I’m going to try to start treating the blog as documentation for myself, and hopefully it will be useful for someone else at some point. So here we go.
Having just migrated back to WordPress I’m always looking for ways to make changes or optimizations to the workflow. Given this is for a website being hosted on the public Internet there are three things that I’m most interested in:
- Efficiency – reduce the time or effort required for me to write something and get it on the Internet
- Security – make the site less susceptible to attacks and/or mitigate the damage from any potential attacks.
- Performance – make the site load faster or in some other way behave in a way that reduces resource usage.
WP CLI is a command-line interface for interacting with and managing [WordPress] (https://wordpress.org/). I could end the post there because that’s the most important part. However, let me elaborate a bit.
WordPress is designed to be operated from the web-based admin panel. Since the earliest days of the project the vast majority of its functionality and features have been accessible in one way or another from the admin panel. This is its strength. But that convenience comes with some challenges as well. WP CLI is particularly useful for addressing two of them.
The Problem Space
When your web site is responsible for managing its own files that means that the tool you’ve placed on the public Internet is now responsible for adding, modifying or deleting files from your web server. If we’re just talking about static content like HTML files or images the damage that can be wrought is pretty minimal. However once you expand that to include scripts and code, you open yourself up to a world of hurt. As long as the site remains secure you don’t have any problems, but if you get compromised your whole website, and potentially your visitors’ computers, are now at risk. For the most part WordPress has been pretty good about patching issues, but when you run over 40% of the websites on the Internet you will have problems.
One of the best ways to secure your site is to disable the UI from managing things like the PHP files or being able to upload random code to the website. While this certainly increases security it also creates a huge management headache because you lose all that goodness of being able to do things like search for and manage plugins and themes, as well as make changes to code from the admin panel. WP CLI returns a good chunk of that automation to you by providing a tool that can interface with the WordPress code and run a lot of that stuff for you from the command line, while leaving the web-facing portions disabled.
Is this a perfect solution? No, but it’s a good 80% solution. It gets you most of the way there with a minimum amount of fuss and headache.
OK. I’m sold. Now what?
Pre-requisites – There’s really only one. You need to have terminal access to the machine where you are hosting your WordPress installation and you need to be able to update and manage files in the WordPress directory.
Installation – Installation is pretty straightforward, you simply download the PHP archive (phar) file from the website.
It can then be run using the PHP executable.
php wp-cli.phar cli version
For convenience you can take these steps to move the file to somewhere you can access it in your
$path and make your life a bit easier.
chmod +x wp-cli.phar sudo mv wp-cli.phar /usr/local/bin/wp
The command can now be used with the name
wp and no longer requires you to invoke the php executable manually. Now that you’re set up there’s not a lot more to do except put it to use.
List all of your themes
kdmurray@mimas:/var/www/kdmurray.com$ wp theme list +-----------------+--------+--------+---------+ | name | status | update | version | +-----------------+--------+--------+---------+ | twentytwentytwo | active | none | 1.3 | +-----------------+--------+--------+---------+
Install a new plugin
kdmurray@mimas:/var/www/kdmurray.com$ wp plugin install akismet Installing Akismet Spam Protection (5.0.2) Downloading installation package from https://downloads.wordpress.org/plugin/akismet.5.0.2.zip... Using cached file '/home/kdmurray/.wp-cli/cache/plugin/akismet-5.0.2.zip'... Unpacking the package... Installing the plugin... Plugin installed successfully. Success: Installed 1 of 1 plugins.
Find out the size of your WordPress database (this is still a pretty small instance)
kdmurray@mimas:/var/www/kdmurray.com$ wp db size --tables +-----------------------+-----------+ | Name | Size | +-----------------------+-----------+ | wp_commentmeta | 49152 B | | wp_comments | 98304 B | | wp_links | 32768 B | | wp_options | 9502720 B | | wp_postmeta | 1163264 B | | wp_posts | 2457600 B | | wp_term_relationships | 32768 B | | wp_term_taxonomy | 49152 B | | wp_termmeta | 49152 B | | wp_terms | 49152 B | | wp_usermeta | 49152 B | | wp_users | 65536 B | +-----------------------+-----------+
I’ll leave it at that since there’s a lot more that the plugin can do. The project site has more tutorials and examples.