| 开发者 | chagold |
|---|---|
| 更新时间 | 2026年6月29日 03:27 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv3 or later |
| 版权网址: | 版权信息 |
"I want to connect you to my WordPress site at https://mysite.com using GoldT WebMCP Bridge plugin. The manifest is at /wp-json/goldt-webmcp-bridge/v1/manifest. Use OAuth 2.0 with client_id: claude-ai" The AI will guide you through OAuth authorization - you'll approve access in your browser.🤖 Supported AI Agents Pre-registered and ready to connect:
client_id: claude-ai (Anthropic)client_id: chatgpt (OpenAI)client_id: gemini (Google)client_id: grok (xAI)client_id: perplexityclient_id: copilotclient_id: meta-ai (Facebook)client_id: deepseekredirect_uri: urn:ietf:wg:oauth:2.0:oob (out-of-band).
🛠️ Available Tools
translation.translate and translation.getSupportedLanguages tools are added to the manifestWebMCP (Web Model Context Protocol) is a standardized protocol for connecting AI agents to web services. It defines how AI assistants discover, authenticate with, and execute tools on web platforms.
Yes! GoldT WebMCP Bridge works with any AI platform that supports REST APIs. This includes ChatGPT (OpenAI), Claude (Anthropic), Make.com, Zapier, and custom applications.
All API calls require authentication for security:
OAuth 2.0 Authorization: The AI agent operates as the WordPress user who authorized it. When a user approves access through the OAuth consent screen:
No, Redis is optional. The plugin works perfectly with WordPress transients. However, Redis is recommended for high-traffic sites (>1,000 requests/day) as it provides better rate limiting performance.
Yes! GoldT WebMCP Bridge is extensible. Use WordPress hooks to add custom tools:
php
add_action('goldtwmcp_register_modules', function($goldtwmcp_plugin) {
$manifest = $goldtwmcp_plugin->get_manifest_instance();
$manifest->register_tool('mysite.getStats', [...]);
});
Important: Place your custom tools in your theme's functions.php or a separate plugin - they will be preserved during plugin updates.
See the plugin documentation for more details.
Yes! Multiple options: Revoke specific OAuth token:
Common issues:
wp-content/debug.log for details.
$version = '0.4.0' class property to use GOLDTWMCP_VERSION constant.mysql2date() calls with gmdate() in OAuth tokens admin view (deprecated since WordPress 5.3).goldtwmcp — corrected to goldt-webmcp-bridge.echo calls in admin status page wrapped with esc_html().copyCode() JavaScript function was missing. Added with navigator.clipboard API and execCommand fallback.webmcp-master.ai added to the supported platforms list on the /ai-connect/ info page.searchPosts and searchPages now use native WordPress capability filtering (post_status => 'any'): subscribers see only published posts, authors see their own drafts, editors/admins see all. The status parameter has been removed from the tool schema since it is no longer needed.getPost and getPage now enforce current_user_can('read_post') for non-published content, preventing unauthorized access to drafts/private pages by ID.wp plugin check warnings — renamed unprefixed view variables to goldtwmcp_ prefix; wrapped $table in esc_sql() in schema-introspection queries; suppressed false-positive PluginCheck.Security.DirectDB warnings on whitelisted SQL fragments.class-database.php, class-token-registry.php, class-oauth-server.php, and admin-token-registry.php.auth.registered_clients — an object mapping each registered OAuth client_id to its display name, so AI agents can discover which clients this site accepts without an extra round-trip.webmcp-master (WebMCP Master) with full scopes (read, write, delete, manage_users) — seeded on fresh installs and idempotently inserted on upgrade for existing sites.webmcp-master client when missing.{prefix}aiconnect_token_registry) records every issued/refreshed token (only the 16-char prefix is stored, not the full secret), tracking issued_at / expires_at / last_used_at / revoked_at / revoked_by / source / ip_address.GET /wp-json/goldt-mcp/v1/admin/tokens and DELETE /wp-json/goldt-mcp/v1/admin/tokens/{id} (manage_options only).last_used_at and reject tokens revoked in the registry (defense in depth).