
How to add WordPress MCP to Windsurf
Automattic's archived plugin exposing WordPress posts, users and WooCommerce to MCP clients; superseded by mcp-adapter. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 927★ · stdio · apikey · official
Windsurf config for WordPress MCP
npx -y @automattic/mcp-wordpress-remote@latest{
"mcpServers": {
"wordpress-mcp": {
"command": "npx",
"args": [
"-y",
"@automattic/mcp-wordpress-remote@latest"
],
"env": {
"WP_API_URL": "https://your-site.com/",
"JWT_TOKEN": "<your-jwt-token>"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the WordPress MCP config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5WordPress MCP's tools become available to Cascade.
Before you start
- A WordPress site with the wordpress-mcp plugin installed and activated (zip from GitHub releases)
- A JWT token from Settings → WordPress MCP → Authentication Tokens (or a WordPress application password)
- Node.js for the npx proxy path
What WordPress MCP can do in Windsurf
wp_posts_searchSearch and filter WordPress posts with pagination
wp_get_postGet a post by ID
wp_add_postCreate a new post
wp_update_postUpdate a post by ID
wp_delete_postDelete a post by ID
wp_users_searchSearch and filter users with pagination
wp_get_userGet a user by ID
wp_add_userCreate a new user
Security
Archived project: no further features or security fixes — Automattic directs new work to WordPress/mcp-adapter, so treat this as legacy. Auth is scoped sensibly: JWT tokens expire in 1–24 hours and inherit the WordPress user's capabilities, and create/update/delete tools are individually toggleable in settings (the README warns to keep delete off unless you trust every MCP user).
WordPress MCP + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the WordPress MCP config there under the "mcpServers" key and restart the client.
Is WordPress MCP safe to use with Windsurf?
Archived project: no further features or security fixes — Automattic directs new work to WordPress/mcp-adapter, so treat this as legacy. Auth is scoped sensibly: JWT tokens expire in 1–24 hours and inherit the WordPress user's capabilities, and create/update/delete tools are individually toggleable in settings (the README warns to keep delete off unless you trust every MCP user).
Should I still use wordpress-mcp in 2026?
Only if you already run it. The repo is archived and Automattic explicitly recommends WordPress/mcp-adapter, which builds on the Abilities API shipping in WordPress Core 6.9. Existing installs keep working, but no fixes are coming.
Is it safe to expose my WordPress site through MCP this way?
The design is reasonably careful: JWTs expire in 1–24 hours, every action inherits the token user's capabilities, and destructive tools can be disabled per-operation (delete is the one to leave off). The real risk is the archived status — no future security patches — so weigh that for production sites.
Do I need the proxy, or can my client connect directly?
Both work. Clients with streamable HTTP support (like VS Code) can hit /wp-json/wp/v2/wpmcp/streamable directly with a Bearer JWT; stdio-only clients use the npx @automattic/mcp-wordpress-remote proxy, which also adds WooCommerce support and application-password auth.