Security

Your site. Your server. Your control.

BuildPress runs entirely on your WordPress installation. No external AI services, no data sent to third parties, no cloud processing. Your site data never leaves your server.

Architecture

Self-hosted by design.

BuildPress MCP is a WordPress plugin that runs a Model Context Protocol server on your site. When your AI assistant needs to create a page or read your design tokens, it connects directly to your WordPress installation — the same way the WordPress mobile app connects to your site.

Your AI Client
Claude / Cursor
Your Server
BuildPress MCP

What BuildPress does:

  • Runs on your server as a standard WordPress plugin
  • Exposes structured tools via the MCP protocol
  • Authenticates using WordPress's built-in App Password system
  • Logs every action to an on-site audit trail

What BuildPress does NOT do:

  • Send your site data to any external service
  • Process requests through any cloud infrastructure
  • Store your credentials anywhere outside your WordPress database
  • Require any third-party accounts or API keys (beyond your AI client)
Authentication

WordPress App Passwords — built-in, battle-tested.

BuildPress uses WordPress Application Passwords for authentication — the same system introduced in WordPress 5.6 that powers the WordPress mobile app, desktop app, and thousands of third-party integrations.

How it works:

  1. You create an App Password in your WordPress admin (BuildPress MCP → Connection)
  2. The App Password is hashed and stored in your WordPress database (never stored in plaintext after creation)
  3. Your AI client uses this password to authenticate MCP requests
  4. Each request is validated against WordPress's authentication system

Why App Passwords, not custom tokens:

  • No proprietary auth system to audit or trust
  • Follows WordPress security standards maintained by the core team
  • Revocable instantly from your WordPress admin
  • Per-user — each team member can have their own App Password
  • Compatible with existing WordPress security plugins (Wordfence, Sucuri, iThemes)

No external OAuth, no cloud tokens, no “sign in with” flows. Your authentication stays between your AI client and your WordPress server.

Access Control

Three layers of protection.

1
Master Switch

A single toggle in BuildPress MCP → Connection enables or disables all MCP access. When off, the MCP server returns nothing — no tools, no data, no responses. Disable it when you're not actively building.

2
Domain Locking

BuildPress locks to your site's domain on first activation. If the domain changes unexpectedly (site migration, DNS hijack, staging clone), MCP access is automatically blocked until you explicitly re-authorize.

3
Idle Timeout

MCP access automatically disables after 7 days of inactivity (configurable). If you forget to turn it off, it turns itself off. A background cron checks idle state every 15 minutes.

All three layers are independent. Domain locking doesn't depend on idle timeout. The master switch overrides both. Disabling any one layer blocks all MCP access.

Audit Log

Every AI action, logged.

BuildPress maintains a complete audit trail of every MCP tool call:

  • Timestamp — when the action happened
  • Tool name — which tool was called (e.g., elementor_create_page, acf_create_field_group)
  • User — which WordPress user's App Password was used
  • IP address — where the request came from
  • Parameters — what was passed to the tool
  • Result — success or failure

The audit log is stored in your WordPress database (wp_buildpress_mcp_audit_log table) and is viewable from the BuildPress MCP admin dashboard. Old entries are automatically cleaned up by a daily cron job.

The AI cannot modify or delete the audit log. There is no MCP tool for audit log manipulation. It's append-only from the AI's perspective.

Data Boundaries

What AI can and cannot do.

AI CAN
Create, read, update, and delete WordPress content (pages, posts, CPTs)
Manage Elementor page structures, global colors, and typography
Create and modify JetEngine data structures (CPTs, taxonomies, listings)
Manage ACF field groups and field values
Read your site's plugin and theme configuration
Upload media from URLs
Write to project memory (site identity, design preferences, notes)
AI CANNOT
Access wp-config.php or database credentials
Install, activate, or delete plugins
Create or modify WordPress user accounts
Change user passwords or roles
Access the WordPress filesystem directly
Execute arbitrary PHP code
Modify server configuration
Write to security-sensitive memory categories (tech_stack is user-write-only)
Delete or modify the audit log
Bypass phase locks without user confirmation
Phase Locking

Prevent unintended changes to critical systems.

BuildPress's phase workflow includes a locking mechanism that blocks specific tools when a phase is locked:

  • Phase 2 (Design System) locked — AI cannot modify global colors, typography, or design tokens. Your design system is frozen.
  • Lock/unlock requires user confirmation — the AI must pass user_confirmed: true, which the AI client prompts you for before proceeding.

This prevents scenarios where AI accidentally overwrites your design system while building pages, or modifies established patterns without your explicit approval.

Hosting

Works on any WordPress host.

BuildPress is a standard WordPress plugin. No special server requirements beyond PHP 8.1 and WordPress 6.0:

  • Managed hosts: Cloudways, Kinsta, WP Engine, Flywheel, Pressable, Pantheon
  • Shared hosting: SiteGround, Bluehost, Hostinger, A2 Hosting
  • Local development: Local by Flywheel, DDEV, Lando, MAMP, Docker
  • VPS/dedicated: Any server running WordPress

Error capture (for render verification) uses a host-independent approach that works everywhere — no error_log path configuration, no .htaccess modifications, no server-level debugging toggles needed.

Data Handling

Where your data lives and moves.

DataWhere It LivesWho Can AccessSent Externally?
Site contentYour WordPress databaseWordPress users + AI via MCPNo
App PasswordsYour WordPress database (hashed)WordPress auth systemNo
Audit logYour WordPress databaseWordPress admins via admin UINo
Project memoryYour WordPress databaseWordPress admins + AI (read/write)No
MCP requestsIn-transit between AI client and your serverYour AI client + your serverEncrypted via HTTPS
Design tokensYour WordPress database (Elementor kit)WordPress users + AI via MCPNo
Plugin updatesDownloaded from downloads.usebuildpress.comYour server (checks for new versions)Version check only

The only external communication is the plugin update checker, which sends your current plugin version to downloads.usebuildpress.com to check if a newer version is available. No site data, no content, no credentials are transmitted.

Open Source

Inspect the code yourself.

BuildPress is GPL-licensed. The source code is available for inspection. No obfuscated code, no minified-only builds, no encoded payloads. Every line of PHP that runs on your server is readable.

Security researchers: If you find a vulnerability, please contact us at security@usebuildpress.com (or the contact page). We take reports seriously and will respond within 48 hours.

FAQ

Frequently asked questions.

No. BuildPress runs on your server. Your AI client (Claude, Cursor, etc.) connects to your server. The AI provider sees the tool responses your server sends to the AI client — that's the nature of using any AI tool. BuildPress itself does not send data to any AI provider independently.
Yes. Each site gets its own App Password and audit log. You control access per-site. Revoke the App Password when the project is done.
MCP access stops immediately. Your content, pages, design tokens — everything the AI created — remains in WordPress as normal WordPress content. The memory table and audit log are preserved (not dropped on uninstall) so you don't lose project history.
Yes. BuildPress uses standard WordPress authentication and REST API patterns. It's compatible with Wordfence, Sucuri, iThemes Security, and similar plugins. If your security plugin restricts REST API access, you may need to allowlist the BuildPress MCP endpoint.
Yes. Each team member creates their own App Password. The audit log tracks which user performed each action. Access is per-user and individually revocable.

Secure by default. Transparent by design.

Your site data stays on your server. Always.

Get Started FreeRead the Docs