Skip to content

VIP MCP

VIP MCP is the toolset within Secure MCP for operating the VIP Platform. It gives an AI agent (Claude Desktop, Claude Code, Cursor, Codex, or any other MCP-compatible client) the ability to read and operate on WordPress VIP applications, environments, deployments, domains, backups, and security configurations through the same API that the VIP Dashboard uses. The agent can be directed in natural language to call the platform on the user’s behalf.

VIP MCP does not have its own endpoint. Agents connect to the single Secure MCP endpoint at https://api.wpvip.com/mcp.

VIP MCP tools become available in a session once an Org admin has activated Global MCP for the organization and an Org or App admin has enabled VIP MCP for the application.

Note

VIP MCP operates at the platform layer on applications and environments. The WordPress MCP toolset operates on a WordPress site on content and site-level configuration. Both are exposed through Secure MCP and are enabled independently per application.

VIP MCP toolset

The VIP MCP toolset exposes operation tools gated by the authenticated user’s VIP Dashboard permissions, plus built-in schema utilities and diagnostic prompts. Not every VIP Dashboard capability is exposed through VIP MCP. More capabilities may be added. Tools the user does not have permission to use are not registered for the session or visible to the agent.

Note

Request bodies are capped at 200 KB. Bulk operations that exceed this limit must be split into smaller requests.

Application management

Query and list applications and environments. Retrieve app details, enumerate environments, and look up organization membership.

Environment management

This tool category covers the full lifecycle of a VIP environment:

  • Deployments: View history, start custom deploys, trigger rollbacks.
  • Domains and TLS: Add, remove, and set the primary domain; inspect TLS and DNS status.
  • Logs: Retrieve Runtime Logs and Slow Query Logs.
  • Performance metrics: Query edge, origin, cache, database, and resource metrics.
  • Environment variables: Get, set, and delete custom variables.
  • Security: Manage Basic Authentication, IP Restrictions, User Agent Restrictions, and Defensive Mode.
  • Software versions: Inspect and update PHP, Node.js, and WordPress versions.
  • Database backups: Trigger backups, create downloadable SQL dump copies, generate download URLs.
  • Database access: Enable phpMyAdmin and generate temporary access URLs.
  • Media: Start and monitor media exports and imports.
  • SQL import: Start and monitor SQL database imports.
  • Cache: Purge page cache for specific URLs.
  • WP-CLI: Execute WP-CLI commands on any environment. WP-CLI output does not stream. Long-running commands are not supported.
  • Data sync: Sync data between environments.
  • Environment lifecycle: Create child environments, retire environments.
  • Audit events: Retrieve environment-level Audit Log entries.
  • WordPress sites: List network sites on multisite environments.

Organization management

List organizations, retrieve details, view organization audit events, invite users, and remove users.

User management

Retrieve the current authenticated user’s profile and VIP status.

Permissions and writes

Every tool maps to a VIP Dashboard permission. Tools the authenticated user cannot use are not registered and are not visible to the agent.

Some sensitive write operations require a step-up verification (a browser-based confirmation step) before the action runs. The agent pauses, provides a verification link, and continues once the user completes verification in the browser.

Call log

VIP MCP tool calls are recorded in the MCP Call Log, attributed to the authorizing user and marked with an MCP source indicator. Mutating tool calls also appear in the standard environment Audit Log alongside VIP Dashboard actions. The environment_list_audit_events tool retrieves environment audit entries directly from the agent.

Last updated: July 02, 2026

Relevant to

  • Node.js
  • WordPress