Cowboy MCP

Cowboy MCP

Open-source WordPress plugin that turns any site into a Streamable HTTP MCP server. Manage posts, WooCommerce, and more from Claude Code, Codex, or Cursor — no Node.js

Category
访问服务器

README

Cowboy MCP 🤠 — WordPress MCP Server for AI Coding Agents

Cowboy MCP is a WordPress plugin that turns any WordPress site into a Model Context Protocol (MCP) server over Streamable HTTP, so AI coding agents like Claude Code, Codex, and Cursor can manage it — in plain English.

Version WordPress PHP License

Website: cowboymcp.com · Download: latest release

Connect any MCP client that speaks Streamable HTTP over a single authenticated endpoint and manage posts, pages, plugins, themes, users, media, WooCommerce, and much more.


Why Cowboy MCP?

  • Built for coding agents, not chat UIs — designed for terminal-based workflows with Claude Code, Codex, Cursor, and any Streamable HTTP MCP client.
  • No Node.js proxy — the MCP endpoint is served natively from WordPress. Unlike adapter-based approaches that run a separate Node bridge to expose remote HTTP, there's nothing extra to install or keep running.
  • 131 tools across core + popular plugins — full content CRUD plus deep integrations for WooCommerce, ACF, Elementor, Wordfence, UpdraftPlus, and cache plugins.
  • Secure by default — bcrypt-hashed API keys (shown once), per-key rate limiting, safe mode for destructive operations, and an always-on audit log.
  • Zero dependencies — native WordPress APIs, no Composer, no npm, no build step. Works even on hosts without WP-CLI or shell_exec().

Highlights

  • Single REST endpoint — JSON-RPC 2.0 over Streamable HTTP at /wp-json/cowboy-mcp/v1/endpoint (MCP 2025-06-18 spec)
  • 131 tools — full CRUD for posts, pages, CPTs, taxonomies, comments, options, users, media, plus database queries, WP-CLI, diagnostics, and conditional tools for popular plugins
  • 17 read-only resources, 4 resource templates, and 8 workflow prompts with argument auto-completion
  • Secure by default — bcrypt-hashed API keys, per-key rate limiting, safe mode for destructive operations, and an always-on audit log
  • Self-hosted auto-updates — new versions appear in your WordPress updates screen, served straight from GitHub Releases
  • Zero dependencies — no Composer, no npm, no build step, no CDN. Native WordPress APIs, so it works even on hosts without WP-CLI or shell_exec().

Requirements

  • WordPress 6.2+
  • PHP 8.0+

Installation

The plugin is distributed via GitHub Releases (not the WordPress.org directory).

  1. Download cowboy-mcp.zip from the latest release.
  2. In WordPress: Plugins → Add New → Upload Plugin, choose the zip, and Install Now.
  3. Activate the plugin.
  4. Go to Settings → Cowboy MCP and click Generate API Key. Copy the key — it is shown only once.

Once installed, the plugin keeps itself up to date through the normal WordPress updates screen.

Connecting an agent

Claude Code

claude mcp add --transport http wordpress \
  https://yoursite.com/wp-json/cowboy-mcp/v1/endpoint \
  --header "Authorization: Bearer YOUR_API_KEY"

Codex

Set the key as an environment variable:

export COWBOY_MCP_API_KEY="YOUR_API_KEY"

Then add to ~/.codex/config.toml:

[mcp_servers.wordpress]
url = "https://yoursite.com/wp-json/cowboy-mcp/v1/endpoint"
bearer_token_env_var = "COWBOY_MCP_API_KEY"

Any MCP client supporting Streamable HTTP with a Bearer token works the same way.

Capabilities

Tools

Core tools are always available. Plugin-integration tools register only when the matching plugin is active.

Domain Tools Examples
Core 42 posts/pages/CPT CRUD, taxonomies, comments, plugins, themes, options, users, media, DB query/write, WP-CLI, search-replace, site info, site health, 9 diagnostics, batch execution, audit log
WooCommerce 40 products & variations, orders & refunds, customers, coupons, tax/shipping/gateway settings, sales reports
Wordfence 17 scans, IP/country blocks, firewall, live traffic, activity log, settings
UpdraftPlus 10 list/trigger/restore/delete backups, settings, logs, schedules
ACF 9 field groups, field CRUD, repeater operations
Elementor 7 templates, page content, global styles, widgets
Cache 4 provider detect, flush, preload, settings (WP Rocket / LiteSpeed / W3TC)
SEO 1 provider detection (Yoast / Rank Math)
Forms 1 provider detection (WPForms / Gravity Forms / CF7)
Total 131 with every integration active

Resources

17 read-only resources (site info, recent posts, plugin/theme lists, WooCommerce summaries, Wordfence status, and more) plus 4 resource templates:

wordpress://posts/{id}
wordpress://options/{name}
wordpress://plugins/{slug}
wordpress://users/{id}

Prompts

8 guided workflow prompts: wordpress-site-audit, content-migration, seo-optimization, woocommerce-store-setup, troubleshoot-issue, bulk-content-update, security-hardening, performance-optimization.

FAQ

What is a WordPress MCP server?

A WordPress MCP server exposes your site's management capabilities through the Model Context Protocol — the open standard AI agents use to call tools. Cowboy MCP implements one as a plugin: it serves a single Streamable HTTP endpoint that lets agents like Claude Code read, create, update, and delete WordPress content securely.

How do I connect Claude Code to WordPress?

Install Cowboy MCP, generate an API key under Settings → Cowboy MCP, then run claude mcp add --transport http wordpress https://yoursite.com/wp-json/cowboy-mcp/v1/endpoint --header "Authorization: Bearer YOUR_API_KEY". Claude Code can then manage posts, plugins, themes, WooCommerce, and more by calling Cowboy MCP's tools over the MCP protocol.

Does Cowboy MCP work with WooCommerce?

Yes. When WooCommerce is active, Cowboy MCP registers 40 extra tools for products and variations, orders and refunds, customers, coupons, tax/shipping/gateway settings, and sales reports — using WooCommerce's own CRUD classes rather than raw SQL. Tools for ACF, Elementor, Wordfence, UpdraftPlus, and cache plugins register automatically the same way.

Do I need Node.js or WP-CLI?

No. Cowboy MCP serves the MCP endpoint natively from WordPress with zero external dependencies — no Node.js bridge, no Composer, no build step. It uses core WordPress APIs, so it works even on managed hosts that disable shell_exec() or lack WP-CLI. WP-CLI remains an optional power-user escape hatch when present.

Is it safe to give an AI agent access to my site?

You're granting real control, so Cowboy MCP is built defensively. API keys are bcrypt-hashed and shown once, every request is rate-limited, safe mode requires explicit confirmation for destructive actions, and every tool call is recorded in an audit log. Sensitive options, dangerous SQL, and SSRF attempts are blocked by default.

Which AI agents are supported?

Any MCP client that supports Streamable HTTP with a Bearer token — including Claude Code, Codex, and Cursor. The same endpoint works across clients: point the agent at your site's URL and supply the API key. More agents add MCP support regularly.

Security

You are granting an AI agent significant control over your site. Cowboy MCP is built to keep that safe:

  • Authentication — API keys are bcrypt-hashed (wp_hash_password()) and never stored in plain text. Keys are shown once at generation and can be revoked individually.
  • Rate limiting — per-key, per-minute window (default 120/min).
  • Safe mode (on by default) — destructive tools (delete posts, drop tables, write-mode WP-CLI, etc.) require an explicit confirm: true.
  • Dry run — non-read-only tools accept a dry_run parameter to preview changes.
  • Audit log — every tool call, error, and auth event is recorded in a database table with automatic 30-day pruning. Sensitive fields are redacted.
  • Guardrails — option blocklist for sensitive settings, SQL blocklist for dangerous DDL, WP-CLI command blocklist, SSRF protection on outbound requests, wp-content path confinement for file ops, and self-delete protection.

Power mode

An admin-only, opt-in setting (off by default) that lifts a curated set of hard guardrails for advanced users (WP-CLI/SQL blocklists, sensitive-option writes, path confinement, SSRF protection). It can only be enabled by a human in wp-admin — the agent can never enable it through the API.

Power mode never lifts credential protections: writes to API keys / plugin settings and other credential options stay blocked, secret-touching DB queries stay blocked, result/secret redaction stays on, and self-delete protection remains.

Configuration

Settings live under Settings → Cowboy MCP (cowboy_mcp_settings option):

Setting Default Purpose
enabled true Master on/off switch for the MCP endpoint
safe_mode true Require confirm: true for destructive tools
power_mode false Lift curated guardrails (admin-only opt-in)
allowed_tools all Restrict which tools are exposed
log_requests false Also mirror audit entries to error_log()
rate_limit 120 Requests per key, per minute

Updates

Cowboy MCP self-updates from GitHub Releases. It fetches a small JSON manifest from COWBOY_MCP_UPDATE_URL (default https://cowboymcp.com/updates/cowboy-mcp.json, overridable in wp-config.php), compares versions, and serves the release zip — all through WordPress's native update system. Auto-updates are owner-opt-in and fail closed: any manifest/network error simply means "no update," never a fatal.

Extensibility

Two filters let you customize the tool surface:

// Add custom tool definitions.
add_filter( 'cowboy_mcp_tools', function ( $tools ) { /* … */ return $tools; } );

// Block specific tools per request.
add_filter( 'cowboy_mcp_tool_allowed', function ( $allowed, $tool_name ) { /* … */ return $allowed; }, 10, 2 );

Architecture

A single-endpoint MCP server built on the WordPress REST API. No autoloader — classes are required from the entry point; tools are split into lazily-loaded domain files under includes/tools/.

cowboy-mcp.php          Entry point — constants, requires, lifecycle hooks
includes/
  class-mcp-transport.php   REST route, JSON-RPC dispatch, sessions
  class-mcp-auth.php        API keys, Bearer validation, rate limiting
  class-mcp-tools.php       Tool registry, dispatch, dry-run/safe-mode gating
  class-mcp-resources.php   Read-only resources + templates
  class-mcp-prompts.php     Workflow prompts
  class-mcp-updater.php     Self-hosted updater
  class-mcp-audit-log.php   DB-backed audit log
  class-mcp-security.php    Shared guardrails (blocklists, redaction, power mode)
  tools/                    Domain tool files (core, woocommerce, acf, …)
admin/
  class-mcp-admin.php       Settings page

License

GPL-2.0-or-later. Cowboy MCP is free software.

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选