MCP + Built-in chat agent · Works with every page builder

Let your AI agent build and heal your WordPress site.

JoraPress is a secure remote-execution bridge for WordPress. Connect Claude Code, Cursor or Windsurf over MCP — or use the built-in chat panel — to design pages in any builder, then diagnose and fix bugs, performance and SEO. Every action gated, snapshotted, audited and reversible.

  • No per-builder code — works with Elementor, Bricks, Divi, Gutenberg & more
  • Ships no API key in MCP mode — the intelligence is your agent
  • Not just building: a full WordPress Doctor that diagnoses + fixes
Download freeView pricing

Free forever · No API key for MCP · WordPress 6.5+ · PHP 8.1+

claude-code › jorapress-mcp connected

build a hero + features + CTA in Elementor on the Home page

→ wp_rest · list active plugins

→ execute_php · create Elementor section (hero)

✓ snapshot saved · audit #4821

→ execute_php · features grid + CTA

✓ Home page updated — 3 sections, 0 errors

now scan the site and fix anything critical

→ perf_scan · seo_scan · error_scan

! autoload 2.3 MB · 4 missing meta · 1 deprecated call

→ perf_fix · trim_autoload (dry-run → apply)

✓ health score 72 → 94 · all changes reversible

2

Front doors

MCP endpoint + admin chat

7+

Core tools

PHP, SQL, files, WP-CLI, REST

100

Health score

diagnose across 4 domains

8

Safety layers

gating to immutable audit log

Works with every page builder — no per-builder code

ElementorBricksDiviGutenbergBeaver BuilderOxygenWP-CLIWooCommerceElementorBricksDiviGutenbergBeaver BuilderOxygenWP-CLIWooCommerceElementorBricksDiviGutenbergBeaver BuilderOxygenWP-CLIWooCommerce

One core, two front doors

Use your own agent, or your own key

JoraPress is not a chatbox that calls OpenAI. It is a secure execution core with two interchangeable ways in — you choose how the intelligence reaches your site.

MCP endpoint — Bring Your Own Agent

POST /wp-json/jorapress/v1/mcp speaks JSON-RPC 2.0 over Streamable HTTP. Create an Application Password, drop the snippet into Claude Code, Cursor or Windsurf, and your agent runs the show. No model and no API key ever ship with the plugin.

Admin chat panel — Bring Your Own Key

Prefer to stay in wp-admin? Pick a provider (Anthropic, OpenAI, Gemini, OpenRouter), paste an encrypted API key, choose a model and watch it build. Turn on Require approval and the agent pauses before every write.

How it works

From install to building in four steps

Everything stays read-only until you flip the switch. You stay in control at every step.

01

Install & activate

Drop the plugin into wp-content/plugins, activate, and open JoraPress → Dashboard. Requires WordPress 6.5+ and PHP 8.1+.

02

Connect your agent

Create an Application Password and add the MCP server to Claude Code / Cursor / Windsurf — or paste a provider key into the chat panel.

03

Enable AI abilities

Flip the master switch on. Choose your write-gating and approval settings. Everything stays read-only until you say otherwise.

04

Build & heal

"Build a hero + features + CTA in Elementor on Home." Then run the Site Doctor to scan and fix bugs, performance and SEO.

The primitives

A small set of powerful tools

There is no per-builder code. The AI just runs PHP, SQL, files, WP-CLI and REST — so it works with every builder, present and future.

execute_php

Run PHP inside the WordPress runtime — the master key that reaches every builder's API.

db_query

SQL access. Reads by default; writes are gated and snapshotted before they run.

file ops

read_file · write_file · edit_file · list_dir — filesystem access scoped to the install.

wp_cli

Full WP-CLI on hosts that allow shell access.

wp_rest

Dispatch internal WP REST routes — safer and structured.

skills + memory

Markdown playbooks the agent auto-loads, plus key/value project context across sessions.

WordPress Doctor

Not just building — keeping sites healthy

Scanners diagnose real problems across four domains. Fixers remediate them safely, with a dry-run preview and one-click revert. Scanners run even with AI abilities off.

scanRead-only scanners

site_health

Environment audit — PHP/MySQL versions, HTTPS, loopback cron, REST availability, object cache, debug flags & updates.

error_scan

Parses debug.log and recent fatals, groups errors and attributes each to the offending plugin, theme, file and line.

perf_scan

Autoload bloat, slow/duplicate queries, transient & cron buildup, missing cache, oversized images, large tables & revisions.

seo_scan

Titles & meta descriptions, H1 structure, image alt text, sitemap, robots.txt, canonicals, Open Graph & JSON-LD.

fixGated, reversible fixers

bug_fix

Update plugins, deactivate a fatal-throwing plugin, replace deprecated calls, repair common misconfigurations.

perf_fix

Trim autoload, purge stale transients & cron, clean revisions, optimize images, defer non-critical JS.

seo_fix

Generate meta & alt text, inject JSON-LD, allow indexing, repair sitemap & robots, fix bad canonicals.

Health score

94/ 100
Bugs fixedhealthy
Performancehealthy
SEOhealthy
Site Healthhealthy
72 → 94 after JoraPress scan

The security layer is the product

Remote execution, made safe

JoraPress ships remote code execution as a feature — for dev and staging. So it ships with the safety layers to match. AI abilities are OFF by default.

Master kill switch

AI abilities ship OFF. One toggle for an instant, global off — from the dashboard.

Production guardrail

Heuristic detection refuses tool calls on a production-looking site until you acknowledge the risk.

Write gating

DB and file writes stay off until you enable them. Reads are always allowed.

Crash guard

Wraps execute_php and sandbox loads — a fatal is caught and the offending file auto-disabled. No white screen.

Versioned sandbox

AI-written files live in an isolated, tracked, one-click revertible sandbox directory.

Pre-write backups

Affected rows and posts are snapshotted before any write touches them.

Immutable audit log

Every single tool call is recorded and reviewable from JoraPress → Audit Log.

Rate limiting + encryption

Per-user calls/minute throttling, and API keys encrypted at rest (libsodium → OpenSSL).

Built for development & staging. Because it enables remote arbitrary code execution, JoraPress is not intended for a production site with live traffic. The guardrails refuse to run on production-looking sites until you explicitly acknowledge the risk.

Why JoraPress

Beyond building — keeping sites healthy

Novamira-style tools stop at “an AI builds your site.” JoraPress starts there and keeps going: a secure execution core plus a WordPress Doctor that diagnoses and fixes real problems.

CapabilityJoraPressOthers
AI builds pages in any builder
Bring Your Own Agent over MCP
No bundled API key required
Diagnose bugs, performance & SEO
Auto-fix gated, snapshotted & reversible
Immutable audit log of every action
Scheduled health audits + email reports
Self-hosted — your keys, your server

Pricing

Start free. Upgrade when you're ready.

The full execution core and scanners are free forever. Pro unlocks automated fixers, skills, memory and scheduled reports.

Free

$0forever

The full execution core and Site Doctor scanners. Perfect for dev & staging.

Download free
  • MCP endpoint + admin chat panel
  • All core tools (PHP, SQL, files, WP-CLI, REST)
  • Site Doctor read-only scanners
  • Full safety layer: gating, crash guard, audit log
  • Versioned sandbox + pre-write backups
  • Community support
Most popular

Pro

$79/year

Unlock automated fixers, skills packs, memory and scheduled health reports.

Get Pro
  • Everything in Free
  • Automated fixers: bug_fix · perf_fix · seo_fix
  • Skills packs (Elementor, SEO, performance, debugging)
  • Cross-session memory
  • Scheduled audits + emailed health reports
  • Priority email support & updates

Agency

$249/year

For teams running JoraPress across many client sites.

Get Agency
  • Everything in Pro
  • Use on up to 25 sites
  • Health-score trends across all sites
  • White-glove onboarding
  • Dedicated support channel
  • Early access to new tools

FAQ

Questions, answered

JoraPress ships remote arbitrary code execution as a feature, so the security layer is the product. AI abilities ship OFF behind a master switch, with a production guardrail, write-gating, a crash guard, automatic backups, a versioned sandbox, rate limiting and an immutable audit log. It is built for dev and staging environments — not a production site with live traffic.

Not for MCP mode — the plugin ships no AI model and no API key. The intelligence is your own agent (Claude Code, Cursor, Windsurf). If you prefer the built-in chat panel, you bring your own provider key (Anthropic, OpenAI, Gemini or OpenRouter), and it is encrypted at rest.

All of them. There is no per-builder code — the AI just runs PHP/SQL and writes each builder's own data structure. That covers Elementor, Bricks, Divi, Gutenberg, Beaver Builder, Oxygen and more.

A set of read-only scanners (site_health, error_scan, perf_scan, seo_scan) that diagnose problems, paired with fixers (bug_fix, perf_fix, seo_fix) that remediate them. Scanners run even with the master switch off; fixers route through the full safety pipeline and support a dry-run preview before anything changes.

JoraPress self-distributes because the WordPress.org repo will not accept arbitrary code execution. Pro and Agency include a license key for automatic updates from our self-hosted update server.

WordPress 6.5 or newer and PHP 8.1 or newer. Composer is optional — it is only used for dev tooling; the plugin runs without it.

Get started today

Ship your next site with an AIin the driver's seat.

Install the free plugin, connect your agent, and watch it build — then keep your site healthy with the Site Doctor. Safe by default, reversible by design.

Download freeCompare plans

No credit card · No API key for MCP · GPL-2.0