ItchWPMCP

75 tools. 37 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

37 can modify or destroy data
38 read-only
75 tools total

Community server · catalogue entry verified 03/07/2026

How to control ItchWPMCP ↓

What ItchWPMCP exposes to your agents

Read (38) Write / Execute (31) Destructive / Financial (6)
Critical Risk

The most dangerous ItchWPMCP tools

37 of ItchWPMCP's 75 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control ItchWPMCP

PolicyLayer is an MCP gateway — it sits between your AI agents and ItchWPMCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "elementor_delete_section": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "elementor_append_sections": {
    "limits": [
      {
        "counter": "elementor_append_sections_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "elementor_get_page_structure": {
    "limits": [
      {
        "counter": "elementor_get_page_structure_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register ItchWPMCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ITCHWPMCP →

Instant setup, no code required.

All 75 ItchWPMCP tools

WRITE 28 tools
Write elementor_append_sections Append one or more Elementor section or container objects to the end of a page\ Write elementor_apply_template Apply an Elementor template\ Write elementor_create_page Create a new WordPress page pre-configured for Elementor editing (_elementor_edit_mode=builder). Optionally se Write elementor_replace_section Replace an Elementor section or container at a specific index with a new section object. Use elementor_get_pag Write elementor_save_as_template Save a page\ Write elementor_update_widget_settings Find an Elementor widget by its ID (visible in elementor_get_page_structure output) and merge new settings int Write wordpress_clone_page Clone an existing WordPress page into a new draft page. Write wordpress_create_category Create a WordPress post category. Write wordpress_create_navigation Create a new block-based navigation menu as an FSE navigation post. Write wordpress_create_page Create a WordPress page. Defaults to draft status for safe review before publishing. Write wordpress_create_post Create a WordPress post. Defaults to draft status for safe review before publishing. Write wordpress_create_reusable_block Create a synced pattern (reusable block) with block markup content. Write wordpress_create_tag Create a WordPress post tag. Write wordpress_create_template Create a new custom FSE block template. Defaults to publish so it is active immediately. Write wordpress_create_widget Create a new widget instance in a WordPress sidebar/widget area. For financial or custom HTML widgets use idBa Write wordpress_update_elementor_data Update only _elementor_data for a WordPress page or post. Pass Elementor data as a JSON string, object, or arr Write wordpress_update_elementor_meta Update Elementor post meta for a WordPress page or post. Supports _elementor_data, _elementor_edit_mode, _elem Write wordpress_update_global_styles Update the active theme\ Write wordpress_update_page Update a WordPress page by ID. Only title, content, excerpt, slug, status, parent, and menu order are supporte Write wordpress_update_page_status Update only the status for a WordPress page by ID. Write wordpress_update_post Update a WordPress post by ID. Write wordpress_update_post_meta Update registered WordPress REST meta for a page or post. The target site must expose the meta keys in REST. Write wordpress_update_reusable_block Update a synced pattern (reusable block) by ID. Write wordpress_update_settings Update general WordPress site settings. Only provided fields are changed. Write wordpress_update_template Update an FSE block template\ Write wordpress_update_template_part Update an FSE template part\ Write wordpress_update_widget Update settings for an existing WordPress widget instance. Use wordpress_list_widgets to get the widget ID. Write wordpress_upload_media Upload a local file to the WordPress media library.
READ 38 tools
Read elementor_get_page_structure Read and summarize the Elementor data structure for a page or post as a readable tree (sections → columns/cont Read elementor_get_template Get the full data for an Elementor template including its Elementor JSON content and a structure summary. Use Read elementor_list_templates List Elementor templates saved in the template library on the configured site. Requires Elementor to be active Read elementor_widget_reference Return schema reference and example JSON for Elementor widgets. Call without widgetType to list all supported Read external_api_fetch Fetch JSON from an external HTTPS API server-side. Bypasses browser CORS restrictions. Use for financial data Read wordpress_get_elementor_meta Get Elementor-related meta and template fields for a WordPress page or post. Read wordpress_get_global_styles Get the active theme\ Read wordpress_get_page Get a WordPress page by ID from the configured site. Read wordpress_get_post Get a WordPress post by ID from the configured site. Read wordpress_get_post_meta Get registered WordPress REST meta for a page or post. Use keys to limit the returned meta fields. Read wordpress_get_reusable_block Get a synced pattern (reusable block) by ID including its block markup content. Read wordpress_get_settings Get general WordPress site settings if the authenticated user has permission. Read wordpress_get_sidebar Get a specific WordPress sidebar/widget area with its current widget instance IDs. Read wordpress_get_template Get a single FSE block template by its composite ID (e.g. Read wordpress_get_template_part Get a single FSE template part by its composite ID (e.g. Read wordpress_list_ai_abilities List registered AI abilities from the WP Abilities API (WordPress 7.0). Abilities define what AI tasks are ava Read wordpress_list_block_pattern_categories List all registered block pattern categories on the configured site. Read wordpress_list_block_patterns List available block patterns registered on the configured WordPress site. Read wordpress_list_categories List WordPress post categories. Read wordpress_list_connectors List registered external service connectors from the WordPress Connectors API (WordPress 7.0). Connectors allo Read wordpress_list_elementor_routes List Elementor REST API routes exposed by the configured WordPress site. Read wordpress_list_font_faces List font face variations (weight, style, src) for a specific font family from the WordPress Font Library. Read wordpress_list_font_families List font families installed in the WordPress Font Library. Extended to all theme types in WordPress 7.0. Read wordpress_list_icons List registered SVG icons from the WordPress Icon Registry, introduced in WordPress 7.0. Returns icon names, c Read wordpress_list_media List media library items. Read wordpress_list_menu_items List menu items if the WordPress menu-items REST endpoint is available. Read wordpress_list_menus List menus if the WordPress menus REST endpoint is available. Read wordpress_list_navigation_menus List block-based navigation menus (FSE navigation posts). These are distinct from classic WordPress menus. Read wordpress_list_pages List WordPress pages from the configured site. Read wordpress_list_plugins List WordPress plugins if the configured user can access the plugins REST endpoint. Read wordpress_list_posts List WordPress posts from the configured site. Read wordpress_list_reusable_blocks List synced patterns (formerly reusable blocks) on the configured WordPress site. Read wordpress_list_sidebars List all registered WordPress sidebar and widget areas on the configured site (header, footer, sidebar, etc.). Read wordpress_list_tags List WordPress post tags. Read wordpress_list_template_parts List FSE block template parts on the configured site (header, footer, sidebar regions). Read wordpress_list_templates List FSE (Full Site Editing) block templates on the configured site (e.g. single, archive, index, 404). Read wordpress_list_users List WordPress users if the authenticated user has permission. Read wordpress_list_widgets List WordPress widget instances. Optionally filter by sidebar ID. Returns instance settings and rendered HTML

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about ItchWPMCP

Can an AI agent delete data through the ItchWP MCP server? +

Yes. The ItchWPMCP server exposes 6 destructive tools including elementor_delete_section, wordpress_delete_page, wordpress_delete_post. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through ItchWPMCP? +

The ItchWPMCP server has 28 write tools including elementor_append_sections, elementor_apply_template, elementor_create_page. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach ItchWPMCP.

How many tools does the ItchWP MCP server expose? +

75 tools across 3 categories: Destructive, Read, Write. 38 are read-only. 37 can modify, create, or delete data.

How do I enforce a policy on ItchWPMCP? +

Register the ItchWP MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every ItchWPMCP tool call.

Deterministic rules across all 75 ItchWPMCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

75 ItchWPMCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.