Skip to main content

Installing and maintaining WP-CLI

In this lesson you will install WP-CLI, the command-line interface for WordPress. You'll set it up system-wide so it's available everywhere on your server, configure bash autocompletion, and make sure it always runs under the safe www-data user instead of your privileged account. You'll also learn how to keep WP-CLI updated automatically with a cron job.

WP-CLI

WP-CLI is the official command line interface for WordPress. It allows you to install, configure and manage your WordPress sites without having to use wp-admin or even having a user account. It's an absolute must-have tool for anyone managing WordPress applications.

Installing WP-CLI

WP-CLI is written in PHP and packaged into a single executable PHAR file. You can download this file from the official GitHub repository using curl:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

You can run it using php:

php wp-cli.phar --info

Or you can make it executable and run it directly:

chmod +x wp-cli.phar
./wp-cli.phar --info

We'll want to use the CLI from many different places on our server, so let's make it available system-wide under the wp name, and change ownership to root for consistency and security:

sudo mv wp-cli.phar /usr/local/bin/wp
sudo chown root:root /usr/local/bin/wp
wp --info

The wp command should run without errors and display WP-CLI version information, along with some PHP and other environment details.

WP-CLI Completion

While this step is optional, I highly recommend setting up bash autocompletion for WP-CLI. Grab the autocompletion.bash script from GitHub:

curl -o wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/main/utils/wp-completion.bash

Use sudo mv to move it to your /etc/bash_completion.d directory:

sudo mv wp-completion.bash /etc/bash_completion.d/wp-completion.bash

You'll need to exit your current shell and log back in for this bash script to be sourced automatically, or you can source it manually. After it's been sourced you should be able to type wp, hit the tab key, and get a list of available commands.

WP-CLI Bash Completion

This works for options and flags too, as well as for third-party plugins providing custom WP-CLI commands.

Security & Permissions

There is a reason why we run our php-fpm pools using the www-data user and not a privileged user (such as karl on my server) and definitely not root. If a PHP plugin is malicious or vulnerable, running under a privileged user, or a user with passwordless sudo access, can lead to a full system compromise.

WP-CLI is no different. In fact, if you try to run WP-CLI as the root user, you may see a big red "YIKES!" warning. However, running it under a user with passwordless sudo privileges will yield no such error, even though it is equally risky.

This article is for premium members only. One-time payment of $96 unlocks lifetime access to all existing and future content on wpshell.com, and many other perks.