Security
Your site. Your server. Your control
BuildPress runs on your WordPress install. Your AI client connects directly to your server: no BuildPress relay, no cloud processing, no third-party middleman. The only thing leaving your site is the response your AI explicitly asked for.
Architecture
Self-hosted
by design.
BuildPress is a WordPress plugin that boots an MCP server inside your site. When your AI creates a page or reads your design tokens, it's connecting straight to your WordPress install.
No BuildPress-operated cloud, no proxy, no analytics pipeline.
Connects the same way the official WordPress mobile app does.
Direct connection, encrypted via HTTPS.
WordPress App Passwords. Nothing custom
BuildPress authenticates with WordPress Application Passwords, the same system that powers the WordPress mobile and desktop apps and thousands of integrations. No proprietary token format, no separate user store, no surface area we'd have to ask you to trust.
No proprietary auth
Standard WordPress security, maintained by the core team. Nothing custom to audit.
Instantly revocable
Revoke any App Password from wp-admin. Access stops immediately.
Per-user access
Each team member gets their own App Password. Track who did what in the audit log.
Plugin compatible
Works with Wordfence, Sucuri, iThemes Security, and any WordPress security plugin.
Three independent kill switches
Layered controls you flip from wp-admin. Each one works on its own: disabling any single layer blocks all MCP access.
Master Switch
One toggle that turns the entire MCP server off. When it's off, the server returns nothing: no tools, no data, no responses, no auth. Flip it off when you're not actively building, on when you are.
Domain Locking
On activation, BuildPress locks itself to your site's domain. If the domain changes (site migration, DNS hijack, accidental staging clone), MCP access blocks automatically until you re-authorize it from wp-admin.
Idle Timeout
If you step away, BuildPress switches MCP access off for you. Pick a window of 1 to 10 hours; after that much inactivity, access turns off until you re-enable it from wp-admin (optional, off by default).
Transparency
Every AI action, logged.
BuildPress keeps a complete audit trail of every MCP tool call: timestamp, tool name, user, IP address, parameters, result.
Stored in your WordPress database, viewable from wp-admin, with retention you control.
Append-only from the AI's perspective: no MCP tool exists to modify or delete it.
If something happened, it's recorded on your own site, inside your wp-admin. Nowhere else.
What AI can and cannot do
Every MCP tool is scoped to content and design. Anything that could compromise the install simply has no tool.
- Create, read, update, delete WordPress content
- Manage Elementor pages, colors, typography
- Create JetEngine data structures
- Manage ACF field groups and values
- Upload media from URLs
- Write to project memory
- Read site configuration
- Access wp-config.php or credentials
- Install, activate, or delete plugins
- Create or modify user accounts
- Execute arbitrary PHP code
- Access the filesystem directly
- Modify the audit log
- Write to security-sensitive memory
Where everything lives
Nothing about BuildPress is hosted by us, except a version-check endpoint that learns nothing but your installed version.
| Data | Where It Lives | Sent Externally? |
|---|---|---|
| Site content | Your WordPress database | No |
| App Passwords | Your database (hashed) | No |
| Audit log | Your WordPress database | No |
| Project memory | Your WordPress database | No |
| Design tokens | Your database (Elementor kit) | No |
| MCP requests | In-transit (HTTPS encrypted) | To your AI client only |
| Plugin updates | Version check to R2 CDN | Version number only |
Security questions
Let's build your next
WordPress project with AI.
Get BuildPress, activate it, and plug in the AI you already pay for. Build your first page through conversation, and when it's live, the feedback loop is already there for you, your team, or your clients.