{"id":300297,"date":"2026-05-08T12:14:09","date_gmt":"2026-05-08T12:14:09","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/mcp-manager\/"},"modified":"2026-07-04T01:33:59","modified_gmt":"2026-07-04T01:33:59","slug":"acrossai-mcp-manager","status":"publish","type":"plugin","link":"https:\/\/it.wordpress.org\/plugins\/acrossai-mcp-manager\/","author":15295430,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"0.0.9","stable_tag":"0.0.9","tested":"7.0","requires":"7.0","requires_php":"8.1","requires_plugins":null,"header_name":"AcrossAI MCP Manager","header_author":"raftaar1191","header_description":"Enable\/Disable MCP Adapter Integration for WordPress","assets_banners_color":"","last_updated":"2026-07-04 01:33:59","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/acrossai.co\/","header_author_uri":"https:\/\/profiles.wordpress.org\/raftaar1191\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":383,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"0.0.1":{"tag":"0.0.1","author":"raftaar1191","date":"2026-05-08 12:13:51"},"0.0.2":{"tag":"0.0.2","author":"raftaar1191","date":"2026-05-08 12:20:27"},"0.0.3":{"tag":"0.0.3","author":"raftaar1191","date":"2026-05-14 14:45:29"},"0.0.4":{"tag":"0.0.4","author":"raftaar1191","date":"2026-06-02 11:53:16"},"0.0.5":{"tag":"0.0.5","author":"raftaar1191","date":"2026-06-02 12:01:31"},"0.0.6":{"tag":"0.0.6","author":"raftaar1191","date":"2026-07-04 00:14:27"},"0.0.7":{"tag":"0.0.7","author":"raftaar1191","date":"2026-07-04 00:46:20"},"0.0.8":{"tag":"0.0.8","author":"raftaar1191","date":"2026-07-04 01:08:15"},"0.0.9":{"tag":"0.0.9","author":"raftaar1191","date":"2026-07-04 01:33:59"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3595613,"resolution":false,"location":"assets","locale":false}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings page with client tabs for easy configuration","2":"Copy-paste ready JSON configuration","3":"One-click password generation","4":"Per-provider configuration file locations and top-level keys"}},"plugin_section":[],"plugin_tags":[2353,229563,222885,242115,254221],"plugin_category":[44,54],"plugin_contributors":[140910],"plugin_business_model":[],"class_list":["post-300297","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-claude","plugin_tags-copilot","plugin_tags-mcp","plugin_tags-vscode","plugin_category-discussion-and-community","plugin_category-security-and-spam-protection","plugin_contributors-raftaar1191","plugin_committers-raftaar1191"],"banners":[],"icons":{"svg":"https:\/\/ps.w.org\/acrossai-mcp-manager\/assets\/icon.svg?rev=3595613","icon":"https:\/\/ps.w.org\/acrossai-mcp-manager\/assets\/icon.svg?rev=3595613","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>MCP Manager uses the standard <code>@automattic\/mcp-wordpress-remote@latest<\/code> package with WordPress Application Passwords for the default remote flow. It also includes an optional experimental direct Claude Connectors mode backed by a WordPress-hosted OAuth approval flow.<\/p>\n\n<p>MCP Manager is a WordPress plugin that enables seamless integration with Model Context Protocol (MCP) servers, allowing AI assistants and code editors to safely access your WordPress instance through secure application passwords.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><p><strong>Multi-Client Support<\/strong>: Configure MCP for:<\/p>\n\n<ul>\n<li>VS Code with Copilot<\/li>\n<li>Claude Desktop App<\/li>\n<li>GitHub Copilot &amp; Codex<\/li>\n<li>OpenAI ChatGPT Codex<\/li>\n<li>Custom MCP Clients<\/li>\n<\/ul><\/li>\n<li><p><strong>Secure Authentication<\/strong>: Uses WordPress native Application Passwords system<\/p>\n\n<ul>\n<li>One-click password generation<\/li>\n<li>Secure credential management<\/li>\n<li>Password revocation support<\/li>\n<li>Per-server Access Control still enforced after authentication<\/li>\n<\/ul><\/li>\n<li><p><strong>Easy Configuration<\/strong>:<\/p>\n\n<ul>\n<li>Copy-paste ready JSON configurations<\/li>\n<li>Per-provider configuration file paths<\/li>\n<li>Automatic top-level key detection<\/li>\n<\/ul><\/li>\n<li><p><strong>Format #1 Standard<\/strong>: Uses the Automattic-recommended MCP configuration format<\/p>\n\n<ul>\n<li>npx command execution<\/li>\n<li>@automattic\/mcp-wordpress-remote@latest package<\/li>\n<li>Full environment variable support<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>Navigate to Settings \u2192 MCP Manager<\/li>\n<li>Select your MCP client (VS Code, Claude, GitHub Copilot, ChatGPT, or Custom)<\/li>\n<li>Click \"Generate New Application Password\"<\/li>\n<li>Copy the ready-to-use JSON configuration<\/li>\n<li>Paste into your client's configuration file<\/li>\n<li>Restart your MCP client<\/li>\n<\/ol>\n\n<p>All application passwords are managed through WordPress's native Application Passwords system and appear in your profile under Account Management.<\/p>\n\n<h4>CLI Connection and Authorization Flow<\/h4>\n\n<p>MCP Manager also supports a browser-assisted CLI connection flow for local MCP clients.<\/p>\n\n<p>Typical command:<\/p>\n\n<pre><code>npx -y @acrossai\/mcp-manager --siteurl=https:\/\/example.com --server=default-mcp-server\n<\/code><\/pre>\n\n<p>Flow summary:<\/p>\n\n<ol>\n<li>The CLI checks <code>\/wp-json\/acrossai-mcp-manager\/v1\/health<\/code><\/li>\n<li>The CLI starts auth with <code>\/wp-json\/acrossai-mcp-manager\/v1\/auth\/start<\/code><\/li>\n<li>WordPress returns an <code>auth_code<\/code> and frontend <code>auth_url<\/code><\/li>\n<li>The CLI opens the frontend approval page at <code>\/acrossai-mcp-manager\/<\/code><\/li>\n<li>If needed, the user signs in through normal WordPress login<\/li>\n<li>The signed-in user approves access in the browser<\/li>\n<li>The CLI polls <code>\/auth\/status<\/code> until the request is approved<\/li>\n<li>The CLI fetches the approved user's accessible servers from <code>\/servers<\/code><\/li>\n<li>The CLI exchanges the approved code at <code>\/auth\/exchange<\/code><\/li>\n<li>WordPress creates a one-time Application Password and the CLI writes the MCP client config<\/li>\n<\/ol>\n\n<p>Terminology:<\/p>\n\n<ul>\n<li><strong>Sign in \/ Log in<\/strong> = WordPress account authentication<\/li>\n<li><strong>Connect<\/strong> = starting the CLI-to-site linking flow<\/li>\n<li><strong>Authorize \/ Approve access<\/strong> = granting the CLI permission in the browser<\/li>\n<\/ul>\n\n<p>Important notes:<\/p>\n\n<ul>\n<li>The frontend authorization page must never be cached<\/li>\n<li>Auth codes are single-use<\/li>\n<li><code>\/servers<\/code> and <code>\/auth\/exchange<\/code> respect per-server access control<\/li>\n<li>User-facing copy should say <strong>CLI Connections<\/strong> rather than <strong>npm Login<\/strong><\/li>\n<li>Generated remote MCP configs use Application Passwords and explicitly disable OAuth discovery in <code>@automattic\/mcp-wordpress-remote<\/code><\/li>\n<\/ul>\n\n<h4>Experimental Direct Claude Connectors<\/h4>\n\n<p>An optional <strong>Claude Connectors Screen (Experimental)<\/strong> setting can enable a direct OAuth flow for Claude's hosted connectors.<\/p>\n\n<p>When the global feature toggle is enabled and a specific server is configured in its <strong>Claude Connector<\/strong> tab, the plugin exposes:<\/p>\n\n<ul>\n<li><code>\/.well-known\/oauth-authorization-server<\/code><\/li>\n<li><code>\/.well-known\/oauth-protected-resource?resource=&lt;mcp-url&gt;<\/code><\/li>\n<li><code>\/acrossai-mcp-connectors\/oauth\/authorize\/<\/code><\/li>\n<li><code>\/wp-json\/acrossai-mcp-manager\/v1\/connector\/oauth\/token<\/code><\/li>\n<\/ul>\n\n<p>Important notes:<\/p>\n\n<ul>\n<li>Disabled by default<\/li>\n<li>The Application Password flow remains available and supported<\/li>\n<li>The master experimental toggle is global, but OAuth client settings are stored per server<\/li>\n<li>Direct connector approval signs Claude in as a WordPress user<\/li>\n<li>Per-server Access Control still applies to every MCP request after OAuth<\/li>\n<li>Public HTTPS is recommended for hosted connector usage<\/li>\n<\/ul>\n\n<h4>Provider Configuration Paths<\/h4>\n\n<ul>\n<li><strong>VS Code<\/strong>: ~\/.config\/Code\/User\/globalStorage\/Copilot.copilot-chat\/mcp.json (top-level key: \"servers\")<\/li>\n<li><strong>Claude<\/strong>: ~\/Library\/Application Support\/Claude\/claude_desktop_config.json (top-level key: \"mcpServers\")<\/li>\n<li><strong>GitHub Copilot<\/strong>: ~\/.gh-copilot\/config.json (top-level key: \"servers\")<\/li>\n<li><strong>OpenAI ChatGPT<\/strong>: ~\/.config\/chatgpt\/config.json (top-level key: \"servers\")<\/li>\n<li><strong>Custom<\/strong>: .\/your-project\/.mcp\/config.json (top-level key: configurable)<\/li>\n<\/ul>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 5.9 or higher<\/li>\n<li>PHP 7.4 or higher<\/li>\n<li>WordPress Application Passwords support (built-in since WP 5.6)<\/li>\n<\/ul>\n\n<h3>Support &amp; Contribution<\/h3>\n\n<p>For issues, feature requests, or contributions, visit the plugin repository.<\/p>\n\n<p>Questions? Check the FAQ section or look for documentation in the plugin settings page.<\/p>\n\n<h3>Development<\/h3>\n\n<p>This plugin follows WordPress coding standards and best practices:\n- PHP 7.4+ compatible\n- Full object-oriented architecture\n- Secure nonce verification\n- Proper capability checks\n- Sanitized input validation\n- Escaped output<\/p>\n\n<h3>License<\/h3>\n\n<p>This plugin is licensed under the GPL-2.0-or-later license. See LICENSE file for details.<\/p>\n\n<h3>Credits<\/h3>\n\n<p>MCP Manager is built with:\n- WordPress native APIs\n- Automattic's MCP WordPress Remote package\n- WordPress Application Passwords system<\/p>\n\n<p>Developed with \u2764\ufe0f for the WordPress community.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin directory to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Navigate to Settings \u2192 MCP Manager to configure<\/li>\n<\/ol>\n\n<p>Or:<\/p>\n\n<ol>\n<li>Go to Admin \u2192 Plugins \u2192 Add New<\/li>\n<li>Search for \"MCP Manager\"<\/li>\n<li>Click \"Install Now\" then \"Activate\"<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"is%20my%20password%20secure%3F\"><h3>Is my password secure?<\/h3><\/dt>\n<dd><p>Yes! MCP Manager uses WordPress's native Application Passwords system. Each password is:\n- Generated using WordPress's secure methods\n- Associated with your user account\n- Visible in your profile for management\n- Revocable at any time<\/p><\/dd>\n<dt id=\"can%20i%20use%20this%20with%20multiple%20mcp%20clients%3F\"><h3>Can I use this with multiple MCP clients?<\/h3><\/dt>\n<dd><p>Yes! You can generate separate passwords for each client (VS Code, Claude, GitHub Copilot, ChatGPT, and any custom client).<\/p><\/dd>\n<dt id=\"where%20are%20my%20application%20passwords%20saved%3F\"><h3>Where are my application passwords saved?<\/h3><\/dt>\n<dd><p>All application passwords are managed through WordPress's native Application Passwords system. View and manage them at:\nUser Profile \u2192 Account Management \u2192 Application Passwords<\/p><\/dd>\n<dt id=\"what%20mcp%20clients%20are%20supported%3F\"><h3>What MCP clients are supported?<\/h3><\/dt>\n<dd><ul>\n<li>Visual Studio Code (with Copilot)<\/li>\n<li>Anthropic Claude Desktop App<\/li>\n<li>GitHub Copilot<\/li>\n<li>OpenAI ChatGPT Codex<\/li>\n<li>Any custom MCP client supporting the standard format<\/li>\n<\/ul><\/dd>\n<dt id=\"can%20i%20revoke%20a%20password%3F\"><h3>Can I revoke a password?<\/h3><\/dt>\n<dd><p>Yes! You can revoke any application password from your profile page under Account Management \u2192 Application Passwords.<\/p><\/dd>\n<dt id=\"is%20this%20compatible%20with%20multisite%3F\"><h3>Is this compatible with multisite?<\/h3><\/dt>\n<dd><p>Yes! MCP Manager works with WordPress multisite installations. Each site can be configured independently.<\/p><\/dd>\n<dt id=\"do%20i%20need%20to%20install%20additional%20software%3F\"><h3>Do I need to install additional software?<\/h3><\/dt>\n<dd><p>No additional software is needed on the WordPress side. Your MCP clients (VS Code extension, Claude app, etc.) handle the integration.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.0.9<\/h4>\n\n<ul>\n<li><strong>Fix: Claude Code MCP Clients tab now shows a JSON config block instead of a <code>claude mcp add<\/code> shell command.<\/strong> The <code>~\/.claude.json<\/code> config file path is displayed correctly (was incorrectly listed as <code>~\/.claude\/mcp_servers.json<\/code>), the snippet renders as a copy-pasteable <code>mcpServers<\/code> block with <code>command<\/code>\/<code>args<\/code>\/<code>env<\/code>, and the env now pins <code>OAUTH_ENABLED: \"false\"<\/code> alongside <code>WP_API_URL<\/code> \/ <code>WP_API_USERNAME<\/code> \/ <code>WP_API_PASSWORD<\/code> to keep the <code>@automattic\/mcp-wordpress-remote<\/code> client from falling into an OAuth branch it can't complete against an Application Password server. Instructions on the tab updated to match (\"paste under the top-level key\" \u2014 no more <code>claude mcp add-json<\/code>).<\/li>\n<li><strong>Internal: <code>ACROSSAI_MCP_MANAGER_VERSION<\/code> constant now tracks the plugin header.<\/strong> It had drifted at <code>0.0.6<\/code> across the 0.0.7 and 0.0.8 releases; this release resyncs it to <code>0.0.9<\/code>. Consumers reading the constant to key cache entries or telemetry will see a version bump even though there are no functional changes since 0.0.8 beyond the Claude Code tab fix above.<\/li>\n<li><strong>Tests: repair 14 stale JSON fixtures.<\/strong> The <code>ConcreteClientsTest<\/code> golden fixtures for <code>claude-desktop<\/code>, <code>vscode<\/code>, <code>github-copilot<\/code>, <code>codex<\/code>, <code>cursor<\/code>, and <code>custom<\/code> were missing the <code>WP_API_USERNAME<\/code> env field that all 6 clients have emitted since Feature 004. Adding the field brings fixtures back in sync with the code \u2014 49\/49 tests now pass (was 35\/49).<\/li>\n<\/ul>\n\n<h4>0.0.8<\/h4>\n\n<ul>\n<li>Dependencies: bump <code>acrossai-co\/main-menu<\/code> to <code>0.0.11<\/code>.<\/li>\n<\/ul>\n\n<h4>0.0.7<\/h4>\n\n<ul>\n<li>Docs: rewrite README.txt from the canonical baseline (proper Description, FAQ, Screenshots, install steps).<\/li>\n<li>Docs: fix wp.org import warnings \u2014 real Contributors (<code>raftaar1191<\/code>), plugin-relevant Tags (<code>mcp, ai, copilot, vscode, claude<\/code>), and a Short Description tagline.<\/li>\n<li>Header: refresh plugin header \u2014 Plugin URI <code>https:\/\/acrossai.co\/<\/code>, Author <code>raftaar1191<\/code>, wp.org profile Author URI, License normalized to <code>GPL-2.0-or-later<\/code>.<\/li>\n<li>Build: expand <code>.distignore<\/code> to exclude tooling \/ config \/ docs \/ tests \/ editor dirs from the wp.org build. <code>.gitignore<\/code> cleaned up.<\/li>\n<li>CI: add GitHub Actions workflows for PHPStan, PHPCompatibility, PHPUnit (mcpclients suite), PHPCS, build-zip, and wp.org deploy.<\/li>\n<li>Requirements: bump minimums to WordPress 7.0 \/ PHP 8.1.<\/li>\n<\/ul>\n\n<h4>0.0.6<\/h4>\n\n<ul>\n<li>Migrated the four internal DB modules (MCP Servers, CLI Auth Log, OAuth Tokens, OAuth Audit) to BerlinDB Core 3.0. Fresh installs create tables with BerlinDB-derived schemas; the phantom-version guard on every Table subclass silently self-heals a stamped-but-missing table on the next activation. This release ships to zero live installs \u2014 no data migration path is provided; sites with pre-migration schema must be recreated from scratch.<\/li>\n<li>Added an \"MCP\" tab to the shared AcrossAI Settings page (?page=acrossai-settings) with three operator toggles: enable CLI connections (acrossai_mcp_npm_login_enabled), enable direct Claude Connectors mode (acrossai_mcp_claude_connectors_enabled), and Delete all data on uninstall (acrossai_mcp_uninstall_delete_data). Sibling to acrossai-abilities-manager's Abilities tab.<\/li>\n<li>BEHAVIOR CHANGE: uninstall.php now preserves ALL plugin data by default. The pre-Feature-012 build dropped acrossai_mcp_oauth_tokens + acrossai_mcp_oauth_audit unconditionally; this build preserves every wp_acrossai_mcp_* table and every acrossai_mcp_* option unless the operator explicitly ticks the \"Delete all data on uninstall\" checkbox on the MCP settings tab and saves. Sites that expected the pre-Feature-012 OAuth-table wipe on uninstall must tick the new checkbox before uninstall.<\/li>\n<li>Removed the standalone \"CLI Auth Log\" admin submenu at ?page=acrossai_mcp_manager_cli_auth_log. The underlying wp_acrossai_mcp_cli_auth_logs table + Query\/Row classes remain \u2014 they continue to power the OAuth authentication flow. Auth-log inspection is now available via WP-CLI (wp db query \"SELECT ... FROM wp_acrossai_mcp_cli_auth_logs\"); the standalone submenu was redundant post-Feature-011.<\/li>\n<li>Refactored the per-server-edit page (?page=acrossai_mcp_manager&amp;action=edit) into a per-tab class hierarchy under admin\/Partials\/ServerTabs\/. Ported 7 additional tabs from the reference plugin (Overview, npm, MCP Clients, WP-CLI, Tools, Abilities, MCP Tracker) plus 2 database-registered-only tabs (Update Server, Danger Zone). The full 11-tab UI is now available for database-registered servers; plugin-registered servers see 9 tabs.<\/li>\n<li>NEW: Public Renderer layer under public\/Renderers\/ exposes 3 client-configuration blocks (npm, MCP Clients, Claude Connector) as a reusable API so third-party plugins (BuddyBoss, WooCommerce, other AcrossAI-family plugins) can embed the same UI on their own admin or frontend surfaces with zero code duplication. Public API surface: static Renderer::render() method + acrossai_mcp_render_client_block action hook + acrossai_mcp_client_block_context filter + acrossai_mcp_client_classes filter + shortcodes ([acrossai_mcp_npm_block], [acrossai_mcp_clients_block], [acrossai_mcp_claude_connector_block]) + REST endpoint (\/wp-json\/acrossai-mcp-manager\/v1\/generate-app-password) with defense-in-depth Application Password lockdown to get_current_user_id(). API is @experimental May change without notice before 1.0.0 (per DEC-CLIENT-RENDERER-PUBLIC-API). Restored CliAuthLogListTable + added ConnectorAuditLogListTable as per-server tab inspectors under DEC-ADMIN-SURFACE-PRUNE-CLI-AUTH-LOG's blessed reintroduction path. See docs\/integrations\/buddyboss-example.md and docs\/integrations\/woocommerce-example.md for third-party integrator onboarding.<\/li>\n<li>Adopted wpboilerplate\/wpb-access-control v2 with per-server access rules, MCP-boundary enforcement via the mcp_adapter_pre_tool_call filter shipped by wordpress\/mcp-adapter, and a shared Renderer block (AccessControlBlock) that third-party plugins can embed on their own admin surfaces. Fixes 3 fatal v1-API call sites (AccessControlTab.php, CliController.php \/servers route, Main.php TODO block). Activator now creates the {prefix}mcp_manager_access_control table; uninstall opt-in gate purges the namespace + drops the table + deletes the version option. Two observability action hooks let operators log denials via any listener: <code>acrossai_mcp_access_control_denied<\/code> fires immediately before returning WP_Error \/ empty server list on deny (args: user_id, server_slug, tool_name-or-null, context_slug where context_slug is <code>'cli_servers'<\/code> at CliController or <code>'mcp_tool_call'<\/code> at MCP boundary); <code>acrossai_mcp_access_control_missing_server<\/code> fires when a server was DELETEd mid-flight (args: server_slug, tool_name, user_id). Minimal listener example: <code>add_action('acrossai_mcp_access_control_denied', function($u,$s,$t,$c){ error_log(\"[AC deny] user=$u server=$s tool=$t via=$c\"); }, 10, 4);<\/code>. See DEC-ACCESS-CONTROL-V2-ADOPTION + D18 + D19 for the wrapper pattern, canonical MCP-boundary hook, and fail-open observability pattern.<\/li>\n<\/ul>\n\n<h4>0.0.5<\/h4>\n\n<ul>\n<li>Changed: access-control admin UI now loads assets from the wpb-access-control vendor package's own compiled React bundle; removed plugin-bundled copies at assets\/access-control\/<\/li>\n<li>Changed: replace AccessControlUI AJAX bootstrap with REST API registration via AccessControlManager::register_rest_api(); rules are now served and saved via dedicated REST endpoints<\/li>\n<li>Changed: access-control tab renders a React component hydrated by the vendor webpack bundle instead of legacy plain-JS markup<\/li>\n<li>Added: graceful degradation notice when vendor assets are unavailable \u2014 enforcement remains active<\/li>\n<li>Updated: wpb-access-control to v1.0.0 (stable baseline); automattic\/jetpack-autoloader to latest minor<\/li>\n<\/ul>\n\n<h4>0.0.4<\/h4>\n\n<ul>\n<li>Improved: bundle access-control UI assets (CSS + JS) directly in the plugin at assets\/access-control\/ so the admin panel works regardless of whether the wpb-access-control vendor package ships them<\/li>\n<\/ul>\n\n<h4>0.0.3<\/h4>\n\n<ul>\n<li>Dependencies: update wpb-access-control to BerlinDB-backed version; add berlindb\/core; update bshaffer\/oauth2-server-httpfoundation-bridge and symfony\/deprecation-contracts<\/li>\n<li>Fixed: remove removed AccessControlTable references; fixes fatal error on plugin activation<\/li>\n<li>Fixed: access-control table is now auto-bootstrapped by RuleQuery \u2014 no manual maybe_create_table() needed<\/li>\n<li>Fixed: remove dead save_access_control POST handler; access-control saves now handled by library AJAX<\/li>\n<li>Fixed: update v1.5.0 legacy migration to use RuleQuery::set_rule() instead of removed AccessControlTable::update()<\/li>\n<\/ul>\n\n<h4>0.0.2<\/h4>\n\n<ul>\n<li>Security: sanitize and validate all $_GET\/$_POST inputs with sanitize_key(), sanitize_text_field(), absint(), and wp_unslash()<\/li>\n<li>Paths: replace hardcoded ABSPATH with get_home_path() for correct subdirectory-install support<\/li>\n<li>Enqueue: remove all inline \/ blocks; move to external CSS\/JS files loaded via wp_enqueue_style() and wp_enqueue_script()<\/li>\n<\/ul>\n\n<h4>0.0.1<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Support for VS Code, Claude, GitHub Copilot, ChatGPT Codex, and custom clients<\/li>\n<li>Format #1 (Automattic-recommended) MCP configuration<\/li>\n<li>Native WordPress Application Passwords integration<\/li>\n<li>Dynamic configuration generation per provider<\/li>\n<li>Full REST API support<\/li>\n<li>Admin UI with client tabs<\/li>\n<li>Copy-to-clipboard functionality<\/li>\n<\/ul>","raw_excerpt":"Connect WordPress to MCP clients like VS Code, Claude, and Copilot using secure application passwords.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/300297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=300297"}],"author":[{"embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/raftaar1191"}],"wp:attachment":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=300297"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=300297"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=300297"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=300297"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=300297"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=300297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}