Governance concepts
Other MCP-for-WordPress plugins sell how many tools they expose. This one sells control. You add reach as you build trust, not all at once, and every call is checked and logged before it runs. Six ideas hold that together.
Least privilege by design
Section titled “Least privilege by design”The agent connects as a real, scoped WordPress user through OAuth or an Application Password, never an admin-equivalent key. It can only do what that user can do.
Off by default
Section titled “Off by default”Nothing is exposed until you enable it, and updates never silently widen access. On a fresh install every ability is off.
Two-layer capability gating
Section titled “Two-layer capability gating”A connection only sees the tools its user can call, and every call re-checks that capability before it runs. Discovery and execution are gated separately, so an agent cannot even see a tool it has no right to call, and cannot call one it was somehow shown.
Honest audit log
Section titled “Honest audit log”Every call is recorded, denied attempts included, with the principal and the argument keys, never the values. It lives in your own database and can be cleared from the admin.
Bounded by construction
Section titled “Bounded by construction”There is no arbitrary option or meta access, no remote URL fetch, and no code execution. Uploads are decoded from inline data and checked by their real bytes against an image allow-list, never fetched from a URL. A created user gets the site default role, never admin, and the last administrator can never be removed. Anything destructive is off by default and capability-gated, and deletes go to Trash where the ability supports it.
No data leaves your site
Section titled “No data leaves your site”The plugin contacts no AI provider and no external service. Your AI client connects in; the plugin never reaches out. There is no telemetry.
Built on open standards
Section titled “Built on open standards”WordPress 6.9 ships the Abilities API and the official MCP Adapter. Agent Abilities for MCP registers a curated, governed set of abilities on top of them rather than inventing its own protocol or transport, so there is no bespoke server to trust and the plugin inherits the standard’s behavior. What it adds is the governance layer described above.
Next steps
Section titled “Next steps”- Safety controls: optional guards you can switch on.
- FAQ: admin access, data handling, and how this differs from the REST API.