Products
Solutions
Pricing
Compare
Resources
Developers
Support
Protocol WordPress-native MCP gateway

MCP Protocol Gateway for WordPress.

Use LemonX MCP as the protocol gateway between AI clients and WordPress. The plugin owns the MCP transport, authentication and registry while business logic stays in LemonX Code, AEO, Verto and future suite plugins. Expose one WordPress endpoint that speaks MCP over JSON-RPC and delegates tools to LemonX plugins.

v0.2.12plugin version shown in the admin header and docs pages
15mstaging TTL for pending write previews
1single endpoint for Claude, Codex and MCP clients
Protocol Gateway Request Gateway Result JSON-RPC Auth + tool MCP response v0.2.12
Rendered for real WordPress use
Teams that need one stable AI-agent entry point instead of many plugin-specific REST routes.
Version OK
WordPress scenario

Built for real MCP sessions inside production WordPress.

LemonX MCP is intentionally a thin gateway. It owns protocol transport, bearer-token authentication, tool discovery, resources, staged writes and audit records. Page editing, SEO research and translation actions stay inside the plugins that know those domains.

For this page, the practical goal is simple: Expose one WordPress endpoint that speaks MCP over JSON-RPC and delegates tools to LemonX plugins. The operator should be able to understand the value, the safety boundary and the exact WordPress workflow before connecting an AI client.

  • Keep the gateway enabled only when a tokened client should connect.
  • Bind each token to a WordPress user with the least useful permission set.
  • Ask the agent to read site identity before doing site-specific work.
  • Use staged previews for write actions and audit logs for accountability.
Protocol Gateway Request Gateway Result JSON-RPC Auth + tool MCP response v0.2.12
Scenario: an AI client talks to WordPress through LemonX MCP instead of unsupported raw REST calls.
How it works

The gateway keeps the AI surface predictable and reviewable.

Every MCP session starts with a client, a token, an endpoint and a clear operating manual. LemonX MCP then routes calls through the registry, permissions, feature gates and staging layer.

POST /wp-json/lemonx-mcp/v1/mcp
01
Open Settings → LemonX MCP and verify the gatewaOpen Settings → LemonX MCP and verify the gateway status for MCP Protocol Gateway.
02
Generate or select a client token that is bound Generate or select a client token that is bound to the correct WordPress user.
03
Let the MCP client initialize and read the operaLet the MCP client initialize and read the operating manual returned by the gateway.
04
Use tools/list or resources/list to discover theUse tools/list or resources/list to discover the safe surface before calling tools.
05
For write work, review the preview and site idenFor write work, review the preview and site identity before applying a staged change.
06
Use audit logs, stats and reports to verify whatUse audit logs, stats and reports to verify what happened after the client session.
Key features

What this page covers in the MCP product system.

These capabilities map to the real LemonX MCP plugin architecture and admin experience, not a generic AI automation promise.

Thin gateway architecture

The MCP plugin owns transport, auth and registry only; feature logic stays in LemonX Code, AEO, Verto and future plugins.

JSON-RPC over Streamable HTTP

Clients send MCP method calls as JSON-RPC messages to a WordPress REST route built for HTTP-native agent workflows.

Plugin-contributed tool registry

Tools are registered by source plugins, which keeps ownership, updates and Pro feature keys clear.

No page/SEO/translation business logic inside the gateway

This separation makes the gateway safer, easier to explain and easier to audit.

Plugin data model

Important internal concepts surfaced as product value.

LemonX MCP stores settings, tokens, stats, audit entries and staged payloads in WordPress options and transients. The website page should explain these concepts because they define trust.

lemonx_mcp_settings
ConceptWhat it controlsWhy users care
Gateway settingsenabled, rate_limit, trust_proxy_headers, cors and disabled_toolsAdmins can turn the surface on, limit clients and hide tools without editing code.
Tokenslabel, hash, user_id, preview, created and last_usedEach MCP client can have its own revocable identity bound to a WordPress user.
Staged payloadstool, payload, preview, user_id and created timeWrite changes wait for confirmation and expire after 15 minutes.
Audit entriestool, write flag, result, source plugin, feature key, site, token and targetTeams can trace what an agent did, where it came from and which site it touched.
Protocol Gateway Token-bound user · capabilities · audit context
Security language is crawlable text, not hidden inside an image, so both users and AI answer engines can understand the permission model.
Security and AEO readiness

Explain trust clearly for Google, users and AI answer engines.

This page is built with a clear H1, descriptive sections, direct answers, canonical metadata, SoftwareApplication schema, FAQPage schema and BreadcrumbList schema. That helps Google understand the page and gives AI answer engines concise source material to cite.

For MCP, trust language is especially important. The copy should repeatedly clarify that the gateway does not bypass WordPress permissions, write tools are staged, and actions are auditable.

  • Use direct definitions near the top of every page.
  • Keep security claims specific: token binding, capabilities, rate limits, CORS and staging.
  • Use FAQ structured data for answer-engine-friendly summaries.
  • Link related MCP pages so crawlers understand the feature cluster.
Recommended workflow

How teams should use Protocol Gateway in practice.

Start from the admin screen, verify site identity, expose only the tools that are needed, and use the preview workflow for anything that could change content. This is the difference between an unsafe browser agent and a controlled WordPress MCP gateway.

  • Generate a separate token for each client and site.
  • Ask the agent to call initialize and read the returned operating manual.
  • Use resources/list or discovery tools before making assumptions about content.
  • Apply changes only after reviewing the staging preview and target site context.
Protocol Gateway Request Gateway Result JSON-RPC Auth + tool MCP response v0.2.12
Recommended workflow: discover, verify, preview, approve, apply and audit.
FAQ

Common questions about MCP Protocol Gateway.

What is MCP Protocol Gateway?
MCP Protocol Gateway is part of LemonX MCP 0.2.12. It helps WordPress teams expose one wordpress endpoint that speaks mcp over json-rpc and delegates tools to lemonx plugins.
Does LemonX MCP bypass WordPress permissions?
No. Tokens are bound to WordPress users, requests run as the bound user, and tools still rely on WordPress capabilities plus LemonX Pro feature gates for write-capable actions.
Can write tools change the site immediately?
Write-capable tools use the preview to apply workflow. The first call stages a preview and opaque payload; only apply_change commits the staged change after review.
Which MCP clients can use this?
The gateway is designed for Claude Code, Codex, Claude Desktop through the stdio bridge, and other HTTP or Streamable HTTP MCP clients that can send JSON-RPC requests with bearer authentication.
Is this page useful for SEO and AI search indexing?
Yes. The page uses a clear H1, descriptive sections, crawlable text, canonical metadata, SoftwareApplication schema, FAQPage schema, BreadcrumbList schema and direct answers for AI answer engines.

Connect AI clients to WordPress with a gateway you can audit.

LemonX MCP gives Claude, Codex and other MCP clients one controlled endpoint for WordPress work: token-bound users, tool discovery, resources, staged writes, Pro gates and activity records.

WhatsApp+44 7724 592551