
內容簡介
Agent Abilities for MCP 是一款將您的 WordPress 網站轉變為受控的 Model Context Protocol (MCP) 伺服器的外掛。它提供 153 種精選的 WordPress 功能給 AI 代理,讓 AI 客戶端可以安全地讀取和寫入網站內容。
【主要功能】
• 提供 153 種 WordPress 能力給 AI 代理
• 以最小權限原則設計,確保安全性
• 連接過程中不會暴露管理員權限
• 具備雙層能力檢查,確保每次呼叫的合法性
• 完整的審計日誌,記錄所有呼叫和拒絕嘗試
• 無需自訂伺服器或傳輸,簡化設置過程
外掛標籤
開發者團隊
② 後台搜尋「Agent Abilities for MCP – MCP Server for AI Agents」→ 直接安裝(推薦)
原文外掛簡介
WordPress MCP server for AI agents, governed and off by default
Agent Abilities for MCP is a WordPress plugin that turns your site into a governed Model Context Protocol (MCP) server. It exposes 153 curated WordPress “abilities” (tools) to AI agents like Claude, Cursor, and VS Code over MCP, so your AI client can read and, when you allow it, write to your site as a real, least-privilege WordPress user you choose. It is built on the WordPress 6.9 Abilities API and the official MCP Adapter, so there is no custom server or transport to trust.
Nothing is exposed until you turn it on. The agent only ever acts as the WordPress user you bind it to, never an admin-equivalent key, and every call is re-checked against that user’s capabilities and logged before it runs, denials included. You add reach as you build trust, not all at once. Your own AI client connects in to your site; the plugin makes zero outbound calls and has no telemetry.
Prefer to watch first? Here is a short walkthrough of the plugin in action.
Quick links: Documentation | Getting started | Supported clients | GitHub
🛡️ Least-privilege access by design
Least privilege by design. The AI agent connects as a real, scoped WordPress user through OAuth or an Application Password, never an admin-equivalent key.
Off by default. Nothing is exposed until you enable it, and updates never silently widen access.
Two-layer capability gating. A connection only sees the tools its user can call, and every call re-checks that capability before it runs.
Honest audit log. Every call is recorded, denied attempts included, with the principal and the argument keys (never the values). It lives in your own database and clears from the admin.
Bounded by construction. No arbitrary option or meta access, no remote URL fetch, no code execution. Uploads are decoded from inline data and checked by their real bytes against an image allow-list, never fetched from a URL. A created user gets the site default role, never admin, and the last administrator can never be removed. Anything destructive is off by default and capability-gated, and deletes go to Trash where the ability supports it.
Optional safety controls. Switch on a per-minute rate limit, an IP allowlist, a force-to-draft mode, or a title-length cap. All four stay off until you set them.
No data leaves your site. The plugin contacts no AI provider and no external service. Your AI client connects in; the plugin never reaches out.
Two ways to connect. Approve an agent in the browser over OAuth, with no secret to store, or point a dedicated low-privilege user at an Application Password. A guided screen builds the client config and checks the endpoint for you.
🤖 Built on the WordPress Abilities API and MCP Adapter
WordPress 6.9 ships the Abilities API and the official MCP Adapter. Agent Abilities for MCP registers a curated, governed set of abilities on top of them rather than inventing its own protocol or transport. It builds on the official MCP Adapter library (wordpress/mcp-adapter) rather than a custom server, so there is no bespoke server to trust and the plugin inherits the standard’s behavior. What it adds is the governance layer: the off-by-default catalog, the capability gating, the safety controls, and the audit log for running the Model Context Protocol on WordPress.
📦 153 governed abilities
The plugin ships 153 governed abilities: 83 across WordPress core and 70 from auto-detected integrations. Every one is off until you enable it, scoped to the bound user, capability-gated, and logged. Beyond these, it can also bridge abilities declared by your other plugins (see below).
WordPress core (83 abilities). Reads plus guarded writes across your whole site:
📝 Posts & Pages: list, read, create, update, and delete posts and pages, with destructive actions off by default and deletes routed to Trash.
🏷️ Terms & Taxonomies: manage categories, tags, and custom taxonomy terms.
💬 Comments: read and moderate the comment queue.
🖼️ Media: list and read the media library, and add images decoded from inline data and validated by their real bytes against an image allow-list (never fetched from a URL).
🗂️ Post Meta: read and write only the meta keys an administrator has explicitly allowlisted. Protected, underscore-prefixed, and authentication keys can never be allowlisted.
👥 Users: read and manage users within capability limits. A new user gets the site default role, never admin, and the last administrator can never be removed.
🧭 Site structure: work with menus and the structural pieces that hold the site together.
🕓 Revision history: read the revision trail for content.
🧱 Blocks & Templates: work with reusable blocks, themes, and templates.
⚙️ Limited settings & site health: a tightly scoped set of settings, plus read-only site health and plugin status.
🔍 Site-wide search: one search that spans every post type at once.
Integrations (70 abilities). Detected automatically per active plugin, off until you turn them on, capability-gated, and logged. Each appears only while its host plugin is active:
🛒 WooCommerce MCP (52 abilities): read and write products, orders, and customers so an AI agent can help run your store. These touch real customer and order data, including personal data such as names, emails, and addresses, so they sit behind a clear admin notice and stay off until you switch them on.
🧩 Advanced Custom Fields (7 abilities): read and write ACF field data. Like WooCommerce, these can reach real personal data and sit behind the same clear notice.
📈 Rank Math SEO (5 abilities): read and manage Rank Math SEO data.
📈 Yoast SEO (3 abilities): read and manage Yoast SEO data.
📈 All in One SEO (3 abilities): read and manage AIOSEO data.
More integrations are planned.
🔗 Abilities from your other plugins (new in 1.1.0)
WordPress 6.9 lets any plugin register its own abilities, not just this one. Agent Abilities for MCP can now bring those in too. When another active plugin declares abilities through the Abilities API, they appear on a dedicated Abilities from other plugins screen, grouped by the plugin that registered them, every one off until you turn it on. Enable one and it becomes a governed MCP tool under the same rules as the built-in catalog: scoped to the bound user, capability-checked on every call, rate-limited, and written to the same audit log. Argument values are still never stored.
So you are not limited to the integrations shipped here. Any plugin that speaks the Abilities API can be handed to your agent on your terms, and you can flip a whole plugin’s set on or off at once. For fleets or record-keeping, the bundled WP-CLI command wp aafm catalog export prints a site’s discoverable abilities as JSON.
🔌 Supported AI platforms
Your AI client connects in to your site over MCP. The plugin never calls out to any AI provider, so there is no model API key to add and nothing extra to pay for.
Anthropic Claude: works today. The claude.ai web app and Claude Desktop share one custom-connector flow, so you paste your endpoint URL and approve the sign-in once. Claude Code connects from the command line.
OpenAI ChatGPT: works once you turn on developer mode in ChatGPT and add your site as a custom connector.
Manus: works by adding your endpoint as a custom MCP connector and approving the sign-in. Manus runs in the cloud, so it connects by URL with no local bridge.
Google Gemini: works today through the Gemini CLI.
Any Model Context Protocol client: anything that speaks MCP can connect, directly or through the open-source mcp-remote bridge that runs on your own machine.
The hosted Gemini app is not supported yet. The clients listed below all work today.
🧩 Compatible clients and frameworks
Connect any MCP client that can reach your site’s endpoint. With OAuth you paste the endpoint URL and approve once in the browser; with an Application Password you point a dedicated low-privilege user at the endpoint.
Hosted cloud apps: ChatGPT (developer mode turned on, your site added as a custom connector), Claude (the claude.ai web app and Claude Desktop, which share one connector flow), and Manus. These connect by URL over OAuth, so there is no config file to edit and no bridge to install.
AI code editors and IDEs: Claude Code, Cursor, VS Code, and Windsurf.
Command line: Gemini CLI.
AI agent frameworks: any MCP-compatible framework can call your enabled abilities as tools.
Bridged clients: clients that cannot open a remote MCP connection on their own use the open-source mcp-remote or @automattic/mcp-wordpress-remote bridge, which runs on your own machine and talks only to your site and your local client.
⚖️ Disclaimer
Model Context Protocol (MCP) is an open specification originally developed by Anthropic. Claude, ChatGPT, Cursor, VS Code, Gemini, and other product names are trademarks of their respective owners. Agent Abilities for MCP is a third-party plugin and is not affiliated with, endorsed by, or sponsored by any of them.
External Services
This plugin does not contact any external service. It registers abilities on your own site and answers the requests your AI client sends to it. It makes no outbound requests of its own and includes no analytics or telemetry.
Connecting an AI client to your site is done by the client, not by this plugin. Some MCP clients reach your endpoint directly; others use a small bridge program that runs on your own computer, such as the open-source mcp-remote tool or @automattic/mcp-wordpress-remote. Neither bridge is bundled with this plugin or run by it. You install and run it yourself, and it talks only to your site and your local AI client. Their terms are on their own pages:
mcp-remote: https://www.npmjs.com/package/mcp-remote
@automattic/mcp-wordpress-remote: https://www.npmjs.com/package/@automattic/mcp-wordpress-remote
