Description
miniOrange Secure MCP Server helps WordPress administrators with AI governance and policy enforcement: understanding, and ultimately controlling, what AI assistants and MCP clients are allowed to do on their site.
Effective AI governance starts with visibility. The WordPress Abilities API (available in WordPress 6.9 and later) lets plugins and WordPress core expose discrete, machine-callable capabilities — for example: get site info, create a post, or generate a summary — that AI assistants, the Command Palette, and MCP clients can invoke. As more plugins register abilities, administrators need to know exactly what is exposed on their site before they can govern it.
What this version does
This first release is focused on that first step: visibility. It adds a single admin screen that gives you a complete, read-only inventory of every AI ability registered on your site, so you can review what is available at a glance.
For every ability, the viewer shows:
- The fully qualified ability name (namespace and slug).
- Its human-readable label and description.
- The ability category it belongs to.
- Its source namespace (the prefix before the slash), indicating where the ability comes from.
- The full input and output JSON schema, in a collapsible panel.
This version is a viewer only. It does not register abilities, execute abilities, enforce policies, change any settings, store any data, or send anything to an external server. It simply lists what is already registered on your site.
Installation
- Upload the plugin files to the
/wp-content/plugins/miniorange-secure-mcp-serverdirectory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the “Plugins” screen in WordPress.
- Open the “Secure MCP Server” menu item in the WordPress admin to view the abilities registered on your site.
FAQ
-
Does this plugin require a specific WordPress version?
-
Yes. It requires WordPress 6.9 or higher, because the WordPress Abilities API was introduced in that release. On older versions the plugin shows a notice instead of the abilities list.
-
Does this plugin store any data or contact external servers?
-
No. The viewer reads the abilities already registered on your site and displays them. It saves no options, creates no database tables, and makes no external requests.
-
Why does the “Source” column show a namespace instead of a plugin name?
-
The Abilities API does not record which plugin registered a given ability. The namespace prefix (the part before the slash in the ability name) is the most reliable indicator of where an ability comes from, so that is what the viewer displays.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“miniOrange Secure MCP Server” is open source software. The following people have contributed to this plugin.
Contributors
Translate “miniOrange Secure MCP Server” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release: read-only viewer for abilities registered through the WordPress Abilities API.