=== Easy MCP AI ===
Contributors: easymcpai
Tags: mcp, ai, woocommerce-ai, claude, mcp-server
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.6.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

WP MCP Server — Connect Claude, ChatGPT & any AI. 170 tools for WordPress: Core content, GA4, Search Console, SEO Data & 6 plugin integrations. Free

== Description ==

[**Easy MCP AI**](https://easymcpai.com/) is the most complete **WordPress MCP Server** — built so AI assistants can run your entire site workflow, from content and publishing to SEO research, traffic monitoring, and daily admin, through the [Model Context Protocol](https://modelcontextprotocol.io). Ask your AI about Google Analytics, Search Console, and SEO data without leaving your chat. You bring the direction. Your AI handles the execution.

No Node.js. No external proxy. No complicated setup. Just install, generate a token, and start building.

**At a glance:**

* **170 tools** across posts, pages, media, users, comments, menus, Google Analytics, Search Console, DataforSEO, and more
* **1-click OAuth 2.1** with per-scope consent (Claude Desktop, Cursor, etc.)
* **Plugin integrations** — WooCommerce, ACF, The Events Calendar, BuddyPress, Yoast, Rank Math, AIOSEO
* **Google Analytics 4 & Search Console** — ask your AI about traffic, top pages, conversions, search queries, clicks, impressions, and indexing status
* **DataforSEO** — ask your AI for live SERP results, keyword search volumes, backlink data, on-page audits, and ranked/site keywords
* **Auto-discovers WordPress 6.9+ Abilities**
* **Fully audit-logged** — every AI action on your site, recorded

= Works With Every Major AI =

[Connect any of the following AI assistants directly to your WordPress site](https://easymcpai.com/integrations):

* **Manus** — the autonomous AI agent that can run multi-step workflows start to finish
* **Claude** (Claude.ai, Claude Desktop, Claude Code) — Anthropic's powerful assistant
* **ChatGPT** (OpenAI Developer Mode) — the world's most popular AI, connected to your site
* **Gemini CLI / Google Antigravity** — Google's AI tools with MCP support
* **Cursor, Windsurf, Cline, Roo Code** — AI-powered code editors that can also manage your content
* **n8n** — automate content pipelines and publishing workflows
* **Any MCP-compatible client** — the protocol is open and supported by a growing ecosystem

= What Can Your AI Do On Your Site? =

Once connected, your AI assistant can handle everything you'd normally do in the WordPress admin:

**Content** — draft, write, edit, and publish posts and pages; search and update existing content

**Media** — browse your media library, upload new images, update alt text and captions

**Organization** — manage categories, tags, and navigation menus

**Users** — list users, create accounts, update profiles and roles

**Plugins & Themes** — see what's installed, activate or deactivate plugins

**Site Settings** — read and update core WordPress settings

**Google Analytics 4** — ask about traffic, top pages, conversions, custom dimensions/metrics, and realtime active users

**Google Search Console** — ask about top search queries, clicks, impressions, sitemaps, and URL indexing status

**DataforSEO** — check keyword search volumes and trends, pull live SERP results, analyse backlinks, run on-page audits, and look up ranked keywords for any domain

**Any Plugin** — automatically connects to plugins that support WordPress 6.9+ Abilities, no custom code needed

= Tools =

[**170 Tools, Ready to Use**](https://easymcpai.com/tools)

**74 core tools** covering every major WordPress content type:

**Posts** — list, get, create, update, delete, search
**Pages** — list, get, create, update, delete
**Media** — list, get, upload, update, delete
**Categories** — list, get, create, update, delete
**Tags** — list, get, create, update, delete
**Comments** — list, get, create, update, delete
**Users** — list, get, create, update, delete
**Menus** — list menus, get, create, update, delete; list, create, update, delete menu items
**Custom Post Types** — list, get, create, update, delete CPT items
**Post Meta** — get and update post meta
**Revisions** — list, get, delete post revisions
**Blocks** — list, get, create, update, delete blocks
**Templates** — list, get, update block templates
**Styles** — get and update global styles
**Site** — get and update settings, list post types, taxonomies, and post statuses
**Plugins** — list installed plugins
**Themes** — list themes, get active theme
**Search** — search across all content

= 11 Google Analytics 4 Tools =

**Account & Property** — list account summaries, get property details, check compatibility, get metadata
**Reports** — run standard reports, pivot reports, and realtime reports
**Configuration** — list data streams, conversion events, custom dimensions, and custom metrics

= 6 Google Search Console Tools =

**Sites** — list verified properties
**Search Analytics** — query top search terms, pages, countries, devices with clicks, impressions, CTR, and position
**Sitemaps** — list and inspect submitted sitemaps
**URL Inspection** — check indexing status and coverage for any URL on your site

= 8 DataforSEO Tools =

**SERP** — fetch live search engine results pages for any keyword and location
**Keywords** — look up monthly search volume and trend data for one or more keywords
**Labs** — get ranked keywords for any domain, or find keywords a specific page ranks for
**Backlinks** — get a backlink summary and list of referring domains for any target URL
**On-Page** — run an on-page SEO audit on any URL and get a list of actionable issues
**Account** — check your DataforSEO API account balance at any time

= 37 WooCommerce MCP Tools =

**Products** — list, get, create, update, delete products; list and create product variations; list product categories
**Orders** — list, get, create, update orders; list order notes, create order note; list order refunds (read-only)
**Customers** — list, get, create, update, delete customers
**Coupons** — list, get, create, update, delete coupons
**Webhooks** — list, get, create, update, delete webhooks
**Shipping** — list shipping zones, list shipping methods
**Tax** — list tax rates
**Payment** — list payment gateways
**Reports** — sales, orders, products, top sellers, customers

= 6 Plugin Integrations =

**WooCommerce** — 37 tools for products, orders, customers, coupons, shipping, reports, and more
**Advanced Custom Fields (ACF)** — 6 tools to get and update custom fields on posts, users, and terms; list field groups
**The Events Calendar** — 10 tools to create and manage events, venues, and organizers
**BuddyPress** — 10 tools for members, activity stream, groups, group members, and private messages
**Yoast SEO** — get and update post SEO metadata and rendered SEO head output
**Rank Math** — get and update post SEO metadata and rendered SEO head output
**All in One SEO (AIOSEO)** — get and update post SEO metadata

= Connect Any Plugin with Abilities =

WordPress 6.9+ introduces **Abilities** — a standard way for plugins to declare what they can do. Easy MCP AI automatically discovers Abilities registered by any plugin and exposes them as MCP tools. No custom code needed — if a plugin supports Abilities, your AI can use it out of the box.

= One-Click Connect with OAuth 2.1 =

Skip manual token copy-paste. Easy MCP AI ships with a full **OAuth 2.1** authorization server — PKCE, refresh-token rotation, and Dynamic Client Registration (RFC 7591) built in. Compatible MCP clients like Claude Desktop can connect with a single click: they register themselves, you approve the scopes on a consent screen, and you're done. Bearer tokens still work for power users and automation.

= Built for Security =

Giving an AI access to your site is serious — so security is built into every layer:

* **Bearer token authentication** with SHA-256 hashing — the raw token is never stored
* **Per-token permissions** — create a read-only token for one AI, a full-access token for another
* **WordPress capability checks** on every single tool call
* **Rate limiting** per token (default 60 requests/min, configurable)
* **Full audit log** — every tool call is logged with the token used, arguments, result, and client IP
* **IP whitelisting** — optionally restrict which IPs can use the MCP endpoint

= Simple Admin Interface =

* **Dashboard** — your MCP endpoint URL and one-click connection configs for every major AI client
* **API Tokens** — create and manage tokens with a checkbox-based tool permission tree
* **Audit Log** — a paginated, searchable log of every AI action taken on your site
* **Settings** — tune rate limits, log retention, IP whitelist, and more

== Installation ==

= Automatic Installation =

1. In your WordPress admin, go to **Plugins → Add New Plugin**.
2. Search for "Easy MCP AI".
3. Click **Install Now** and then **Activate**.

= Manual Installation =

1. Download the plugin ZIP from the WordPress plugin directory.
2. In your WordPress admin, go to **Plugins → Add New Plugin → Upload Plugin**.
3. Upload the ZIP, click **Install Now**, then **Activate**.

= After Activation =

**Which should I use?** Use Path A if your client supports OAuth.

= Path A — One-Click Connect (OAuth) =

1. Go to **Easy MCP AI → Dashboard** and copy your MCP server URL.
2. In your AI client (e.g. Claude Desktop → Settings → Connectors → Add custom connector), paste the server URL. No token needed.
3. Your browser opens a WordPress login + consent screen. Sign in as the user the AI should act as.
4. Tick the permission categories (Read / Write per content type, GA4, Search Console, etc.) you want to grant, then **Approve**.
5. The client is connected. Start talking to your site.
6. Manage or revoke connected clients anytime under **Easy MCP AI → API Token & OAuth → OAuth** tab.

= Path B — Manual Token (Bearer) =

1. Go to **Easy MCP AI → API Tokens** in your WordPress admin sidebar.
2. Click **Create New Token**.
3. Give the token a name, choose the WordPress user the AI will act as, and select which tools to allow.
4. Click **Create Token** and copy the token — it is only shown once.
5. Open your AI assistant, paste in the endpoint URL and token from the Dashboard page.
6. Start talking to your site.


== External services ==

This plugin connects to the following third-party services **only when a site administrator explicitly configures their own external account credentials** in **Easy MCP AI → External Data**. Nothing is contacted on a default install.

**DataForSEO** — `api.dataforseo.com`

* When: only if an admin saves a DataForSEO account login + API password.
* What is sent: the configured DataForSEO login + API password (HTTP Basic auth), plus the parameters supplied per call (keyword, target domain, target URL, location code, language code).
* Terms: https://dataforseo.com/terms-of-use
* Privacy: https://dataforseo.com/privacy-policy

**Google Analytics 4 Data API** — `analyticsdata.googleapis.com` (token exchange via `oauth2.googleapis.com`)

* When: only if an admin uploads a Google service-account JSON.
* What is sent: a signed JWT minted from the service-account key, plus the GA4 property id and report definition (dimensions, metrics, date range, filters) chosen per call.
* Terms: https://policies.google.com/terms
* Privacy: https://policies.google.com/privacy

**Google Search Console API** — `searchconsole.googleapis.com` / `www.googleapis.com/webmasters/v3` (token exchange via `oauth2.googleapis.com`)

* When: only if an admin uploads a Google service-account JSON.
* What is sent: a signed JWT minted from the service-account key, plus the Search Console site URL and per-call parameters (date range, dimensions, URL to inspect, sitemap URL).
* Terms: https://policies.google.com/terms
* Privacy: https://policies.google.com/privacy

== Frequently Asked Questions ==

= What is the Model Context Protocol (MCP)? =

MCP is an open standard created by Anthropic that lets AI assistants securely connect to external tools and data sources. It's quickly becoming the universal protocol for AI-to-app communication, supported by Anthropic, OpenAI, Google, and dozens of other platforms. Learn more at [modelcontextprotocol.io](https://modelcontextprotocol.io).

= Does this require Node.js or a special server? =

No long-running processes, no Node.js. The plugin contacts external services (DataForSEO, Google Analytics, Google Search Console) only if you explicitly add those third-party account credentials under Easy MCP AI → External Data — see the External services section above. Out of the box, nothing leaves your server.

= What WordPress and PHP versions are required? =

WordPress 6.0+ and PHP 7.4+. PHP 8.0 or higher is recommended.

= How does authentication work? =

You create an API token in the plugin admin. Each token is stored as a SHA-256 hash — the raw token is never saved and cannot be recovered after creation. Your AI sends the token via a standard `Authorization: Bearer` header on every request.

= How does OAuth 2.1 one-click connect work? =

Supported MCP clients (like Claude Desktop) can connect without you copying a token. The client registers itself via RFC 7591 Dynamic Client Registration, then redirects you to a consent screen on your site where you pick which permission categories (Read / Write per content type) to grant. You approve, the client receives a short-lived access token plus a rotating refresh token, and requests flow through the same capability-check layer as bearer-token auth. The plugin implements PKCE (S256), refresh-token reuse detection (RFC 9700), RFC 8707 audience binding, RFC 8414 and RFC 9728 discovery endpoints, and RFC 7009 revocation. No client ever sees your WordPress password.

= Do I need to enable OAuth? =

No configuration is required — OAuth endpoints are live as soon as the plugin is activated. You can manage registered clients and revoke per-user grants under **Easy MCP AI → API Token & OAuth → OAuth** tab. Bearer tokens continue to work alongside OAuth for power users and automation.

= Can I control what the AI is allowed to do? =

Yes, fully. Each token has its own permission set — you choose exactly which of the 162 tools it can call. Create a read-only token for a summarization AI, a content-only token for your writing assistant, and a full-access token for your trusted automation workflows.

= Is it safe to run on a live site? =

Yes, when used over HTTPS. Every request is authenticated, rate-limited, capability-checked, and logged. You can also restrict access by IP address for additional security.

= Can I connect multiple AI assistants at once? =

Yes. Create one token per assistant. Each token tracks its own usage, has its own permissions, and is logged independently.

= Does it work with custom post types? =

Yes. The post and page tools accept a `post_type` parameter so your AI can work with any registered post type on your site.

= Why does the endpoint return 404? =

Go to **Settings → Permalinks** in WordPress admin and click **Save Changes** to flush rewrite rules. Pretty permalinks must be enabled.

= Where do I report security bugs found in this plugin? =

Please report security bugs found in the source code of the Easy MCP AI for Wordpress plugin through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/8e5e1a2e-1cd4-42d7-8a5d-9ff3d1a7f397). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.

== Screenshots ==

1. Dashboard — your MCP endpoint URL and quick-start configs for every major AI client
2. API Tokens — manage tokens with per-tool permission checkboxes
3. Create Token — set name, user, expiry, and exactly which tools to allow
4. Audit Log — a full record of every AI action on your site
5. Settings — rate limits, IP whitelist, audit retention, and more

== Changelog ==

= 1.6.0 =
* Ask your AI about SEO data from DataforSEO — live SERP results, keyword search volumes, backlinks, on-page issues, and ranked keywords for any domain
* Ask "what keywords does example.com rank for?" or "what are the top backlinks to this page?" and get real data back
* Ask your AI to audit any URL for on-page SEO issues and get a list of what to fix
* Ask for live search results for any keyword in any country — useful for competitor research and content planning

= 1.5.0 =
* Ask your AI about your Google Search Console data — top queries, clicks, impressions, sitemaps, and URL indexing status
* Ask your AI about your Google Analytics 4 data — traffic, top pages, conversions, realtime active users, and more
* New **External Data** page under Easy MCP AI to connect your Google service account once and enable/disable individual tools
* Your Google credentials stay encrypted on your server and never leave WordPress
* New OAuth scopes for fine-grained access: `mcp:ga:read` (Google Analytics tools) and `mcp:gsc:read` (Search Console tools)

= 1.4.0 =
* One-click connection for Claude Desktop, Cursor, and other MCP clients — no more manually creating and copy-pasting tokens
* New consent screen: pick exactly what each AI is allowed to read and write, per content type
* New OAuth Clients admin page — see every connected AI, revoke access anytime, adjust permissions per client
* Updated to the latest MCP protocol (2025-11-25), still compatible with older clients
* Hardened security across the new connection flow
* Under the hood: OAuth 2.1 with PKCE S256, RFC 7591 DCR, RFC 8707 audience binding, RFC 7009 token revocation endpoint (/oauth/revoke), RFC 9728 protected-resource metadata discovery, MCP spec 2025-11-25

= 1.3.2 =
* Fixed per-post permission check on Yoast SEO and Rank Math SEO update tools — Author-level tokens can no longer overwrite SEO metadata on posts they do not own
* Removed phantom wp_bp_send_message entry from Plugin Integration Registry that had no backing implementation

= 1.3.1 =
* Fixed translation quality issues across 7 locales (Bulgarian, French, Indonesian, Italian, Slovak, Serbian, Urdu) identified in comprehensive audit of all 50 translation files
* Fixed Recent Posts resource count capping and sort/total calculation
* Fixed Scheduled Posts resource total count and post filtering logic

= 1.3.0 =
* Added WooCommerce integration — 37 tools covering products, variations, product categories, orders, order notes, order refunds (read-only), customers, coupons, webhooks, shipping zones, shipping methods, tax rates, payment gateways, and sales reports
* Added Advanced Custom Fields (ACF / Secure Custom Fields) integration — 6 tools to get and update custom fields on posts, users, and terms; list field groups
* Added The Events Calendar integration — 10 tools to create and manage events, venues, and organizers
* Added BuddyPress integration — 10 tools covering members, activity stream, groups, group members, and private message threads
* Added SEO integration — 8 tools spanning Yoast SEO, Rank Math, and All in One SEO (AIOSEO); get and update post SEO metadata and rendered SEO head output
* Added Plugin Integrations admin page — enable or disable each plugin group individually with collapsible cards, per-group tool lists, and type filter (read-only / destructive)
* Plugin tool groups are opt-in; tools for inactive or disabled plugins are automatically excluded from the tool list
* Security hardening: Bearer token authentication updated to match MCP spec requirements

= 1.2.0 =
* Admin interface now available in 50+ languages with a searchable language selector
* Added direct links to AI client settings pages from the Dashboard quick-start guides
* Delete page tool now returns the page title in the response
* Security and reliability improvements

= 1.1.1 =
* 26 new tools across 7 new categories: Custom Post Types, Post Meta, Revisions, Blocks, Styles, Templates, and Search
* 11 new MCP Resources — your AI can now read site info, stats, and recent content as structured data
* Tool count increased from 48 to 74
* Fixed plugin activation/deactivation failing due to URL-encoded plugin slugs
* Fixed tool whitelist bug that blocked all tools when no wildcard patterns were set
* Renamed REST endpoint from `wp-mcp/v1` to `easy-mcp-ai/v1`
* Various security and code quality improvements

= 1.0.0 =
* Initial release
* 48 MCP tools covering all core WordPress REST APIs (now 74 in v1.1.1)
* Bearer token authentication with SHA-256 hashing
* Per-token tool permissions with admin checkbox UI
* WordPress capability enforcement on every tool call
* Rate limiting per token
* Full audit logging with configurable retention
* IP whitelisting
* Quick-start connection guides for Manus, Claude, ChatGPT, Cursor, n8n, and more
* MCP spec 2025-03-26, Streamable HTTP transport, JSON-RPC 2.0
* Fully internationalized (i18n ready)

== Upgrade Notice ==

= 1.6.0 =
No breaking changes. DataforSEO tools are inactive until you add your API credentials under Easy MCP AI → External Data.

= 1.3.0 =
No breaking changes. WooCommerce, ACF, The Events Calendar, BuddyPress, and SEO plugin tools are opt-in — enable them from Easy MCP AI → Plugin Integrations.

= 1.1.1 =
The MCP endpoint has moved from `wp-mcp/v1` to `easy-mcp-ai/v1`. Update your AI client connection URLs after upgrading.

= 1.0.0 =
Initial release. No upgrade steps required.

== Author ==

Developed by [EasyMCPAI](https://easymcpai.com).
