MainWP MCP Server
FreshSource: MainWP MCP Server
Connect Claude, Cursor, VS Code Copilot, OpenAI Codex, and other MCP clients to your MainWP Dashboard via Model Context Protocol.
Prerequisites
- Node.js 20.19.0+
- MainWP Dashboard 6.0+
- WordPress Application Password
Quick Start
bash
npx -y @mainwp/mcpOr clone and build:
bash
git clone https://github.com/mainwp/mainwp-mcp.git
cd mainwp-mcp && npm ci && npm run buildApplication Password Setup
- Open WordPress profile in MainWP Dashboard
- Navigate to Application Passwords section
- Create password labeled "MainWP MCP Server"
- Save immediately (displayed only once)
Client Installation
Claude Code
bash
claude mcp add --transport stdio mainwp \
--env MAINWP_URL=https://your-dashboard.com \
--env MAINWP_USER=admin \
--env MAINWP_APP_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx" \
-- npx -y @mainwp/mcpClaude Desktop
Edit config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
VS Code Copilot
Add to .vscode/mcp.json
Cursor
Add to .cursor/mcp.json
OpenAI Codex
Add to ~/.codex/config.toml
Available Tools
64 tools across 5 categories:
| Category | Examples |
|---|---|
| Sites | list, get, add, sync, reconnect, plugins, themes |
| Updates | list, run, core, plugins, themes, translations |
| Clients | list, get, add, update, delete, suspend |
| Tags | list, get, add, update, delete |
| Batch | get-job-status |
Tool names convert mainwp/list-sites-v1 to list_sites_v1.
MCP Resources
| URI | Purpose |
|---|---|
mainwp://abilities | Available abilities with schemas |
mainwp://categories | Ability categories |
mainwp://status | Connection status |
mainwp://help | Documentation and safety |
Configuration
Essential
| Variable | Description |
|---|---|
MAINWP_URL | Dashboard base URL |
MAINWP_USER | WordPress admin username |
MAINWP_APP_PASSWORD | Application Password |
Safety Controls
| Variable | Default | Description |
|---|---|---|
MAINWP_SAFE_MODE | false | Block destructive operations |
MAINWP_REQUIRE_USER_CONFIRMATION | true | Require approval for destructive actions |
MAINWP_ALLOWED_TOOLS | - | Comma-separated allowlist |
MAINWP_BLOCKED_TOOLS | - | Comma-separated blocklist |
Performance
| Variable | Default | Description |
|---|---|---|
MAINWP_RATE_LIMIT | 60 | Requests per minute |
MAINWP_REQUEST_TIMEOUT | 30000 | Milliseconds |
MAINWP_MAX_RESPONSE_SIZE | 10MB | Max response |
MAINWP_SCHEMA_VERBOSITY | standard | standard or compact |
Safety Features
Two-Step Confirmation
Destructive operations require preview + explicit approval. Previews expire after 5 minutes.
Safe Mode
MAINWP_SAFE_MODE=true blocks all destructive operations entirely.
Troubleshooting
bash
# Verify connection
curl -I https://your-dashboard.com/wp-json/
curl -u "username:app-password" https://your-dashboard.com/wp-json/wp/v2/users/me
curl -u "username:app-password" "https://your-dashboard.com/wp-json/wp-abilities/v1/abilities?per_page=1"| Issue | Fix |
|---|---|
| 401 Unauthorized | Verify username, regenerate App Password |
| 403 Forbidden | User lacks required capabilities |
| SSL error | Fix cert or MAINWP_SKIP_SSL_VERIFY=true (dev only) |
| ECONNREFUSED | Check URL, firewall, VPN, DNS |