Kinsta MCP Server

76 tools. 40 can modify or destroy data without limits.

9 destructive tools with no built-in limits. Policy required.

Last updated:

40 can modify or destroy data
36 read-only
76 tools total

Community server · catalogue entry verified 02/07/2026

How to control Kinsta MCP Server ↓

What Kinsta MCP Server exposes to your agents

Read (36) Write / Execute (31) Destructive / Financial (9)
Critical Risk

The most dangerous Kinsta MCP Server tools

40 of Kinsta MCP Server's 76 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Kinsta MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Kinsta MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "kinsta.backups.delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "kinsta.backups.create": {
    "limits": [
      {
        "counter": "kinsta.backups.create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "kinsta.auth.validate": {
    "limits": [
      {
        "counter": "kinsta.auth.validate_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Kinsta MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON KINSTA →

Instant setup, no code required.

All 76 Kinsta MCP Server tools

WRITE 26 tools
Write kinsta.backups.create Create a manual backup for an environment. Returns an operation_id. Write kinsta.cdn.image-optimization Configure CDN image optimization settings for an environment. Write kinsta.dns.records.create Create a new DNS record for a domain. Write kinsta.dns.records.update Update an existing DNS record for a domain. Write kinsta.domains.add Add a custom domain to an environment. Write kinsta.domains.set-primary Set the primary domain for an environment. Write kinsta.edge-cache.toggle Enable or disable edge caching for an environment. Write kinsta.environments.clone Clone an existing environment to create a new one. Returns an operation_id. Write kinsta.environments.create Create a new WordPress environment for a site. Returns an operation_id. Write kinsta.environments.create-plain Create a new plain (empty) environment for a site. Returns an operation_id. Write kinsta.environments.php-allocation Change PHP worker allocation for a specific environment. Returns an operation_id. Write kinsta.environments.php-allocation-site Change PHP worker allocation for all environments in a site. Returns an operation_id. Write kinsta.environments.ssh.generate-password Generate a new SSH/SFTP password for an environment. Write kinsta.environments.ssh.ip-allowlist.update Update the SSH IP allowlist for an environment. Write kinsta.environments.ssh.password-expiration Change the SSH password expiration interval for an environment. Write kinsta.environments.webroot Change the webroot subfolder for an environment. Returns an operation_id. Write kinsta.plugins.bulk-update Update multiple plugins to their latest versions at once. Returns an operation_id. Write kinsta.plugins.update Update a single plugin to the latest version. Returns an operation_id. Write kinsta.sftp-users.add Add a new additional SFTP/SSH user account to an environment. Write kinsta.sftp-users.toggle Enable or disable additional SFTP/SSH accounts for an environment. Write kinsta.sites.clone Clone an existing site to create a new site. Returns an operation_id. Write kinsta.sites.create Create a new WordPress site on Kinsta. Returns an operation_id to track progress. Write kinsta.sites.create-plain Create a new plain (empty) site on Kinsta without WordPress installed. Returns an operation_id. Write kinsta.themes.bulk-update Update multiple themes to their latest versions at once. Returns an operation_id. Write kinsta.themes.update Update a single theme to the latest version. Returns an operation_id. Write kinsta.tools.denied-ips.update Update the list of denied (blocked) IP addresses for an environment.
READ 36 tools
Read kinsta.auth.validate Validate the current Kinsta API key. Returns account information if the key is valid. Read kinsta.backups.downloadable List downloadable backups for an environment. Read kinsta.backups.list List all backups for an environment. Read kinsta.company.activity-logs List activity logs for your Kinsta company. Supports filtering and pagination. Read kinsta.company.api-keys List all API keys for your Kinsta company. Read kinsta.company.plugins List all WordPress plugins across all sites in your Kinsta company. Supports search, filtering, and pagination Read kinsta.company.regions List all available deployment regions for your Kinsta company. Read kinsta.company.themes List all WordPress themes across all sites in your Kinsta company. Supports search, filtering, and pagination. Read kinsta.company.users List all users in your Kinsta company. Read kinsta.dns.domains List all DNS domains for your Kinsta company. Read kinsta.dns.records List all DNS records for a specific domain. Read kinsta.domains.list List all custom domains for an environment. Read kinsta.domains.verification Get DNS verification records for a domain. Read kinsta.environments.files List files in an environment Read kinsta.environments.list List all environments for a Kinsta site. Read kinsta.environments.phpmyadmin Get a phpMyAdmin login token for an environment to access the database. Read kinsta.environments.push Push one environment to another (e.g. staging to live). Returns an operation_id. Read kinsta.environments.redirects List redirect rules for an environment. Supports filtering and pagination. Read kinsta.environments.ssh.config Get SSH connection configuration for an environment. Read kinsta.environments.ssh.ip-allowlist Get the SSH IP allowlist for an environment. Read kinsta.environments.ssh.password Get the current SSH/SFTP password for an environment. Read kinsta.environments.ssh.password-access Enable or disable SSH password-based access for an environment. Read kinsta.environments.ssh.status Get the SSH/SFTP status for an environment. Read kinsta.environments.ssh.toggle Enable or disable SSH/SFTP access for an environment. Read kinsta.logs.get Get log file contents for an environment. Supports error.log and access.log. Read kinsta.operations.status Check the status of an asynchronous Kinsta operation by its operation ID. Read kinsta.ping Check that the Kinsta MCP server is running and that API credentials Read kinsta.plugins.list List all plugins for a Kinsta environment. Read kinsta.plugins.list-wp List WordPress plugins with details from the WordPress.org repository for an environment. Read kinsta.sftp-users.list List additional SFTP/SSH user accounts for an environment. Read kinsta.sites.get Get details for a specific Kinsta site by its ID. Read kinsta.sites.list List all WordPress sites in your Kinsta company. Optionally include environment details. Read kinsta.themes.list List all themes for a Kinsta environment. Read kinsta.themes.list-wp List WordPress themes with details from the WordPress.org repository for an environment. Read kinsta.tools.denied-ips Get the list of denied (blocked) IP addresses for an environment. Read kinsta.tools.php-version Change the PHP version for an environment. Returns an operation_id.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Kinsta MCP Server

Can an AI agent delete data through the Kinsta MCP Server MCP server? +

Yes. The Kinsta MCP Server server exposes 9 destructive tools including kinsta.backups.delete, kinsta.backups.restore, kinsta.dns.records.delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Kinsta MCP Server? +

The Kinsta MCP Server server has 26 write tools including kinsta.backups.create, kinsta.cdn.image-optimization, kinsta.dns.records.create. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Kinsta MCP Server.

How many tools does the Kinsta MCP Server MCP server expose? +

76 tools across 4 categories: Destructive, Execute, Read, Write. 36 are read-only. 40 can modify, create, or delete data.

How do I enforce a policy on Kinsta MCP Server? +

Register the Kinsta MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Kinsta MCP Server tool call.

Deterministic rules across all 76 Kinsta MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

76 Kinsta MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.