WordPress (Remote) MCP Server
Proxy MCP server that connects AI assistants to WordPress sites via the MCP Adapter plugin, with OAuth 2.1 PKCE, JWT, or application password auth.
@automattic/mcp-wordpress-remote is a stdio-to-HTTP proxy MCP server maintained by Automattic that lets AI assistants like Claude Desktop, Cursor, and other MCP clients talk to a WordPress site. It translates MCP requests into REST API calls against the WordPress MCP Adapter plugin endpoint, manages authentication and token lifecycle, and coordinates multiple client instances using lockfiles.
The actual tools, resources, and prompts exposed to the AI client are not hard-coded in this proxy. They are dynamically discovered from whatever the connected WordPress site advertises through the MCP Adapter (the canonical adapter now lives at WordPress/mcp-adapter, which bridges the WordPress Abilities API to MCP). This typically includes post and page management, user operations, site settings, and, when configured with consumer credentials, WooCommerce tools and reports. The set of capabilities grows as plugins register new Abilities on the WordPress side.
Notable features include compliance with the MCP Authorization Specification 2025-06-18, OAuth 2.1 with PKCE (RFC 7636), Resource Indicators (RFC 8707), Dynamic Client Registration (RFC 7591), Protected Resource Metadata Discovery (RFC 9728), persistent token storage with automatic refresh, and proxy support via HTTPS/SOCKS/PAC. It is the recommended remote client for new installations of the WordPress MCP Adapter.
Tools
| Tool | Description |
|---|---|
Dynamic WordPress tools |
Tools are discovered at runtime from the WordPress MCP Adapter plugin. Typical capabilities include managing posts, pages, users, comments, media, and site settings via the WordPress REST API. |
WooCommerce tools (optional) |
When WOO_CUSTOMER_KEY and WOO_CUSTOMER_SECRET are set, WooCommerce-specific tools and reports become available (orders, products, customers, sales reports). |
Resources |
MCP resources exposed by the connected WordPress site for contextual data retrieval. |
Prompts |
Prompt templates registered by the WordPress MCP Adapter for common tasks. |
Prerequisites
- Node.js 22+ (package.json declares engines, README recommends 22+)
- A WordPress site with the MCP Adapter plugin installed and active (see
WordPress/mcp-adapter) - A WordPress user account with appropriate permissions
- Optional: WooCommerce consumer key/secret for WooCommerce tools
Installation
The proxy runs via npx, no global install required:
npx -y @automattic/mcp-wordpress-remote
MCP client configuration
Basic config (OAuth 2.1 with PKCE, the default and recommended flow):
{
"mcpServers": {
"wordpress": {
"command": "npx",
"args": ["-y", "@automattic/mcp-wordpress-remote"],
"env": {
"WP_API_URL": "https://your-wordpress-site.com/wp-json/mcp/mcp-adapter-default-server"
}
}
}
}
Alternative auth: JWT token
{
"env": {
"WP_API_URL": "https://your-wordpress-site.com/wp-json/mcp/mcp-adapter-default-server",
"JWT_TOKEN": "your-jwt-token-here"
}
}
Alternative auth: Application Password (legacy)
{
"env": {
"WP_API_URL": "https://your-wordpress-site.com/wp-json/mcp/mcp-adapter-default-server",
"WP_API_USERNAME": "your-username",
"WP_API_PASSWORD": "your-application-password",
"OAUTH_ENABLED": "false"
}
}
Environment variables
| Variable | Purpose | Default |
|---|---|---|
WP_API_URL |
WordPress MCP endpoint (required) | - |
OAUTH_ENABLED |
Enable OAuth flow | true |
OAUTH_CALLBACK_PORT |
Local OAuth redirect port | 7665 |
JWT_TOKEN |
JWT auth token | - |
WP_API_USERNAME / WP_API_PASSWORD |
Application password auth | - |
WOO_CUSTOMER_KEY / WOO_CUSTOMER_SECRET |
WooCommerce consumer credentials | - |
CUSTOM_HEADERS |
Extra request headers (JSON or CSV) | - |
LOG_LEVEL |
0-3 logging verbosity | 2 |
- Draft, publish, and update WordPress posts and pages from an AI assistant chat without leaving the editor
- Bulk-edit metadata, tags, or categories across many posts by prompting an agent
- Pull WooCommerce sales reports, list recent orders, or look up customers from inside Claude when the Woo credentials are configured
- Audit user accounts, permissions, and site settings on a self-hosted WordPress site through a conversational interface
- Connect agentic workflows to a WordPress backend so content generation pipelines can write directly into the CMS
- "Create a new draft post titled 'Q2 product update' with the following outline and tag it 'changelog'."
- "Find all posts published in the last 30 days that don't have a featured image and list them."
- "Show me WooCommerce orders over $500 from the last week and summarize the top products."
- "Update the SEO description on the About page to: 'We help teams ship faster.'"
- "Which users on this site have the Editor role, and when did they last log in?"
- Officially maintained by Automattic, the company behind WordPress.com and WooCommerce
- Modern auth: full OAuth 2.1 with PKCE, Dynamic Client Registration, Resource Indicators, and persistent token refresh
- Supports three auth modes (OAuth, JWT, application password) so it fits both interactive and server-to-server setups
- Tool surface is dynamic, automatically reflecting whatever Abilities and tools the WordPress site exposes via the MCP Adapter
- Requires the WordPress MCP Adapter plugin installed and active on the target site, this is not a zero-setup client
- README does not enumerate the specific tool names exposed since they depend on the WordPress side
- Node.js 22+ recommended, and OAuth callback requires an open local port (default 7665)
- Automattic/wordpress-mcp: older WordPress MCP plugin, being deprecated in favor of
WordPress/mcp-adapter - WordPress/mcp-adapter: the server-side adapter this proxy connects to, can be paired with other MCP clients
- WordPress.com hosted MCP at developer.wordpress.com/docs/mcp for sites on WordPress.com