explainx.aijoin newsletter3.01k
developer-toolsproductivity

WordPress Remote

by automattic

WordPress Remote connects your WordPress and WooCommerce data to local clients via REST API, ensuring secure, direct con

Bridges WordPress websites and WooCommerce data with local clients through REST API calls, enabling content access without direct streaming connections.

github stars

121

GitHubnpm
MCP Authorization specification compliantMultiple authentication methods supportedAutomatic token management

best for

  • / WordPress developers building AI integrations
  • / Content managers automating site operations
  • / E-commerce sites connecting AI to WooCommerce data
  • / Remote WordPress administration

capabilities

  • / Access WordPress content via REST API
  • / Authenticate using OAuth 2.0, JWT, or application passwords
  • / Manage WooCommerce data remotely
  • / Handle automatic token validation and refresh
  • / Register clients dynamically
  • / Discover endpoints automatically

what it does

Connects AI assistants to WordPress websites through REST API calls, allowing content management and data access with multiple authentication methods including OAuth 2.0 and JWT tokens.

about

WordPress Remote is an official MCP server published by automattic that provides AI assistants with tools and capabilities via the Model Context Protocol. WordPress Remote connects your WordPress and WooCommerce data to local clients via REST API, ensuring secure, direct con It is categorized under developer tools, productivity.

how to install

You can install WordPress Remote in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.

license

MIT

WordPress Remote is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.

readme

MCP WordPress Remote

A Model Context Protocol (MCP) server for seamless WordPress integration

Connect AI assistants like Claude Desktop to your WordPress sites with multiple authentication methods including OAuth 2.0, JWT tokens, and application passwords.

Features

  • MCP Authorization Specification Compliant - Implements MCP Authorization specification 2025-06-18
  • OAuth 2.1 with PKCE - Secure authorization code flow with PKCE (RFC 7636)
  • Resource Indicators - RFC 8707 compliance for token audience binding
  • Dynamic Client Registration - RFC 7591 support for automatic client registration
  • Protected Resource Metadata Discovery - RFC 9728 for automatic endpoint discovery
  • Multiple Authentication Methods - OAuth 2.1, JWT tokens, and WordPress application passwords
  • Persistent Token Storage - OAuth tokens stored securely with automatic validation
  • Multi-instance Coordination - Lockfiles prevent authentication conflicts
  • Automatic Token Management - Handles validation, refresh, and cleanup
  • Enhanced Error Handling - Detailed error messages with proper categorization
  • Comprehensive Logging - Structured logging with categories and levels
  • Complete MCP Support - Tools, resources, prompts, and more

Quick Start

Installation

npm install @automattic/mcp-wordpress-remote

Configuration

Add to your MCP client configuration (e.g., Claude Desktop's claude_desktop_config.json):

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com"
      }
    }
  }
}

Custom Headers

You can add custom headers to all API requests using the CUSTOM_HEADERS environment variable. This is useful for API keys, custom authentication, or other header requirements.

JSON Format (Recommended):

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "CUSTOM_HEADERS": "{"X-MCP-API-Key": "*Ibo7tweixlbfuwaiufxgakjyefctwajcetb*", "X-Custom-Header": "value"}"
      }
    }
  }
}

Comma-Separated Format:

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "CUSTOM_HEADERS": "X-MCP-API-Key:IOskncfyes78U8on3q7ry43o487tybrc,X-Custom-Header:value"
      }
    }
  }
}

Command Line Usage:

CUSTOM_HEADERS='{"X-MCP-API-Key": "wc_mcp_FaQduhQcW0mfVaZgP3yaaqDuXaZ3mw7j"}' \
WP_API_URL="https://your-site.com" \
npx @automattic/mcp-wordpress-remote

Custom headers are included in:

  • All WordPress API requests
  • OAuth discovery requests
  • OAuth token exchange requests
  • OAuth client registration requests

First Run

  1. Start your MCP client (Claude Desktop, etc.)
  2. Choose authentication method based on your preference:
    • OAuth 2.0 (default): Browser opens automatically for authorization
    • JWT Token: Set JWT_TOKEN environment variable
    • Application Password: Set WP_API_USERNAME and WP_API_PASSWORD
  3. Start using WordPress features in your AI assistant

WordPress MCP Plugin

You need to install the wordpress-mcp plugin on your WordPress website and enable MCP Functionality in Settings > MCP Settings.

Authentication Methods

1. OAuth 2.1 (Recommended - MCP Compliant)

OAuth 2.1 provides the most secure and user-friendly experience with full MCP Authorization specification compliance.

For Self-Hosted WordPress Sites:

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "OAUTH_ENABLED": "true"
      }
    }
  }
}

MCP Authorization Specification Features:

  • OAuth 2.1 authorization code flow with PKCE (RFC 7636)
  • Resource Indicators (RFC 8707) for token audience binding
  • Dynamic Client Registration (RFC 7591) when supported
  • Protected Resource Metadata Discovery (RFC 9728)
  • Authorization Server Metadata Discovery (RFC 8414)

Benefits:

  • Full compliance with MCP Authorization specification 2025-06-18
  • Enhanced security with PKCE protection
  • One-time browser authorization
  • Tokens stored securely with automatic validation
  • Automatic endpoint discovery
  • No need to manage passwords
  • Automatic expiration handling

2. JWT Token Authentication

For server-to-server authentication or when OAuth is not available.

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "JWT_TOKEN": "your-jwt-token-here"
      }
    }
  }
}

3. WordPress Application Passwords (Legacy)

Uses WordPress username and application password for basic authentication.

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "WP_API_USERNAME": "your-username",
        "WP_API_PASSWORD": "your-application-password",
        "OAUTH_ENABLED": "false"
      }
    }
  }
}

To create an application password:

  1. Go to your WordPress admin dashboard
  2. Navigate to Users > Profile
  3. Scroll down to "Application Passwords"
  4. Create a new application password for MCP access

Advanced Configuration

Custom OAuth Settings

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "OAUTH_CALLBACK_PORT": "7665",
        "OAUTH_HOST": "127.0.0.1",
        "WP_OAUTH_CLIENT_ID": "your-custom-client-id"
      }
    }
  }
}

WooCommerce Integration

For WooCommerce-specific tools and reports:

{
  "mcpServers": {
    "wordpress": {
      "command": "npx",
      "args": ["-y", "@automattic/mcp-wordpress-remote"],
      "env": {
        "WP_API_URL": "https://your-wordpress-site.com",
        "WOO_CUSTOMER_KEY": "ck_your-consumer-key",
        "WOO_CUSTOMER_SECRET": "cs_your-consumer-secret"
      }
    }
  }
}

Environment Variables

VariableDescriptionDefaultRequired
WP_API_URLWordPress site URL-
OAUTH_ENABLEDEnable OAuth authenticationtrue-
OAUTH_CALLBACK_PORTOAuth callback port7665-
OAUTH_HOSTOAuth callback hostname127.0.0.1-
WP_OAUTH_CLIENT_IDCustom OAuth client ID--
OAuth Endpoints
OAUTH_AUTHORIZE_ENDPOINTOAuth authorization endpoint-✅ (for custom OAuth)
OAUTH_TOKEN_ENDPOINTOAuth token endpoint-✅ (for custom OAuth)
OAUTH_AUTHENTICATE_ENDPOINTOAuth authenticate endpoint--
MCP OAuth 2.1 Settings
OAUTH_FLOW_TYPEOAuth flow type (authorization_code or implicit)authorization_code-
OAUTH_USE_PKCEUse PKCE (required for OAuth 2.1)true-
OAUTH_DYNAMIC_REGISTRATIONEnable dynamic client registrationtrue-
OAUTH_RESOURCE_INDICATORUse resource indicators (RFC 8707)true-
Configuration
WP_MCP_CONFIG_DIRConfig directory override~/.mcp-auth-
LOG_FILELog file path--
LOG_LEVELLog level (0-3)2-
Legacy Authentication
JWT_TOKENJWT token for authentication--
WP_API_USERNAMEWordPress username (legacy)--
WP_API_PASSWORDWordPress app password (legacy)--
WOO_CUSTOMER_KEYWooCommerce consumer key--
WOO_CUSTOMER_SECRETWooCommerce consumer secret

FAQ

What is the WordPress Remote MCP server?
WordPress Remote is a Model Context Protocol (MCP) server profile on explainx.ai. MCP lets AI hosts (e.g. Claude Desktop, Cursor) call tools and resources through a standard interface; this page summarizes categories, install hints, and community ratings.
How do MCP servers relate to agent skills?
Skills are reusable instruction packages (often SKILL.md); MCP servers expose live capabilities. Teams frequently combine both—skills for workflows, MCP for APIs and data. See explainx.ai/skills and explainx.ai/mcp-servers for parallel directories.
How are reviews shown for WordPress Remote?
This profile displays 10 aggregated ratings (sample rows for discoverability plus signed-in user reviews). Average score is about 4.5 out of 5—verify behavior in your own environment before production use.
MCP server reviews

Ratings

4.510 reviews
  • Shikha Mishra· Oct 10, 2024

    WordPress Remote is among the better-indexed MCP projects we tried; the explainx.ai summary tracks the official description.

  • Piyush G· Sep 9, 2024

    We evaluated WordPress Remote against two servers with overlapping tools; this profile had the clearer scope statement.

  • Chaitanya Patil· Aug 8, 2024

    Useful MCP listing: WordPress Remote is the kind of server we cite when onboarding engineers to host + tool permissions.

  • Sakshi Patil· Jul 7, 2024

    WordPress Remote reduced integration guesswork — categories and install configs on the listing matched the upstream repo.

  • Ganesh Mohane· Jun 6, 2024

    I recommend WordPress Remote for teams standardizing on MCP; the explainx.ai page compares cleanly with sibling servers.

  • Oshnikdeep· May 5, 2024

    Strong directory entry: WordPress Remote surfaces stars and publisher context so we could sanity-check maintenance before adopting.

  • Dhruvi Jain· Apr 4, 2024

    WordPress Remote has been reliable for tool-calling workflows; the MCP profile page is a good permalink for internal docs.

  • Rahul Santra· Mar 3, 2024

    According to our notes, WordPress Remote benefits from clear Model Context Protocol framing — fewer ambiguous “AI plugin” claims.

  • Pratham Ware· Feb 2, 2024

    We wired WordPress Remote into a staging workspace; the listing’s GitHub and npm pointers saved time versus hunting across READMEs.

  • Yash Thakker· Jan 1, 2024

    WordPress Remote is a well-scoped MCP server in the explainx.ai directory — install snippets and categories matched our Claude Code setup.