WordPress MCP Server
Connect AI agents to WordPress.com — manage posts, pages, media, comments, categories, and tags over MCP.
Updated
What is WordPress MCP?
The WordPress MCP server is a Model Context Protocol server, hosted by WordPress.com, that lets AI agents read and manage your WordPress content — posts, pages, media, comments, categories, and tags — through a single secure endpoint.
It is an official, fully hosted remote server: you connect to https://public-api.wordpress.com/wpcom/v2/mcp/v1 over HTTPS and authenticate with OAuth 2.1 (Authorization Code flow with PKCE and Dynamic Client Registration). There is nothing to deploy or host yourself — you enable MCP in your WordPress.com account settings ("AI and MCP"), then authorize a client.
Beyond core content authoring, the server also exposes site-editor context (themes, presets, block patterns), site settings and statistics, and account/domain management tools. Agents act with the permissions of the authorizing WordPress.com account, so they can list, create, update, and trash content on the sites you grant access to.
Tools the WordPress MCP server exposes
| Tool | What it does |
|---|---|
| posts.list / posts.get | Retrieve posts with filters, or fetch a single post by ID or slug. |
| posts.create / posts.update / posts.delete | Create a draft post, update (publishing if status is set), or move a post to trash. |
| pages.list / pages.get / pages.create / pages.update / pages.delete | List, fetch, create, update, or trash WordPress pages. |
| comments.list / comments.get / comments.create / comments.update / comments.delete | Manage comments — list, fetch, add, moderate/approve, or trash. |
| media.list / media.get / media.create / media.update / media.delete | List or fetch media, upload new files, edit metadata like alt text, or trash items. |
| categories.* / tags.* | List, fetch, create, update, and delete categories and tags. |
| content-search | Free-text search across posts, pages, and custom post types. |
| settings.get / settings.update | Read or modify general, writing, reading, discussion, and media site settings. |
| statistics.get | Fetch post/page/subscriber counts and optional analytics ranges. |
| wpcom-user-sites | List the sites the authorizing user can access across WordPress.com and Jetpack. |
Connect the WordPress MCP server
Claude (Connectors / Claude Code)
- 1
Enable MCP on WordPress.com
In WordPress.com account settings, open "AI and MCP" and toggle on "Enable MCP access" (or scope it to specific sites). Requires a paid plan.
- 2
Add the remote server
Add the remote MCP endpoint https://public-api.wordpress.com/wpcom/v2/mcp/v1 as a connector. WordPress.com is also listed in the Claude Connectors Directory for one-click setup.
- 3
Authorize via OAuth
On first connect a browser opens for WordPress.com OAuth 2.1 (PKCE); approve access. Tokens are stored and refreshed automatically.
- 4
Verify
Ask the agent to run wpcom-user-sites or posts.list to confirm the connection and site access.
Cursor
- 1
Enable MCP on WordPress.com
In WordPress.com settings under "AI and MCP", enable MCP access for your account or chosen sites (paid plan required).
- 2
Add the server in Cursor
In Cursor's MCP settings add a server using the npx wrapper: command "npx", args ["-y", "@automattic/mcp-wpcom-remote"]. This targets the hosted endpoint and handles OAuth.
- 3
Authorize via OAuth
On first run a browser opens for WordPress.com OAuth authorization (callback on localhost:3000). Approve to store the token.
- 4
Verify
Trigger a tool such as content-search or pages.list in Cursor to confirm tools are available.
Sample use cases
A scheduled agent turns an approved content brief into a published WordPress post each week.
Hands-off publishing with media, categories, and tags set automatically.
An event-triggered agent moderates new comments, approving safe ones and trashing spam.
Faster comment moderation without manual review of every comment.
An agent audits and updates media alt text and post metadata across a site.
Improved on-page SEO and accessibility at scale.
Security & permissions
Authentication is OAuth 2.1 — Authorization Code flow with PKCE and Dynamic Client Registration; public clients use PKCE instead of an embedded secret. Every request to the MCP endpoint carries a short-lived Authorization: Bearer access token.
The agent acts with the permissions of the authorizing WordPress.com account and the sites you grant during the consent step. That can include reading and writing posts, pages, media, comments, taxonomy, and (depending on the tools used) site settings, statistics, and account/domain data. You can scope access to specific sites and revoke the connection from WordPress.com account settings at any time.
Using WordPress MCP with Gamut
In Gamut, the WordPress MCP server runs as a managed tool inside an automated agent workflow — Gamut holds the OAuth connection so the agent can call WordPress on a schedule or in response to events. For example, a scheduled agent can draft and publish a weekly post from an upstream content brief, upload its media, set categories and tags, and moderate incoming comments — all without a human re-authenticating each run. Gamut triggers the agent (on a cron or webhook), the agent invokes the relevant WordPress tools (posts.create, media.create, comments.update, and so on), and the result lands directly in your WordPress.com site.
Frequently asked questions
What is the WordPress MCP server?
It is an official Model Context Protocol server hosted by WordPress.com that lets AI agents manage your WordPress content — posts, pages, media, comments, categories, and tags — through the endpoint https://public-api.wordpress.com/wpcom/v2/mcp/v1, authenticated with OAuth 2.1.
Is the WordPress MCP server free?
There is no separate fee for MCP, but it requires a paid WordPress.com plan (Personal, Premium, Business, or Commerce). Free sites must upgrade before MCP access can be enabled.
Is it hosted or self-hosted?
The WordPress.com MCP server is fully hosted by WordPress.com — you connect to its remote HTTPS endpoint and authorize via OAuth; there is nothing to deploy. (Self-hosted WordPress sites can use separate community/plugin-based MCP adapters, which are different projects.)
How do I connect WordPress MCP to Claude or Cursor?
First enable MCP in your WordPress.com account settings under "AI and MCP." For Claude, add the remote endpoint as a connector (it's also in the Claude Connectors Directory). For Cursor, add an MCP server using npx -y @automattic/mcp-wpcom-remote. Either way, a browser opens for WordPress.com OAuth on first connect.