Complete reference for the free WordPress MCP plugin — 43 tools, authentication, configuration, and data flows.
IATO MCP turns any self-hosted WordPress site into an MCP server. The plugin runs entirely inside WordPress as a REST API endpoint — no external server or infrastructure required. AI clients like Claude Desktop, Gemini, and ChatGPT connect directly to your site via the Model Context Protocol.
AI Client (Claude Desktop / Gemini / ChatGPT)
|
| MCP JSON-RPC over HTTP (one POST per call)
|
WordPress Plugin (iato-mcp)
POST /wp-json/iato-mcp/v1/message ← all MCP tool calls
POST /wp-json/iato-mcp/v1/rollback ← rollback a change by receipt ID
GET /wp-json/iato-mcp/v1/oauth/* ← Claude Desktop auth flow
|
| Two data flows:
| 1. Plugin reads IATO data → enriches with WP post IDs → returns to AI
| 2. Plugin reads WP data → writes to IATO (sync tools)
|
IATO Platform (iato.ai/api/v1)
Auth: Authorization: Bearer {iato_api_key}
The plugin works on any self-hosted WordPress installation. No special server configuration needed.
| Requirement | Details |
|---|---|
| WordPress | 5.6 or higher |
| PHP | 7.4 or higher |
| IATO Account | Optional — only needed for bridge and sync tools |
| Hosting | Any: shared (Bluehost, SiteGround), VPS (DigitalOcean, Linode), managed WP (WP Engine, Flywheel, Cloudways), or local dev |
Install the plugin and have your site running as an MCP server in under 5 minutes.
All settings are managed in WP Admin under Settings → IATO MCP.
Read-only. Shows your site's MCP URL: https://yoursite.com/wp-json/iato-mcp/v1/message
Plugin-generated Bearer key (IATO-XXXXXXXX). Use Copy to clipboard or Regenerate to create a new one.
Enter your IATO account API key here to enable the 9 bridge tools and 4 sync tools. Validated on save.
Fallback crawl ID used by bridge tools when crawl_id is not passed in the tool call.
Per-tool enable/disable checkboxes. Disable tools you don't need to reduce the tool list for your AI client.
Any AI client that supports the Model Context Protocol can connect to your WordPress site.
Go to Claude Desktop → Settings → Connectors → Add. Enter your site's MCP endpoint URL (shown in Settings → IATO MCP). Click Authorize — the OAuth flow completes automatically.
For other MCP clients, add this to your client's configuration file:
{
"mcpServers": {
"wordpress": {
"url": "https://yoursite.com/wp-json/iato-mcp/v1/message",
"headers": {
"Authorization": "Bearer IATO-XXXXXXXX"
}
}
}
}
Replace the URL and API key with the values from Settings → IATO MCP.
These tools read and write WordPress directly. No IATO account needed.
| Tool | Capability | Description |
|---|---|---|
get_site_info | read | Site name, URL, WP version, active theme |
get_site_settings | manage_options | Site title, tagline, admin email, timezone |
get_posts | read | List posts/pages with status and type filters |
get_post | read | Full post content, meta, terms by ID or slug |
create_post | edit_posts | Create draft or published post/page |
update_post | edit_posts | Edit title, content, or status |
search_posts | read | Full-text search across posts and pages |
get_seo_data | read | SEO title + description via Yoast/RankMath/SEOPress adapter |
update_seo_data | edit_posts | Write SEO title + description via adapter. Returns change receipt(s) |
get_media | read | List media with optional missing-alt filter |
update_alt_text | edit_posts | Update attachment alt text. Returns change receipt |
get_comments | read | List comments by status or post |
get_menus | read | List all registered WP nav menus |
get_menu_items | read | Get items in a specific menu |
update_menu_item | manage_options | Add a page to a menu (supports dry_run). Returns change receipt |
create_menu_item | manage_options | Add a URL or page item to a menu with position and parent support. Returns change receipt |
delete_menu_item | manage_options | Remove an item from a navigation menu. Returns change receipt |
update_menu_item_details | manage_options | Edit an existing menu item's title, URL, position, or parent. Returns change receipt |
get_terms | read | List WP categories or tags with term IDs |
assign_term | edit_posts | Assign a category or tag to a post. Returns change receipt |
create_term | manage_categories | Create a new category or tag in WordPress. Returns change receipt |
update_term | manage_categories | Update an existing category or tag name, slug, or description. Returns change receipt |
delete_term | manage_categories | Delete a category or tag from WordPress. Returns change receipt |
update_taxonomy | edit_posts | Replace all terms for a given taxonomy on a post (not append). Returns change receipt |
update_canonical | edit_posts | Set or update canonical URL for a post. Auto-detects SEO plugin (Yoast/RankMath/SEOPress). Returns change receipt |
update_structured_data | edit_posts | Add or update JSON-LD structured data for a post. Stored as custom meta, output via wp_head. Returns change receipt |
update_redirect | manage_options | Create or update a redirect rule. Auto-detects redirect plugins or uses built-in fallback. Returns change receipt |
get_page_builder | read | Detects Elementor, WPBakery, Divi, Gutenberg, or Classic editor |
get_elementor_data | read | Returns raw _elementor_data JSON for a post |
update_elementor_data | edit_posts | Updates Elementor JSON, clears CSS cache, regenerates post_content via Elementor. Supports dry_run |
update_canonicalSet or update the canonical URL for a post. Auto-detects SEO plugin (Yoast/RankMath/SEOPress).
| Parameter | Type | Required | Description |
|---|---|---|---|
post_id | integer | Yes | WordPress post ID |
canonical_url | string | Yes | The canonical URL to set |
dry_run | boolean | No | Preview changes without applying |
update_structured_dataAdd or update JSON-LD structured data for a post. Stored as custom meta, output via wp_head.
| Parameter | Type | Required | Description |
|---|---|---|---|
post_id | integer | Yes | WordPress post ID |
schema_json | string | Yes | Valid JSON-LD string |
dry_run | boolean | No | Preview changes without applying |
update_taxonomyReplace all terms for a given taxonomy on a post (not append).
| Parameter | Type | Required | Description |
|---|---|---|---|
post_id | integer | Yes | WordPress post ID |
taxonomy | string | Yes | Taxonomy name (e.g. category, post_tag) |
terms | array | Yes | Array of term IDs to set |
dry_run | boolean | No | Preview changes without applying |
update_redirectCreate or update a redirect rule. Auto-detects redirect plugins (Redirection, Safe Redirect Manager, Yoast Premium) or uses built-in fallback.
| Parameter | Type | Required | Description |
|---|---|---|---|
from_url | string | Yes | Source URL path to redirect from |
to_url | string | Yes | Destination URL to redirect to |
type | integer | No | HTTP status code: 301, 302, 307, or 308 (default 301) |
dry_run | boolean | No | Preview changes without applying |
These tools call the IATO API, then resolve IATO node/page IDs to WordPress post IDs and slugs so your AI client can chain directly into WP native tools.
| Tool | IATO Tools Called | Returns |
|---|---|---|
get_iato_sitemap | list_sitemaps, get_sitemap | Full URL hierarchy + WP post IDs and slugs per node |
get_iato_nav_audit | get_menus, get_menu_items, find_orphan_pages | Menu structure + orphan pages with WP slugs |
get_iato_orphan_pages | find_orphan_pages | Orphans resolved to WP post IDs and slugs |
get_iato_taxonomy | get_taxonomy | IATO labels mapped to WP term IDs |
get_iato_seo_fixes | run_seo_audit, get_seo_issues | Issues with fix_type (auto/manual) + WP slugs |
get_iato_content_gaps | get_low_performing_pages, get_content_metrics | Thin content pages with word count, flags, WP slugs |
get_iato_broken_links | get_crawl_analytics | Broken links mapped to source WP post IDs |
get_iato_suggestions | generate_suggestions | AI-prioritized fixes across all areas with WP slugs |
get_iato_perf_report | get_crawl_analytics, get_low_performing_pages | Slow/heavy pages with contributing causes + WP slugs |
Push WordPress data into IATO so the platform has live content without waiting for a crawl. All support dry_run mode.
| Tool | Reads from WP | Writes to IATO | Key Parameters |
|---|---|---|---|
sync_wp_pages_to_iato | get_posts() — all pages/posts | create_sitemap_node per page | sitemap_id, post_type, dry_run |
sync_wp_taxonomy_to_iato | get_terms() — categories + tags | IATO taxonomy endpoints | sitemap_id, taxonomy, dry_run |
sync_wp_meta_to_iato | SEO Adapter — title + desc per post | fix_seo_issue (title, meta_description) | crawl_id, dry_run |
sync_wp_menus_to_iato | wp_get_nav_menus() + wp_get_nav_menu_items() | create menu + create menu items (preserving hierarchy) | sitemap_id, crawl_id, dry_run |
The plugin auto-detects which SEO plugin is active and reads/writes the correct post meta keys. Detection priority: Yoast → RankMath → SEOPress → Fallback. No configuration needed.
| Plugin | Title Key | Description Key | Canonical Key |
|---|---|---|---|
| Yoast SEO | _yoast_wpseo_title | _yoast_wpseo_metadesc | _yoast_wpseo_canonical |
| RankMath | rank_math_title | rank_math_description | rank_math_canonical_url |
| SEOPress | _seopress_titles_title | _seopress_titles_desc | _seopress_robots_canonical |
| Fallback | Native WordPress post title (no SEO plugin detected) | ||
The update_redirect tool auto-detects which redirect plugin is active and uses its API. If no plugin is found, a built-in option-based fallback handles redirects.
| Priority | Plugin | Notes |
|---|---|---|
| 1 | Redirection | Most popular redirect plugin. Uses its REST API to create/update rules. |
| 2 | Safe Redirect Manager | Stores redirects as custom post type. Supported via direct CPT creation. |
| 3 | Yoast Premium | Uses Yoast Premium's redirect manager when available. |
| Fallback | Built-in | Option-based fallback stored in iato_redirects. Capped at 500 rules. |
Every write tool returns a change_receipt object in its response, providing a full audit trail for AI-made changes.
{
"change_id": "wr_a1b2c3d4e5f67890",
"post_id": 42,
"target_type": "page",
"field": "meta_description",
"before_value": "Old description",
"after_value": "New SEO-optimized description",
"applied_at": "2026-03-26T14:30:00Z"
}
| Target Type | Used By |
|---|---|
page | update_seo_data, update_post |
image | update_alt_text |
menu_item | create_menu_item, update_menu_item, delete_menu_item, update_menu_item_details |
taxonomy | assign_term, create_term, update_term, delete_term, update_taxonomy |
redirect | update_redirect |
structured_data | update_structured_data |
Receipts are stored in the {prefix}iato_change_receipts database table, created automatically on plugin activation.
Restore any AI-made change using its change receipt ID.
POST /wp-json/iato-mcp/v1/rollback
Same as MCP endpoint: Bearer token (Authorization: Bearer IATO-XXXXXXXX).
{
"change_id": "wr_a1b2c3d4e5f67890",
"post_id": 42,
"target_type": "page",
"field": "meta_description",
"before_value": "New SEO-optimized description"
}
| Check | Error | Status |
|---|---|---|
change_id must exist | Change receipt not found | 404 |
| Not already rolled back | Change already rolled back | 400 |
before_value must match stored value | Stale rollback — value has changed since receipt was issued | 400 |
{
"success": true,
"rolled_back_at": "2026-03-26T15:00:00Z",
"change_id": "wr_a1b2c3d4e5f67890"
}
Supported rollbacks: all write tool changes including SEO meta, alt text, menu items, taxonomy, canonical URLs, structured data, and redirects.
Phase 2 adds three admin interfaces for managing AI-driven changes.
Accessible at wp-admin/admin.php?page=iato-mcp-setup. Requires manage_options capability.
| Step | Action |
|---|---|
| 1 | Connect IATO — enter and validate your IATO API key |
| 2 | Configure Governance Policy — set approval rules for AI changes |
| 3 | Set Crawl Schedule — choose frequency and scope |
| 4 | Run First Crawl — trigger initial site crawl |
Top-level admin menu: “IATO Reviews”. Requires edit_posts capability.
| Feature | Description |
|---|---|
| Pending Changes | Shows changes proposed by IATO Autopilot awaiting review |
| Per-Item Actions | Approve, Reject, or Mark as Fixed on individual items |
| Bulk Actions | Select multiple items and approve/reject in one click |
Appears on the wp-admin dashboard as “IATO SEO Health”. Data cached with 5-minute transient.
| Metric | Description |
|---|---|
| SEO Score + Trend | Current score with directional indicator vs previous crawl |
| Issue Counts | Breakdown of open SEO issues by category |
| Recent Auto-Fixes | Last 5 changes applied automatically by Autopilot |
| Pending Reviews | Number of items awaiting approval in the Review Queue |
| Crawl Freshness | Time since last completed crawl |
| Run Audit Now | Button to trigger a new crawl on demand |
The plugin uses a plugin-generated API key stored in wp_options. Three authentication methods are supported.
| Method | How | Notes |
|---|---|---|
| Bearer Token | Authorization: Bearer IATO-XXXXXXXX | Primary method. Key generated on activation, stored in wp_options as iato_mcp_key. |
| Query Parameter | ?mcp_key=IATO-XXXXXXXX | Fallback for clients that cannot set custom headers. |
| OAuth 2.0 | Automatic via class-oauth.php | Claude Desktop Connect button triggers this automatically. |
Key generation: on plugin activation, wp_generate_password(32, false) creates the key. Users can regenerate via Settings → IATO MCP → Regenerate Key.
Three example workflows showing how the plugin bridges AI clients, WordPress, and IATO.
1. AI calls get_iato_seo_fixes(crawl_id)
→ Plugin calls IATO: run_seo_audit + get_seo_issues
→ Returns: [{url, issue_type, current, suggested, wp_post_id, wp_slug}]
2. AI calls update_seo_data(id: wp_post_id, description: suggested)
→ Plugin writes to Yoast/RankMath/SEOPress meta on each post
1. AI calls sync_wp_pages_to_iato(sitemap_id, post_type: 'page') → Plugin: get_posts() reads all WP pages → Plugin: create_sitemap_node() per page via IATO API → IATO sitemap now has nodes matching live WP structure
1. AI calls get_iato_nav_audit(sitemap_id)
→ Plugin calls IATO: get_menus + get_menu_items + find_orphan_pages
→ Returns: {menus: [...], orphans: [{url, wp_post_id, wp_slug}]}
2. AI calls update_menu_item(menu_id, post_id: wp_post_id, dry_run: true)
→ Preview what would be added
3. AI calls update_menu_item(menu_id, post_id: wp_post_id)
→ wp_update_nav_menu_item() adds page to menu
Verify the key in Settings → IATO MCP. The key is validated on save against GET /api/v1/workspaces. Ensure your IATO subscription is active.
Confirm your IATO subscription is active and the Default Crawl ID is set to a valid, completed crawl. Bridge tools require both an IATO API key and valid crawl data.
Ensure your site is publicly accessible (not behind basic auth or a firewall). Claude Desktop needs to reach your site's OAuth endpoints. Check that the MCP endpoint URL in Settings is correct.
Verify WordPress 5.6+ and PHP 7.4+. Check the Plugins page for error messages. The plugin requires the REST API to be enabled (default in WordPress).
Check that the tools are enabled in Settings → IATO MCP → Enabled Tools. Disabled tools are not exposed via the MCP endpoint.
Turn your self-hosted WordPress site into an MCP server. Free, open source, works with any AI client.
Download from GitHub