
內容簡介
Royal MCP 是一個以安全為首的模型上下文協議 (MCP) 伺服器,專為 WordPress 設計。它為 Claude、ChatGPT 和 Google Gemini 等 AI 平台提供結構化的內容訪問,並具備身份驗證、速率限制和審計日誌等功能,確保內容安全。
【主要功能】
• API 金鑰身份驗證
• 每個請求速率限制(每分鐘 60 次)
• 完整的活動日誌記錄
• 無需外部連接,完全自我託管
• 支援多種 AI 平台整合
外掛標籤
開發者團隊
② 後台搜尋「Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Royal MCP is a security-first Model Context Protocol (MCP) server for WordPress. It gives AI platforms like Claude, ChatGPT, and Google Gemini structured access to your WordPress content — with authentication, rate limiting, and audit logging that most MCP implementations skip entirely.
First-time setup walkthrough (with videos): royalplugins.com/support/royal-mcp/connecting-to-claude/
According to recent security research, 41% of public MCP servers have no authentication and respond to tool calls without any credentials. Royal MCP takes the opposite approach: every MCP session requires an API key, every request is rate-limited, and every interaction is logged.
Why Security Matters for MCP
MCP gives AI agents the ability to read, create, update, and delete your WordPress content. Without proper authentication, anyone who discovers your MCP endpoint can:
Read all your posts, pages, and media
Create or delete content
Access user data and plugin information
Overwhelm your server with rapid-fire requests
Royal MCP prevents all of this with API key authentication on session initialization, timing-safe key comparison, per-IP rate limiting (60 requests/minute), and a full activity log of every MCP interaction.
Free, Self-Hosted, Fully Featured
Royal MCP is fully featured in its free, GPL-licensed release. There is no Pro version — all tools ship in the wp.org plugin, and updates go through the standard WordPress plugin updater.
Your credentials stay on your server. Royal MCP runs entirely inside WordPress: API keys, OAuth tokens, and session state all live in your own database. Royal MCP makes no outbound connections to Royal Plugins’ own servers — no license check, no telemetry, no traffic beacon. If you prefer to keep AI inference local too, Ollama and LM Studio are first-class platforms alongside Claude, ChatGPT, and Gemini.
69 Core Tools + 60 Integration Tools
WordPress Core (69 tools):
Posts – create, read, update, delete, search, count (any registered public post type, featured images supported)
Pages – full CRUD with parent page support
Post Types – discover all registered public post types on the site
Post Revisions – list revision history and roll a post back to any prior version
Media – browse, upload from URL or base64, update alt text/caption/title/description, set as featured image, delete
Comments – create, read, delete; full moderation suite (list pending, approve, mark spam, trash)
Users – display names and roles (emails and usernames are not exposed)
Categories & Tags & Custom Taxonomies – create, update (rename/re-slug/edit/move), delete, assign, count, discover all registered taxonomies
Term Meta – read, update, delete (most useful for term-level SEO meta – titles, descriptions, focus keywords stored against categories and tags)
Menus – list menus, list menu items, create / update / delete / reorder menu items
Post Meta – read, update, delete custom fields (works with ACF, MetaBox, JetEngine, Pods, CPT UI)
SEO Meta – read and write Yoast SEO or Rank Math title/description/focus keyword/robots/OG fields (auto-detects active SEO plugin)
Site Info – site name, description, WordPress version, timezone
Plugins & Themes – list installed plugins and themes with active status
Theme Appearance – get active theme, read/write theme mods (gated by admin toggle + allowlist), read/write Custom CSS
Search – full-text content search across post types
Permalink Structure – read and update permalink settings (gated by admin toggle)
Options – read allowlisted core options, read full plugin settings by slug (sensitive keys redacted), and write to allowlisted options when an admin enables it
Plugin Integrations (Conditional)
Royal MCP automatically detects compatible plugins and adds specialized MCP tools. No configuration needed — if the plugin is active, the tools appear.
WooCommerce Integration (26 tools):
When WooCommerce is active, AI agents can manage your store end-to-end:
Browse and search products by category, status, or type
Create and update simple and variable products with prices, SKUs, stock levels
Manage variable products — list, get, create, update, delete, and batch-update product variations
Manage global attributes (pa_* taxonomies) — list registered attributes, list attribute terms, register new attributes, assign attributes to a product as variation axes
Manage coupons — list, search by code, get, create, update, delete (trash or permanent), and bulk-purge trash; supports all standard WC coupon fields (discount type, expiry, usage limits, product/category restrictions, email allowlists)
View orders, order details, and update order status
List customers with order count and total spent
Get store statistics — revenue, order count, average order value by period
GuardPress Integration (7 tools):
When GuardPress is active, AI agents can monitor your site security:
Get current security score and grade with factor breakdown
View security statistics — failed logins, blocked IPs, alerts
Run vulnerability scans and review results
List blocked IP addresses and failed login attempts
Browse the security audit log filtered by severity
SiteVault Integration (6 tools):
When SiteVault is active, AI agents can manage your backups:
List available backups filtered by status or type
Trigger new backups (full, database, files, plugins, themes)
Check backup progress in real time
View backup statistics — total size, last backup, counts
List and review backup schedules
ForgeCache Integration (3 tools):
When ForgeCache is active, AI agents can manage your page cache:
Clear the entire cache, or purge a specific URL
View cache statistics — hit rate, file count, total size
Royal Ledger Integration (4 tools):
When Royal Ledger is active, AI agents can review your software costs and license data:
List recurring software costs and renewal dates
Get cost summaries grouped by month, vendor, or category
List stored license keys (key VALUES are never exposed — only masked previews; decryption requires logging into wp-admin)
Royal Links Integration (3 tools):
When Royal Links is active, AI agents can manage your branded short links:
List existing links with click counts and target URLs
Create new branded short links
Get click statistics for any link
Advanced Custom Fields Integration (4 tools):
When ACF (free or Pro) is active, AI agents can read and write ACF fields with the field-type-aware formatting the ACF UI uses — instead of the raw serialized values WordPress meta returns:
Read a single ACF field, formatted per its Return Format setting (hydrated post objects, parsed repeater rows, image arrays, etc.)
Read every ACF field on a post in one call, with name/label/type/value bundled — the most efficient way for an AI to discover what fields exist and read them all
Update an ACF field with type-aware value handling (scalar for text/number, array for repeaters and flex content, post ID for relationships, attachment ID for images)
Enumerate ACF field groups on the site, optionally filtered by post type — for AI-driven discovery of available custom fields before reading/writing
Elementor Integration (7 tools):
When Elementor (free or Pro) is active, AI agents can clone and customize existing Elementor pages without trying to generate page-builder JSON from scratch:
Clone an existing Elementor page with a new title and fresh element IDs (so the duplicate opens in the editor without ID collisions)
Bulk-replace text across heading, text-editor, button, image-box, icon-box, icon-list, testimonial, tabs, accordion, toggle, star-rating, call-to-action, and flip-box widgets
Swap image URLs across image, image-box, background_image, and gallery widget settings
Get a compact outline of any page (section/container hierarchy, widget types, text snippets) so Claude can reason over a full page in a few KB instead of the raw JSON
List saved templates from the Elementor template library and import templates from JSON
Atomic widgets (Elementor 4.0+ Editor V4 elements) pass through opaque — we never decode atomic schemas because Elementor itself may shift them. Widget-level creation from scratch is intentionally out of scope; the design commitment is to work from an existing-known-good source.
Royal MCP and the WordPress Core Abilities API
WordPress 6.9 shipped the Abilities API in November 2025 — a primitive that lets plugins register typed capabilities AI agents can call. Core ships three default abilities (site info, user info, environment info) and the wordpress/mcp-adapter package bridges abilities to the MCP protocol.
Royal MCP is a complete, production-ready MCP server that predates the official adapter. It runs the full Streamable HTTP transport, enforces API key authentication on every request, ships OAuth 2.0 for Claude Desktop’s native connector flow, rate-limits per-IP, redacts sensitive data, and logs every interaction. Out of the box it includes 67 tools for WordPress core operations plus 60 integration tools that auto-load when WooCommerce, GuardPress, SiteVault, ForgeCache, Royal Ledger, Royal Links, Elementor, or Advanced Custom Fields (ACF) is active.
Supported AI Platforms
Claude (Anthropic) – Full MCP support via Claude Desktop, Claude Code, and VS Code
OpenAI / ChatGPT – GPT-5.5, GPT-5, GPT-5 Mini, o3
Google Gemini – Gemini 3.5 Flash, 3.1 Flash-Lite
Groq – Llama 3.3, Llama 3.1, GPT-OSS
Azure OpenAI – Azure-hosted OpenAI deployments
AWS Bedrock – Claude, Llama, Titan models
Ollama / LM Studio – Local self-hosted models (no external data transmission)
Custom MCP Servers – Connect to any MCP-compatible endpoint
Compatible Clients & Frameworks
Royal MCP works with any MCP-compliant client, IDE, or AI agent framework — no per-tool configuration required. Each entry below describes the specific integration path Royal MCP provides for that target, so customers can answer “will this work with the tool I already use?”:
Desktop AI apps – Claude Desktop (native MCP connector via OAuth 2.0), ChatGPT Desktop, Gemini Advanced.
AI code IDEs – Claude Code, VS Code (with MCP extension), Cursor, Windsurf, Continue, Cline, Zed, JetBrains AI Assistant.
API testing tools – Postman, Bruno, Insomnia (use the API key in the X-Royal-MCP-API-Key header).
Custom field plugins – Advanced Custom Fields (ACF) has dedicated acf_* tools that return values formatted per each field’s Return Format setting (the same way the ACF UI shows them). MetaBox, JetEngine, Pods, CPT UI, and Custom Field Suite are supported through the wp_get_post_meta / wp_update_post_meta tools, so AI agents can populate custom fields just like a human editor.
Page builders – Elementor has dedicated tools for clone-and-customize workflows (clone a page, find/replace text, swap images, get an outline, import templates) – see the Tools list. Widget-level creation from scratch is intentionally out of scope. Divi, Beaver Builder, Bricks, Gutenberg, Spectra, and Stackable store standard post content that is readable and writable by AI; page-builder-specific JSON storage is opaque unless covered by a dedicated tool.
Multilingual – WPML, Polylang, TranslatePress, qTranslate. Translated posts appear as separate posts and can be read or written via the standard post tools.
AI agent frameworks – LangChain, AutoGen, CrewAI, LlamaIndex, Haystack – any MCP-compatible framework can call Royal MCP’s tools.
AI app platforms – Anthropic Console, OpenAI Playground, Google AI Studio, Vertex AI, Azure AI Studio, Amazon Bedrock Console.
MCP Spec Compliance
Royal MCP implements the MCP 2025-11-25 Streamable HTTP transport specification:
Single /mcp endpoint for all JSON-RPC communication
POST for client messages, GET for server-sent events, DELETE for session termination
Cryptographically secure session IDs with transient-based storage
Origin header validation to prevent DNS rebinding attacks
Proper CORS handling for browser-based MCP clients
External Services
This plugin connects to third-party AI services to enable AI platforms to interact with your WordPress content. No data is transmitted until you explicitly configure and enable a platform connection.
What data is sent: Your WordPress content (posts, pages, media metadata) as requested by the connected AI platform through authenticated MCP tool calls.
When data is sent: Only when you have configured a platform with API credentials AND enabled that platform connection AND the AI platform makes an authenticated request.
Supported services and their policies:
Anthropic Claude — Used for Claude AI integration
Terms of Service | Privacy Policy
OpenAI — Used for ChatGPT/GPT-4 integration
Terms of Use | Privacy Policy
Google Gemini — Used for Gemini AI integration
Terms of Service | Privacy Policy
Groq — Used for Groq LPU inference
Terms of Service | Privacy Policy
Microsoft Azure OpenAI — Used for Azure-hosted OpenAI models
Terms of Service | Privacy Policy
AWS Bedrock — Used for AWS-hosted AI models
Terms of Service | Privacy Policy
Ollama / LM Studio — Local self-hosted models (no external data transmission)
Custom MCP Servers — User-configured servers (data sent to user-specified endpoints only)
