Linux 软件免费装
Banner图

GoldT WebMCP Bridge

开发者 chagold
更新时间 2026年6月29日 03:27
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv3 or later
版权网址: 版权信息

标签

ai rest-api oauth ai-agent webmcp

下载

1.0.0

详情介绍:

GoldT WebMCP Bridge enables AI agents to interact with your WordPress content through secure OAuth 2.0 authentication using the WebMCP protocol. Perfect for AI-powered customer support, automated content analysis, intelligent search, and custom AI integrations. ✨ Features 🎯 Quick Start for AI Users Using ChatGPT or Claude? Tell your AI agent:
"I want to connect you to my WordPress site at https://mysite.com using GoldT WebMCP Bridge plugin. The manifest is at /wp-json/goldt-webmcp-bridge/v1/manifest. Use OAuth 2.0 with client_id: claude-ai" The AI will guide you through OAuth authorization - you'll approve access in your browser.
🤖 Supported AI Agents Pre-registered and ready to connect: All clients use OAuth 2.0 with PKCE and redirect_uri: urn:ietf:wg:oauth:2.0:oob (out-of-band). 🛠️ Available Tools
  1. wordpress.searchPosts - Search posts with filters
  2. wordpress.getPost - Get single post by ID or slug
  3. wordpress.searchPages - Search pages
  4. wordpress.getPage - Get single page by ID or slug
  5. wordpress.getCurrentUser - Get authenticated user info
  6. translation.translate - Translate text via MyMemory API (when Translation Provider = mymemory)
  7. translation.getSupportedLanguages - List supported language codes (when Translation Provider = mymemory)
🔒 How Authentication Works Secure OAuth 2.0 Authentication: Uses the same security standard trusted by Google, Facebook, and GitHub:
  1. AI agent initiates OAuth flow with code challenge (PKCE)
  2. User approves in browser (consent screen)
  3. Agent receives one-time authorization code
  4. Agent exchanges code for access token using code verifier
  5. Agent uses token for API calls
The AI agent operates as the user who authorized: If Administrator authorizes: ⚙️ Admin Settings Configure the plugin at GoldT WebMCP → Settings: Translation Provider: Rate Limiting: 🔐 Admin Controls For Site Administrators: Manage security from the WordPress admin panel: 💬 We Need Your Feedback! Help us build what YOU need: How to provide feedback:

安装:

Automatic Installation
  1. Go to Plugins → Add New in WordPress admin
  2. Search for "GoldT WebMCP Bridge"
  3. Click Install Now and then Activate
Manual Installation
  1. Download the plugin zip file
  2. Go to Plugins → Add New → Upload Plugin
  3. Upload the zip file and click Install Now
  4. Activate the plugin
Note: All required dependencies are included. No manual setup required! Setup No setup required! The plugin works immediately after activation. Optional: Configure rate limits in GoldT WebMCP → Settings For detailed setup and testing examples, see the plugin documentation on GitHub.

屏幕截图:

  • Settings - Security controls, rate limits, user management
  • WebMCP Manifest - Auto-generated tool definitions
  • API Response - Example JSON response from API call

升级注意事项:

0.3.2 Security fix: "Revoke All Tokens" button now works correctly. WordPress.org compliance improvements. Upgrade recommended. 0.3.0 New Translation Provider setting lets you choose between AI self-translate, MyMemory API, or disabled. OAuth client_id is now optional and supports fuzzy matching. 0.2.1 Critical security update: OAuth scope validation now enforced. Users must explicitly approve each permission level. WordPress.org compliance improvements. 0.2.0 Security update: OAuth 2.0 authentication now enabled. See documentation for setup guide.

常见问题:

What is WebMCP?

WebMCP (Web Model Context Protocol) is a standardized protocol for connecting AI agents to web services. It defines how AI assistants discover, authenticate with, and execute tools on web platforms.

Does this work with ChatGPT and Claude?

Yes! GoldT WebMCP Bridge works with any AI platform that supports REST APIs. This includes ChatGPT (OpenAI), Claude (Anthropic), Make.com, Zapier, and custom applications.

Why does reading public content require authentication?

All API calls require authentication for security:

  • Rate Limiting - Prevents spam and abuse
  • Monitoring - Track who uses your API
  • Security - Protects against data scraping and DDoS attacks This is the industry standard (Twitter, GitHub, Google APIs all require auth).
Exception: The manifest endpoint is public (no auth needed).

How does the AI agent authentication work?

OAuth 2.0 Authorization: The AI agent operates as the WordPress user who authorized it. When a user approves access through the OAuth consent screen:

  • The agent receives an access token linked to that user's ID
  • All API requests run with that user's permissions
  • The agent inherits the user's capabilities Security:
  • No passwords are transmitted - only authorization codes
  • PKCE prevents authorization code interception
  • Tokens are time-limited (1 hour) and can be revoked
  • The agent respects WordPress user capabilities

Is Redis required?

No, Redis is optional. The plugin works perfectly with WordPress transients. However, Redis is recommended for high-traffic sites (>1,000 requests/day) as it provides better rate limiting performance.

Can I add custom tools?

Yes! GoldT WebMCP Bridge is extensible. Use WordPress hooks to add custom tools: php add_action('goldtwmcp_register_modules', function($goldtwmcp_plugin) { $manifest = $goldtwmcp_plugin->get_manifest_instance(); $manifest->register_tool('mysite.getStats', [...]); }); Important: Place your custom tools in your theme's functions.php or a separate plugin - they will be preserved during plugin updates. See the plugin documentation for more details.

How long do tokens last?

  • Access Token: 1 hour (3600 seconds)
  • Refresh Token: 30 days (2,592,000 seconds)
Use the refresh token to get a new access token without re-authentication.

Can I revoke access?

Yes! Multiple options: Revoke specific OAuth token:

  • Go to GoldT WebMCP → OAuth Tokens
  • Find the token and click "Revoke" Block specific user:
  • Go to GoldT WebMCP → Settings
  • Enter user ID in "Block User" section
  • User cannot authenticate or use existing tokens

How do I troubleshoot authentication errors?

Common issues:

  • "invalid_client" - Check client_id (use: claude-ai, chatgpt, or gemini)
  • "invalid_grant" - Authorization code expired or already used (codes are one-time, 10 min expiry)
  • "access_denied" - User is blocked (check GoldT WebMCP → Settings → Manage User Access)
  • "Token expired" - Access token expired after 1 hour, use refresh token to get new access token
  • "Rate limit exceeded" - Wait for retry period or increase limits in Settings
Enable WordPress debug mode and check wp-content/debug.log for details.

Where can I get support?

更新日志:

0.5.3 - 2026-06-01 0.5.2 - 2026-06-01 0.5.1 - 2026-06-01 0.4.6 - 2026-05-20 0.4.5 - 2026-05-19 0.4.4 - 2026-05-19 0.4.3 - 2026-05-19 0.4.2 - 2026-05-18 0.4.1 - 2026-05-13 0.4.0 - 2026-05-11 0.3.3 - 2026-05-06 0.3.2 - 2026-04-12 0.3.0 0.2.1 - 2026-03-06 0.2.0 - 2026-02-23 0.1.2 - 2026-02-19 0.1.1 - 2026-02-16 0.1.0 - 2025-02-13