connects your WordPress and WooCommerce data to local clients via REST API, ensuring secure, direct con It is categorized under developer tools, productivity.
How to install
You can install WordPress Remote in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
WordPress Remote is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
MCP WordPress Remote
A Model Context Protocol (MCP) server for seamless WordPress integration
Connect AI assistants like Claude Desktop to your WordPress sites with multiple authentication methods including OAuth 2.0, JWT tokens, and application passwords.
Features
- MCP Authorization Specification Compliant - Implements MCP Authorization specification 2025-06-18
- OAuth 2.1 with PKCE - Secure authorization code flow with PKCE (RFC 7636)
- Resource Indicators - RFC 8707 compliance for token audience binding
- Dynamic Client Registration - RFC 7591 support for automatic client registration
- Protected Resource Metadata Discovery - RFC 9728 for automatic endpoint discovery
- Multiple Authentication Methods - OAuth 2.1, JWT tokens, and WordPress application passwords
- Persistent Token Storage - OAuth tokens stored securely with automatic validation
- Multi-instance Coordination - Lockfiles prevent authentication conflicts
- Automatic Token Management - Handles validation, refresh, and cleanup
- Enhanced Error Handling - Detailed error messages with proper categorization
- Comprehensive Logging - Structured logging with categories and levels
- Complete MCP Support - Tools, resources, prompts, and more
Quick Start
Installation
npm install @automattic/mcp-wordpress-remote
Configuration
Add to your MCP client configuration (e.g., Claude Desktop's claude_desktop_config.json):
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com"
}
}
}
}
Custom Headers
You can add custom headers to all API requests using the CUSTOM_HEADERS environment variable. This is useful for API keys, custom authentication, or other header requirements.
JSON Format (Recommended):
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"CUSTOM_HEADERS": "{\"X-MCP-API-Key\": \"*Ibo7tweixlbfuwaiufxgakjyefctwajcetb*\", \"X-Custom-Header\": \"value\"}"
}
}
}
}
Comma-Separated Format:
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"CUSTOM_HEADERS": "X-MCP-API-Key:IOskncfyes78U8on3q7ry43o487tybrc,X-Custom-Header:value"
}
}
}
}
Command Line Usage:
CUSTOM_HEADERS='{"X-MCP-API-Key": "wc_mcp_FaQduhQcW0mfVaZgP3yaaqDuXaZ3mw7j"}' \
WP_API_URL="https://your-site.com" \
npx @automattic/mcp-wordpress-remote
Custom headers are included in:
- All WordPress API requests
- OAuth discovery requests
- OAuth token exchange requests
- OAuth client registration requests
First Run
- Start your MCP client (Claude Desktop, etc.)
- Choose authentication method based on your preference:
- OAuth 2.0 (default): Browser opens automatically for authorization
- JWT Token: Set
JWT_TOKENenvironment variable - Application Password: Set
WP_API_USERNAMEandWP_API_PASSWORD
- Start using WordPress features in your AI assistant
WordPress MCP Plugin
You need to install the wordpress-mcp plugin on your WordPress website and enable MCP Functionality in Settings > MCP Settings.
Authentication Methods
1. OAuth 2.1 (Recommended - MCP Compliant)
OAuth 2.1 provides the most secure and user-friendly experience with full MCP Authorization specification compliance.
For Self-Hosted WordPress Sites:
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"OAUTH_ENABLED": "true"
}
}
}
}
MCP Authorization Specification Features:
- OAuth 2.1 authorization code flow with PKCE (RFC 7636)
- Resource Indicators (RFC 8707) for token audience binding
- Dynamic Client Registration (RFC 7591) when supported
- Protected Resource Metadata Discovery (RFC 9728)
- Authorization Server Metadata Discovery (RFC 8414)
Benefits:
- Full compliance with MCP Authorization specification 2025-06-18
- Enhanced security with PKCE protection
- One-time browser authorization
- Tokens stored securely with automatic validation
- Automatic endpoint discovery
- No need to manage passwords
- Automatic expiration handling
2. JWT Token Authentication
For server-to-server authentication or when OAuth is not available.
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"JWT_TOKEN": "your-jwt-token-here"
}
}
}
}
3. WordPress Application Passwords (Legacy)
Uses WordPress username and application password for basic authentication.
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"WP_API_USERNAME": "your-username",
"WP_API_PASSWORD": "your-application-password",
"OAUTH_ENABLED": "false"
}
}
}
}
To create an application password:
- Go to your WordPress admin dashboard
- Navigate to Users > Profile
- Scroll down to "Application Passwords"
- Create a new application password for MCP access
Advanced Configuration
Custom OAuth Settings
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"OAUTH_CALLBACK_PORT": "7665",
"OAUTH_HOST": "127.0.0.1",
"WP_OAUTH_CLIENT_ID": "your-custom-client-id"
}
}
}
}
WooCommerce Integration
For WooCommerce-specific tools and reports:
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com",
"WOO_CUSTOMER_KEY": "ck_your-consumer-key",
"WOO_CUSTOMER_SECRET": "cs_your-consumer-secret"
}
}
}
}
Environment Variables
| Variable | Description | Default | Required |
|---|---|---|---|
WP_API_URL | WordPress site URL | - | ✅ |
OAUTH_ENABLED | Enable OAuth authentication | true | - |
OAUTH_CALLBACK_PORT | OAuth callback port | 7665 | - |
OAUTH_HOST | OAuth callback hostname | 127.0.0.1 | - |
WP_OAUTH_CLIENT_ID | Custom OAuth client ID | - | - |
| OAuth Endpoints | |||
OAUTH_AUTHORIZE_ENDPOINT | OAuth authorization endpoint | - | ✅ (for custom OAuth) |
OAUTH_TOKEN_ENDPOINT | OAuth token endpoint | - | ✅ (for custom OAuth) |
OAUTH_AUTHENTICATE_ENDPOINT | OAuth authenticate endpoint | - | - |
| MCP OAuth 2.1 Settings | |||
OAUTH_FLOW_TYPE | OAuth flow type (authorization_code or implicit) | authorization_code | - |
OAUTH_USE_PKCE | Use PKCE (required for OAuth 2.1) | true | - |
OAUTH_DYNAMIC_REGISTRATION | Enable dynamic client registration | true | - |
OAUTH_RESOURCE_INDICATOR | Use resource indicators (RFC 8707) | true | - |
| Configuration | |||
WP_MCP_CONFIG_DIR | Config directory override | ~/.mcp-auth | - |
LOG_FILE | Log file path | - | - |
LOG_LEVEL | Log level (0-3) | 2 | - |
| Legacy Authentication | |||
JWT_TOKEN | JWT token for authentication | - | - |
WP_API_USERNAME | WordPress username (legacy) | - | - |
WP_API_PASSWORD | WordPress app password (legacy) | - | - |
WOO_CUSTOMER_KEY | WooCommerce consumer key | - | - |
WOO_CUSTOMER_SECRET | WooCommerce consumer secret |
README truncated. View full README on GitHub.
Alternatives
Related Skills
Browse all skillsUI design system toolkit for Senior UI Designer including design token generation, component documentation, responsive design calculations, and developer handoff tools. Use for creating design systems, maintaining visual consistency, and facilitating design-dev collaboration.
Answer questions about the AI SDK and help build AI-powered features. Use when developers: (1) Ask about AI SDK functions like generateText, streamText, ToolLoopAgent, embed, or tools, (2) Want to build AI agents, chatbots, RAG systems, or text generation features, (3) Have questions about AI providers (OpenAI, Anthropic, Google, etc.), streaming, tool calling, structured output, or embeddings, (4) Use React hooks like useChat or useCompletion. Triggers on: "AI SDK", "Vercel AI SDK", "generateText", "streamText", "add AI to my app", "build an agent", "tool calling", "structured output", "useChat".
Builds remote MCP (Model Context Protocol) servers on Cloudflare Workers with tools, OAuth authentication, and production deployment. Generates server code, configures auth providers, and deploys to Workers. Use when: user wants to "build MCP server", "create MCP tools", "remote MCP", "deploy MCP", add "OAuth to MCP", or mentions Model Context Protocol on Cloudflare. Also triggers on "MCP authentication" or "MCP deployment".
Leveraging AI coding assistants and tools to boost development productivity, while maintaining oversight to ensure quality results.
Master API documentation with OpenAPI 3.1, AI-powered tools, and modern developer experience practices. Create interactive docs, generate SDKs, and build comprehensive developer portals. Use PROACTIVELY for API documentation or developer portal creation.
Creates educational Teams channel posts for internal knowledge sharing about Claude Code features, tools, and best practices. Applies when writing posts, announcements, or documentation to teach colleagues effective Claude Code usage, announce new features, share productivity tips, or document lessons learned. Provides templates, writing guidelines, and structured approaches emphasizing concrete examples, underlying principles, and connections to best practices like context engineering. Activates for content involving Teams posts, channel announcements, feature documentation, or tip sharing.