Invizo MCP

Invizo MCP turns your WordPress site into a standalone Model Context Protocol server. It lets approved AI clients work with site content and supported plugins through a native endpoint hosted by WordPress:

https://example.com/wp-json/mcp/invizo

No Invizo-hosted MCP backend, account, subscription, or license key is required. The plugin bundles the official WordPress MCP Adapter and PHP MCP Schema packages and exposes Invizo’s action library through the WordPress Abilities API.

The MCP server exposes three compact protocol tools:

• discover-abilities
• get-ability-info
• execute-ability

These tools discover and execute 143 scoped Invizo abilities without flooding AI clients with 143 top-level MCP tools.

Highlights

• Direct MCP endpoint hosted by WordPress.
• WordPress Application Password authentication.
• Administrator-only transport and action execution.
• Granular read, write, and delete scopes.
• Dry-run and confirmation safeguards for supported risky operations.
• Copy-ready connection settings for Claude Code, Claude Desktop, Codex, Cursor, and Antigravity.
• Dependency-aware controls for WooCommerce, Elementor, Rank Math SEO, LearnPress, and The Events Calendar.
• No telemetry, tracking, Invizo cloud account, or automatic connection to Invizo servers.

What can agents manage?

• WordPress content: posts, pages, media, categories, tags, comments, revisions, reusable blocks, templates, global styles, menus, and content search.
• Site administration: users, selected safe site settings, post types, taxonomies, statuses, plugins, and themes.
• Custom content: custom post type definitions, custom post type items, post metadata, and MCP-managed post meta definitions.
• Page builders and SEO: Gutenberg content, Elementor page data, and Rank Math SEO metadata.
• WooCommerce: products, variations, orders, notes, coupons, customers, and product terms.
• LearnPress: courses, lessons, quizzes, questions, orders, terms, enrollments, and builder workflows.
• The Events Calendar: events, venues, and organizers.

Who is this for?

Invizo MCP is intended for administrators, developers, agencies, and site maintainers who want an AI coding or automation client to work with a WordPress site through a documented, scoped protocol.

Because enabled write and delete scopes can modify important site data, use the plugin only with trusted clients and dedicated Application Passwords. Test destructive workflows on a staging site first.

Authentication

Invizo MCP uses WordPress Application Passwords and WordPress REST authentication.

Only authenticated users with the manage_options capability can access the MCP transport or execute Invizo abilities. In a standard WordPress installation this means administrators only.

Create a dedicated Application Password from Settings > Invizo MCP for every AI client or computer. Passwords can be revoked individually from the same screen.

Application Passwords normally require HTTPS. Local HTTP sites can enable them by setting:

define( 'WP_ENVIRONMENT_TYPE', 'local' );

Security plugins can disable Application Passwords. Invizo reports this condition on its settings screen.

Scopes and safeguards

Administrators choose exactly which read, write, and delete scopes are enabled. Abilities outside enabled scopes are hidden from MCP discovery and rejected during execution.

Optional integration scopes are unavailable unless their required plugin is active.

Existing handler safeguards remain in place, including:

• WordPress sanitization and validation.
• Plugin availability checks.
• Scope checks inside action handlers.
• Dry-run previews for supported risky operations.
• Explicit confirm: true requirements for supported destructive operations.
• Reserved metadata protection and safe site-setting allow lists.

Data stored by the plugin

Invizo MCP stores:

• Endpoint enabled/disabled status and selected scopes in the invizo_mcp_settings option.
• MCP-managed custom post type definitions in the invizo_mcp_registered_cpts option.
• MCP-managed post meta definitions in the invizo_mcp_registered_meta_fields option.
• A plugin version option used for upgrades.

Application Passwords are created and stored by WordPress in user metadata. Invizo tags only the credentials it creates so they can be listed and revoked from the settings page.

Invizo MCP does not collect analytics or send usage information to Invizo.

Client Configuration

The settings page generates current, copy-ready values using your site endpoint and WordPress username.

Claude Code

The primary setup uses @automattic/mcp-wordpress-remote through npx, with the endpoint, username, and Application Password stored as environment variables.

A direct HTTP .mcp.json alternative is also shown for clients that support authenticated HTTP MCP servers.

Claude Desktop

Add the generated JSON to:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Codex

Add the generated TOML to:

• Project: .codex/config.toml
• Global: ~/.codex/config.toml

Both npx bridge and direct authenticated HTTP examples are provided.

Cursor

Add the generated JSON to:

• Project: .cursor/mcp.json
• Global: ~/.cursor/mcp.json

Antigravity

Add the generated JSON to:

• macOS/Linux: ~/.gemini/antigravity/mcp_config.json
• Windows: %USERPROFILE%\.gemini\antigravity\mcp_config.json

Local HTTPS

Trust your local certificate whenever possible. For local development only, bridge configurations may use NODE_TLS_REJECT_UNAUTHORIZED=0 when the certificate cannot be trusted normally.

Never commit Application Passwords to source control or paste them into prompts, tickets, screenshots, or chat messages.

Privacy and Security

The MCP endpoint is disabled by default on new installations. Enabling it does not expose abilities until scopes are selected.

The endpoint requires:

• Valid WordPress Application Password authentication.
• A WordPress user with the manage_options capability.
• An enabled Invizo scope for the requested ability.

Use one dedicated Application Password per client or device so individual connections can be revoked without changing the WordPress account password.

When the plugin is uninstalled, Invizo-created Application Passwords are always revoked. Plugin settings and MCP-managed definitions are removed only when Delete Invizo settings and MCP-managed CPT/meta definitions when the plugin is uninstalled is enabled. Existing posts and post meta values are never deleted by the uninstaller.

Reporting security issues

Please report security issues privately through the contact information on https://invizo.io/. Do not publish sensitive vulnerability details in a public support topic before a fix is available.

Upgrade from 1.x

Version 2.0 automatically removes the stored external MCP Server URL and shared secret.

It preserves:

• Enabled scopes.
• MCP-managed custom post type definitions.
• MCP-managed post meta definitions.
• WordPress content and integration data.

Sites that previously had a shared secret configured are migrated with the standalone endpoint enabled. Other installations remain disabled until an administrator explicitly enables the endpoint.

The legacy signed endpoint /wp-json/invizo/v1/execute and its HMAC headers have been removed.

External Services

Invizo MCP does not contact an Invizo-hosted service.

MCP clients may use the third-party npm package @automattic/mcp-wordpress-remote as a local bridge when configured by the administrator. The package is downloaded from the npm registry and runs on the computer hosting the AI client, not inside WordPress.

When the bridge is used, it sends the configured WordPress endpoint, username, Application Password, and MCP request data directly to the administrator’s WordPress site. It does not send those credentials to Invizo.

• Package: https://www.npmjs.com/package/@automattic/mcp-wordpress-remote
• Source: https://github.com/Automattic/mcp-wordpress-remote
• npm Terms of Use: https://docs.npmjs.com/policies/terms
• npm Privacy Notice: https://docs.npmjs.com/policies/privacy

Media upload actions can fetch a public file URL explicitly supplied by an authenticated MCP caller through WordPress media sideloading. In that case, the remote file host receives a normal HTTP request from the WordPress site. The service and data destination depend entirely on the URL supplied by the administrator’s MCP client.

No external request is made merely by installing or activating Invizo MCP.

Build and Source Files

The distributed plugin contains the human-readable PHP source used at runtime.

PHP dependencies

Composer dependencies are included under vendor/ because they are required for the standalone MCP endpoint:

• automattic/jetpack-autoloader
• wordpress/mcp-adapter
• wordpress/php-mcp-schema

All bundled packages use the GPL-2.0-or-later license. Package source, Composer metadata, and individual license files are included. See third-party-notices.txt.

Rebuilding dependencies

From the plugin directory:

composer install --no-dev --optimize-autoloader

Create the WordPress.org submission ZIP from the parent plugins directory while excluding Git metadata, operating-system files, logs, and Node dependencies.