WooCommerce MCP Server
A Model Context Protocol (MCP) server that exposes 159+ WooCommerce and WordPress REST API operations as AI-accessible tools for VS Code, PhpStorm, and other MCP-compatible clients.
Overview
The WooCommerce MCP Server bridges the gap between AI coding assistants and WooCommerce stores by exposing the full WooCommerce REST API (and WordPress post/meta APIs) through the standardized Model Context Protocol. This allows AI assistants like GitHub Copilot and JetBrains AI to directly query products, manage orders, update customers, generate reports, and perform administrative tasks — all without leaving your IDE.
Current Version: 2.0.0
Runtime: Node.js 20+ (ESM)
Protocol: Model Context Protocol (MCP) v1.29.0
Transport: Stdio (local) and HTTP/Express (remote)
Key Features
159+ MCP Tools
Full coverage of the WooCommerce and WordPress REST API surface area, organized into logical categories:
- WordPress Content — Create, read, and update posts and post metadata
- Products — Full CRUD for products, variations, attributes, categories, tags, and reviews
- Orders — Order management with notes, refunds, and metadata operations
- Customers — Customer lifecycle management with metadata support
- Shipping — Zones, methods, and location configuration
- Taxes — Tax classes and rate management
- Coupons — Coupon creation, updates, and deletion
- Reports — Sales, products, orders, customers, stock, coupons, and tax reports
- Settings — Store settings management by group
- System Status — Diagnostics, tools, and system information
- Data — Continents, countries, and currencies
Dual Transport Modes
| Mode | Transport | Use Case |
|---|---|---|
| Stdio | stdin/stdout | Local MCP client (VS Code, PhpStorm) spawns the server as a child process |
| HTTP | Express on port 3000 | Remote access, Docker, or REST-based integrations |
Public and Admin Endpoints
The HTTP transport exposes two distinct endpoints with different access levels:
| Endpoint | Auth Required | Tools Available | Data |
|---|---|---|---|
POST /mcp | No | 4 read-only product tools | Sanitized (no costs, stock levels, or plugin metadata) |
POST /mcp/admin | Bearer token | All 159+ tools | Full, unsanitized access |
Security-First Design
- API key validation with constant-time comparison to prevent timing attacks
- Data sanitization on public endpoints strips 19 sensitive metadata keys and 7 prefix patterns
- Self-signed certificate support for local development environments (Laravel Herd, Valet, Local by Flywheel)
- Credentials via environment variables — never hardcoded
How It Works
- IDE Configuration — Configure your IDE (VS Code or PhpStorm) to spawn the MCP server as a child process using stdio transport
- Server Startup — The server initializes with your WooCommerce store credentials from environment variables
- Tool Discovery — The AI assistant queries the server for available tools via the MCP protocol
- Tool Execution — When the AI needs store data, it calls the appropriate tool (e.g.,
get_products,create_order) - API Translation — The server translates the MCP tool call into the corresponding WooCommerce REST API request
- Response Delivery — Results are returned to the AI assistant in a structured format for reasoning and response generation
Use Cases
- Product Management — Ask your AI assistant to list products by category, update prices, or create new product variations
- Order Troubleshooting — Query order details, check refund history, and review order notes directly from your IDE
- Store Diagnostics — Check system status, review tax configurations, or audit shipping zones through conversation
- Report Generation — Pull sales reports, stock levels, or customer analytics without leaving your editor
- Bulk Operations — Let the AI assistant create multiple products, update categories, or manage customer metadata programmatically
Technical Requirements
| Requirement | Version |
|---|---|
| Node.js | 20.0+ |
| WordPress | 5.0+ |
| WooCommerce | 7.0+ |
| PHP | 7.4+ (on the WordPress server) |
WooCommerce REST API Credentials
The server requires WooCommerce REST API keys with appropriate permissions:
- Navigate to WooCommerce → Settings → Advanced → REST API in your WordPress admin
- Click Add key, set the User to developer, and set permissions to Read/Write
- Copy the Consumer Key (
ck_xxx) and Consumer Secret (cs_xxx) — these are only shown once
See the Installation guide for detailed step-by-step instructions.
Optional: WordPress Application Password
For WordPress post and metadata operations, generate an Application Password:
- Navigate to Users → Edit the developer user → Application Passwords
- Enter a name (e.g., "MCP Server") and click Add New Application Password
- Copy the generated password (shown only once)
Tech Stack
| Technology | Purpose |
|---|---|
| TypeScript 5.0+ | Type-safe development |
@modelcontextprotocol/sdk v1.29.0 | MCP protocol implementation |
| Express v4.21.2 | HTTP transport server |
| Axios v1.7.9 | WooCommerce REST API client |
| Zod v4.3.6 | Runtime schema validation |
Next Steps
- Installation — Prerequisites, building from source, and running the server
- IDE Configuration — Setup guides for VS Code and PhpStorm
- Architecture — Code structure, modules, and security design
- Tools Reference — Complete catalog of all 159+ available tools
- Example Prompts — Ready-to-use prompts for every tool category