Easy MCP AI – Claude, ChatGPT & SEO Data Connector

የተለመዱ ጥያቄዎች

What is Easy MCP AI?

Easy MCP AI is a WordPress plugin that turns your site into a remote MCP (Model Context Protocol) server. Once activated, any MCP-compatible AI assistant — Claude, ChatGPT, Cursor, Gemini, n8n, and more — can read and write content, manage media, users, and settings, and pull SEO and analytics data through 192 ready-to-use tools. No Node.js, no proxy, no extra hosting.

Is this a WordPress MCP server?

Yes. Easy MCP AI is a full WordPress MCP server implementing the Model Context Protocol spec (v2025-11-25, with backwards compatibility for v2025-06-18 and v2025-03-26) directly inside WordPress. Your site exposes a single MCP endpoint at /wp-json/easy-mcp-ai/v1/mcp that any MCP client can connect to over HTTPS.

What is the Model Context Protocol (MCP)?

MCP is an open standard created by Anthropic that lets AI assistants securely connect to external tools and data sources. It’s quickly becoming the universal protocol for AI-to-app communication, supported by Anthropic, OpenAI, Google, and dozens of other platforms. Learn more at modelcontextprotocol.io.

How is Easy MCP AI different from other WordPress AI plugins?

Most WordPress AI plugins embed a single AI provider (OpenAI, Claude, etc.) inside the wp-admin and bill you for usage. Easy MCP AI does the opposite — it makes your WordPress site act as a backend that any AI assistant can connect to over MCP. You bring your own AI client, you bring your own model, and the plugin focuses on giving that AI safe, scoped access to your site: 192 tools, OAuth 2.1 one-click connect, per-token permissions, and a full audit log.

Is Easy MCP AI free?

Yes. Easy MCP AI is free and open source on the WordPress.org plugin directory. There are no paid tiers, no usage limits, and no telemetry. Optional external integrations (Semrush, DataForSEO, Google Analytics, Search Console) use your own third-party accounts — Easy MCP AI never bills you for API usage.

How do I connect Claude, ChatGPT, Cursor, Gemini, or n8n to my WordPress site?

After activation, go to Easy MCP AI → Dashboard and copy your MCP server URL. Then:

• Claude Desktop / Claude.ai / Claude Code — Settings → Connectors → Add custom connector, paste the URL, approve the OAuth consent screen. One click, no token.
• ChatGPT (Developer Mode) — add as an MCP server using the same URL.
• Cursor / Windsurf / Cline / Roo Code — add MCP server in the client’s settings using the URL.
• Gemini CLI / Google Antigravity — register the MCP endpoint in the client config.
• n8n — use the MCP node and point it at the URL plus a Bearer token created under Easy MCP AI → API Tokens.

See the integrations page for step-by-step guides per client.

Does it work with WooCommerce, Yoast, Rank Math, ACF, BuddyPress, and The Events Calendar?

Yes. Easy MCP AI ships with first-party tool sets for WooCommerce (37 tools — products, orders, customers, coupons, reports, shipping, webhooks), Advanced Custom Fields (ACF) (6 tools), The Events Calendar (10 tools), BuddyPress (10 tools), Yoast SEO, Rank Math, and All in One SEO (AIOSEO). Each integration only loads if the underlying plugin is active, and each tool group can be toggled individually under Easy MCP AI → Plugin Integrations.

How do I connect Semrush, DataForSEO, Google Analytics, and Search Console?

Go to Easy MCP AI → External Data. Each service has its own section:

• Semrush — paste your API key, click Test, then toggle the 13 Semrush tools you want enabled.
• DataForSEO — enter your account login + API password, click Test, then enable the 8 DFS tools.
• Google Analytics 4 — upload a Google Cloud service-account JSON, set the default GA4 property id.
• Google Search Console — upload a service-account JSON, set the default site URL.

All credentials are stored AES-256-GCM encrypted with per-provider HKDF-derived keys. Nothing is sent to any third party until an AI actually calls a tool that needs it.

Does this plugin send my content to OpenAI, Anthropic, or Google?

No. Easy MCP AI does not call any AI provider. The flow is the opposite: your AI assistant (Claude, ChatGPT, etc.) calls your WordPress site, and the plugin executes whatever tool the AI requested. Your content only leaves your server in the response that goes back to the AI client you connected — never to a third party you didn’t choose. Outbound connections to Semrush / DataForSEO / Google APIs only happen if you explicitly configure those credentials, and they only receive the per-call parameters (keywords, target URLs, date ranges) — not your post content.

How does authentication work?

Two options, both production-grade:

1. OAuth 2.1 one-click connect (recommended) — open your AI client, paste your MCP URL, sign in to WordPress, approve the consent screen. Done.
2. Manual Bearer token — create a token under Easy MCP AI → API Tokens, paste it into your AI client.

Under the hood, every token (OAuth or Bearer) is SHA-256 hashed before being saved — the raw value is never stored and cannot be recovered after creation.

How does OAuth 2.1 one-click connect work?

Skip the copy-paste. In a supported client like Claude Desktop or Cursor, paste your MCP URL, sign in to WordPress, tick the permission categories (Read / Write per content type, GA4, Search Console, Semrush, etc.) on the consent screen, and click Approve. The client receives a short-lived access token plus a rotating refresh token, and you can revoke it anytime from the admin.

Under the hood the plugin implements the full OAuth 2.1 spec: PKCE (S256), RFC 7591 Dynamic Client Registration, refresh-token reuse detection (RFC 9700), RFC 8707 audience binding, RFC 8414 and RFC 9728 discovery endpoints, and RFC 7009 revocation. No AI client ever sees your WordPress password.

Do I need to enable OAuth?

No configuration required — OAuth endpoints are live as soon as the plugin is activated. You can manage registered clients and revoke per-user grants under Easy MCP AI → API Token & OAuth → OAuth tab. Bearer tokens continue to work alongside OAuth for power users and automation.

Can I control what the AI is allowed to do?

Yes, fully. Each token has its own permission set — you choose exactly which of the 192 tools it can call. Create a read-only token for a summarization AI, a content-only token for your writing assistant, and a full-access token for your trusted automation workflows.

Can I limit which posts or pages the AI can edit?

Permissions are enforced at the WordPress capability level, not per-post. Easy MCP AI runs every tool call as the WordPress user the token is bound to, so the AI inherits exactly that user’s edit_posts / edit_others_posts / publish_posts caps. If you want an AI restricted to, say, drafts only, create a dedicated low-privilege WordPress user (Contributor or Author) and bind the token to that user. Additionally, the Force Draft setting under Settings forces every create operation to draft status regardless of the AI’s request.

How do I revoke access for an AI client?

For OAuth-connected clients, go to Easy MCP AI → API Token & OAuth → OAuth and click Revoke next to the grant — the client immediately loses access and any active refresh tokens are invalidated. For Bearer tokens, go to Easy MCP AI → API Tokens and delete the token. Either action is instant and irreversible.

Where can I see a history of every AI action?

Go to Easy MCP AI → Audit Log. Every tool call is recorded with the token used, the tool name, the arguments, the result, the client IP, and a timestamp. The log is paginated and searchable, and retention is configurable under Settings (default 30 days, after which old rows are auto-purged).

Will the AI publish posts automatically?

Only if you let it. By default, the AI can create posts in whatever status it asks for (draft, publish, etc.) — but you can flip the Force Draft on Create setting under Easy MCP AI → Settings and every newly created post or page will be forced to draft regardless of what the AI requested. Combine that with a Contributor-level WordPress user for the AI to require human review before anything goes live.

Is it safe to run on a live site?

Yes — Easy MCP AI is built for production. Every request is authenticated (OAuth 2.1 or Bearer), capability-checked against WordPress core permissions, rate-limited (default 60 req/min per token, configurable), and recorded in the audit log. You can additionally restrict the endpoint to specific IP addresses, force all created content to draft, disable specific tools globally, and bind tokens to low-privilege WordPress users. The plugin only requires HTTPS for OAuth flows — bearer-token access is allowed over HTTP for local development but should never be exposed that way on a live site.

Does it work with WordPress multisite?

Yes. Easy MCP AI runs per-site on a multisite network — each subsite has its own MCP endpoint, its own tokens, and its own audit log. Network-scoped operations (network options, sitewide plugin/theme activation) are additionally gated on Super Admin + manage_network_options / manage_network_plugins capabilities, so a per-site admin token cannot reach network-level state.

Can I use this on localhost or a staging site?

Yes. On loopback addresses (127.0.0.1, ::1) the OAuth HTTPS requirement is automatically relaxed so you can test against http://localhost. For non-loopback dev setups behind a reverse proxy that terminates TLS elsewhere, add define('EASY_MCP_AI_OAUTH_ALLOW_HTTP', true); to wp-config.php. Never set that flag on a production site. Bearer-token access works over HTTP without any flag, but again, only for dev.

Does it work with custom post types and Gutenberg blocks?

Yes to both. The post and page tools accept a post_type parameter so your AI can work with any registered CPT on your site (wp_list_cpt_items, wp_create_cpt_item, etc.). For Gutenberg, there are dedicated tools for reusable blocks (wp_list_blocks, wp_create_block, wp_update_block) and block templates (wp_list_templates, wp_get_template, wp_update_template), plus full global styles support (wp_get_global_styles, wp_update_global_styles).

Can I connect multiple AI assistants at once?

Yes. Create one token (or one OAuth grant) per assistant. Each tracks its own usage, has its own scoped permissions, and is logged independently — so you can see exactly which AI did what.

What WordPress and PHP versions are required?

WordPress 6.0+ and PHP 7.4+. PHP 8.0 or higher is recommended. WordPress 6.9+ unlocks the Abilities auto-discovery feature, which exposes any Abilities-compatible plugin as MCP tools with no extra code.

Does this require Node.js or a special server?

No long-running processes, no Node.js, no Docker. The plugin runs entirely inside WordPress as a normal PHP plugin. The plugin contacts external services (Semrush, DataForSEO, Google Analytics, Google Search Console) only if you explicitly add those third-party account credentials under Easy MCP AI → External Data — see the External services section above. Out of the box, nothing leaves your server.

Why does the endpoint return 404 or 401 Unauthorized?

• 404 Not Found — go to Settings → Permalinks in WordPress admin and click Save Changes to flush rewrite rules. Pretty permalinks must be enabled.
• 401 Unauthorized — double-check the Bearer token in your AI client matches one shown under Easy MCP AI → API Tokens (tokens are only shown once at creation — if you lost it, delete and recreate). For OAuth clients, try disconnecting and re-approving the connector. Also confirm your Authorization: Bearer <token> header is being sent (some reverse proxies strip it).

Where do I report security bugs found in this plugin?

Please report security bugs found in the source code of the Easy MCP AI for WordPress plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.