The WP Minute

Thanks Pressable for supporting the podcast! What hosting should feel like...nothing! https://pressable.com/wpminute 

Today’s episode features a segment from Eric’s interview with GravityKit’s Zack Katz. Zack stopped by to share his solution to securing his company’s plugins against supply chain attacks. He also provided a live demo of the new Block MCP tool, which makes it easy to target specific blocks when editing your website with AI.

You can catch the entire episode over on our WP Minute+ channel. Visit thewpminute.com for all the details: https://thewpminute.com/better-plugin-security-and-ai-workflows-with-zack-katz/ 


Support our work at https://thewpminute.com/support
Get the newsletter at https://thewpminute.com/subscribe
★ Support this podcast ★

What is The WP Minute ?

The WP Minute brings you news about WordPress in under 5 minutes -- every week! Follow The WP Minute for the WordPress headlines before you get lost in the headlines. Hosted by Matt Medeiros, host of The Matt Report podcast.

Eric Karkovack (00:00)
Hi everyone, and welcome to the WP Minute. I'm Eric Karkovack. Today's episode features a segment from my interview with Gravity Kit's Zack Katz. Zack stopped by to share his solution to securing his company's plugins against supply chain attacks. He also provided a live demo of the new Block MCP tool, which makes it easy to target specific blocks when editing your website with AI.

Now you can catch the entire episode over on our WP Minute Plus channel. Visit the WPMinute.com for all the details.

Zack Katz (00:35)
Eric, let's say I wanted to change this heading. A WordPress MCP that knows your site. ⁓ you can reference the text that you want to change, and the block MCP is optimized for this. AI can take forever to scan through and find some like specific code or look for a selector. ⁓ the block MCP is optimized for this kind of editing.

⁓ let's say like to be more punchy, ⁓ make it better. Gotta love good prompting for AI. So ⁓ what it's going to do is it's going to identify that we are talking about ⁓ using the block MCP to edit the website because the MCP has registered that that's what like that that it's available to edit the website.

It's loading the tools that it needs, including the block MCP.

Now ⁓ it's using my memory system, which is Auto Mem by Jack Arturo and WordPress. If anybody is frustrated that your AI doesn't remember things about what you work on and why you work on them and how you work, check out the Auto Mem. That's a great project.

Eric Karkovack (01:43)
Okay, have heard of that one before and it seems like s people are really loving that that functionality.

Zack Katz (01:50)
Yeah, it's really

cool.

Eric Karkovack (01:51)
So I say we're we're counting all the tokens.

Zack Katz (01:51)
Alright.

Yep. So it says I've got the page, the headline you want to punch up is the H2 at the start of the know your site section. Now you'll see in the ⁓ in the response it uses a identifier, a reference ID. One of the things that is frustrating when you're using other MCP products is that it has to rescan your page after every edit to know what is the proper ⁓ code to update.

We have stable reference IDs. That means that you don't have to rescan the page. It understands after it makes the edit that the things are the same as they used to be.

Eric Karkovack (02:23)
I see.

So the next time you want to edit this, it won't have to rescan everything. Even if you just made an edit to what you're editing now, it should remember that and won't have to rescan everything.

Zack Katz (02:35)
Right.

Let's let's show

how that works. So it ⁓ it says which punch of your headline should should replace a WordPress MCP that knows your site. ⁓ let's say connect once it already knows your site. So I've chosen the headline that I prefer, hit enter, and now what it should be doing is using this ⁓ is using a specific selector and editing a specific block. You can see that it the tool it uses is update one block.

That is a specific tool that's finding the specific heading that uses a specific reference ID and it makes the change. Now, after every change, it saves a revision, which means that you can roll back to before the edit. So it now says verified. The heading is live and on the page. Now you'll note the verified step. One of the things we do is after each edit, we make sure that the edit was valid.

And we're not just talking about valid HTML, we're talking about valid block structure. Because other MCPs can completely destroy your block structure. So we run it through WordPress itself and make sure that WordPress renders the same way that we expect it to render. And if it doesn't do that, then we throw an error and tell the AI, hey, something didn't work, and this is what didn't work. So other MCPs don't do this. Other MCPs will make an edit and you'll assume everything went perfectly. And that is not the way we wanted our

Eric Karkovack (03:41)
Gotcha.

Zack Katz (04:01)
MCPs to work. So I'm gonna go back to the browser and refresh the page. WordPress MCPs that knows your site should now say connect once it already knows your site. And it does. So that is one that is a very simple thing. ⁓ but even that is very complicated for other MCPs to get right. You can move things around if you want to. You you can edit alt text. All of this stuff works out of the box, and you don't have to worry about.

Eric Karkovack (04:12)
Nice.

Zack Katz (04:29)
like the actual ⁓ MCP functioning. That is the we wanted to take that off the table. We just wanted to be able to edit our site using the MCP.