Products
Solutions
Pricing
Compare
Resources
Developers
Support
Rate Limit WordPress-native MCP gateway

Rate Limits for WordPress.

LemonX MCP includes configurable rate limiting and optional trusted proxy headers for Cloudflare or reverse-proxy deployments. Limit MCP requests per minute by IP plus token so shared proxies do not throttle unrelated clients.

v0.2.12plugin version shown in the admin header and docs pages
15mstaging TTL for pending write previews
1single endpoint for Claude, Codex and MCP clients
Rate Limits Token-bound user · capabilities · audit context
Rendered for real WordPress use
Operators running MCP on production sites, agency networks or sites behind proxy layers.
Version OK
WordPress scenario

Built for real MCP sessions inside production WordPress.

LemonX MCP is intentionally a thin gateway. It owns protocol transport, bearer-token authentication, tool discovery, resources, staged writes and audit records. Page editing, SEO research and translation actions stay inside the plugins that know those domains.

For this page, the practical goal is simple: Limit MCP requests per minute by IP plus token so shared proxies do not throttle unrelated clients. The operator should be able to understand the value, the safety boundary and the exact WordPress workflow before connecting an AI client.

  • Keep the gateway enabled only when a tokened client should connect.
  • Bind each token to a WordPress user with the least useful permission set.
  • Ask the agent to read site identity before doing site-specific work.
  • Use staged previews for write actions and audit logs for accountability.
Rate Limits Settings → LemonX MCP · v0.2.12 1Endpoint OKAuth MCPTools Rate Limit
Scenario: an AI client talks to WordPress through LemonX MCP instead of unsupported raw REST calls.
How it works

The gateway keeps the AI surface predictable and reviewable.

Every MCP session starts with a client, a token, an endpoint and a clear operating manual. LemonX MCP then routes calls through the registry, permissions, feature gates and staging layer.

POST /wp-json/lemonx-mcp/v1/mcp
01
Open Settings → LemonX MCP and verify the gatewaOpen Settings → LemonX MCP and verify the gateway status for Rate Limits.
02
Generate or select a client token that is bound Generate or select a client token that is bound to the correct WordPress user.
03
Let the MCP client initialize and read the operaLet the MCP client initialize and read the operating manual returned by the gateway.
04
Use tools/list or resources/list to discover theUse tools/list or resources/list to discover the safe surface before calling tools.
05
For write work, review the preview and site idenFor write work, review the preview and site identity before applying a staged change.
06
Use audit logs, stats and reports to verify whatUse audit logs, stats and reports to verify what happened after the client session.
Key features

What this page covers in the MCP product system.

These capabilities map to the real LemonX MCP plugin architecture and admin experience, not a generic AI automation promise.

Per-minute buckets

Per-minute buckets is presented as a concrete LemonX MCP capability for operators running mcp on production sites, agency networks or sites behind proxy layers.

IP plus token scoping

IP plus token scoping is presented as a concrete LemonX MCP capability for operators running mcp on production sites, agency networks or sites behind proxy layers.

Trusted proxy headers

Trusted proxy headers is presented as a concrete LemonX MCP capability for operators running mcp on production sites, agency networks or sites behind proxy layers.

Configurable limits

Configurable limits is presented as a concrete LemonX MCP capability for operators running mcp on production sites, agency networks or sites behind proxy layers.

Plugin data model

Important internal concepts surfaced as product value.

LemonX MCP stores settings, tokens, stats, audit entries and staged payloads in WordPress options and transients. The website page should explain these concepts because they define trust.

lemonx_mcp_settings
ConceptWhat it controlsWhy users care
Rate bucketsclient IP plus token plus minuteMultiple clients behind one proxy do not throttle each other unnecessarily.
Gateway settingsenabled, rate_limit, trust_proxy_headers, cors and disabled_toolsAdmins can turn the surface on, limit clients and hide tools without editing code.
Tokenslabel, hash, user_id, preview, created and last_usedEach MCP client can have its own revocable identity bound to a WordPress user.
Staged payloadstool, payload, preview, user_id and created timeWrite changes wait for confirmation and expire after 15 minutes.
Audit entriestool, write flag, result, source plugin, feature key, site, token and targetTeams can trace what an agent did, where it came from and which site it touched.
Rate Limits Token-bound user · capabilities · audit context
Security language is crawlable text, not hidden inside an image, so both users and AI answer engines can understand the permission model.
Security and AEO readiness

Explain trust clearly for Google, users and AI answer engines.

This page is built with a clear H1, descriptive sections, direct answers, canonical metadata, SoftwareApplication schema, FAQPage schema and BreadcrumbList schema. That helps Google understand the page and gives AI answer engines concise source material to cite.

For MCP, trust language is especially important. The copy should repeatedly clarify that the gateway does not bypass WordPress permissions, write tools are staged, and actions are auditable.

  • Use direct definitions near the top of every page.
  • Keep security claims specific: token binding, capabilities, rate limits, CORS and staging.
  • Use FAQ structured data for answer-engine-friendly summaries.
  • Link related MCP pages so crawlers understand the feature cluster.
Recommended workflow

How teams should use Rate Limits in practice.

Start from the admin screen, verify site identity, expose only the tools that are needed, and use the preview workflow for anything that could change content. This is the difference between an unsafe browser agent and a controlled WordPress MCP gateway.

  • Generate a separate token for each client and site.
  • Ask the agent to call initialize and read the returned operating manual.
  • Use resources/list or discovery tools before making assumptions about content.
  • Apply changes only after reviewing the staging preview and target site context.
Rate Limits Request Gateway Result JSON-RPC Auth + tool MCP response v0.2.12
Recommended workflow: discover, verify, preview, approve, apply and audit.
FAQ

Common questions about Rate Limits.

What is Rate Limits?
Rate Limits is part of LemonX MCP 0.2.12. It helps WordPress teams limit mcp requests per minute by ip plus token so shared proxies do not throttle unrelated clients.
Does LemonX MCP bypass WordPress permissions?
No. Tokens are bound to WordPress users, requests run as the bound user, and tools still rely on WordPress capabilities plus LemonX Pro feature gates for write-capable actions.
Can write tools change the site immediately?
Write-capable tools use the preview to apply workflow. The first call stages a preview and opaque payload; only apply_change commits the staged change after review.
Which MCP clients can use this?
The gateway is designed for Claude Code, Codex, Claude Desktop through the stdio bridge, and other HTTP or Streamable HTTP MCP clients that can send JSON-RPC requests with bearer authentication.
Is this page useful for SEO and AI search indexing?
Yes. The page uses a clear H1, descriptive sections, crawlable text, canonical metadata, SoftwareApplication schema, FAQPage schema, BreadcrumbList schema and direct answers for AI answer engines.

Connect AI clients to WordPress with a gateway you can audit.

LemonX MCP gives Claude, Codex and other MCP clients one controlled endpoint for WordPress work: token-bound users, tool discovery, resources, staged writes, Pro gates and activity records.

WhatsApp+44 7724 592551