{"id":332261,"date":"2026-07-13T06:22:16","date_gmt":"2026-07-13T06:22:16","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wsp-mcp-ai-agents-connector\/"},"modified":"2026-07-13T06:50:10","modified_gmt":"2026-07-13T06:50:10","slug":"wsp-mcp-ai-agents-connector","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/wsp-mcp-ai-agents-connector\/","author":14380377,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"2.4.1","stable_tag":"2.4.1","tested":"7.0.1","requires":"6.9","requires_php":"7.4","requires_plugins":null,"header_name":"WSP MCP - AI Agents Connector","header_author":"WebSensePro","header_description":"Exposes WordPress content to Claude AI and other AI Agents via a built-in MCP server (no companion plugin required). Manage all abilities from Settings > MCP.","assets_banners_color":"","last_updated":"2026-07-13 06:50:10","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/websensepro.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":28,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.4.1":{"tag":"2.4.1","author":"bilalnaseer","date":"2026-07-13 06:50:10"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.4.1"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[2353,229563,242115,253991,286],"plugin_category":[45],"plugin_contributors":[86797],"plugin_business_model":[],"class_list":["post-332261","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-claude","plugin_tags-mcp","plugin_tags-model-context-protocol","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-bilalnaseer","plugin_committers-bilalnaseer"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/wsp-mcp-ai-agents-connector.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>WSP MCP - AI Agents Connector turns your WordPress site into a Model Context Protocol (MCP) server. AI clients can read and edit posts, pages, categories, tags, media, comments, users, and (when installed) Yoast SEO meta and Elementor page content \u2014 all under granular, per-ability admin control.<\/p>\n\n<p>The plugin ships its <strong>own native MCP server<\/strong>. You do not need the WordPress MCP Adapter or any companion plugin: activate, copy your connection details from <strong>MCP &gt; Connection<\/strong>, and connect. WooCommerce tools (products, orders, refunds, coupons, customers, reports) are available when WooCommerce is active, and Advanced Custom Fields tools (field groups, fields, values, post types, taxonomies, options pages) when ACF is active.<\/p>\n\n<p>Built and maintained by the <a href=\"https:\/\/websensepro.com\/\">WebSensePro<\/a> team. For documentation, setup guides, and connection help, visit the plugin home at <a href=\"https:\/\/freewordpressmcp.com\/\">freewordpressmcp.com<\/a>.<\/p>\n\n<h4>Key features<\/h4>\n\n<ul>\n<li>Built-in MCP server over a single REST endpoint (Streamable HTTP, JSON-RPC 2.0) \u2014 no external dependency.<\/li>\n<li>Per-ability on\/off toggles in <strong>MCP &gt; Settings<\/strong>; write abilities are off by default.<\/li>\n<li>Two authentication methods: WordPress Application Passwords (HTTP Basic) or a plugin-generated API key (<code>Authorization: Bearer<\/code> or <code>X-WSP-MCP-API-Key<\/code>).<\/li>\n<li>Capability checks on every tool \u2014 an AI client can only do what its authenticated user can do.<\/li>\n<li>Optional Yoast SEO and Elementor tools, shown only when those plugins are active.<\/li>\n<\/ul>\n\n<h4>Complete tools list<\/h4>\n\n<p>Every tool is individually toggleable in <strong>MCP &gt; Settings<\/strong>, and all write tools are off by default.<\/p>\n\n<p><strong>Core WordPress<\/strong><\/p>\n\n<ul>\n<li>Posts \u2014 read, create, update, delete<\/li>\n<li>Pages \u2014 read, create, update, delete<\/li>\n<li>Categories \u2014 list, create, update, delete<\/li>\n<li>Tags \u2014 list, create, update, delete<\/li>\n<li>Comments \u2014 read and moderate (approve, spam, trash)<\/li>\n<li>Media \u2014 read the media library<\/li>\n<li>Users \u2014 read user data<\/li>\n<li>Site info \u2014 read general site details<\/li>\n<li>Plugins \u2014 list active plugins<\/li>\n<li>Search \u2014 search across site content<\/li>\n<\/ul>\n\n<p><strong>Yoast SEO<\/strong> (requires Yoast SEO)<\/p>\n\n<ul>\n<li>Read SEO title, meta description, and focus keyphrase<\/li>\n<li>Update SEO title, meta description, and focus keyphrase<\/li>\n<\/ul>\n\n<p><strong>Elementor<\/strong> (requires Elementor)<\/p>\n\n<ul>\n<li>Read Elementor page structure<\/li>\n<li>Edit Elementor page structure (code-bearing widgets and settings are blocked\/sanitized for security)<\/li>\n<\/ul>\n\n<p><strong>WooCommerce<\/strong> (requires WooCommerce \u2014 financial and PII tools require the <code>manage_woocommerce<\/code> capability)<\/p>\n\n<ul>\n<li>Products \u2014 list, get, create, update<\/li>\n<li>Product variations \u2014 create<\/li>\n<li>Orders \u2014 list, update status<\/li>\n<li>Refunds \u2014 process refunds<\/li>\n<li>Coupons \u2014 create, list<\/li>\n<li>Order notes \u2014 add order notes<\/li>\n<li>Customers \u2014 read customer data<\/li>\n<li>Sales report \u2014 read sales reporting<\/li>\n<li>Low-stock alerts \u2014 read low-stock products<\/li>\n<li>Reviews \u2014 moderate product reviews<\/li>\n<\/ul>\n\n<p><strong>Advanced Custom Fields<\/strong> (requires ACF \u2014 structural changes require <code>manage_options<\/code>; value tools enforce per-object capabilities)<\/p>\n\n<ul>\n<li>Field groups \u2014 list, get, create, update, delete, import<\/li>\n<li>Fields \u2014 list, get, create, update, delete, duplicate, sync<\/li>\n<li>Field values \u2014 get and set with dot-notation deep access, delete, get-all, bulk-update, and field object<\/li>\n<li>Custom post types \u2014 manage<\/li>\n<li>Taxonomies \u2014 manage<\/li>\n<li>Options pages \u2014 manage<\/li>\n<\/ul>\n\n<h4>Links<\/h4>\n\n<ul>\n<li>Plugin home &amp; docs: <a href=\"https:\/\/freewordpressmcp.com\/\">freewordpressmcp.com<\/a><\/li>\n<li>Built by: <a href=\"https:\/\/websensepro.com\/\">WebSensePro<\/a><\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to <code>\/wp-content\/plugins\/<\/code> and activate it.<\/li>\n<li>Go to <strong>MCP &gt; Settings<\/strong> and enable the abilities you want to expose.<\/li>\n<li>Go to <strong>MCP &gt; Connection<\/strong> to copy your endpoint URL and API key (or use a WordPress Application Password).<\/li>\n<li>Add the connection to your MCP client (Claude Desktop config, or any HTTP MCP client \/ IDE).<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"do%20i%20need%20the%20wordpress%20mcp%20adapter%20plugin%3F\"><h3>Do I need the WordPress MCP Adapter plugin?<\/h3><\/dt>\n<dd><p>No. This plugin includes its own MCP server and connects directly. As of v2.2 the older MCP Adapter \/ Abilities-API compatibility path has been removed; connect using the native endpoint shown on <strong>MCP &gt; Connection<\/strong>.<\/p><\/dd>\n<dt id=\"how%20does%20authentication%20work%3F\"><h3>How does authentication work?<\/h3><\/dt>\n<dd><p>Use a WordPress Application Password (sent via HTTP Basic auth) or the plugin-generated API key shown on the Connection page. Either is validated on every request, and tool actions are limited by the authenticated user's capabilities.<\/p><\/dd>\n<dt id=\"which%20ai%20clients%20are%20supported%3F\"><h3>Which AI clients are supported?<\/h3><\/dt>\n<dd><p>Any client that supports the Streamable HTTP MCP transport \u2014 Claude Desktop, MCP Inspector, IDEs, and scripts.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.4.1<\/h4>\n\n<ul>\n<li>Security: ACF field-value write tools no longer accept raw code. Every value written via <code>update_field()<\/code> \u2014 for posts, users, terms, and options \u2014 is now recursively sanitized (arrays walked; each string run through <code>wp_kses_post()<\/code>) so <code>&lt;script&gt;<\/code>\/<code>&lt;style&gt;<\/code> and inline event handlers can no longer be stored through the MCP tools. Legitimate WYSIWYG\/HTML field content still works. Addresses the WordPress.org \"arbitrary code insertion\" review finding.<\/li>\n<\/ul>\n\n<h4>2.4.0<\/h4>\n\n<ul>\n<li>New: OpenCode connection tab on the MCP &gt; Connection page \u2014 a sixth copy-paste config snippet joining Claude Desktop, Cursor, Codex, Antigravity, and OpenClaw. OpenCode connects natively over remote HTTP (no Node.js bridge); the snippet is a full <code>~\/.config\/opencode\/opencode.json<\/code> file with the API key inlined in the header, ready to create and paste.<\/li>\n<\/ul>\n\n<h4>2.3.1<\/h4>\n\n<ul>\n<li>Security: Elementor write tools no longer accept raw code. Code-bearing widget types (HTML, Shortcode, Code) are rejected, code-bearing settings (Custom CSS, Custom Attributes) are stripped, and all text settings are sanitized with <code>wp_kses_post()<\/code> so scripts cannot be injected via <code>_elementor_data<\/code>.<\/li>\n<li>Security: ACF options-page value reads now require <code>manage_options<\/code> (was <code>edit_posts<\/code>), matching the admin-level nature of global options.<\/li>\n<li>Removed: unused legacy <code>wsp_register_acf_abilities()<\/code> dual-mode registration helper (dead code, not hooked).<\/li>\n<li>Changed: <code>Requires at least<\/code> now uses the major-only WordPress version format (6.9).<\/li>\n<\/ul>\n\n<h4>2.3.0<\/h4>\n\n<ul>\n<li>New: 27 Advanced Custom Fields tools \u2014 field groups (list, get, create, update, delete, import), fields (list, get, create, update, delete, duplicate, sync), values with dot-notation deep get\/set (delete, get-all, bulk-update, field object), custom post types, taxonomies, and options pages.<\/li>\n<li>All ACF tools are off by default and only registered when ACF is active. Structural changes (groups, fields, CPTs, taxonomies, options pages) require <code>manage_options<\/code>; value reads\/writes enforce per-object capabilities (<code>edit_post<\/code>, <code>edit_user<\/code>, <code>list_users<\/code>, <code>manage_categories<\/code>, <code>manage_options<\/code>).<\/li>\n<li>Changed: plugin slug renamed to <code>wsp-mcp-ai-agents-connector<\/code> (folder, main file, and text domain) to match the public name ahead of WordPress.org submission.<\/li>\n<li>Breaking: the plugin folder name changed \u2014 on existing installs, remove the old copy and activate the renamed plugin. Saved settings, the sessions table, and the API key are preserved.<\/li>\n<\/ul>\n\n<h4>2.2.0<\/h4>\n\n<ul>\n<li>Removed: the <strong>MCP &gt; Config Files<\/strong> page and the legacy dual-mode Abilities-API \/ mcp-adapter registration path. The plugin is now native-only.<\/li>\n<li>Changed: bookmarks to the old Config Files page now redirect to <strong>MCP &gt; Connection<\/strong>.<\/li>\n<li>Breaking: connections made before v2.0 through the WordPress MCP Adapter must be re-created using the native endpoint on <strong>MCP &gt; Connection<\/strong>.<\/li>\n<\/ul>\n\n<h4>2.1.0<\/h4>\n\n<ul>\n<li>New: 15 WooCommerce tools \u2014 products (list, get, create, create variation, update), orders (list, update status, refund), coupons (create, list), order notes, customers, sales report, low-stock alerts, and review moderation.<\/li>\n<li>All WooCommerce tools are off by default and only registered when WooCommerce is active.<\/li>\n<li>Financial and PII tools (refund, customers, coupons) require the <code>manage_woocommerce<\/code> capability.<\/li>\n<li>Product\/variation image URLs are sideloaded safely; SSL bypass is scoped to the single request and environment-gated.<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>New: built-in native MCP server \u2014 no companion plugin or WordPress MCP Adapter required.<\/li>\n<li>New: MCP &gt; Connection page with endpoint URL, API key, and per-client config tabs for Claude Desktop, Cursor, Codex, Antigravity, and OpenClaw (native, no adapter).<\/li>\n<li>New: Application Password + API key authentication; per-tool capability enforcement.<\/li>\n<li>New: DB-backed session store with daily cleanup.<\/li>\n<li>Improved: MCP &gt; Settings groups are now collapsible accordions with live enabled\/total counts.<\/li>\n<li>Dual-mode: existing Abilities-API connections keep working when that transport is present.<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Added Yoast SEO abilities (read\/update SEO title, meta description, focus keyphrase).<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<ul>\n<li>Added OpenClaw tab to the Config Files page.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Elementor abilities, modular architecture, auto config generator.<\/li>\n<\/ul>","raw_excerpt":"Expose your WordPress site to AI agents (Claude, Cursor, and other MCP clients) through a built-in MCP server \u2014 no companion plugin required.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/332261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=332261"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/bilalnaseer"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=332261"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=332261"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=332261"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=332261"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=332261"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=332261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}