內容簡介
Royal MCP 是一個以安全為首要考量的 Model Context Protocol (MCP) 伺服器,專為 WordPress 設計。它提供 AI 平台如 Claude、ChatGPT 和 Google Gemini 結構化的內容存取,並確保每次請求都經過身份驗證、速率限制及活動日誌記錄,從而增強安全性。
【主要功能】
• API 金鑰身份驗證
• 每 IP 限制請求速率(每分鐘 60 次)
• 完整的活動日誌記錄
• 支援 37 種內建 MCP 工具
• 自動偵測相容外掛並添加專用工具
外掛標籤
開發者團隊
② 後台搜尋「Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Royal MCP is a security-first Model Context Protocol (MCP) server for WordPress. It gives AI platforms like Claude, ChatGPT, and Google Gemini structured access to your WordPress content — with authentication, rate limiting, and audit logging that most MCP implementations skip entirely.
According to recent security research, 41% of public MCP servers have no authentication and respond to tool calls without any credentials. Royal MCP takes the opposite approach: every MCP session requires an API key, every request is rate-limited, and every interaction is logged.
Why Security Matters for MCP
MCP gives AI agents the ability to read, create, update, and delete your WordPress content. Without proper authentication, anyone who discovers your MCP endpoint can:
Read all your posts, pages, and media
Create or delete content
Access user data and plugin information
Overwhelm your server with rapid-fire requests
Royal MCP prevents all of this with API key authentication on session initialization, timing-safe key comparison, per-IP rate limiting (60 requests/minute), and a full activity log of every MCP interaction.
67 Core Tools + 55 Integration Tools
WordPress Core (67 tools):
Posts — create, read, update, delete, search, count (any registered public post type, featured images supported)
Pages — full CRUD with parent page support
Post Types — discover all registered public post types on the site
Post Revisions — list revision history and roll a post back to any prior version
Media — browse, upload from URL or base64, update alt text/caption/title/description, set as featured image, delete
Comments — create, read, delete; full moderation suite (list pending, approve, mark spam, trash)
Users — display names and roles (emails and usernames are not exposed)
Categories & Tags & Custom Taxonomies — create, update (rename/re-slug/edit/move), delete, assign, count, discover all registered taxonomies
Term Meta — read, update, delete (most useful for Yoast / Rank Math / AIOSEO term-level SEO meta)
Menus — list menus, list menu items, create / update / delete / reorder menu items
Post Meta — read, update, delete custom fields (works with ACF, MetaBox, JetEngine, Pods, CPT UI)
SEO Meta — read and write Yoast SEO or Rank Math title/description/focus keyword/robots/OG fields (auto-detects active SEO plugin)
Site Info — site name, description, WordPress version, timezone
Plugins & Themes — list installed plugins and themes with active status
Theme Appearance — get active theme, read/write theme mods (gated by admin toggle + allowlist), read/write Custom CSS
Search — full-text content search across post types
Permalink Structure — read and update permalink settings (gated by admin toggle)
Options — read allowlisted core options, read full plugin settings by slug (sensitive keys redacted), and write to allowlisted options when an admin enables it
Plugin Integrations (Conditional)
Royal MCP automatically detects compatible plugins and adds specialized MCP tools. No configuration needed — if the plugin is active, the tools appear.
WooCommerce Integration (26 tools):
When WooCommerce is active, AI agents can manage your store end-to-end:
Browse and search products by category, status, or type
Create and update simple and variable products with prices, SKUs, stock levels
Manage variable products — list, get, create, update, delete, and batch-update product variations
Manage global attributes (pa_* taxonomies) — list registered attributes, list attribute terms, register new attributes, assign attributes to a product as variation axes
Manage coupons — list, search by code, get, create, update, delete (trash or permanent), and bulk-purge trash; supports all standard WC coupon fields (discount type, expiry, usage limits, product/category restrictions, email allowlists)
View orders, order details, and update order status
List customers with order count and total spent
Get store statistics — revenue, order count, average order value by period
GuardPress Integration (7 tools):
When GuardPress is active, AI agents can monitor your site security:
Get current security score and grade with factor breakdown
View security statistics — failed logins, blocked IPs, alerts
Run vulnerability scans and review results
List blocked IP addresses and failed login attempts
Browse the security audit log filtered by severity
SiteVault Integration (6 tools):
When SiteVault is active, AI agents can manage your backups:
List available backups filtered by status or type
Trigger new backups (full, database, files, plugins, themes)
Check backup progress in real time
View backup statistics — total size, last backup, counts
List and review backup schedules
ForgeCache Integration (3 tools):
When ForgeCache is active, AI agents can manage your page cache:
Clear the entire cache, or purge a specific URL
View cache statistics — hit rate, file count, total size
Royal Ledger Integration (4 tools):
When Royal Ledger is active, AI agents can review your software costs and license data:
List recurring software costs and renewal dates
Get cost summaries grouped by month, vendor, or category
List stored license keys (key VALUES are never exposed — only masked previews; decryption requires logging into wp-admin)
Royal Links Integration (3 tools):
When Royal Links is active, AI agents can manage your branded short links:
List existing links with click counts and target URLs
Create new branded short links
Get click statistics for any link
Elementor Integration (6 tools):
When Elementor (free or Pro) is active, AI agents can clone and customize existing Elementor pages without trying to generate page-builder JSON from scratch:
Clone an existing Elementor page with a new title and fresh element IDs (so the duplicate opens in the editor without ID collisions)
Bulk-replace text across heading, text-editor, button, image-box, icon-box, icon-list, testimonial, tabs, accordion, toggle, star-rating, call-to-action, and flip-box widgets
Swap image URLs across image, image-box, background_image, and gallery widget settings
Get a compact outline of any page (section/container hierarchy, widget types, text snippets) so Claude can reason over a full page in a few KB instead of the raw JSON
List saved templates from the Elementor template library and import templates from JSON
Atomic widgets (Elementor 4.0+ Editor V4 elements) pass through opaque — we never decode atomic schemas because Elementor itself may shift them. Widget-level creation from scratch is intentionally out of scope; the design commitment is to work from an existing-known-good source.
Royal MCP and the WordPress Core Abilities API
WordPress 6.9 shipped the Abilities API in November 2025 — a primitive that lets plugins register typed capabilities AI agents can call. Core ships three default abilities (site info, user info, environment info) and the wordpress/mcp-adapter package bridges abilities to the MCP protocol.
Royal MCP is a complete, production-ready MCP server that predates the official adapter. It runs the full Streamable HTTP transport, enforces API key authentication on every request, ships OAuth 2.0 for Claude Desktop’s native connector flow, rate-limits per-IP, redacts sensitive data, and logs every interaction. Out of the box it includes 67 tools for WordPress core operations plus 49 integration tools that auto-load when WooCommerce, GuardPress, SiteVault, ForgeCache, Royal Ledger, or Royal Links is active.
Supported AI Platforms
Claude (Anthropic) — Full MCP support via Claude Desktop, Claude Code, and VS Code
OpenAI / ChatGPT — GPT-5.5, GPT-5, GPT-5 Mini, o3
Google Gemini — Gemini 3.5 Flash, 3.1 Flash-Lite
Groq — Llama 3.3, Llama 3.1, GPT-OSS
Azure OpenAI — Azure-hosted OpenAI deployments
AWS Bedrock — Claude, Llama, Titan models
Ollama / LM Studio — Local self-hosted models (no external data transmission)
Custom MCP Servers — Connect to any MCP-compatible endpoint
Compatible Clients & Frameworks
Royal MCP works with any MCP-compliant client, IDE, or AI agent framework — no per-tool configuration required:
Desktop AI apps — Claude Desktop (native MCP connector via OAuth 2.0), ChatGPT Desktop, Gemini Advanced.
AI code IDEs — Claude Code, VS Code (with MCP extension), Cursor, Windsurf, Continue, Cline, Zed, JetBrains AI Assistant.
API testing tools — Postman, Bruno, Insomnia (use the API key in the X-Royal-MCP-API-Key header).
Custom field plugins — Advanced Custom Fields (ACF), MetaBox, JetEngine, Pods, CPT UI, Custom Field Suite. The wp_get_post_meta / wp_update_post_meta tools read and write any custom field, so AI agents can populate ACF fields just like a human editor.
Page builders — Elementor has dedicated tools for clone-and-customize workflows (clone a page, find/replace text, swap images, get an outline, import templates) — see the Tools list. Widget-level creation from scratch is intentionally out of scope. Divi, Beaver Builder, Bricks, Gutenberg, Spectra, and Stackable store standard post content that is readable and writable by AI; page-builder-specific JSON storage is opaque unless covered by a dedicated tool.
Multilingual — WPML, Polylang, TranslatePress, qTranslate. Translated posts appear as separate posts and can be read or written via the standard post tools.
AI agent frameworks — LangChain, AutoGen, CrewAI, LlamaIndex, Haystack — any MCP-compatible framework can call Royal MCP’s tools.
AI app platforms — Anthropic Console, OpenAI Playground, Google AI Studio, Vertex AI, Azure AI Studio, Amazon Bedrock Console.
MCP Spec Compliance
Royal MCP implements the MCP 2025-11-25 Streamable HTTP transport specification:
Single /mcp endpoint for all JSON-RPC communication
POST for client messages, GET for server-sent events, DELETE for session termination
Cryptographically secure session IDs with transient-based storage
Origin header validation to prevent DNS rebinding attacks
Proper CORS handling for browser-based MCP clients
External Services
This plugin connects to third-party AI services to enable AI platforms to interact with your WordPress content. No data is transmitted until you explicitly configure and enable a platform connection.
What data is sent: Your WordPress content (posts, pages, media metadata) as requested by the connected AI platform through authenticated MCP tool calls.
When data is sent: Only when you have configured a platform with API credentials AND enabled that platform connection AND the AI platform makes an authenticated request.
Supported services and their policies:
Anthropic Claude — Used for Claude AI integration
Terms of Service | Privacy Policy
OpenAI — Used for ChatGPT/GPT-4 integration
Terms of Use | Privacy Policy
Google Gemini — Used for Gemini AI integration
Terms of Service | Privacy Policy
Groq — Used for Groq LPU inference
Terms of Service | Privacy Policy
Microsoft Azure OpenAI — Used for Azure-hosted OpenAI models
Terms of Service | Privacy Policy
AWS Bedrock — Used for AWS-hosted AI models
Terms of Service | Privacy Policy
Ollama / LM Studio — Local self-hosted models (no external data transmission)
Custom MCP Servers — User-configured servers (data sent to user-specified endpoints only)
