v0.3.1

influencentricity-wheel-boxed-star-inside

WP Abilities MCP Adapter

Exposes WordPress abilities as MCP tools, resources, and prompts. Upload, activate, and your WordPress abilities become MCP tools. Open Source GLP-2. Free forever. You’ll need a license code to activate it during our Alpha Launch and to receive auto updates of the plugin in Wordpress. No charge, just click Buy Now and checkout. Github: https://github.com/Wicked-Evolutions/abilities-mcp-adapter

ex. VAT
0,00 EURex. VAT
Buy Now

Features

 

Discovery & execution

  • Automatic discovery — abilities with show_in_rest or mcp.public metadata become MCP tools, regardless of which plugin registered them
  • Built-in MCP tools — discover abilities, get info, execute single, execute batch
  • Permission metadata — abilities carry permission (read/write/delete) and enabled state in MCP annotations
  • MCP annotations — readonly, destructive, idempotent hints flow through to tool definitions
  • Schema transformation — JSON Schema to MCP-compatible format with automatic wrapping
  • Error mapping — WP_Error objects map cleanly to MCP error codes
  • HTTP transport — REST API endpoint with session management, plus minimal Server-Sent Events stub

 

Safety surface (v1.4.x)

  • Three-bucket response redaction — secrets always filtered (passwords, API keys, tokens, hashes); payment / regulated identifiers and contact PII filtered by default with operator-controlled overrides; type-aware markers preserve schema shape
  • Per-ability exemptions — operators unlock contact PII visibility on specific abilities (e.g. CRM workflows that legitimately need email) without weakening defaults globally
  • Origin allowlist + scoped CORS — defense-in-depth against DNS rebinding; CORS scoped to MCP routes only, no global REST API side effects
  • Rate limiting at /mcp boundary — per-IP and per-user windows, with Cloudflare and custom-allowlist trusted-proxy presets
  • Boundary event log — structured events for session lifecycle, auth denials, transport errors, rate-limit hits, and settings audit changes (consumed by Abilities for AI’s kl_boundary writer when present)
  • Sanitized event hooks — third-party listeners receive sanitized metadata only; raw API keys are hashed before any listener fires

 

Operator UI

  • Settings → MCP Abilities — per-ability enable/disable controls, permission tier overrides
  • Settings → MCP Safety — master redaction toggle (with warning checkbox), keyword editor per bucket, per-ability exemption list, trusted-proxy configuration
  • AI-callable safety configuration — operators can ask their AI to read or strengthen safety settings; weakening default safety requires in-chat 1/2 confirmation; Bucket 2 (payment/regulated) cannot be weakened through chat at any granularity

Related Products

Abilities By Wicked Full Suite Bundle

Abilities By Wicked Full Suite Bundle

Abilities For AI, Fluent plugins and any other plugins exposing WordPress Abilities.Access CPT based plugins and Meta in Wordpress, extending capacity significantly.

ex. VAT

WP Abilities for AI

WP Abilities for AI

Native WordPress abilities for AI agents. Powers AI control through the official Abilities API.Learn more on Github: https://github.com/Wicked-Evolutions/abilities-for-ai

ex. VAT

WP Abilities for AI - Fluent Plugins

WP Abilities for AI – Fluent Plugins

First-party WordPress Abilities API translator for the Fluent plugin ecosystem (CRM, Community, Forms, Boards, Booking, Cart, Affiliate, Support, SMTP, Auth, Snippets, Messaging). Conditional module loading.https://github.com/Wicked-Evolutions/abilities-for-fluent-plugins

ex. VAT