Boost your WordPress development with AI-powered introspection, security auditing, and intelligent code generation.
Inspired by Laravel Boost.
WordPress Boost accelerates AI-assisted development by providing deep context about your WordPress codebase, comprehensive security auditing, test data generation, and curated AI guidelines. Works with any AI agent (Claude Code, Cursor, Windsurf, etc.).
- Hooks (actions & filters) and their callbacks
- Database schema and queries
- Post types, taxonomies, and REST endpoints
- Security vulnerabilities and site hardening status
- ACF field groups and WooCommerce configuration
- Test data generation
- And much more...
30+ specialized tools to scan hooks, post types, taxonomies, REST endpoints, database schema, and more - giving AI agents the context they need for accurate code generation.
Comprehensive security analysis with code vulnerability scanning (SQL injection, XSS, etc.) and site-level audits that check configuration, updates, permissions, and headers - complete with A-F grading.
Pre-built guidelines and skills installed to your project's .ai/ directory, teaching AI assistants WordPress best practices for themes, plugins, REST API, Gutenberg, ACF, and WooCommerce.
Generate realistic test posts, pages, users, taxonomy terms, WooCommerce products, and ACF field data using Faker - perfect for development and testing.
Execute PHP code in WordPress context (wp_shell), run database queries, search documentation, and read error logs - all accessible to your AI assistant.
cd /path/to/wordpress
composer require thanoseleftherakos/wordpress-boost --dev
php vendor/bin/wp-boost --initThat's it! The --init flag creates a .mcp.json file and installs AI guidelines and skills to .ai/ directory.
php vendor/bin/wp-boost --init # Full setup: .mcp.json + AI files
php vendor/bin/wp-boost --init --no-ai-files # Only create .mcp.json config
php vendor/bin/wp-boost --guidelines-only # Install only AI guidelines to .ai/guidelines/
php vendor/bin/wp-boost --skills-only # Install only AI skills to .ai/skills/
php vendor/bin/wp-boost --version # Display version
php vendor/bin/wp-boost --help # Show helpFor WordPress projects that don't use Composer:
# Clone to a location outside your WordPress project
git clone https://github.com/thanoseleftherakos/wordpress-boost.git ~/wordpress-boost
cd ~/wordpress-boost
composer install
# Initialize in your WordPress project
cd /path/to/wordpress
php ~/wordpress-boost/bin/wp-boost --initThen edit .mcp.json to use the absolute path:
{
"servers": {
"wordpress-boost": {
"command": "php",
"args": ["/Users/YOUR_USERNAME/wordpress-boost/bin/wp-boost"]
}
}
}These editors auto-detect .mcp.json files. After running --init, just open your WordPress project and the MCP server will be available automatically.
cd /path/to/wordpress
claude mcp add wordpress-boost -- php vendor/bin/wp-boostNo --path needed - WordPress Boost auto-discovers your WordPress installation from the current directory.
WordPress Boost includes curated AI guidelines and skills that help AI assistants write better WordPress code. These are installed to your project's .ai/ directory.
wordpress-core.md- Core WordPress patterns and best practicestheme-development.md- Theme development standardsplugin-development.md- Plugin development patternsrest-api.md- REST API developmentgutenberg-blocks.md- Block editor developmentsecurity.md- WordPress security practicesacf.md- Advanced Custom Fields patternswoocommerce.md- WooCommerce development
theme-development- Theme creation and customizationplugin-development- Plugin architecture and hooksrest-api-development- Custom REST endpointsgutenberg-blocks- Custom block developmentacf-development- ACF field groups and usagewoocommerce-development- WooCommerce extensionswp-cli-commands- WP-CLI command creation
| Tool | Description |
|---|---|
site_info |
WordPress version, PHP version, active theme, plugins, debug settings |
list_plugins |
All installed plugins with versions and status |
list_themes |
Available themes with parent/child relationships |
| Tool | Description |
|---|---|
list_hooks |
All registered actions & filters |
get_hook_callbacks |
Callbacks attached to a hook with priorities |
search_hooks |
Search hooks by pattern |
| Tool | Description |
|---|---|
list_post_types |
Registered post types with configurations |
list_taxonomies |
Registered taxonomies |
list_shortcodes |
Registered shortcodes |
list_rest_endpoints |
WP REST API routes |
list_rewrite_rules |
URL rewrite rules |
list_cron_events |
Scheduled WP-Cron tasks |
template_hierarchy |
Template resolution information |
| Tool | Description |
|---|---|
database_schema |
Table structures (core + plugin tables) |
database_query |
Execute SELECT queries via $wpdb |
get_option |
Read wp_options values |
list_options |
List available options |
| Tool | Description |
|---|---|
search_docs |
Search WordPress developer documentation |
wp_shell |
Execute PHP code in WordPress context |
last_error |
Read debug.log entries |
list_wp_cli_commands |
Available WP-CLI commands |
| Tool | Description |
|---|---|
urls |
Get all WordPress URLs (home, site, admin, REST, content, etc.) |
environment |
Server environment info (PHP, MySQL, extensions, memory limits) |
| Tool | Description |
|---|---|
site_security_audit |
Comprehensive site security audit with scoring (info disclosure, XML-RPC, login security, config, updates, permissions, headers) |
security_audit |
Scan files/directories for code vulnerabilities (SQL injection, XSS, etc.) |
security_check_file |
Check a specific file for security issues with line numbers |
list_security_functions |
List WordPress security functions by category (sanitization, escaping, nonces, etc.) |
| Tool | Description |
|---|---|
list_acf_field_groups |
All registered field groups |
list_acf_fields |
Fields within a group |
get_acf_schema |
Full ACF structure for code generation |
| Tool | Description |
|---|---|
woo_info |
WooCommerce version and settings |
list_product_types |
Registered product types |
woo_schema |
WooCommerce table structures |
list_payment_gateways |
Payment gateway configurations |
list_shipping_methods |
Shipping method configurations |
| Tool | Description |
|---|---|
list_block_types |
Registered block types |
list_block_patterns |
Registered block patterns |
list_block_categories |
Block categories |
| Tool | Description |
|---|---|
create_posts |
Generate test posts |
create_pages |
Generate test pages |
create_users |
Generate test users |
create_terms |
Generate taxonomy terms |
create_products |
Generate WooCommerce products |
populate_acf |
Populate ACF fields with test data |
The wp_shell tool only works when WP_DEBUG is enabled. It also prevents dangerous operations:
- No
exec,shell_exec,system, or similar functions - No file writing operations
- No
evalorcreate_function
- Only
SELECTqueries are allowed viadatabase_query - All queries use
$wpdb->prepare()internally - Results are limited to prevent memory issues
- PHP 7.4 or higher
- WordPress 5.0 or higher
- Composer (for installation)
fakerphp/faker- For data generation tools
composer testcomposer cs-fix1. AI Agent (Claude Code, Cursor, etc.)
↓
2. MCP Protocol (JSON-RPC over stdio)
↓
3. WordPress Boost Server
↓
4. WordPress Bootstrap (wp-load.php)
↓
5. WordPress Functions & Data
WordPress Boost loads WordPress in CLI mode, giving full access to all WordPress functions, hooks, and data while communicating with AI agents via the MCP protocol.
MIT License - see LICENSE file for details.
- Built for the Model Context Protocol