AI Connector – MCP for Claude, ChatGPT, Gemini & More
AI Connector turns your website into a working Model Context Protocol (MCP) endpoint — the open standard that lets AI assistants like Claude, ChatGPT, and Gemini connect directly to WordPress and take real action instead of just talking about it.
Think of AI Connector as the missing bridge between AI and WordPress. Instead of copying an answer out of a chat window and pasting it into wp-admin by hand, your AI assistant becomes an AI agent working inside your site: it reads real data, writes real content, and makes real changes through a secure, permission-checked WordPress integration.
As a WordPress AI plugin, AI Connector gives any MCP-compatible AI assistant structured, authenticated access to your site’s actual content and workflows — no scraping, no guessing, no manual data exports. Once connected, your AI agent can draft and publish posts, manage WooCommerce orders, fix SEO metadata, moderate comments, update Elementor pages, and call on 150+ WordPress AI tools, each one checked against the connecting user’s real WordPress capabilities and recorded in an Activity Log you control.
This is what WordPress automation looks like when it runs on an open protocol instead of a proprietary one: no vendor lock-in, no third-party cloud service relaying your data, and no static API key to manage by hand. Your AI assistant authenticates directly with your site over OAuth 2.0 with PKCE — the same authorization flow used by Google, Microsoft, and Slack — and every action it takes is capability-checked, logged, and fully reversible from Settings → Reset OAuth State.
Whether you think of it as an AI integration, an AI workflow tool, or simply the fastest way to connect an AI assistant to WordPress, AI Connector is built to be the MCP server for WordPress you set up once and keep using.
Links
Why WordPress Sites Need an AI Automation Plugin
Without MCP, “AI help” for WordPress usually means: you open a chat window, describe what you want, copy the AI’s answer, switch back to wp-admin, and paste it in by hand. That works for a single blog post. It breaks down completely for anything involving real data — bulk SEO fixes, order refunds, comment moderation, or multi-step content workflows.
MCP removes the copy-paste step entirely. Your AI assistant gets a structured, authenticated, capability-aware connection to your actual WordPress install, so it can query real data and make real changes — the same way it already works with your file system or terminal in tools like Claude Code, just pointed at your website instead. That’s the difference between an AI chatbot and genuine WordPress AI automation.
What Can an AI Agent Do With WordPress?
- “Draft and publish a blog post about [topic], generate a featured image, and tag it correctly.”
- “Show me yesterday’s WooCommerce orders over $100 and refund order #1042.”
- “Find every page with a missing or duplicate SEO title and fix it.”
- “Approve all pending comments from logged-in customers, spam the rest.”
- “Duplicate this Elementor page, swap the hero image, and update the headline.”
- “Create a new menu item for the spring sale and add it to the primary navigation.”
- “List my WooCommerce coupons expiring this month and extend them by two weeks.”
- “Pull this week’s Gravity Forms entries into a summary table.”
- “Restore the homepage to the revision from before my last edit.”
- “Clear the object cache and tell me how big my database is.”
Why Choose AI Connector for WordPress Automation?
- 150+ tools, 20 categories — one of the largest verified MCP tool sets available for WordPress, covering content, commerce, SEO, media, users, taxonomies, menus, plugins, cache, and more
- Multi-client, not single-vendor — works with AI assistants from Anthropic (Claude), OpenAI (ChatGPT), and Google (Gemini) out of the box, alongside Cursor, Windsurf, and any other client implementing the MCP 2025-11-25 specification
- Real OAuth 2.0, not a shared API key — full authorization code flow with PKCE (S256), Dynamic Client Registration (RFC 7591), and discovery endpoints (RFC 8414) — no static secret to leak or rotate by hand
- Conservative by design — no MCP tool can ever create a new WordPress user, and role changes require the
promote_userscapability specifically, not justedit_users - Local, redacted activity logging — the Activity Log records every tool call (tool name, timestamp, client, status, and the call’s parameters/result for audit and debugging) entirely in your own database; sensitive-looking values (passwords, tokens, secrets, keys) are automatically redacted before anything is written, and nothing is ever sent off your server
- Zero telemetry, ever — no analytics, no tracking pixels, no “phone home” of any kind. The only outbound request the plugin can make is the one explicit image-download tool, and only when your AI client asks for it
- Grows with your stack — WooCommerce, Advanced Custom Fields, Elementor, and Gravity Forms tools activate automatically the moment those plugins are detected, with zero extra configuration
- Open to extend — register your own custom MCP tools from any plugin or theme with one function call
Ideal For
- Agencies and freelancers who want to run day-to-day WordPress maintenance through an AI assistant instead of clicking through wp-admin one task at a time
- WooCommerce store owners who want an AI agent that can check orders, adjust stock, and manage coupons on request
- SEO teams and content editors running bulk metadata fixes, content audits, or multi-step publishing workflows
- Developers who want a real WordPress AI integration to build custom AI automation and AI workflow tools on top of
- Anyone already using Claude, ChatGPT, Cursor, or Windsurf who wants those tools to actually reach into WordPress instead of just describing what to do next
Supported AI Assistants & MCP Clients
- Claude.ai — Settings → Integrations → Add integration → Custom MCP
- Claude Desktop — add the MCP URL to
claude_desktop_config.jsonundermcpServers - Claude Code — connects over the same Streamable HTTP MCP endpoint
- ChatGPT — Settings → Connectors → Add connector → MCP Server
- Gemini — connect via Google AI Studio MCP integrations
- Cursor (0.45+) — Settings → MCP → Add New Server → HTTP (Streamable HTTP transport)
- Windsurf — MCP settings panel, supports both Streamable HTTP and legacy SSE
- VS Code, Cline, Continue, Zed, JetBrains and any other editor or IDE with MCP client support
- Postman, Insomnia and other API tools with MCP request support
- Any custom client or framework that implements the MCP 2025-11-25 specification
WordPress AI Tools by Category (159 Tools, Verified)
- Posts — 14 tools (create, read, update, delete, duplicate, bulk trash, schedule, search, count, post types & statuses, post format, password protection)
- Pages — 8 tools (CRUD, duplicate, page templates)
- Media — 11 tools (browse, upload from file or URL, update metadata, set featured image, regenerate thumbnails, attachment metadata, image sizes, count)
- Taxonomies — 11 tools (categories, tags, custom taxonomies, term meta, term assignment)
- Comments — 8 tools (CRUD, approve, spam, trash, pending queue)
- Users — 10 tools (list, view, update, delete, sessions, roles, password reset — no creation tool, by design)
- Meta — 6 tools (post meta and user meta read/write/delete)
- Menus — 10 tools (menus, menu items, reordering, location assignment)
- Plugins & Themes — 7 tools (list, activate, deactivate, active theme, theme mods, custom CSS)
- SEO — 2 tools (read and update SEO meta fields)
- Site / Options — 9 tools (site info, site health, server info, permalink structure, plugin settings, database size, debug log, send email)
- Revisions — 5 tools (history and restore)
- Cache — 5 tools (flush, purge, optimize tables, transients)
- Blocks — 2 tools (parse blocks, block patterns, reusable blocks)
- Widgets — 2 tools (registered sidebars, sidebar widgets)
- Developer Tools — 5 tools (shortcode execution, cron jobs, rewrite rules, and more)
- WooCommerce (activates automatically) — 33 tools (products, variations, attributes, coupons, orders, refunds, customers, shipping zones, tax rates, store stats, payment gateways)
- Advanced Custom Fields (activates automatically) — 3 tools (field groups, field values, field updates)
- Elementor (activates automatically) — 6 tools (clone page, bulk text replace, image swap, page outline, template import/listing)
- Gravity Forms (activates automatically) — 2 tools (list forms, read entries)
How to Connect Claude, ChatGPT, Gemini & More
Point your AI client to your MCP URL:
https://yoursite.com/wp-json/bcs-mcp/v1/mcp
The client automatically discovers the OAuth server via /.well-known/oauth-protected-resource, registers itself using Dynamic Client Registration, and redirects to your site’s authorization page for one-time approval. All future requests use short-lived access tokens that refresh automatically — there is nothing to copy into a config file by hand for clients that support DCR.
Claude.ai: Settings → Integrations → Add integration → Custom MCP → paste the MCP URL.
Claude Desktop: Add to claude_desktop_config.json:
{“mcpServers”:{“wordpress”:{“url”:”https://yoursite.com/wp-json/bcs-mcp/v1/mcp”,”transport”:”http”}}}
ChatGPT: Settings → Connectors → Add connector → MCP Server → paste the MCP URL.
Cursor (0.45+): Settings → MCP → Add New Server → select HTTP → paste the MCP URL. Cursor uses the Mcp-Session-Id header returned by the server on initialization to track sessions.
Windsurf: Open the MCP settings panel, add a new server with the MCP URL. Recent Windsurf versions use Streamable HTTP; older versions fall back to the legacy SSE transport automatically.
AI Connector Key Features
- 150+ WordPress MCP tools across 20 categories — see the full breakdown above
- OAuth 2.0 with PKCE — full authorization code flow with Dynamic Client Registration (RFC 7591), refresh tokens, and discovery endpoints (RFC 8414)
- Streamable HTTP transport (MCP 2025-11-25) — the primary transport used by all modern AI clients
- Legacy SSE transport — automatic fallback for older client versions, with
X-Accel-Buffering: noso nginx doesn’t buffer the stream - Activity log — every tool call recorded with AI client detection, color-coded client tags, search/filter by client, status, and date range, bulk delete, and one-click CSV export — sensitive-looking parameter values (passwords, tokens, secrets) are redacted before being written
- Rate limiting — 60 requests per minute per IP, enforced automatically on every MCP request
- IP allowlist — optionally restrict MCP access to specific IPs or CIDR ranges
- Admin dashboard — live server status, MCP endpoint URL, OAuth client count, today’s success/fail counts, recent activity feed, and a searchable WordPress tools browser
- WP Dashboard widget — 7-day activity sparkline with success/error breakdown, right on your wp-admin home screen
- Built-in setup guides — copy-paste connection instructions for every supported client, generated with your site’s real MCP URL
- Translation-ready — ships with a complete
.potfile in/languagesso translators can localize the plugin into any language - Developer-friendly — extend with
bcs_mcp_register_tool()or thebcs_mcp_toolsfilter
WooCommerce, Elementor, ACF & Gravity Forms Integration
Tools for these plugins are included in the box but only activate when the respective plugin is installed and active. No errors are thrown if a plugin is absent, and nothing extra needs configuring. The MCP tool list shown to a connected AI client only ever includes tools whose dependencies are actually satisfied on your site — so a site without WooCommerce simply never advertises WooCommerce tools to the AI.
Multisite Support
AI Connector works on WordPress multisite networks the same way it works on a single site: each site in the network has its own settings, its own MCP endpoint, and its own Activity Log. There is no cross-site tool access — an AI client connected to one site can never reach another site’s data through this plugin.
Extending AI Connector (Developer API)
Register custom tools from any plugin or theme:
bcs_mcp_register_tool( 'my_tool', 'Description', $schema, $callback );
Or use the bcs_mcp_tools filter directly to add, modify, or remove tools before they’re advertised to a connecting AI client.
Security & Permissions
- All tool calls verify WordPress capabilities (
current_user_can) before executing — an AI client can never do more than the authorizing user is allowed to do - No MCP tool can create new WordPress users — user accounts must be created through wp-admin, full stop
- Role changes (
wp_assign_user_role) require thepromote_userscapability, not justedit_users - OAuth tokens are SHA-256 hashed before database storage — plain tokens are never stored
- PKCE (S256) is required for all authorization flows; plain challenges are rejected
- Dynamic Client Registration is rate-limited to 10 registrations per IP per minute
- Sensitive meta keys (
user_pass,session_tokens, and similar) are permanently blocked from read/write, with no setting to disable the block - The Activity Log stores tool name, timestamp, client, status, and the call’s parameters/result for audit purposes, all locally in your own database — any value that looks like a password, token, secret, or key is redacted before it’s written, and large content fields are truncated
- Outbound image downloads validate URLs against a blocklist of private/loopback IP ranges (SSRF protection) and enforce a 20 MB size limit
- All admin AJAX actions are protected by nonce verification and a
manage_optionscapability check - Session termination (
DELETE /mcp) requires a valid bearer token - The MCP server ships disabled by default — nothing is exposed until you explicitly enable it in Settings
External Services
This plugin operates primarily as an inbound API server — AI clients connect to it, not the other way around. No data is sent to any external service automatically or in the background.
Image download via wp_upload_media_from_url
The wp_upload_media_from_url MCP tool, when explicitly invoked by an authenticated AI client (e.g. Claude), makes a single outgoing HTTP GET request to download an image from the URL the AI client provides. This request:
- Is only made when the tool is called by a connected, OAuth-authenticated MCP client
- Carries no personal data beyond the image URL itself
- Is validated against a blocklist of private/loopback IP ranges before the request is made
- Is subject to a 20 MB size limit
No data is sent to the plugin author’s servers at any time. This plugin does not include analytics, telemetry, or tracking of any kind.
