Show HN: A WordPress MCP Server – Connect Claude Desktop to WordPress via AI

4 hours ago 2

Transform WordPress management from complex admin panels to simple conversations:

❌ Before: Login → Admin Panel → Navigate → Click → Fill Forms → Save ✅ After: "Create a new blog post about AI trends with SEO optimization"

Key Advantages:

🏆 Most Complete: 59 tools vs 20-30 in alternatives
⚡ Fastest Setup: 2-click Claude Desktop installation via DXT
🔒 Production Ready: 207 tests, security audited, battle-tested
🎯 TypeScript Native: 100% type safety, best-in-class developer experience
🌐 Multi-Site: Manage unlimited WordPress sites from one place

Get up and running in under 5 minutes:

WordPress: Version 5.6+ with REST API enabled
Claude Desktop: Latest version installed
Application Password: Generated from WordPress admin panel

1️⃣ Generate WordPress Application Password

WordPress Admin → Users → Profile → Application Passwords → Add New

2️⃣ Install MCP Server (Choose One)

Option A: DXT Extension (Easiest)

# Download and install in Claude Desktop curl -L https://github.com/docdyhr/mcp-wordpress/raw/main/mcp-wordpress.dxt -o mcp-wordpress.dxt # Then: Claude Desktop → Extensions → Install → Select DXT file

Option B: NPM Global Install

npm install -g mcp-wordpress

3️⃣ Test Your Connection

In Claude: "Test my WordPress connection" Response: "✅ Authentication successful! Connected to: Your Site Name"

📺 Watch 2-minute Setup Video | 📖 Detailed Setup Guide

🏆 Recommended: Claude Desktop Extension (DXT)

Easiest installation - just 2 clicks!

Download: mcp-wordpress.dxt (2.6MB)
Install: Claude Desktop → Extensions → Install → Select DXT file
Configure: Enter your WordPress site URL and credentials

✅ Zero command line required
✅ Automatic updates
✅ Built-in security

📖 Complete DXT Setup Guide →

🚀 Alternative: NPX (Power Users)

# Run directly - always latest version npx -y mcp-wordpress # Interactive setup wizard npm run setup

📦 Secondary: Smithery Package Manager

# Install via Smithery (MCP package manager) smithery install mcp-wordpress # Configure and start smithery configure mcp-wordpress

✅ Package management
✅ Version control
✅ Easy updates

To install mcp-wordpress for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @docdyhr/mcp-wordpress --client claude

💻 NPM Setup - Local development
🐳 Docker Setup - Production deployment
📦 Smithery Setup - MCP package manager (detailed guide)
🔧 Manual Build - Custom builds

Environment Variables (.env)

WORDPRESS_SITE_URL=https://myblog.com WORDPRESS_USERNAME=admin WORDPRESS_APP_PASSWORD=xxxx xxxx xxxx xxxx xxxx xxxx WORDPRESS_AUTH_METHOD=app-password

Claude Desktop Config

{ "mcpServers": { "mcp-wordpress": { "command": "npx", "args": ["-y", "mcp-wordpress"], "env": { "WORDPRESS_SITE_URL": "https://myblog.com", "WORDPRESS_USERNAME": "admin", "WORDPRESS_APP_PASSWORD": "xxxx xxxx xxxx xxxx xxxx xxxx" } } } }

Configuration File (mcp-wordpress.config.json)

{ "sites": [ { "id": "main-corporate", "name": "Corporate Website", "config": { "WORDPRESS_SITE_URL": "https://company.com", "WORDPRESS_USERNAME": "admin", "WORDPRESS_APP_PASSWORD": "xxxx xxxx xxxx xxxx xxxx xxxx", "WORDPRESS_AUTH_METHOD": "app-password" } }, { "id": "client-restaurant", "name": "Restaurant Client", "config": { "WORDPRESS_SITE_URL": "https://bestrestaurant.com", "WORDPRESS_USERNAME": "editor", "WORDPRESS_APP_PASSWORD": "yyyy yyyy yyyy yyyy yyyy yyyy", "WORDPRESS_AUTH_METHOD": "app-password" } }, { "id": "client-ecommerce", "name": "E-commerce Client", "config": { "WORDPRESS_SITE_URL": "https://onlinestore.com", "WORDPRESS_USERNAME": "shopmanager", "WORDPRESS_APP_PASSWORD": "zzzz zzzz zzzz zzzz zzzz zzzz", "WORDPRESS_AUTH_METHOD": "app-password" } } ] }

Local WordPress with Docker

# docker-compose.yml version: "3.8" services: wordpress: image: wordpress:latest ports: - "8080:80" environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress volumes: - wordpress_data:/var/www/html db: image: mysql:8.0 environment: MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress MYSQL_ROOT_PASSWORD: rootpassword volumes: - db_data:/var/lib/mysql volumes: wordpress_data: db_data:

MCP WordPress Development Config

{ "sites": [ { "id": "local-dev", "name": "Local Development", "config": { "WORDPRESS_SITE_URL": "http://localhost:8080", "WORDPRESS_USERNAME": "admin", "WORDPRESS_APP_PASSWORD": "dev-password-here", "WORDPRESS_AUTH_METHOD": "app-password" } } ] }

Server Environment Variables

# /etc/environment or systemd service WORDPRESS_SITE_URL=https://production-site.com WORDPRESS_USERNAME=api-user WORDPRESS_APP_PASSWORD=secure-production-password WORDPRESS_AUTH_METHOD=app-password NODE_ENV=production CACHE_ENABLED=true CACHE_TTL=3600 RATE_LIMIT_ENABLED=true DEBUG=false

Docker Production Setup

# Dockerfile.production FROM node:20-alpine WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY dist/ ./dist/ EXPOSE 3000 USER node CMD ["node", "dist/index.js"]

WordPress Plugin Configuration

// wp-config.php define('JWT_AUTH_SECRET_KEY', 'your-secret-key-here'); define('JWT_AUTH_CORS_ENABLE', true);

MCP Configuration

{ "sites": [ { "id": "jwt-site", "name": "JWT Authentication Site", "config": { "WORDPRESS_SITE_URL": "https://site-with-jwt.com", "WORDPRESS_USERNAME": "api-user", "WORDPRESS_PASSWORD": "user-password", "WORDPRESS_AUTH_METHOD": "jwt" } } ] }

🌟 What Makes This Special

Feature This Server Competition

Tools Available	59 tools	20-30 tools
Claude Desktop DXT	✅ 2-click install	❌ Manual setup
Multi-Site Support	✅ Unlimited sites	❌ Single site
TypeScript	✅ 100% coverage	⚠️ Partial/None
Performance Monitoring	✅ Real-time analytics	❌ Basic only
Test Coverage	✅ 207 tests (100%)	⚠️ Limited
Production Ready	✅ Security audited	⚠️ Unknown

59 WordPress Tools across 10 categories
Multi-Site Support - Manage unlimited WordPress installations
Flexible Authentication - App Passwords, JWT, Basic Auth, API Key
Real-Time Sync - Instant updates across all connected tools

Performance & Reliability

⚡ Intelligent Caching - 50-70% performance improvement
📊 Real-Time Monitoring - Performance metrics and optimization insights
🔒 Production Ready - Security-reviewed, 95%+ test coverage
🔄 Zero Downtime - Graceful error handling and automatic recovery

100% TypeScript - Complete type safety and IntelliSense
🐳 Docker Support - Production-ready containerization
📚 Auto-Generated Docs - API documentation with live examples
🔧 Extensible - Custom tool development framework

🌐 Multi-Site Configuration

Perfect for agencies and developers managing multiple WordPress sites:

{ "sites": [ { "id": "main-site", "name": "Main WordPress Site", "config": { "WORDPRESS_SITE_URL": "https://site1.com", "WORDPRESS_USERNAME": "admin", "WORDPRESS_APP_PASSWORD": "xxxx xxxx xxxx xxxx xxxx xxxx" } }, { "id": "client-blog", "name": "Client Blog", "config": { "WORDPRESS_SITE_URL": "https://client-blog.com", "WORDPRESS_USERNAME": "editor", "WORDPRESS_APP_PASSWORD": "yyyy yyyy yyyy yyyy yyyy yyyy" } } ] }

Use with site parameter: wp_list_posts --site="main-site"

📖 Complete Multi-Site Setup Guide

WordPress Application Passwords (Recommended)

WordPress Admin → Users → Profile
Scroll to Application Passwords
Enter name: "MCP WordPress Server"
Click Add New Application Password
Copy the generated password

JWT Authentication - With JWT plugin
Basic Authentication - Username/password (dev only)
API Key Authentication - With API Key plugin

📖 Complete Authentication Guide

📋 Available Tools (59 Tools)

📝 Posts (6 tools) - Create, edit, delete, list posts and revisions
📄 Pages (6 tools) - Manage static pages and revisions
🖼️ Media (6 tools) - Upload, manage media library and files

👥 Users (6 tools) - User management and profiles
💬 Comments (7 tools) - Comment moderation and management
🏷️ Taxonomies (10 tools) - Categories and tags management

⚙️ Site Settings (7 tools) - Site configuration and statistics
🔐 Authentication (6 tools) - Auth testing and management
⚡ Cache Management (4 tools) - Performance caching control
📊 Performance Monitoring (6 tools) - Real-time metrics and optimization

📖 Complete Tool Documentation | Live API Reference

🤖 Claude Desktop Integration

Content Creation & Management:

💬 "Analyze my top 10 blog posts and create a new post about emerging trends" 💬 "Upload these 5 images and create a photo gallery page with SEO optimization" 💬 "Review all pending comments and approve the legitimate ones"

Site Management & Analytics:

💬 "Check my WordPress site performance and provide optimization recommendations" 💬 "Create a new user account for my freelance writer with editor permissions" 💬 "Backup my site settings and show me cache performance statistics"

Bulk Operations:

💬 "Update all posts from 2023 to include my new author bio" 💬 "Find all images over 1MB and suggest compression strategies" 💬 "List all users who haven't logged in for 6 months"

Option 1: DXT Extension (Recommended)

No configuration needed - built-in secure credential management!

Option 2: NPX in Claude Desktop

{ "mcpServers": { "mcp-wordpress": { "command": "npx", "args": ["-y", "mcp-wordpress"], "env": { "WORDPRESS_SITE_URL": "https://your-site.com", "WORDPRESS_USERNAME": "your-username", "WORDPRESS_APP_PASSWORD": "your-app-password" } } } }

📖 Complete Integration Guide

Create and Publish a Blog Post

You: "Create a new blog post titled 'AI Revolution in 2024' with content about recent AI breakthroughs" Claude: "I'll create that blog post for you..." Result: ✅ Post "AI Revolution in 2024" created successfully (ID: 123)

Media Management

You: "Upload the image at /path/to/image.jpg and set it as featured image for post 123" Claude: "I'll upload that image and set it as the featured image..." Result: ✅ Image uploaded (ID: 456) and set as featured image

SEO-Optimized Content Creation

You: "Create an SEO-optimized blog post about 'WordPress Security Best Practices' with: - Focus keyword: 'WordPress security' - Meta description - Proper heading structure - At least 1500 words" Claude: "I'll create a comprehensive SEO-optimized post on WordPress security..."

Bulk Operations

You: "Find all draft posts older than 30 days and provide a summary" You: "Update all posts in category 'News' to include a disclaimer at the end" You: "Delete all spam comments from the last week"

Performance Monitoring

You: "Analyze my site's performance and suggest optimizations" Claude: "Let me check your site's performance metrics... - Cache hit rate: 67% - Average response time: 245ms - Recommendations: Enable object caching, optimize images..."

User Management

You: "Create a new editor account for [email protected] with a secure password" You: "List all users who haven't logged in for 90 days" You: "Update Sarah's role from Author to Editor"

Working with Multiple Sites

You: "List all posts from my client-blog site" Claude: "I'll list the posts from the client-blog site..." You: "Compare traffic between main-site and client-blog" Claude: "Here's a comparison of both sites..."

Content Marketing Agency Workflow

Scenario: Managing 20+ client blogs with consistent SEO optimization

💬 "Analyze the top 5 performing posts across all sites and create similar content for underperforming clients" 💬 "Batch update all client sites with the new privacy policy footer" 💬 "Generate a weekly performance report comparing all client sites" 💬 "Create social media snippets from the latest blog posts on each site"

E-commerce Store Management

Scenario: Managing product launches and inventory updates

💬 "Create a product launch post with gallery, specifications, and pricing for the new iPhone case" 💬 "Update all 'out of stock' products with restock notifications" 💬 "Generate product comparison pages for similar items" 💬 "Create seasonal landing pages with current promotions"

Scenario: Breaking news and content moderation

💬 "Publish breaking news about the tech merger with social media integration" 💬 "Moderate comments on controversial articles and flag inappropriate content" 💬 "Create topic clusters around trending news stories" 💬 "Schedule social media posts for peak engagement times"

Educational Institution Portal

Scenario: Course management and student communications

💬 "Create course announcement pages with enrollment forms" 💬 "Update faculty profiles with new publications and achievements" 💬 "Generate student newsletter with upcoming events and deadlines" 💬 "Moderate discussion forums and highlight valuable contributions"

Scenario: Fundraising campaigns and volunteer coordination

💬 "Create donation campaign pages with progress tracking" 💬 "Update volunteer opportunity listings with current needs" 💬 "Generate impact reports showing donation effectiveness" 💬 "Create event registration pages with automated confirmations"

🚀 Advanced Automation Examples

Automated SEO Optimization

You: "Optimize all posts from the last month for better SEO performance" Claude: "I'll analyze and optimize your recent posts... - Analyzed 15 posts from the last 30 days - Updated meta descriptions for 12 posts - Added focus keywords to 8 posts - Optimized heading structure in 10 posts - Improved internal linking in 15 posts - Average SEO score improved from 67% to 89%"

Content Gap Analysis

You: "Identify content gaps in our blog compared to competitor topics" Claude: "After analyzing your content and common industry topics... - Missing topics: 'AI in Healthcare', 'Remote Work Security', 'Green Technology' - Underperforming categories: 'Tutorials' (only 3 posts vs 15+ needed) - Recommended: 8 new posts to fill major gaps - Priority topics based on search volume and competition"

Site Health Monitoring

You: "Perform a comprehensive site health check and fix any issues" Claude: "Running complete site diagnostics... - ✅ SSL certificate valid (expires: March 15, 2025) - ⚠️ 3 broken internal links found and flagged - ✅ All images optimized (average load time: 1.2s) - ⚠️ 2 plugins need updates - ✅ Database optimized (reduced size by 15%) - ✅ Cache performance: 78% hit rate"

User Management Automation

You: "Clean up user accounts and update permissions for the new team structure" Claude: "Updating user management... - Deactivated 5 inactive accounts (no login >6 months) - Updated 12 user roles to match new org chart - Created 3 new editor accounts for content team - Set up role-based content access restrictions - Configured automated welcome emails for new users"

Intelligent Cache Management

You: "Analyze site performance and implement optimal caching strategies" Claude: "Implementing performance optimizations... - Enabled object caching (40% speed improvement) - Configured CDN for static assets - Optimized database queries (reduced load time by 25%) - Set up page caching with smart invalidation - Compressed and optimized 47 images - Site speed improved from 3.2s to 1.8s average load time"

🎯 Industry-Specific Solutions

💬 "Create HIPAA-compliant patient information pages with secure forms" 💬 "Update doctor profiles with latest certifications and specializations" 💬 "Generate appointment booking pages with calendar integration" 💬 "Create health education content with medical disclaimers"

💬 "Create practice area pages with case study examples" 💬 "Update attorney profiles with recent wins and bar admissions" 💬 "Generate client intake forms with confidentiality notices" 💬 "Create legal blog posts with proper citations and disclaimers"

💬 "Create property listing pages with virtual tour embeds" 💬 "Update agent profiles with recent sales and market statistics" 💬 "Generate neighborhood guide pages with local amenities" 💬 "Create mortgage calculator pages with current rates"

Restaurants & Food Service

💬 "Create menu pages with dietary restriction filters" 💬 "Update chef profiles with signature dishes and cooking philosophy" 💬 "Generate event booking pages for private dining" 💬 "Create food blog posts with recipe cards and nutritional information"

📖 More Examples | Use Case Library

Connection Issues

# Test WordPress connection npm run status # Debug mode with detailed logs DEBUG=true npm run dev # Test specific site in multi-site setup npm run status -- --site="your-site-id"

Authentication Problems

# Verify WordPress application password curl -u username:app_password https://your-site.com/wp-json/wp/v2/users/me # Test authentication with different methods npm run test:auth # Regenerate application password npm run setup

Performance Issues

# Check cache performance npm run test:cache # Monitor real-time performance npm run test:performance # Clear all caches rm -rf cache/ && npm run dev

Error Cause Solution

401 Unauthorized	Invalid credentials	Regenerate application password
403 Forbidden	Insufficient permissions	Check user role (Editor+ required)
404 Not Found	Wrong site URL	Verify WORDPRESS_SITE_URL
SSL Certificate Error	HTTPS issues	Add SSL exception or use HTTP
Connection Timeout	Network/firewall	Check WordPress REST API access
Tools not showing in Claude	Config file format	Validate JSON syntax
Plugin conflicts	WordPress plugins	Disable conflicting plugins
Rate limiting	Too many requests	Implement request throttling

WordPress-Specific Issues

REST API Not Available

# Test REST API directly curl https://your-site.com/wp-json/wp/v2/ # Check if REST API is disabled grep -r "rest_api" wp-config.php # Verify permalink structure wp-admin → Settings → Permalinks → Post name

Application Password Issues

1. WordPress Admin → Users → Profile 2. Scroll to "Application Passwords" 3. Ensure feature is enabled (WordPress 5.6+) 4. Generate new password if needed 5. Copy password exactly (includes spaces)

Multi-Site Configuration Problems

// Check mcp-wordpress.config.json format { "sites": [ { "id": "unique-site-id", "name": "Human Readable Name", "config": { "WORDPRESS_SITE_URL": "https://site.com", "WORDPRESS_USERNAME": "username", "WORDPRESS_APP_PASSWORD": "xxxx xxxx xxxx xxxx xxxx xxxx" } } ] }

Environment-Specific Solutions

Claude Desktop Integration

// Verify claude_desktop_config.json format { "mcpServers": { "mcp-wordpress": { "command": "npx", "args": ["-y", "mcp-wordpress"], "env": { "WORDPRESS_SITE_URL": "https://your-site.com", "WORDPRESS_USERNAME": "your-username", "WORDPRESS_APP_PASSWORD": "your-app-password" } } } }

Docker Deployment Issues

# Check container logs docker logs mcp-wordpress # Verify environment variables docker exec mcp-wordpress env | grep WORDPRESS # Test network connectivity docker exec mcp-wordpress curl https://your-site.com/wp-json/wp/v2/

NPX Runtime Problems

# Clear NPX cache npx clear-npx-cache # Use specific version npx mcp-wordpress@latest # Install globally instead npm install -g mcp-wordpress

Self-Diagnostics

# Comprehensive health check npm run health # Security validation npm run security:check # Performance analysis npm run test:performance

Debug Information Collection

# Generate debug report DEBUG=true npm run status > debug-report.txt 2>&1 # Include system information node --version >> debug-report.txt npm --version >> debug-report.txt os-info >> debug-report.txt

Community Support

Main Test Suite: 207/207 passed (100%)
Security Tests: 40/40 passed (100%)
Performance Tests: 8/8 passed (100%)
CI/CD Pipeline: Fully functional

# Check connection status npm run status # Run full test suite npm test # Quick validation npm run test:fast

Comprehensive Security Testing

Our security posture is continuously monitored through automated testing and vulnerability scanning:

Security AreaStatusTestsCoverage

XSS Protection	✅ Secure	6/6 passing	Script injection, URL validation, HTML sanitization
SQL Injection	✅ Secure	3/3 passing	Query parameterization, input validation
Path Traversal	✅ Secure	3/3 passing	File path validation, directory restrictions
Input Validation	✅ Secure	9/9 passing	Length limits, format validation, sanitization
Authentication	✅ Secure	7/7 passing	Bypass prevention, token validation
Rate Limiting	✅ Secure	3/3 passing	DoS protection, request throttling
Information Disclosure	✅ Secure	2/2 passing	Error sanitization, sensitive data protection
Penetration Testing	✅ Secure	12/12 passing	Comprehensive attack simulation

🛡️ Input Sanitization: All user inputs are validated and sanitized
🔐 Authentication Security: Multi-method auth with bypass prevention
⚡ Rate Limiting: Built-in protection against abuse and DoS attacks
🔍 Vulnerability Scanning: Daily automated security scans
📊 Real-time Monitoring: Continuous security status updates
🚨 Automated Alerts: Immediate notification of security issues

Security Testing Commands

# Run comprehensive security tests npm run test:security # Run penetration testing suite npm run test:security:validation # Security vulnerability audit npm audit # Full security validation npm run security:full

OWASP Top 10: Complete protection against common vulnerabilities
CVE Monitoring: Automated scanning for known vulnerabilities
Security Headers: Proper HTTP security headers implementation
Data Protection: Sensitive credential redaction and secure storage
Access Control: Role-based permissions and authentication validation

📖 Complete Security Documentation | Security Test Results

"Cannot connect to WordPress"
- Verify WORDPRESS_SITE_URL
- Test REST API: curl https://your-site.com/wp-json/wp/v2/
"Authentication failed"
- Check username and application password
- Ensure Application Passwords are enabled
- Run npm run setup to reconfigure
"Tools not appearing in Claude"
- Restart Claude Desktop after configuration
- Check Claude Desktop config file format

# Debug mode DEBUG=true npm run dev # Connection test npm run status # Re-run setup wizard npm run setup

Quick Start Guide - Get running in 5 minutes
Installation Guide - Detailed setup instructions
Configuration Guide - All configuration options
Authentication Setup - WordPress auth methods

Basic Usage - Common tasks and workflows
Advanced Workflows - Complex automation
Multi-Site Management - Managing multiple sites
Troubleshooting - Common issues and solutions

Claude Desktop - Complete Claude integration
VS Code - VS Code extension setup
Cline - Cline AI assistant integration
Custom Clients - Build your own MCP client

API Reference - Complete tool documentation
Architecture - System design and decisions
Contributing - Development guidelines
Plugin Development - Extend functionality

Docker Deployment - Container deployment
Publishing Troubleshooting - Fix publishing issues
Security Best Practices - Production security
Performance Tuning - Optimization guide
Monitoring - Logging and metrics

WordPress 5.0+ with REST API enabled
HTTPS recommended for production
User with appropriate permissions
Application Passwords enabled (WordPress 5.6+)

Role Access

Administrator	Full access to all functions
Editor	Posts, pages, comments, media
Author	Own posts and media
Contributor	Own posts (drafts only)
Subscriber	Read only

# Global installation npm install -g mcp-wordpress # Direct usage (recommended) npx -y mcp-wordpress

# Latest version docker pull docdyhr/mcp-wordpress:latest # Specific version docker pull docdyhr/mcp-wordpress:1.3.1

NPM: mcp-wordpress
Docker Hub: docdyhr/mcp-wordpress
GitHub: Latest releases

Ready to transform your WordPress management?

🏆 Download DXT Extension - Easiest setup (2 minutes)
⚡ Try NPX Method - Power user setup (5 minutes)
📚 Explore All Tools - See what's possible
💬 Join Discussions - Get help and share ideas

Looking for alternatives or complementary tools? Check out these WordPress MCP implementations:

Automattic WordPress MCP - Official WordPress MCP server by Automattic

Special thanks to Stephan Ferraro for the upstream project that inspired this implementation.

Read Entire Article