6 Tools for API Keys & Security
Create scoped API keys with granular permissions, manage rate limits, and control access to your WordPress MCP endpoint.
Part of 121 MCP tools in mumcp · Free tier available · Works with Claude, Cursor, Windsurf
What You Can Do
The Security toolset lets your AI manage access control for the MCP endpoint. Create API keys with specific permission levels (Read, Write, Admin), set and update rate limits to prevent abuse, monitor API usage, and revoke keys when needed. Essential for multi-team or multi-agent setups.
Key Tools
| Tool | Description |
|---|---|
wp_create_api_key | Generate a new API key with a specific permission scope (Read, Write, or Admin). |
wp_list_api_keys | List all active API keys with their scopes, creation dates, and last-used timestamps. |
wp_delete_api_key | Revoke an API key immediately. The key stops working on the next request. |
wp_rate_limit_status | Check current rate limit settings and usage counters for any API key. |
wp_update_rate_limit | Adjust rate limit thresholds — requests per minute, per hour, or per day. |
wp_get_site_options | Read site-level security configuration and plugin settings. |
Example Workflow
"Create a read-only API key for our content auditing bot,
with a rate limit of 100 requests per hour."
→ wp_create_api_key(name="Audit Bot", scope="read")
→ wp_update_rate_limit(key_id, requests_per_hour=100)
→ Scoped, rate-limited access in 2 calls.Permission Scopes
mumcp supports three permission levels. Read keys can only call read-only tools (list, get, search). Write keys can create and update content. Admin keys have full access including destructive operations and security management. This lets you give different AI agents exactly the access they need — and nothing more.
Ready to Try These Tools?
Install mumcp and start managing WordPress with AI in under 5 minutes.