Skip to content

The Secure MCP is now available to all WordPress VIP customers, giving your AI agents governed access to your applications through a single endpoint.

What is it?

The Secure MCP is an auditable and governed endpoint (api.wpvip.com/mcp) that lets your AI agents access and operate your WordPress VIP applications using your existing VIP Dashboard identity. Connect tools like Claude Code and Desktop, Cursor, or Codex to a single endpoint and let them work, with visibility into every agent call and without any credential handling.

Why it matters

AI agents are already in your workflow. The Secure MCP makes that safe for production. Every mutating action is logged and attributed to an authorized user. A kill switch disables all MCP access immediately from the organization’s settings. Agents can only perform actions your existing VIP Dashboard permissions allow.

What’s included

  • 57 infrastructure tools spanning apps, environments, deploys, domains, logs, metrics, backups, and WP-CLI
  • WordPress content tools covering posts, options, and registered abilities
  • OAuth 2.0 with PKCE auth, compatible with any MCP-compatible client
  • Deny-by-default policy enforcement, with production writing permissions turned off until an Org Admin opts in per app
  • Audit logging and step-up authentication for sensitive writes

Get started

If you’re an Org Admin, you can enable the Secure MCP per app from the Integrations Center in just a few minutes . Learn more in  the documentation and watch a video walkthrough in the VIP Customer Hub.