CMS

WordPress.com Adds OAuth 2.1 Support for AI Agent Integrations

Rob Duncan

Rob Duncan

1 min read
WordPress.com Adds OAuth 2.1 Support for AI Agent Integrations

WordPress.com now supports OAuth 2.1 for Model Context Protocol (MCP), simplifying how AI agents securely connect to WordPress.com sites.

Why it matters:
As AI tools become more integrated into content workflows, standardized, secure authentication reduces friction for developers while giving site owners clearer control over access.

What’s new:

  • WordPress.com added OAuth 2.1 support for MCP integrations.
  • MCP clients work natively with OAuth 2.1, eliminating custom workarounds.
  • AI tools can now authenticate by adding a server URL and approving access.

How it works:

  • An AI client requests authorization.
  • Users approve access on WordPress.com.
  • Secure tokens are issued and refreshed automatically.
  • The process is protected with PKCE to prevent token misuse.

What AI agents can do:

  • Search and retrieve posts across sites.
  • Read post content, metadata, and comments.
  • Access site information such as settings, stats, and user data.

Control and security:
Access is limited to permissions explicitly granted by the site owner and can be revoked at any time through WordPress.com settings.

The big picture:
By combining MCP with OAuth 2.1, WordPress.com is positioning itself as an easier platform for developers to connect AI agents to live content while maintaining security and governance.

What to watch:
Adoption among popular AI tools and how broadly MCP-based integrations expand across content and publishing workflows.

Read more