# MainWP MCP

> MainWP MCP Server manages entire WordPress networks through a single AI interface. It lets your agent list all connected child sites, query pending updates for core, plugins, and themes across the whole network, and run security scans to check for known vulnerabilities or malware. You can also trigger global synchronization or upgrade resources programmatically.

## Overview
- **Category:** cloud-infrastructure
- **Price:** Free
- **Tags:** wordpress-management, site-monitoring, vulnerability-scanning, plugin-management, network-administration

## Description

You're trying to juggle a dozen client sites—core updates, plugins, security patches—and you don't wanna log into twenty different dashboards just to check on 'em. This server lets your agent treat your whole MainWP network like it’s one single machine. It handles the deep maintenance operations across all connected child sites so you can stop wasting time hopping between logins.

The system starts by listing every site in your portfolio using `list_child_sites`, giving you a complete rundown of every child site linked to your account. Need an inventory? You can check what's running on any single spot with `list_site_plugins`, which displays all the plugins installed at that specific WordPress location.

When it comes to keeping things updated, this thing is clutch. Your agent first runs `get_pending_updates_count` to give you a fast tally of how many total updates—across core, plugins, and themes—are waiting across your entire network. If you need the full skinny, `list_available_updates` shows a detailed list of every single pending upgrade for the whole setup. Once you decide what needs fixing, you can execute specific resource upgrades using `upgrade_site_resource`, pointing it right at a theme or plugin and getting that patch applied programmatically.

Security's another major headache, so we got coverage there. You don’t have to run checks manually; the server handles it for your agent. If you suspect trouble, running `scan_network_malware` starts an immediate malware sweep across every connected site. For a deeper dive into potential weaknesses, `scan_network_vulnerabilities` runs a deep assessment on all sites, checking for known security flaws. You'll know exactly what the risk is without needing to babysit half-dozen different admin panels.

And when things get messy—when data might be out of sync across your clients—you can force it straight with `sync_child_sites`. This triggers a network synchronization, pulling the absolute newest data from every managed site simultaneously. It's how you ensure everyone’s running on the same page. Basically, whether you need to list the sites, count updates, run malware scans, check for vulnerabilities, sync everything up, or upgrade a specific piece of software, this server makes your agent do it all without sweat.

## Tools

### scan_network_malware
Starts an immediate malware scan across the entire connected network of sites.

### scan_network_vulnerabilities
Runs a deep vulnerability assessment on all sites for known security flaws.

### list_site_plugins
Displays all plugins installed on a single, specified WordPress site.

### list_child_sites
Retrieves a complete list of every child site linked to your MainWP account.

### sync_child_sites
Triggers a network synchronization to pull the newest data from every managed site.

### get_pending_updates_count
Checks how many total updates are waiting across your connected sites.

### list_available_updates
Shows a detailed list of pending core, plugin, and theme upgrades for the network.

### upgrade_site_resource
Executes an upgrade for a specific plugin or theme when you provide its details.

## Prompt Examples

**Prompt:** 
```
List all connected child sites in MainWP.
```

**Response:** 
```
I've retrieved your sites. You have 12 active child sites, including 'Corporate Blog', 'Client E-shop', and 'Portfolio Site'. Would you like to check for pending updates?
```

**Prompt:** 
```
How many pending updates are available across my network?
```

**Response:** 
```
There are currently 45 updates available: 2 for WordPress core, 35 for plugins, and 8 for themes across your entire network.
```

**Prompt:** 
```
Run a vulnerability scan across all sites.
```

**Response:** 
```
I've initiated the network-wide vulnerability scan. MainWP is now checking for known issues in your plugins and themes. I will notify you once the process is complete.
```

## Capabilities

### List all sites
The agent lists every child site connected to your MainWP Dashboard.

### Check update status
You can get a quick count or a full list of pending updates for core, plugins, and themes across the network.

### Scan security issues
The server runs comprehensive malware or vulnerability scans across all connected sites.

### Synchronize data
An agent can force a global sync, fetching the absolute latest data from every child site simultaneously.

### Audit site contents
The tool lists all plugins and themes installed on any single site you specify.

### Upgrade resources
You can execute resource upgrades for specific themes or plugins programmatically.

## Use Cases

### Pre-Deployment Security Check
A client is launching a new e-commerce feature across five sites. Before giving the green light, the admin runs `scan_network_vulnerabilities` and `scan_network_malware`. The agent flags three critical issues—two outdated plugins and one theme with known CVEs. This allows the team to patch everything before launch.

### Mass Update Management
A core WordPress update drops, affecting 30 client sites simultaneously. Instead of logging in 30 times, the admin runs `list_available_updates` and then uses `get_pending_updates_count` to confirm the scope. Finally, they trigger a global upgrade plan via `upgrade_site_resource`.

### Client Inventory Audit
A client suspects their site is running old code. The administrator uses `list_child_sites` to find the right site and then runs `list_site_plugins`. This instantly gives them a full, clean list of every plugin installed for review.

### System Data Refresh
After several hours of manual backend work on multiple sites, the admin needs to ensure the central dashboard has the current data. They simply execute `sync_child_sites` and are guaranteed they're working with real-time information.

## Benefits

- **Network Visibility:** Use `list_child_sites` to see every site you manage in one command. You don't have to manually open a dozen dashboards just to know what's connected.
- **Proactive Security:** Instead of waiting for something bad to happen, run `scan_network_vulnerabilities`. This gives you proactive data on known flaws before an attacker finds them.
- **Update Triage:** Need to know the scope of work? Running `get_pending_updates_count` tells you the total number of patches needed across your entire network in seconds.
- **Deep Auditing:** If a client asks, 'What plugins are running?', use `list_site_plugins`. It gives you an instant inventory for any single site without manual database queries.
- **Reliable Deployment:** When it's time to make changes, the combination of `sync_child_sites` and then executing updates keeps your entire network consistent and up-to-date.
- **Resource Control:** The `upgrade_site_resource` tool lets you fix a specific component (like an outdated theme) without affecting other parts of the site.

## How It Works

The bottom line is: it lets you control complex, multi-site WordPress infrastructure using simple chat commands instead of multiple web logins and API endpoints.

1. First, subscribe to the MainWP server and provide your Dashboard URL and API Bearer Token.
2. Next, confirm 'Pretty Permalinks' are enabled in your WordPress dashboard settings.
3. Finally, tell your AI client what you need—like 'Check for pending updates on my network,' or 'Run a vulnerability scan.' The agent executes the necessary tool calls.

## Frequently Asked Questions

**How do I start managing my sites using MainWP MCP Server?**
You gotta subscribe to the server and pass it your MainWP Dashboard URL along with the API Bearer Token. After that, you're good to go.

**Does `scan_network_vulnerabilities` check for malware too?**
Nah, they’re separate tools. If you want a deep security sweep, use `scan_network_malware`. For known coding flaws and CVEs, run `scan_network_vulnerabilities`.

**What's the difference between updating plugins and using `upgrade_site_resource`?**
`list_available_updates` shows you what needs upgrading. You use `upgrade_site_resource` when your agent actually executes that specific plugin or theme update on a site.

**If I modify a site manually, do I need to run `sync_child_sites`?**
Yeah, for sure. If you make changes outside the system (like an admin manual edit), running `sync_child_sites` ensures your agent reads the absolute latest data.

**Can I list plugins on just one site using MainWP MCP Server?**
Yes. Just ask for a plugin audit and specify which child site you want to check. The `list_site_plugins` tool handles that specific inventory task.

**If my MainWP API token is expired or invalid, what error does `list_child_sites` return?**
It returns a standard HTTP 401 Unauthorized error. Your agent must handle these status codes before attempting any read or write operations like listing sites or checking updates.

**How fast is the response time for `get_pending_updates_count` across very large networks?**
It calculates and returns a single numerical count quickly. The function aggregates counts efficiently, meaning performance scales well even with hundreds of connected child sites.

**When using `list_available_updates`, can I filter results to look only at core updates?**
The tool lists all three types: core, plugin, and theme. You must write logic to parse the returned JSON object structure and isolate the specific category of update you want.

**Why is the API returning a 404 error?**
You must enable 'Pretty Permalinks' in your WordPress Dashboard (Settings > Permalinks). The REST API will not function with the 'Plain' setting.

**How do I find my API Token?**
In your MainWP Dashboard, navigate to Settings > REST API and create a new API Key with 'Write' permissions. Your token is encrypted at rest and injected securely at runtime.

**Can I update plugins across all sites?**
Yes, the `upgrade_site_resource` tool can target specific resources across the entire network by providing the necessary parameters in the JSON body.