Major security and feature update. MCP endpoint now requires API key authentication. Added WooCommerce, GuardPress, and SiteVault integrations (22 new tools). Rate limiting added. Recommended update for all users.<\/p>","1.2.3":"
Security: SSRF protection for outbound requests. WordPress.org compliance fixes.<\/p>","1.2.0":"
Security hardening and MCP spec compliance improvements. Recommended update for all users.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3448287,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3448287,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3495168,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3448287,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.2.2","1.2.3","1.3.0","1.4.0"],"block_files":[],"assets_screenshots":{"screenshot-1.jpg":{"filename":"screenshot-1.jpg","revision":3439404,"resolution":"1","location":"assets","locale":""},"screenshot-2.jpg":{"filename":"screenshot-2.jpg","revision":3439404,"resolution":"2","location":"assets","locale":""},"screenshot-3.jpg":{"filename":"screenshot-3.jpg","revision":3439404,"resolution":"3","location":"assets","locale":""},"screenshot-4.jpg":{"filename":"screenshot-4.jpg","revision":3439404,"resolution":"4","location":"assets","locale":""},"screenshot-5.jpg":{"filename":"screenshot-5.jpg","revision":3439404,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3497937,"resolution":"6","location":"assets","locale":""}},"screenshots":{"1":"Main settings page with API key and platform overview","2":"AI platform configuration with connection testing","3":"Activity log showing authenticated MCP requests","4":"Claude Desktop MCP connector setup","5":"WooCommerce product management via Claude","6":"OAuth consent screen for Claude Desktop connector"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[232666,257509,242115,231325,259066],"plugin_category":[],"plugin_contributors":[253970],"plugin_business_model":[],"class_list":["post-274400","plugin","type-plugin","status-publish","hentry","plugin_tags-ai-wordpress","plugin_tags-claude-wordpress","plugin_tags-mcp","plugin_tags-woocommerce-ai","plugin_tags-wordpress-ai-integration","plugin_contributors-royalpluginsteam","plugin_committers-royalpluginsteam"],"banners":{"banner":"https:\/\/ps.w.org\/royal-mcp\/assets\/banner-772x250.png?rev=3448287","banner_2x":"https:\/\/ps.w.org\/royal-mcp\/assets\/banner-1544x500.png?rev=3495168","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/royal-mcp\/assets\/icon-128x128.png?rev=3448287","icon_2x":"https:\/\/ps.w.org\/royal-mcp\/assets\/icon-256x256.png?rev=3448287","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/royal-mcp\/assets\/screenshot-1.jpg?rev=3439404","caption":"Main settings page with API key and platform overview"},{"src":"https:\/\/ps.w.org\/royal-mcp\/assets\/screenshot-2.jpg?rev=3439404","caption":"AI platform configuration with connection testing"},{"src":"https:\/\/ps.w.org\/royal-mcp\/assets\/screenshot-3.jpg?rev=3439404","caption":"Activity log showing authenticated MCP requests"},{"src":"https:\/\/ps.w.org\/royal-mcp\/assets\/screenshot-4.jpg?rev=3439404","caption":"Claude Desktop MCP connector setup"},{"src":"https:\/\/ps.w.org\/royal-mcp\/assets\/screenshot-5.jpg?rev=3439404","caption":"WooCommerce product management via Claude"},{"src":"https:\/\/ps.w.org\/royal-mcp\/assets\/screenshot-6.png?rev=3497937","caption":"OAuth consent screen for Claude Desktop connector"}],"raw_content":"\n
Royal MCP is a security-first Model Context Protocol (MCP) server for WordPress. It gives AI platforms like Claude, ChatGPT, and Google Gemini structured access to your WordPress content \u2014 with authentication, rate limiting, and audit logging that most MCP implementations skip entirely.<\/p>\n\n
According to recent security research<\/a>, 41% of public MCP servers have no authentication and respond to tool calls without any credentials. Royal MCP takes the opposite approach: every MCP session requires an API key, every request is rate-limited, and every interaction is logged.<\/p>\n\n MCP gives AI agents the ability to read, create, update, and delete your WordPress content. Without proper authentication, anyone who discovers your MCP endpoint can:<\/p>\n\n Royal MCP prevents all of this with API key authentication on session initialization, timing-safe key comparison, per-IP rate limiting (60 requests\/minute), and a full activity log of every MCP interaction.<\/p>\n\n WordPress Core (37 tools):<\/strong><\/p>\n\n Royal MCP automatically detects compatible plugins and adds specialized MCP tools. No configuration needed \u2014 if the plugin is active, the tools appear.<\/p>\n\n WooCommerce Integration (9 tools):<\/strong>\nWhen WooCommerce is active, AI agents can manage your store:<\/p>\n\n GuardPress Integration (7 tools):<\/strong>\nWhen GuardPress is active, AI agents can monitor your site security:<\/p>\n\n SiteVault Integration (6 tools):<\/strong>\nWhen SiteVault is active, AI agents can manage your backups:<\/p>\n\n WordPress is building MCP support into core via the Abilities API. Royal MCP complements this by providing security controls that the core implementation does not include \u2014 API key authentication, rate limiting, activity logging, and sensitive data filtering. When the Abilities API ships, Royal MCP will continue to provide the security layer, plugin integrations, and WooCommerce tools that core does not cover.<\/p>\n\n Royal MCP implements the MCP 2025-03-26 Streamable HTTP transport specification<\/a>:<\/p>\n\n This plugin connects to third-party AI services to enable AI platforms to interact with your WordPress content. No data is transmitted until you explicitly configure and enable a platform connection.<\/strong><\/p>\n\n What data is sent:<\/strong> Your WordPress content (posts, pages, media metadata) as requested by the connected AI platform through authenticated MCP tool calls.<\/p>\n\n When data is sent:<\/strong> Only when you have configured a platform with API credentials AND enabled that platform connection AND the AI platform makes an authenticated request.<\/p>\n\n Supported services and their policies:<\/strong><\/p>\n\n Anthropic Claude<\/strong> \u2014 Used for Claude AI integration\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n OpenAI<\/strong> \u2014 Used for ChatGPT\/GPT-4 integration\nTerms of Use<\/a> | Privacy Policy<\/a><\/p><\/li>\n Google Gemini<\/strong> \u2014 Used for Gemini AI integration\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Groq<\/strong> \u2014 Used for Groq LPU inference\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Microsoft Azure OpenAI<\/strong> \u2014 Used for Azure-hosted OpenAI models\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n AWS Bedrock<\/strong> \u2014 Used for AWS-hosted AI models\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Ollama \/ LM Studio<\/strong> \u2014 Local self-hosted models (no external data transmission)<\/p><\/li>\n Custom MCP Servers<\/strong> \u2014 User-configured servers (data sent to user-specified endpoints only)<\/p><\/li>\n<\/ul>\n\n\nWhy Security Matters for MCP<\/h4>\n\n
\n
37+ MCP Tools Built In<\/h4>\n\n
\n
Plugin Integrations (Conditional)<\/h4>\n\n
\n
\n
\n
Works Alongside WordPress Core MCP<\/h4>\n\n
Supported AI Platforms<\/h4>\n\n
\n
MCP Spec Compliance<\/h4>\n\n
\n
\/mcp<\/code> endpoint for all JSON-RPC communication<\/li>\nExternal Services<\/h3>\n\n
\n
\n
royal-mcp<\/code> folder to \/wp-content\/plugins\/<\/code><\/li>\n