WordPress from the Command Line


I’m going to try to start treating the blog as documentation for myself, and hopefully it will be useful for someone else at some point. So here we go.

The Background

Having just migrated back to WordPress I’m always looking for ways to make changes or optimizations to the workflow. Given this is for a website being hosted on the public Internet there are three things that I’m most interested in:

  1. Efficiency – reduce the time or effort required for me to write something and get it on the Internet
  2. Security – make the site less susceptible to attacks and/or mitigate the damage from any potential attacks.
  3. Performance – make the site load faster or in some other way behave in a way that reduces resource usage.

The Tool

WP CLI is a command-line interface for interacting with and managing [WordPress] (https://wordpress.org/). I could end the post there because that’s the most important part. However, let me elaborate a bit.

WordPress is designed to be operated from the web-based admin panel. Since the earliest days of the project the vast majority of its functionality and features have been accessible in one way or another from the admin panel. This is its strength. But that convenience comes with some challenges as well. WP CLI is particularly useful for addressing two of them.

The Problem Space

When your web site is responsible for managing its own files that means that the tool you’ve placed on the public Internet is now responsible for adding, modifying or deleting files from your web server. If we’re just talking about static content like HTML files or images the damage that can be wrought is pretty minimal. However once you expand that to include scripts and code, you open yourself up to a world of hurt. As long as the site remains secure you don’t have any problems, but if you get compromised your whole website, and potentially your visitors’ computers, are now at risk. For the most part WordPress has been pretty good about patching issues, but when you run over 40% of the websites on the Internet you will have problems.

So what?

One of the best ways to secure your site is to disable the UI from managing things like the PHP files or being able to upload random code to the website. While this certainly increases security it also creates a huge management headache because you lose all that goodness of being able to do things like search for and manage plugins and themes, as well as make changes to code from the admin panel. WP CLI returns a good chunk of that automation to you by providing a tool that can interface with the WordPress code and run a lot of that stuff for you from the command line, while leaving the web-facing portions disabled.

Is this a perfect solution? No, but it’s a good 80% solution. It gets you most of the way there with a minimum amount of fuss and headache.

OK. I’m sold. Now what?

Pre-requisites – There’s really only one. You need to have terminal access to the machine where you are hosting your WordPress installation and you need to be able to update and manage files in the WordPress directory.

Installation – Installation is pretty straightforward, you simply download the PHP archive (phar) file from the website.

wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

It can then be run using the PHP executable.

php wp-cli.phar cli version

For convenience you can take these steps to move the file to somewhere you can access it in your $path and make your life a bit easier.

chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

The command can now be used with the name wp and no longer requires you to invoke the php executable manually. Now that you’re set up there’s not a lot more to do except put it to use.

Examples please?

List all of your themes

kdmurray@mimas:/var/www/kdmurray.com$ wp theme list

+-----------------+--------+--------+---------+
| name            | status | update | version |
+-----------------+--------+--------+---------+
| twentytwentytwo | active | none   | 1.3     |
+-----------------+--------+--------+---------+

Install a new plugin

kdmurray@mimas:/var/www/kdmurray.com$ wp plugin install akismet

Installing Akismet Spam Protection (5.0.2)
Downloading installation package from https://downloads.wordpress.org/plugin/akismet.5.0.2.zip...
Using cached file '/home/kdmurray/.wp-cli/cache/plugin/akismet-5.0.2.zip'...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Installed 1 of 1 plugins.

Find out the size of your WordPress database (this is still a pretty small instance)

kdmurray@mimas:/var/www/kdmurray.com$ wp db size --tables

+-----------------------+-----------+
| Name                  | Size      |
+-----------------------+-----------+
| wp_commentmeta        | 49152 B   |
| wp_comments           | 98304 B   |
| wp_links              | 32768 B   |
| wp_options            | 9502720 B |
| wp_postmeta           | 1163264 B |
| wp_posts              | 2457600 B |
| wp_term_relationships | 32768 B   |
| wp_term_taxonomy      | 49152 B   |
| wp_termmeta           | 49152 B   |
| wp_terms              | 49152 B   |
| wp_usermeta           | 49152 B   |
| wp_users              | 65536 B   |
+-----------------------+-----------+

I’ll leave it at that since there’s a lot more that the plugin can do. The project site has more tutorials and examples.