內容簡介
Royal MCP 是一個以安全為首要考量的 Model Context Protocol (MCP) 伺服器,專為 WordPress 設計。它提供 AI 平台如 Claude、ChatGPT 和 Google Gemini 結構化的內容存取,並確保每次請求都經過身份驗證、速率限制及活動日誌記錄,從而增強安全性。
【主要功能】
• API 金鑰身份驗證
• 每 IP 限制請求速率(每分鐘 60 次)
• 完整的活動日誌記錄
• 支援 37 種內建 MCP 工具
• 自動偵測相容外掛並添加專用工具
外掛標籤
開發者團隊
原文外掛簡介
Royal MCP is a security-first Model Context Protocol (MCP) server for WordPress. It gives AI platforms like Claude, ChatGPT, and Google Gemini structured access to your WordPress content — with authentication, rate limiting, and audit logging that most MCP implementations skip entirely.
According to recent security research, 41% of public MCP servers have no authentication and respond to tool calls without any credentials. Royal MCP takes the opposite approach: every MCP session requires an API key, every request is rate-limited, and every interaction is logged.
Why Security Matters for MCP
MCP gives AI agents the ability to read, create, update, and delete your WordPress content. Without proper authentication, anyone who discovers your MCP endpoint can:
Read all your posts, pages, and media
Create or delete content
Access user data and plugin information
Overwhelm your server with rapid-fire requests
Royal MCP prevents all of this with API key authentication on session initialization, timing-safe key comparison, per-IP rate limiting (60 requests/minute), and a full activity log of every MCP interaction.
37+ MCP Tools Built In
WordPress Core (37 tools):
Posts — create, read, update, delete, search, count
Pages — full CRUD with parent page support
Media — library browsing, metadata, deletion
Comments — create (respects moderation settings), read, delete
Users — display names and roles (emails and usernames are not exposed)
Categories & Tags — create, assign, delete, count
Menus — list menus and menu items
Post Meta — read, update, delete custom fields
Site Info — site name, description, WordPress version, timezone
Plugins & Themes — list installed plugins and themes with active status
Search — full-text content search across post types
Options — read allowlisted safe options only
Plugin Integrations (Conditional)
Royal MCP automatically detects compatible plugins and adds specialized MCP tools. No configuration needed — if the plugin is active, the tools appear.
WooCommerce Integration (9 tools):
When WooCommerce is active, AI agents can manage your store:
Browse and search products by category, status, or type
Create and update products with prices, SKUs, stock levels
View orders, order details, and update order status
List customers with order count and total spent
Get store statistics — revenue, order count, average order value by period
GuardPress Integration (7 tools):
When GuardPress is active, AI agents can monitor your site security:
Get current security score and grade with factor breakdown
View security statistics — failed logins, blocked IPs, alerts
Run vulnerability scans and review results
List blocked IP addresses and failed login attempts
Browse the security audit log filtered by severity
SiteVault Integration (6 tools):
When SiteVault is active, AI agents can manage your backups:
List available backups filtered by status or type
Trigger new backups (full, database, files, plugins, themes)
Check backup progress in real time
View backup statistics — total size, last backup, counts
List and review backup schedules
Works Alongside WordPress Core MCP
WordPress is building MCP support into core via the Abilities API. Royal MCP complements this by providing security controls that the core implementation does not include — API key authentication, rate limiting, activity logging, and sensitive data filtering. When the Abilities API ships, Royal MCP will continue to provide the security layer, plugin integrations, and WooCommerce tools that core does not cover.
Supported AI Platforms
Claude (Anthropic) — Full MCP support via Claude Desktop, Claude Code, and VS Code
OpenAI / ChatGPT — GPT-4o, GPT-4 Turbo, GPT-3.5 Turbo
Google Gemini — Gemini 1.5 Pro, 1.5 Flash
Groq — Llama 3.3, Mixtral, Gemma 2
Azure OpenAI — Azure-hosted OpenAI deployments
AWS Bedrock — Claude, Llama, Titan models
Ollama / LM Studio — Local self-hosted models (no external data transmission)
Custom MCP Servers — Connect to any MCP-compatible endpoint
MCP Spec Compliance
Royal MCP implements the MCP 2025-03-26 Streamable HTTP transport specification:
Single /mcp endpoint for all JSON-RPC communication
POST for client messages, GET for server-sent events, DELETE for session termination
Cryptographically secure session IDs with transient-based storage
Origin header validation to prevent DNS rebinding attacks
Proper CORS handling for browser-based MCP clients
External Services
This plugin connects to third-party AI services to enable AI platforms to interact with your WordPress content. No data is transmitted until you explicitly configure and enable a platform connection.
What data is sent: Your WordPress content (posts, pages, media metadata) as requested by the connected AI platform through authenticated MCP tool calls.
When data is sent: Only when you have configured a platform with API credentials AND enabled that platform connection AND the AI platform makes an authenticated request.
Supported services and their policies:
Anthropic Claude — Used for Claude AI integration
Terms of Service | Privacy Policy
OpenAI — Used for ChatGPT/GPT-4 integration
Terms of Use | Privacy Policy
Google Gemini — Used for Gemini AI integration
Terms of Service | Privacy Policy
Groq — Used for Groq LPU inference
Terms of Service | Privacy Policy
Microsoft Azure OpenAI — Used for Azure-hosted OpenAI models
Terms of Service | Privacy Policy
AWS Bedrock — Used for AWS-hosted AI models
Terms of Service | Privacy Policy
Ollama / LM Studio — Local self-hosted models (no external data transmission)
Custom MCP Servers — User-configured servers (data sent to user-specified endpoints only)