AI blog automation has always promised a clean loop: research, draft, publish, update, repeat. With the rise of AI assistants that can connect to external tools, many creators assumed WordPress.com would be a natural place to complete that loop end-to-end.
But WordPress.com’s newest official pathway for AI connections, the Model Context Protocol (MCP), currently stops short of the “publish” part. The platform’s MCP integration is explicitly read-only today, reshaping what “automation” can realistically mean for WordPress.com sites right now.
What “read-only” MCP means for WordPress.com
WordPress.com Support (last reviewed Jan 15, 2026) is unambiguous about the current permission scope: “MCP access is currently read-only. AI assistants cannot create, edit, or delete content on your WordPress.com sites.” That single sentence draws a bright line between analysis and execution.
In practice, read-only means an assistant can retrieve site context, such as existing posts, pages, settings, or other surfaced data, depending on which MCP tools you enable. It can summarize what it finds, extract patterns, and help you make decisions, but it cannot push changes back into WordPress.com through the official MCP channel.
This distinction matters because “AI blog automation” often implies hands-free publishing: scheduled posts, automated refreshes, bulk edits, and iterative optimization. On WordPress.com MCP, the automation is constrained to insights and recommendations rather than direct content operations.
The official roadmap: read-only now, write access later
WordPress.com’s own announcement, “WordPress.com Now Supports MCP” (Oct 7, 2025), confirms the present limitation and signals where it’s ing: “Currently, our MCP integration provides your AI assistant with ‘read-only’ access… ‘Write’ access will come next…”
That forward-looking statement is important for teams planning workflows. If you are building around MCP today, you’re building around observation, reporting, and decision support, not around autonomous publishing.
It also clarifies that the read-only posture is a deliberate phase, not a permanent design. For now, though, any automation that depends on creating, updating, or deleting WordPress.com content must be handled outside MCP (for example, by a human in the editor, or by other approved integrations if available), with MCP serving as the intelligence layer.
Security-by-design and why restrictions exist
WordPress.com positions MCP as “secure by design,” emphasizing user control over what gets shared with the AI model. The Support documentation explains that the server does not share data with the AI model unless you explicitly choose to send it.
Another key point in the same guidance is that data retrieved via MCP tools is not used to train AI models. This helps address a common concern: whether connected assistants quietly turn private site data into training data.
In that framing, read-only access is consistent with a conservative security posture: reduce the risk of unintended changes, limit the blast radius of mistakes, and ensure that connecting an AI assistant doesn’t automatically grant it the ability to publish or alter content. For businesses and publishers, that can be reassuring, while still frustrating for those seeking full automation.
Enabling MCP on WordPress.com: controls and tool-level toggles
MCP can be enabled from a dedicated WordPress.com account settings page at wordpress.com/me/mcp. The Support document describes a flow where you can turn MCP on and manage what the assistant can access.
Crucially, the controls are granular. You can use tool-level toggles to disable individual MCP tools, and you can manage access on a site-specific basis, useful if you run multiple sites and only want AI-assisted insights on selected properties.
This matters for “AI blog automation” because governance is part of automation. Even when the system is read-only, you’ll want to define which sites are in scope, what data can be pulled into reports, and how results are reviewed before anyone acts on recommendations.
OAuth-by-default and “MCP-ready” paid plans: what that signals
The Oct 7, 2025 WordPress.com announcement states that WordPress.com is the first WordPress host to support MCP “with OAuth by default,” and that paid-plan sites are “MCP-ready.” OAuth-by-default is a meaningful architectural decision because it standardizes authorization and reduces the need for ad hoc credential handling.
From an automation perspective, OAuth is the difference between a brittle integration and a manageable one. When write access arrives, OAuth-based permissions should make it easier to scope what an assistant can do, revoke access quickly, and audit connections.
For now, the OAuth emphasis primarily benefits secure read access, pulling data for analysis without handing over broad credentials. It also signals that WordPress.com is preparing the foundation for deeper AI integrations, even if publishing actions are not yet available through MCP.
Official connector tooling: @automattic/mcp-wpcom-remote
Automattic provides official connector tooling in the form of @automattic/mcp-wpcom-remote, described in its GitHub README as a WordPress.com-optimized MCP remote/proxy that includes “Secure OAuth 2.0 Authentication.” For developers, this is the supported on-ramp to connect an MCP-capable AI client to WordPress.com.
The README includes a ready-to-use MCP client configuration snippet that runs via npx, lowering setup friction for experimentation and internal tooling. In other words, WordPress.com is not only documenting MCP, it’s shipping practical glue code to make it easier to adopt.
There are technical constraints, though. The same README lists a requirement of Node.js 22+, which may affect teams on older LTS stacks or locked-down enterprise environments. If you’re planning an “AI blog automation” pipeline, you need to account for that runtime requirement in CI/CD, dev containers, or local tooling.
Endpoints, defaults, and the practical shape of today’s integration
The GitHub documentation for the remote connector lists a default MCP API endpoint: https://public-api.wordpress.com/wpcom/v2/mcp/v1. It also provides default OAuth client details, helping developers bootstrap connections in a consistent way.
This is the concrete side of the integration: a defined endpoint, OAuth, and an official remote/proxy package. Those pieces make WordPress.com feel “automation-ready” in a technical sense, even if the permissions remain constrained.
However, the day-to-day implication for AI blog automation is straightforward: you can wire up an assistant to read and interpret your WordPress.com site data, but you cannot use this official MCP pathway to directly publish posts, update existing articles, or delete content, because the platform enforces read-only today.
Marketing versus documentation: “action” messaging meets read-only reality
Automattic’s MCP landing page markets cross-product “action,” promoting the idea that AI can “publish, analyze, and create” across Automattic products. That messaging naturally leads readers to assume that publishing automation is already part of the WordPress.com MCP story.
Yet the WordPress.com Support documentation, and the WordPress.com announcement itself, draw a clear boundary: WordPress.com MCP access is currently read-only. That gap between aspirational messaging and current capability is where confusion tends to arise for creators evaluating AI-driven workflows.
Third-party analysis has also highlighted this limitation, echoing the Support doc’s line about read-only and emphasizing that direct publishing/edits via MCP are not available “yet.” The result is a more honest, narrower definition of “AI blog automation” on WordPress.com right now: automate insight generation and decision support, not the publishing step.
WordPress.com’s read-only MCP integration changes the automation conversation. It enables assistants to understand your site, surface insights, and help plan content operations, while explicitly preventing create/edit/delete actions, per the Jan 15, 2026 Support guidance.
f you're looking to bridge the gap between AI-driven insights and actual publishing on WordPress.com, auto-post.io is the solution. While many are still stuck in manual workflows using MCP only for auditing, this tool leverages secure OAuth-based write access to turn your recommendations into live posts immediately. Don't wait for future updates; automate your pipeline today.
