Agencies managing multiple WordPress sites face a scaling problem: the number of sites grows faster than the team. Content updates, SEO fixes, design changes, plugin maintenance — these multiply across every client account. AI assistants connected via MCP offer a real solution, but rolling them out across client sites requires a structured approach. This playbook covers what agencies need to know.
Multi-Site Key Management
The first operational decision is how to manage API keys across a portfolio of client sites. The wrong approach is a single shared key or a personal key reused across clients — this creates audit confusion and means revoking one key breaks access to everything.
The right approach:
- One MCPWP installation per client site
- Separate API keys per client, named descriptively (e.g., “Agency-AI-Editor-ClientName”)
- Keys stored in a shared team password manager, not in individual developer environments
- A key rotation schedule — quarterly for active keys, immediately on staff offboarding
MCPWP’s key management dashboard makes it easy to see all active keys, when they were last used, and what scope they carry. This visibility is essential for compliance and auditing.
Role-Scoped Keys for Clients
Client sites require special care. An AI assistant operating on a client’s live site should never have more access than the task requires. Agency best practice is to issue client-specific keys with conservative scopes:
- Content update tasks — Editor scope: create and update posts/pages, manage media
- Design tasks — Designer scope: Elementor read/write, media only
- SEO audit tasks — read-only or Author scope with SEO tools enabled
- Full-site work — Admin scope, only issued to senior team members for specific engagements
When a client engagement ends, revoke the keys immediately. MCPWP’s instant revocation ensures there’s no lag between the client relationship ending and the access terminating.
Approval Gates for Client Sites
Client sites are where mistakes are most costly. MCPWP’s approval workflow is the safeguard that makes AI-assisted client work viable. When an AI agent proposes changes, those changes go into a review queue rather than applying immediately. A team member reviews the proposed changes, approves or rejects each one, and only approved changes reach the live site.
This workflow adds a few minutes to each operation but eliminates the risk of an AI agent making an unexpected change on a live client site.
Rollout Checklist
When rolling out AI-assisted operations for a new client site, work through this checklist:
- Install MCPWP on the client site and verify the endpoint is accessible
- Generate appropriately scoped keys and store them in the team password manager
- Enable approval workflows for all write operations
- Run a read-only audit first — let the AI explore the site before writing anything
- Test one low-risk write operation with approval workflow active
- Review the audit log after the first session
- Brief the client on what AI operations will and won’t do on their site
- Establish a key rotation schedule and note it in the client record
Billing Model Considerations
AI-assisted operations represent a new service category for agencies. Some agencies bill for the time saved (passing efficiency gains to clients as lower retainer costs). Others bill AI-assisted operations at a premium (higher output quality, faster turnaround). Either model works — what matters is being transparent with clients about what tools are being used on their sites.
MCPWP’s audit logs give you documentation of every operation performed, which supports transparent billing and provides a paper trail if a client ever questions a change.
Scale Without Growing Headcount
Agencies that adopt AI-assisted WordPress operations early gain a real competitive advantage: the ability to serve more clients at the same quality level without proportionally growing the team. MCPWP Pro includes agency-tier features: multi-site key management, team API key sharing, and bulk approval workflows across site portfolios.
Visit the Agency page for agency-specific documentation, or see Pro pricing for multi-site plans.