Overview

WP Site Audit (wp-site-audit-mcp) is an MCP server that delivers API-based auditing for WordPress sites. It scans core files, plugins, themes, database structures, and server settings to produce detailed reports on potential issues. This enables remote, automated analysis without direct site access requirements beyond standard WP APIs.

Key Capabilities

The server exposes functions for comprehensive WordPress site evaluation, though specific tool names are listed as N/A. Core functions include:

Site health assessment: Verifies WP core version, active plugins/themes for updates and conflicts.
Security scanning: Flags known CVEs in components, weak permissions, and exposed sensitive files.
Performance evaluation: Measures page load times, query efficiency, and caching status.
Configuration review: Checks .htaccess, wp-config.php, and permalinks for errors.

These operate via MCP protocol calls, returning JSON reports with severity levels and remediation steps.

Use Cases

CI/CD Integration: Developers run site audits (health_assessment) in pipelines before deployments to catch issues early.
Agency Monitoring: Manage multiple client sites by scheduling security_scanning to detect vulnerabilities proactively.
Performance Optimization: Use performance_evaluation on live sites to identify slow queries or unoptimized assets.
Compliance Checks: Administrators invoke configuration_review for audits ensuring GDPR or security standard adherence.

Who This Is For

WordPress developers building management tools, digital agencies overseeing client sites, sysadmins handling WP fleets, and security teams focused on CMS vulnerabilities. Suited for those needing API-driven audits over manual logins or dashboard tools.