內容簡介
AcrossAI MCP Manager 是一款 WordPress 外掛,旨在透過安全的應用程式密碼,讓 AI 助手和程式碼編輯器無縫整合 Model Context Protocol (MCP) 伺服器,確保安全存取 WordPress 實例。
【主要功能】
• 多客戶端支援:支援多種編輯器和應用程式
• 安全認證:使用 WordPress 原生應用程式密碼系統
• 簡易配置:提供即用的 JSON 配置
• 標準格式支援:符合 Automattic 推薦的 MCP 配置格式
• CLI 連接:支援瀏覽器輔助的 CLI 連接流程
外掛標籤
開發者團隊
原文外掛簡介
MCP Manager uses the standard @automattic/mcp-wordpress-remote@latest package with WordPress Application Passwords for the default remote flow. It also includes an optional experimental direct Claude Connectors mode backed by a WordPress-hosted OAuth approval flow.
MCP Manager is a WordPress plugin that enables seamless integration with Model Context Protocol (MCP) servers, allowing AI assistants and code editors to safely access your WordPress instance through secure application passwords.
Key Features
Multi-Client Support: Configure MCP for:
VS Code with Copilot
Claude Desktop App
GitHub Copilot & Codex
OpenAI ChatGPT Codex
Custom MCP Clients
Secure Authentication: Uses WordPress native Application Passwords system
One-click password generation
Secure credential management
Password revocation support
Per-server Access Control still enforced after authentication
Easy Configuration:
Copy-paste ready JSON configurations
Per-provider configuration file paths
Automatic top-level key detection
Format #1 Standard: Uses the Automattic-recommended MCP configuration format
npx command execution
@automattic/mcp-wordpress-remote@latest package
Full environment variable support
How It Works
Navigate to Settings → MCP Manager
Select your MCP client (VS Code, Claude, GitHub Copilot, ChatGPT, or Custom)
Click “Generate New Application Password”
Copy the ready-to-use JSON configuration
Paste into your client’s configuration file
Restart your MCP client
All application passwords are managed through WordPress’s native Application Passwords system and appear in your profile under Account Management.
CLI Connection and Authorization Flow
MCP Manager also supports a browser-assisted CLI connection flow for local MCP clients.
Typical command:
npx -y @acrossai/mcp-manager --siteurl=https://example.com --server=default-mcp-server
Flow summary:
The CLI checks /wp-json/acrossai-mcp-manager/v1/health
The CLI starts auth with /wp-json/acrossai-mcp-manager/v1/auth/start
WordPress returns an auth_code and frontend auth_url
The CLI opens the frontend approval page at /acrossai-mcp-manager/
If needed, the user signs in through normal WordPress login
The signed-in user approves access in the browser
The CLI polls /auth/status until the request is approved
The CLI fetches the approved user’s accessible servers from /servers
The CLI exchanges the approved code at /auth/exchange
WordPress creates a one-time Application Password and the CLI writes the MCP client config
Terminology:
Sign in / Log in = WordPress account authentication
Connect = starting the CLI-to-site linking flow
Authorize / Approve access = granting the CLI permission in the browser
Important notes:
The frontend authorization page must never be cached
Auth codes are single-use
/servers and /auth/exchange respect per-server access control
User-facing copy should say CLI Connections rather than npm Login
Generated remote MCP configs use Application Passwords and explicitly disable OAuth discovery in @automattic/mcp-wordpress-remote
Experimental Direct Claude Connectors
An optional Claude Connectors Screen (Experimental) setting can enable a direct OAuth flow for Claude’s hosted connectors.
When the global feature toggle is enabled and a specific server is configured in its Claude Connector tab, the plugin exposes:
/.well-known/oauth-authorization-server
/.well-known/oauth-protected-resource?resource=
/acrossai-mcp-connectors/oauth/authorize/
/wp-json/acrossai-mcp-manager/v1/connector/oauth/token
Important notes:
Disabled by default
The Application Password flow remains available and supported
The master experimental toggle is global, but OAuth client settings are stored per server
Direct connector approval signs Claude in as a WordPress user
Per-server Access Control still applies to every MCP request after OAuth
Public HTTPS is recommended for hosted connector usage
Provider Configuration Paths
VS Code: ~/.config/Code/User/globalStorage/Copilot.copilot-chat/mcp.json (top-level key: “servers”)
Claude: ~/Library/Application Support/Claude/claude_desktop_config.json (top-level key: “mcpServers”)
GitHub Copilot: ~/.gh-copilot/config.json (top-level key: “servers”)
OpenAI ChatGPT: ~/.config/chatgpt/config.json (top-level key: “servers”)
Custom: ./your-project/.mcp/config.json (top-level key: configurable)
Requirements
WordPress 5.9 or higher
PHP 7.4 or higher
WordPress Application Passwords support (built-in since WP 5.6)
Support & Contribution
For issues, feature requests, or contributions, visit the plugin repository.
Questions? Check the FAQ section or look for documentation in the plugin settings page.
Development
This plugin follows WordPress coding standards and best practices:
– PHP 7.4+ compatible
– Full object-oriented architecture
– Secure nonce verification
– Proper capability checks
– Sanitized input validation
– Escaped output
License
This plugin is licensed under the GPL-2.0-or-later license. See LICENSE file for details.
Credits
MCP Manager is built with:
– WordPress native APIs
– Automattic’s MCP WordPress Remote package
– WordPress Application Passwords system
Developed with ❤️ for the WordPress community.
