Security
Easy MCP AI is built on WordPress security primitives and follows standard practices for authentication, access control, and data handling. Here is what we do and how to report issues.
Authentication & Access Control
Bearer Token Authentication
API tokens are hashed with SHA-256 before storage. The raw token is shown only once at creation and never stored in plain text.
OAuth 2.1 with PKCE
Full OAuth 2.1 authorization code flow with PKCE (S256), Dynamic Client Registration (RFC 7591), atomic refresh token rotation, and scope-based tool filtering for third-party client access.
Per-Token Tool Permissions
Each API token can be restricted to a specific subset of tools. Tokens cannot call tools outside their allowed set, regardless of the connected AI client.
WordPress Capability Checks
Every tool call verifies the token's associated WordPress user has the required capability for that action (e.g. edit_posts, manage_options).
Token Expiration
Tokens support optional expiration dates. Expired tokens are rejected at the authentication layer before any tool code executes.
Network & Rate Controls
Rate Limiting
Configurable per-token rate limiting (default: 60 requests per minute) with atomic object cache support to prevent abuse under concurrent load.
IP Allowlisting
MCP endpoint access can be restricted to specific IPv4 or IPv6 addresses and CIDR ranges. Requests from unlisted addresses are rejected before authentication.
Audit & Content Safety
Full Audit Log
Every tool call is logged: token identity, tool name, arguments (sensitive values redacted), result status, client IP, and timestamp. Logs are paginated in the WordPress admin.
Force Draft on Create
A server-side setting can force all AI-created posts and pages to save as drafts, giving editors a review step before anything goes live.
Disabled Delete Tools
Any of the 7 delete tools (posts, pages, media, users, etc.) can be globally disabled for all tokens at once from the settings page.
Tool Whitelist Patterns
Glob-pattern based tool filtering (fnmatch()) lets administrators restrict which tools are available site-wide, independent of token-level permissions.
Pre-Release Security Review
Before each release, Easy MCP AI goes through a multi-step security review that combines human analysis with AI-assisted code inspection. This process covers authentication flows, input validation, capability checks, output handling, and known WordPress plugin vulnerability patterns.
The review is not a formal third-party penetration test and does not guarantee the absence of vulnerabilities. It is a reasonable effort to identify and address issues before code reaches production. We publish the plugin on WordPress.org so it is also subject to the WordPress.org plugin review team's guidelines.
Reporting a Vulnerability
If you discover a security issue in Easy MCP AI, please report it through the Patchstack Vulnerability Disclosure Program (VDP). Patchstack coordinates responsible disclosure for WordPress plugins and provides a structured channel for researchers to submit and track reports.
Report via Patchstack VDP →Please do not report security vulnerabilities through public GitHub issues, the WordPress.org support forum, or social media.