AI Agents Take Direct Action on WordPress.com via Chat - MarTech Cube

WordPress.com flipped the read-only switch on its Model Context Protocol server last October. Eighteen months of building later, the door is finally open all the way.

On March 20, 2026, WordPress.com shipped write capabilities for its MCP integration, giving AI agents including Claude, ChatGPT, and Cursor the ability to create posts, build pages, approve comments, and reorganize categories — all through natural conversation, with explicit human approval at every step. The update adds 19 new operations across six content types. For a platform where 70 million new posts appear every month, the operational scale is considerable.

WordPress.com is built on the open source WordPress software and powers more than 43% of all websites globally, with a roughly 60% share of the content management system market, according to figures presented at Automattic's State of the Word event in December 2025. The MCP server connects that infrastructure to any compatible AI client using the open Model Context Protocol standard — no additional software installation required, OAuth 2.1 handling authentication through the browser.

"WordPress.com is where millions of people build and manage their sites every day, and more and more of them are using AI tools like Claude and even OpenClaw to get work done," said Ronnie Burt, AI Product Lead at WordPress.com. "Now those tools can actually take action — draft a post, build a page, manage comments — directly on your site, through conversation. You stay in control the whole time."

The MCP server has been a gradual build. Read-only access landed in October 2025, letting agents query site content, pull analytics, and check for outdated posts. OAuth 2.1 authentication arrived in January 2026, simplifying the connection flow. An official Claude Connector launched in February, still read-only at that point. March 20's write capabilities are the step the platform has been constructing toward since the start — and the architecture reveals what Automattic believes safe agent-authorized writes actually require.

The authorization model is the part worth studying. Every write operation — create, update, or delete — requires a user_confirmed parameter, and the agent must describe exactly what it plans to do before the user confirms. New posts default to draft status. Editing a published post triggers a warning that changes go live immediately. Deletions of posts, pages, comments, and media move items to the trash, recoverable for 30 days; categories and tags, which WordPress cannot trash, require an additional confirmation that deletion is permanent. Every action is written to the site's Activity Log.

WordPress's role permission system is fully enforced at the MCP layer. An Editor can create and edit posts but cannot change site settings; a Contributor can draft but not publish. Those existing controls carry over to agent operations without configuration. Users can also toggle individual operations on or off per site, site by site, from the MCP dashboard at wordpress.com/me/mcp — nothing is enabled by default.

One technically notable detail: theme awareness. Before creating a page or post, the agent can read the site's design system — colors, fonts, spacing, block patterns — and generate content that inherits those specifications. The output adapts automatically when the theme changes. It's a small thing, but it's the difference between content that looks like it belongs and content that looks pasted in.

The write capabilities are available now on all WordPress.com paid plans. Compatible clients include Claude, ChatGPT, Cursor, and any MCP-enabled tool. The MCP server URL for manual configuration is https://public-api.wordpress.com/wpcom/v2/mcp/v1.

The MCP ecosystem is not standing still. WordPress 7.0 will bring the WP AI Client into core, a step toward native AI capability in the platform itself. For self-hosted WordPress installations, the WordPress MCP Adapter bridges the platform's Abilities system to any MCP-compatible client — the authorization model running on WordPress.com, available to anyone running WordPress. Automattic's other products, including WooCommerce and Beeper, have their own MCP implementations. The pattern — standardized AI agent access to application functionality — is becoming an architectural assumption rather than an experiment.

For builders and investors, the interesting question is not whether agents can now publish on WordPress.com. It's whether this authorization model — explicit per-action confirmation, role enforcement, reversible deletion, complete activity logging — becomes the template that other SaaS platforms replicate when they open write access. Automattic has been building toward this for eighteen months. For every platform that's currently offering read-only AI integrations, the question of what safe write access looks like is no longer hypothetical.