Invizo MCP – Secure AI Connector for Claude, Codex, Cursor and WooCommerce
Invizo MCP turns WordPress into a secure, self-hosted Model Context Protocol server. Connect Claude Code, Claude Desktop, Codex, Cursor, Antigravity, and other MCP-compatible AI clients directly to your WordPress admin workflows without an Invizo-hosted proxy.
Your site hosts the MCP endpoint:
https://example.com/wp-json/mcp/invizo
Invizo MCP uses WordPress Application Passwords, administrator-only access, granular scopes, and the WordPress Abilities API. Administrators decide exactly what an AI client can discover and execute: read-only content, post creation, WooCommerce operations, media uploads, Elementor workflows, Rank Math metadata, LearnPress course actions, Events Calendar management, and more.
No Invizo account, subscription, license key, telemetry, or Invizo cloud service is required.
Why choose Invizo MCP?
- Self-hosted WordPress MCP server: WordPress serves MCP JSON-RPC at
/wp-json/mcp/invizo. - Security-first access: only authenticated administrators with WordPress Application Passwords can connect.
- Granular permissions: separate read, write, and delete scopes for WordPress content and integrations.
- Compact AI tool surface: exposes
discover-abilities,get-ability-info, andexecute-abilityinstead of flooding clients with dozens of top-level tools. - Official MCP packages: bundles the GPL-compatible WordPress MCP Adapter and PHP MCP Schema packages.
- Works with major clients: copy-ready setup for Claude Code, Claude Desktop, Codex, Cursor, and Antigravity.
- WooCommerce-ready: read, create, edit, and delete store data when WooCommerce scopes are enabled.
- Builder and SEO support: Gutenberg, Elementor, and Rank Math SEO scopes for content and metadata workflows.
- LMS and event workflows: LearnPress and The Events Calendar integrations activate only when those plugins are installed.
- No external Invizo service: no dashboard handshake, no shared secret, no remote Invizo backend.
What can AI clients do with Invizo MCP?
After an administrator enables the endpoint, creates an Application Password, and selects scopes, approved AI clients can manage WordPress through MCP.
WordPress content management
- Read, create, update, delete, and search posts.
- Read, create, update, and delete pages.
- Upload, edit, read, and delete media.
- Manage categories, tags, and taxonomy terms.
- Read, create, edit, moderate, and delete comments.
- Read revisions and delete revisions.
- Read reusable blocks and patterns.
- Create and edit reusable blocks.
- Read and update block templates.
- Read and update global styles.
- Search site content.
Site administration
- Read, create, edit, and delete users.
- Read, create, edit, and delete menus.
- Read site settings and structure.
- Update safe site settings through allowlisted handlers.
- Read plugins and themes.
- Discover post types, taxonomies, and post statuses.
Custom content and metadata
- Read custom post types.
- Create and edit custom post type definitions.
- Delete MCP-managed custom post type definitions.
- Read post meta.
- Update post meta.
- Manage MCP-defined metadata fields without deleting existing WordPress content on uninstall.
Page builders and SEO
- Work with Gutenberg content and page-builder workflows.
- Work with Elementor page data when Elementor is active.
- Read and update Rank Math SEO metadata when Rank Math SEO is active.
WooCommerce AI automation
- Read WooCommerce products, variations, orders, customers, coupons, and terms.
- Create and update WooCommerce products, variations, customers, coupons, order notes, order statuses, and product terms.
- Delete WooCommerce data only when delete scopes are enabled.
LearnPress LMS
- Read LearnPress courses, lessons, quizzes, questions, orders, terms, and enrollments.
- Create and edit LearnPress data when LearnPress is active.
- Delete LearnPress data only when delete scopes are enabled.
- Use LearnPress builder workflows when enabled.
The Events Calendar
- Read Events Calendar events, venues, and organizers.
- Create and edit event data when The Events Calendar is active.
MCP tools exposed to clients
Invizo MCP keeps the connected AI client clean and efficient. Instead of publishing every action as a separate top-level tool, it exposes three compact adapter tools:
discover-abilitiesget-ability-infoexecute-ability
These tools let Claude, Codex, Cursor, Antigravity, and other clients discover available WordPress abilities, inspect schemas, and execute only the abilities allowed by the administrator-selected scopes.
Supported AI clients
The settings page generates copy-ready configuration for:
- Claude Code
- Claude Desktop
- Codex
- Cursor
- Antigravity
Clients that require local STDIO MCP can use the @automattic/mcp-wordpress-remote bridge through npx. Clients that support authenticated remote HTTP MCP can connect directly to the WordPress endpoint.
Built for administrators, developers, stores, agencies, and site managers
Invizo MCP is for WordPress administrators, WooCommerce store owners, agencies, developers, SEO teams, educators, and site maintainers who want trusted AI clients to work with WordPress through a documented, scoped protocol.
Use read-only scopes for research and reporting. Add write scopes for content workflows. Enable delete scopes only for trusted clients and tested workflows.
Authentication
Invizo MCP uses WordPress Application Passwords and WordPress REST authentication.
Only authenticated users with the manage_options capability can access the MCP transport or execute Invizo abilities. In a standard WordPress installation this means administrators only.
Create a dedicated Application Password from Settings > Invizo MCP for every AI client or computer. Passwords can be revoked individually from the same screen.
Application Passwords normally require HTTPS. Local HTTP sites can enable them by setting:
define( 'WP_ENVIRONMENT_TYPE', 'local' );
Security plugins can disable Application Passwords. Invizo reports this condition on its settings screen.
Scopes and safeguards
Administrators choose exactly which read, write, and delete scopes are enabled. Abilities outside enabled scopes are hidden from MCP discovery and rejected during execution.
Optional integration scopes are unavailable unless their required plugin is active.
Existing handler safeguards remain in place, including:
- WordPress sanitization and validation.
- Plugin availability checks.
- Scope checks inside action handlers.
- Dry-run previews for supported risky operations.
- Explicit
confirm: truerequirements for supported destructive operations. - Reserved metadata protection and safe site-setting allow lists.
Complete scope list
Invizo MCP includes scope controls for:
- Read Posts
- Create/Edit Posts
- Delete Posts
- Read Media
- Upload/Edit Media
- Delete Media
- Read Pages
- Create/Edit Pages
- Delete Pages
- Read Categories and Tags
- Create/Edit Categories and Tags
- Delete Categories and Tags
- Read Comments
- Create/Edit Comments
- Delete Comments
- Read Users
- Create/Edit Users
- Delete Users
- Read Menus
- Create/Edit Menus
- Delete Menus
- Read Custom Post Types
- Create/Edit Custom Post Types
- Delete Custom Post Types
- Read Post Meta
- Update Post Meta
- Read Revisions
- Delete Revisions
- Read Reusable Blocks and Patterns
- Create/Edit Reusable Blocks
- Delete Reusable Blocks
- Read Block Templates
- Update Block Templates
- Read Global Styles
- Update Global Styles
- Read Site Settings and Structure
- Update Safe Site Settings
- Read Plugins and Themes
- Search Site Content
- Gutenberg Page Builder
- Elementor Page Builder
- Rank Math SEO
- Read Events Calendar Data
- Create/Edit Events Calendar Data
- Read WooCommerce Data
- Create/Edit WooCommerce Data
- Delete WooCommerce Data
- Read LearnPress Data
- Create/Edit LearnPress Data
- Delete LearnPress Data
- LearnPress Page Builder
Data stored by the plugin
Invizo MCP stores:
- Endpoint enabled/disabled status and selected scopes in the
invizo_mcp_settingsoption. - MCP-managed custom post type definitions in the
invizo_mcp_registered_cptsoption. - MCP-managed post meta definitions in the
invizo_mcp_registered_meta_fieldsoption. - A plugin version option used for upgrades.
Application Passwords are created and stored by WordPress in user metadata. Invizo tags only the credentials it creates so they can be listed and revoked from the settings page.
Invizo MCP does not collect analytics or send usage information to Invizo.
Client Configuration
The settings page generates current, copy-ready values using your site endpoint and WordPress username.
Claude Code
The primary setup uses @automattic/mcp-wordpress-remote through npx, with the endpoint, username, and Application Password stored as environment variables.
A direct HTTP .mcp.json alternative is also shown for clients that support authenticated HTTP MCP servers.
Claude Desktop
Add the generated JSON to:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Codex
Add the generated TOML to:
- Project:
.codex/config.toml - Global:
~/.codex/config.toml
Both npx bridge and direct authenticated HTTP examples are provided.
Cursor
Add the generated JSON to:
- Project:
.cursor/mcp.json - Global:
~/.cursor/mcp.json
Antigravity
Add the generated JSON to:
- macOS/Linux:
~/.gemini/antigravity/mcp_config.json - Windows:
%USERPROFILE%\.gemini\antigravity\mcp_config.json
Local HTTPS
Trust your local certificate whenever possible. For local development only, bridge configurations may use NODE_TLS_REJECT_UNAUTHORIZED=0 when the certificate cannot be trusted normally.
Never commit Application Passwords to source control or paste them into prompts, tickets, screenshots, or chat messages.
Privacy and Security
The MCP endpoint is disabled by default on new installations. Enabling it does not expose abilities until scopes are selected.
The endpoint requires:
- Valid WordPress Application Password authentication.
- A WordPress user with the
manage_optionscapability. - An enabled Invizo scope for the requested ability.
Use one dedicated Application Password per client or device so individual connections can be revoked without changing the WordPress account password.
When the plugin is uninstalled, Invizo-created Application Passwords are always revoked. Plugin settings and MCP-managed definitions are removed only when Delete Invizo settings and MCP-managed CPT/meta definitions when the plugin is uninstalled is enabled. Existing posts and post meta values are never deleted by the uninstaller.
Reporting security issues
Please report security issues privately through the contact information on https://invizo.io/. Do not publish sensitive vulnerability details in a public support topic before a fix is available.
Upgrade from 1.x
Version 2.0 automatically removes the stored external MCP Server URL and shared secret.
It preserves:
- Enabled scopes.
- MCP-managed custom post type definitions.
- MCP-managed post meta definitions.
- WordPress content and integration data.
Sites that previously had a shared secret configured are migrated with the standalone endpoint enabled. Other installations remain disabled until an administrator explicitly enables the endpoint.
The legacy signed endpoint /wp-json/invizo/v1/execute and its HMAC headers have been removed.
External Services
Invizo MCP does not contact an Invizo-hosted service.
MCP clients may use the third-party npm package @automattic/mcp-wordpress-remote as a local bridge when configured by the administrator. The package is downloaded from the npm registry and runs on the computer hosting the AI client, not inside WordPress.
When the bridge is used, it sends the configured WordPress endpoint, username, Application Password, and MCP request data directly to the administrator’s WordPress site. It does not send those credentials to Invizo.
- Package: https://www.npmjs.com/package/@automattic/mcp-wordpress-remote
- Source: https://github.com/Automattic/mcp-wordpress-remote
- npm Terms of Use: https://docs.npmjs.com/policies/terms
- npm Privacy Notice: https://docs.npmjs.com/policies/privacy
Media upload actions can fetch a public file URL explicitly supplied by an authenticated MCP caller through WordPress media sideloading. In that case, the remote file host receives a normal HTTP request from the WordPress site. The service and data destination depend entirely on the URL supplied by the administrator’s MCP client.
No external request is made merely by installing or activating Invizo MCP.
Build and Source Files
The distributed plugin contains the human-readable PHP source used at runtime.
PHP dependencies
Composer dependencies are included under vendor/ because they are required for the standalone MCP endpoint:
automattic/jetpack-autoloaderwordpress/mcp-adapterwordpress/php-mcp-schema
All bundled packages use the GPL-2.0-or-later license. Package source, Composer metadata, and individual license files are included. See third-party-notices.txt.
Rebuilding dependencies
From the plugin directory:
composer install --no-dev --optimize-autoloader
Create the WordPress.org submission ZIP from the parent plugins directory while excluding Git metadata, operating-system files, logs, and Node dependencies.
