PHPackages thanoseleftherakos/wordpress-boost - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. thanoseleftherakos/wordpress-boost ActiveLibrary[Security](/categories/security) thanoseleftherakos/wordpress-boost ================================== An MCP server that provides AI agents with deep context about WordPress codebases 1.0.0(3mo ago)5212MITPHPPHP ^7.4|^8.0|^8.1|^8.2|^8.3 Since Feb 3Pushed 3mo agoCompare [ Source](https://github.com/thanoseleftherakos/wordpress-boost)[ Packagist](https://packagist.org/packages/thanoseleftherakos/wordpress-boost)[ Docs](https://github.com/thanoseleftherakos/wordpress-boost)[ RSS](/packages/thanoseleftherakos-wordpress-boost/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (8)Used By (0) WordPress Boost =============== [](#wordpress-boost) Boost your WordPress development with AI-powered introspection, security auditing, and intelligent code generation. Inspired by [Laravel Boost](https://laravel.com/docs/12.x/boost). Overview -------- [](#overview) WordPress Boost accelerates AI-assisted development by providing deep context about your WordPress codebase, comprehensive security auditing, test data generation, and curated AI guidelines. Works with any AI agent (Claude Code, Cursor, Windsurf, etc.). - Hooks (actions & filters) and their callbacks - Database schema and queries - Post types, taxonomies, and REST endpoints - Security vulnerabilities and site hardening status - ACF field groups and WooCommerce configuration - Test data generation - And much more... Key Features ------------ [](#key-features) ### ๐Ÿ” Deep WordPress Introspection [](#-deep-wordpress-introspection) 30+ specialized tools to scan hooks, post types, taxonomies, REST endpoints, database schema, and more - giving AI agents the context they need for accurate code generation. ### ๐Ÿ›ก๏ธ Security Auditing [](#๏ธ-security-auditing) Comprehensive security analysis with code vulnerability scanning (SQL injection, XSS, etc.) and site-level audits that check configuration, updates, permissions, and headers - complete with A-F grading. ### ๐Ÿ“ AI Guidelines & Skills [](#-ai-guidelines--skills) Pre-built guidelines and skills installed to your project's `.ai/` directory, teaching AI assistants WordPress best practices for themes, plugins, REST API, Gutenberg, ACF, and WooCommerce. ### ๐Ÿงช Test Data Generation [](#-test-data-generation) Generate realistic test posts, pages, users, taxonomy terms, WooCommerce products, and ACF field data using Faker - perfect for development and testing. ### โšก Development Tools [](#-development-tools) Execute PHP code in WordPress context (wp\_shell), run database queries, search documentation, and read error logs - all accessible to your AI assistant. Installation ------------ [](#installation) ### With Composer (Recommended) [](#with-composer-recommended) ``` cd /path/to/wordpress composer require thanoseleftherakos/wordpress-boost --dev php vendor/bin/wp-boost --init ``` That's it! The `--init` flag creates a `.mcp.json` file and installs AI guidelines and skills to `.ai/` directory. ### CLI Options [](#cli-options) ``` php vendor/bin/wp-boost --init # Full setup: .mcp.json + AI files php vendor/bin/wp-boost --init --no-ai-files # Only create .mcp.json config php vendor/bin/wp-boost --guidelines-only # Install only AI guidelines to .ai/guidelines/ php vendor/bin/wp-boost --skills-only # Install only AI skills to .ai/skills/ php vendor/bin/wp-boost --version # Display version php vendor/bin/wp-boost --help # Show help ``` ### Without Composer [](#without-composer) For WordPress projects that don't use Composer: ``` # Clone to a location outside your WordPress project git clone https://github.com/thanoseleftherakos/wordpress-boost.git ~/wordpress-boost cd ~/wordpress-boost composer install # Initialize in your WordPress project cd /path/to/wordpress php ~/wordpress-boost/bin/wp-boost --init ``` Then edit `.mcp.json` to use the absolute path: ``` { "servers": { "wordpress-boost": { "command": "php", "args": ["/Users/YOUR_USERNAME/wordpress-boost/bin/wp-boost"] } } } ``` Quick Start ----------- [](#quick-start) ### For Cursor / VS Code / Windsurf [](#for-cursor--vs-code--windsurf) These editors auto-detect `.mcp.json` files. After running `--init`, just open your WordPress project and the MCP server will be available automatically. ### For Claude Code [](#for-claude-code) ``` cd /path/to/wordpress claude mcp add wordpress-boost -- php vendor/bin/wp-boost ``` No `--path` needed - WordPress Boost auto-discovers your WordPress installation from the current directory. AI Guidelines & Skills -------------------------- [](#ai-guidelines--skills) WordPress Boost includes curated AI guidelines and skills that help AI assistants write better WordPress code. These are installed to your project's `.ai/` directory. ### Guidelines (`.ai/guidelines/`) [](#guidelines-aiguidelines) - `wordpress-core.md` - Core WordPress patterns and best practices - `theme-development.md` - Theme development standards - `plugin-development.md` - Plugin development patterns - `rest-api.md` - REST API development - `gutenberg-blocks.md` - Block editor development - `security.md` - WordPress security practices - `acf.md` - Advanced Custom Fields patterns - `woocommerce.md` - WooCommerce development ### Skills (`.ai/skills/`) [](#skills-aiskills) - `theme-development` - Theme creation and customization - `plugin-development` - Plugin architecture and hooks - `rest-api-development` - Custom REST endpoints - `gutenberg-blocks` - Custom block development - `acf-development` - ACF field groups and usage - `woocommerce-development` - WooCommerce extensions - `wp-cli-commands` - WP-CLI command creation Available Tools --------------- [](#available-tools) ### Site Information [](#site-information) ToolDescription`site_info`WordPress version, PHP version, active theme, plugins, debug settings`list_plugins`All installed plugins with versions and status`list_themes`Available themes with parent/child relationships### Hooks Introspection [](#hooks-introspection) ToolDescription`list_hooks`All registered actions & filters`get_hook_callbacks`Callbacks attached to a hook with priorities`search_hooks`Search hooks by pattern### WordPress Structure [](#wordpress-structure) ToolDescription`list_post_types`Registered post types with configurations`list_taxonomies`Registered taxonomies`list_shortcodes`Registered shortcodes`list_rest_endpoints`WP REST API routes`list_rewrite_rules`URL rewrite rules`list_cron_events`Scheduled WP-Cron tasks`template_hierarchy`Template resolution information### Database Tools [](#database-tools) ToolDescription`database_schema`Table structures (core + plugin tables)`database_query`Execute SELECT queries via $wpdb`get_option`Read wp\_options values`list_options`List available options### Development Context [](#development-context) ToolDescription`search_docs`Search WordPress developer documentation`wp_shell`Execute PHP code in WordPress context`last_error`Read debug.log entries`list_wp_cli_commands`Available WP-CLI commands### URLs & Environment [](#urls--environment) ToolDescription`urls`Get all WordPress URLs (home, site, admin, REST, content, etc.)`environment`Server environment info (PHP, MySQL, extensions, memory limits)### Security Tools [](#security-tools) ToolDescription`site_security_audit`Comprehensive site security audit with scoring (info disclosure, XML-RPC, login security, config, updates, permissions, headers)`security_audit`Scan files/directories for code vulnerabilities (SQL injection, XSS, etc.)`security_check_file`Check a specific file for security issues with line numbers`list_security_functions`List WordPress security functions by category (sanitization, escaping, nonces, etc.)### ACF Integration (when ACF is active) [](#acf-integration-when-acf-is-active) ToolDescription`list_acf_field_groups`All registered field groups`list_acf_fields`Fields within a group`get_acf_schema`Full ACF structure for code generation### WooCommerce Integration (when WooCommerce is active) [](#woocommerce-integration-when-woocommerce-is-active) ToolDescription`woo_info`WooCommerce version and settings`list_product_types`Registered product types`woo_schema`WooCommerce table structures`list_payment_gateways`Payment gateway configurations`list_shipping_methods`Shipping method configurations### Gutenberg Blocks [](#gutenberg-blocks) ToolDescription`list_block_types`Registered block types`list_block_patterns`Registered block patterns`list_block_categories`Block categories### Data Generation (requires fakerphp/faker) [](#data-generation-requires-fakerphpfaker) ToolDescription`create_posts`Generate test posts`create_pages`Generate test pages`create_users`Generate test users`create_terms`Generate taxonomy terms`create_products`Generate WooCommerce products`populate_acf`Populate ACF fields with test dataSecurity -------- [](#security) ### wp\_shell Safety [](#wp_shell-safety) The `wp_shell` tool only works when `WP_DEBUG` is enabled. It also prevents dangerous operations: - No `exec`, `shell_exec`, `system`, or similar functions - No file writing operations - No `eval` or `create_function` ### Database Security [](#database-security) - Only `SELECT` queries are allowed via `database_query` - All queries use `$wpdb->prepare()` internally - Results are limited to prevent memory issues Requirements ------------ [](#requirements) - PHP 7.4 or higher - WordPress 5.0 or higher - Composer (for installation) Optional Dependencies --------------------- [](#optional-dependencies) - `fakerphp/faker` - For data generation tools Development ----------- [](#development) ### Running Tests [](#running-tests) ``` composer test ``` ### Code Style [](#code-style) ``` composer cs-fix ``` How It Works ------------ [](#how-it-works) ``` 1. AI Agent (Claude Code, Cursor, etc.) โ†“ 2. MCP Protocol (JSON-RPC over stdio) โ†“ 3. WordPress Boost Server โ†“ 4. WordPress Bootstrap (wp-load.php) โ†“ 5. WordPress Functions & Data ``` WordPress Boost loads WordPress in CLI mode, giving full access to all WordPress functions, hooks, and data while communicating with AI agents via the MCP protocol. License ------- [](#license) MIT License - see LICENSE file for details. Credits ------- [](#credits) - Built for the [Model Context Protocol](https://modelcontextprotocol.io/) ### Health Score 41 โ€” FairBetter than 89% of packages Maintenance80 Actively maintained with recent releases Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 7 Last Release 104d ago Major Versions 0.2.4 โ†’ 1.0.02026-02-03 ### Community Maintainers ![](https://www.gravatar.com/avatar/4c06367160637204840c5e350966bc82002f60f20f964f9f128560822abc61ca?d=identicon)[thanoseleftherakos](/maintainers/thanoseleftherakos) --- Top Contributors [![thanoseleftherakos](https://avatars.githubusercontent.com/u/3344602?v=4)](https://github.com/thanoseleftherakos "thanoseleftherakos (11 commits)") --- Tags aiclaudecursordeveloper-toolsmcpmodel-context-protocolphpphpstormsecuritywordpresswordpressmcpaidevelopmentwp-cli ### Embed Badge ![Health badge](/badges/thanoseleftherakos-wordpress-boost/health.svg) ``` [![Health](https://phpackages.com/badges/thanoseleftherakos-wordpress-boost/health.svg)](https://phpackages.com/packages/thanoseleftherakos-wordpress-boost) ``` ### Alternatives [wordpress/mcp-adapter Adapter for Abilities API, letting WordPress abilities to be used as MCP tools, resources or prompts 74855.8k1](/packages/wordpress-mcp-adapter)[mikemclin/laravel-wp-password Laravel package that checks and creates WordPress password hashes 863.4M2](/packages/mikemclin-laravel-wp-password)[brain/nonces OOP package for WordPress to deal with nonces. 26227.1k1](/packages/brain-nonces)[symfony/ai-mate AI development assistant MCP server for Symfony projects 1624.9k11](/packages/symfony-ai-mate)[cboxdk/statamic-mcp MCP (Model Context Protocol) server for Statamic CMS v6 โ€” gives AI assistants structured access to content, blueprints, assets, and more. 225.6k](/packages/cboxdk-statamic-mcp) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)