Skip to content

MainWP MCP Server

Fresh

Source: MainWP MCP Server

Connect Claude, Cursor, VS Code Copilot, OpenAI Codex, and other MCP clients to your MainWP Dashboard via Model Context Protocol.

Prerequisites

  • Node.js 20.19.0+
  • MainWP Dashboard 6.0+
  • WordPress Application Password

Quick Start

bash
npx -y @mainwp/mcp

Or clone and build:

bash
git clone https://github.com/mainwp/mainwp-mcp.git
cd mainwp-mcp && npm ci && npm run build

Application Password Setup

  1. Open WordPress profile in MainWP Dashboard
  2. Navigate to Application Passwords section
  3. Create password labeled "MainWP MCP Server"
  4. Save immediately (displayed only once)

Client Installation

Claude Code

bash
claude mcp add --transport stdio mainwp \
  --env MAINWP_URL=https://your-dashboard.com \
  --env MAINWP_USER=admin \
  --env MAINWP_APP_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx" \
  -- npx -y @mainwp/mcp

Claude Desktop

Edit config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

VS Code Copilot

Add to .vscode/mcp.json

Cursor

Add to .cursor/mcp.json

OpenAI Codex

Add to ~/.codex/config.toml

Available Tools

64 tools across 5 categories:

CategoryExamples
Siteslist, get, add, sync, reconnect, plugins, themes
Updateslist, run, core, plugins, themes, translations
Clientslist, get, add, update, delete, suspend
Tagslist, get, add, update, delete
Batchget-job-status

Tool names convert mainwp/list-sites-v1 to list_sites_v1.

MCP Resources

URIPurpose
mainwp://abilitiesAvailable abilities with schemas
mainwp://categoriesAbility categories
mainwp://statusConnection status
mainwp://helpDocumentation and safety

Configuration

Essential

VariableDescription
MAINWP_URLDashboard base URL
MAINWP_USERWordPress admin username
MAINWP_APP_PASSWORDApplication Password

Safety Controls

VariableDefaultDescription
MAINWP_SAFE_MODEfalseBlock destructive operations
MAINWP_REQUIRE_USER_CONFIRMATIONtrueRequire approval for destructive actions
MAINWP_ALLOWED_TOOLS-Comma-separated allowlist
MAINWP_BLOCKED_TOOLS-Comma-separated blocklist

Performance

VariableDefaultDescription
MAINWP_RATE_LIMIT60Requests per minute
MAINWP_REQUEST_TIMEOUT30000Milliseconds
MAINWP_MAX_RESPONSE_SIZE10MBMax response
MAINWP_SCHEMA_VERBOSITYstandardstandard or compact

Safety Features

Two-Step Confirmation

Destructive operations require preview + explicit approval. Previews expire after 5 minutes.

Safe Mode

MAINWP_SAFE_MODE=true blocks all destructive operations entirely.

Troubleshooting

bash
# Verify connection
curl -I https://your-dashboard.com/wp-json/
curl -u "username:app-password" https://your-dashboard.com/wp-json/wp/v2/users/me
curl -u "username:app-password" "https://your-dashboard.com/wp-json/wp-abilities/v1/abilities?per_page=1"
IssueFix
401 UnauthorizedVerify username, regenerate App Password
403 ForbiddenUser lacks required capabilities
SSL errorFix cert or MAINWP_SKIP_SSL_VERIFY=true (dev only)
ECONNREFUSEDCheck URL, firewall, VPN, DNS