Model Context Protocol
A WordPress MCP server, in five minutes.
Install the plugin. Get an MCP endpoint at your-site.com/wp-json/animam/v1/mcp with 16 audited tools, JWT capability scoping, and an immutable audit log. Point Claude / Cursor / your custom agent at it.
Already on Visitor (€19)? The MCP server unlocks on Bundle.
What you get on day one
- An MCP server living inside WordPress (PHP, GPL, no separate process to babysit).
- 16 tools tested and shipped: post CRUD, SEO audit, bulk image-alt, term assignment, scheduled publishing, low-level meta access, REST escape hatch, plus bridges for WooCommerce / MailPoet / WPForms.
- JSON-RPC over HTTPS at
/wp-json/animam/v1/mcp, authed with your tenant bearer + a short-lived JWT identifying the WordPress user. - Capability check on the WordPress side before each tool runs. The model can’t escalate beyond the user’s WP role.
- Audit log of every tool call: tool, user, params, result, timestamp. Stored as a WordPress CPT, exportable, tamper-proof.
Connect from your agent of choice
Claude Code / Claude Desktop
{
"mcpServers": {
"wordpress": {
"url": "https://your-site.com/wp-json/animam/v1/mcp",
"headers": {
"Authorization": "Bearer ANIMAM_TENANT_SECRET",
"X-WP-User-JWT": "..."
}
}
}
}
Custom agent (any MCP client)
The endpoint speaks MCP-2024 spec. Discovery via tools/list, invocation via tools/call. Hot-reload on tool catalog updates from the plugin.
Or use ours
The Animam admin chat surface inside wp-admin uses this exact MCP server under the hood. If you don’t want to wire your own agent, you get one for free.
Why ours instead of rolling your own
You can absolutely write a WP MCP server yourself. Most devs who try it discover the same five subproblems we already solved:
- Capability scoping — “the agent shouldn’t be able to do more than the user” sounds simple until you map every WP capability to every tool. We did that.
- Preview-before-publish — wrapping mutating tools with a confirm-token flow so the model can’t auto-publish. Easy to design, tedious to do well.
- Builder-aware mutations — Elementor stores everything in
_elementor_dataJSON. Bricks does it differently. We provide low-level meta tools and let the LLM detect + adapt; we don’t hardcode builder logic. - Audit log that survives — operational requirement for any team setup. We use a CPT instead of a log file so it’s queryable and exportable.
- SEO plugin auto-detection — RankMath / Yoast / The SEO Framework store meta differently.
wp_set_seo_metaabstracts the difference. Most rolled servers hardcode one.
Three weekends of yak-shaving, or €39/month.
FAQ
Is this the official MCP standard?
Yes — JSON-RPC over HTTPS, MCP-2024 spec. Discovery via tools/list, invocation via tools/call. Compatible with any MCP client.
Can my visitors’ AI agents hit it directly?
Not yet — the MCP server requires a tenant bearer secret today. We’re working on a public crawler-mode that allows anonymous discovery for agent-readable websites. For now, your visitors’ agents discover your site via llms.txt + /.well-known/agent.json + JSON-LD; the MCP server is for authed agents you operate.
What about WordPress.com?
Self-hosted WordPress only for now (the plugin runs on your server). WordPress.com Business plan technically allows custom plugins, but we haven’t certified the install path there yet.
Bandwidth and rate limits?
Per-tenant rate limits at our side (the JWT/bearer flow) and per-user capability checks at the WP side. We don’t throttle MCP calls within plan limits; abuse triggers contact rather than hard cuts.
What does the audit log look like?
WordPress CPT animam_action: timestamp, user_login, tool name, JSON params, JSON result, status. Searchable from wp-admin, queryable via REST, exportable as CSV/JSON. Non-editable from the UI.
Open-source alternatives?
A few exist as community projects. They’re great starting points if you’re willing to maintain. The trade-off is the five subproblems above plus ongoing maintenance against WP core changes. Pick what fits your constraints.
An MCP toolbelt for WordPress, ready in five minutes.
WordPress MCP server — frequently asked questions
What is the WordPress MCP server in the Animam plugin?
It is a Model Context Protocol (MCP) server embedded inside the WordPress plugin. It exposes the 16 admin tools to MCP-compatible clients (Claude Desktop, Cursor, the Animam admin chat) via JSON-RPC. The endpoint is /wp-json/animam/v1/mcp on your WordPress install.
How is the MCP server authenticated?
The plugin issues short-lived JWT tokens (HS256, 15-minute expiry) signed with the tenant secret. Tokens are scoped to the current WordPress user's capabilities. Without a valid Authorization: Bearer header, the tools/list endpoint returns an empty list — there is no anonymous access.
Can I use this with Claude Desktop?
Yes. Add the WordPress MCP endpoint to your Claude Desktop config with a fresh JWT. Claude Desktop will see the 16 tools, scoped to your WP capabilities. Use cases: edit your blog, run SEO audits, manage WooCommerce stock, all from the desktop app.
How does this differ from a generic WordPress MCP server?
Animam ships the same plugin to non-technical site owners (no Claude Desktop, no terminal). One install gives you both a public visitor widget AND the admin MCP server, billed centrally. Generic MCP servers cover only the admin side and assume a developer-grade setup.
Is the public MCP server at mcp.animam.ai different from the in-plugin MCP?
Yes. mcp.animam.ai is the platform-level MCP server (OAuth 2.1, PKCE) that exposes Animam tenant management — corpus, segments, conversations, billing. The in-plugin MCP exposes WordPress-side tools, scoped to that single install.
Are tool calls audited?
Yes. Every JSON-RPC call is recorded as a custom post in the animam_audit_log CPT, with timestamp, user_login, tool name, input arguments (PII-scrubbed), and response code. The audit log is non-editable through the admin UI and survives plugin uninstall.