SiteGround works with WordPress for Cowork, but their SG Security plugin blocks REST API access for non-admin users by default. Two settings to adjust.
Open the MCP route in SG Security
Cowork Bridge needs /wp-json/coworkmcp/* reachable. Two ways to allow it:
- Whitelist the path: SG Security → REST API → add
/wp-json/coworkmcp/to the allowed paths list. - Or relax REST temporarily while installing the Bridge, then tighten back up afterward.
Re-enable the users endpoint
SG Security also blocks /wp-json/wp/v2/users as an anti-enumeration measure. If you don’t re-enable it, asking Claude to “list users” will return 401.
- SG Security → REST API → User Endpoint → Allow.
Caching
SiteGround’s Dynamic Cache is fine — it doesn’t interfere with REST traffic to or from Cowork Bridge.
Install
wp-admin → Plugins → Add New → Upload Plugin, upload cowork-bridge.zip, Activate. Run /wp-setup in Cowork after the SG Security settings above are in place.