The MCP plugin owns transport, auth and registry only; feature logic stays in LemonX Code, AEO, Verto and future plugins.
MCP Protocol Gateway for WordPress.
Use LemonX MCP as the protocol gateway between AI clients and WordPress. The plugin owns the MCP transport, authentication and registry while business logic stays in LemonX Code, AEO, Verto and future suite plugins. Expose one WordPress endpoint that speaks MCP over JSON-RPC and delegates tools to LemonX plugins.
Teams that need one stable AI-agent entry point instead of many plugin-specific REST routes.
Built for real MCP sessions inside production WordPress.
LemonX MCP is intentionally a thin gateway. It owns protocol transport, bearer-token authentication, tool discovery, resources, staged writes and audit records. Page editing, SEO research and translation actions stay inside the plugins that know those domains.
For this page, the practical goal is simple: Expose one WordPress endpoint that speaks MCP over JSON-RPC and delegates tools to LemonX plugins. The operator should be able to understand the value, the safety boundary and the exact WordPress workflow before connecting an AI client.
- Keep the gateway enabled only when a tokened client should connect.
- Bind each token to a WordPress user with the least useful permission set.
- Ask the agent to read site identity before doing site-specific work.
- Use staged previews for write actions and audit logs for accountability.
The gateway keeps the AI surface predictable and reviewable.
Every MCP session starts with a client, a token, an endpoint and a clear operating manual. LemonX MCP then routes calls through the registry, permissions, feature gates and staging layer.
What this page covers in the MCP product system.
These capabilities map to the real LemonX MCP plugin architecture and admin experience, not a generic AI automation promise.
Clients send MCP method calls as JSON-RPC messages to a WordPress REST route built for HTTP-native agent workflows.
Tools are registered by source plugins, which keeps ownership, updates and Pro feature keys clear.
This separation makes the gateway safer, easier to explain and easier to audit.
Important internal concepts surfaced as product value.
LemonX MCP stores settings, tokens, stats, audit entries and staged payloads in WordPress options and transients. The website page should explain these concepts because they define trust.
| Concept | What it controls | Why users care |
|---|---|---|
| Gateway settings | enabled, rate_limit, trust_proxy_headers, cors and disabled_tools | Admins can turn the surface on, limit clients and hide tools without editing code. |
| Tokens | label, hash, user_id, preview, created and last_used | Each MCP client can have its own revocable identity bound to a WordPress user. |
| Staged payloads | tool, payload, preview, user_id and created time | Write changes wait for confirmation and expire after 15 minutes. |
| Audit entries | tool, write flag, result, source plugin, feature key, site, token and target | Teams can trace what an agent did, where it came from and which site it touched. |
Explain trust clearly for Google, users and AI answer engines.
This page is built with a clear H1, descriptive sections, direct answers, canonical metadata, SoftwareApplication schema, FAQPage schema and BreadcrumbList schema. That helps Google understand the page and gives AI answer engines concise source material to cite.
For MCP, trust language is especially important. The copy should repeatedly clarify that the gateway does not bypass WordPress permissions, write tools are staged, and actions are auditable.
- Use direct definitions near the top of every page.
- Keep security claims specific: token binding, capabilities, rate limits, CORS and staging.
- Use FAQ structured data for answer-engine-friendly summaries.
- Link related MCP pages so crawlers understand the feature cluster.
How teams should use Protocol Gateway in practice.
Start from the admin screen, verify site identity, expose only the tools that are needed, and use the preview workflow for anything that could change content. This is the difference between an unsafe browser agent and a controlled WordPress MCP gateway.
- Generate a separate token for each client and site.
- Ask the agent to call initialize and read the returned operating manual.
- Use resources/list or discovery tools before making assumptions about content.
- Apply changes only after reviewing the staging preview and target site context.
Common questions about MCP Protocol Gateway.
What is MCP Protocol Gateway?
Does LemonX MCP bypass WordPress permissions?
Can write tools change the site immediately?
Which MCP clients can use this?
Is this page useful for SEO and AI search indexing?
Connect AI clients to WordPress with a gateway you can audit.
LemonX MCP gives Claude, Codex and other MCP clients one controlled endpoint for WordPress work: token-bound users, tool discovery, resources, staged writes, Pro gates and activity records.