Automating WordPress with WP-CLI and Shell Scripts


This is the third part of our WP-CLI video tutorials in which we will focus on Shell Scripting and WP-CLI. In previous videos we have introduced a few basic scripts but we will take it further to show how we can use tools within the command line to automate and manipulate WP-CLI.

From storing data into files, to building backup scripts to automating update of plugins with a little bit of shell scripting almost anything can happen.

These video tutorials are possible due to my amazing Patrons through Patreon.

Shell Scripting with WP-CLI

This tutorial was recorded using a VVV vagrant install which is a virtualised instance of a development server, which comes with WP-CLI installed by default.

Please do bare in mind that the use of cut  used in one of the examples should NOT be used in a live site and was purely used to demonstrate the pipe command simply stripping x characters from either side of a string is not a good way to get a domain name.

If you do want to grab a domain name in a more robust way one approach could be:

SITEURL=` wp option get siteurl | awk -F/ '{print $3}'`

awk is a powerful but in this case is splitting on / and printing the 3rd group on the split.

Just something to bare in mind, though once again this will be no good if you want to differentiate between sites in sub directories. So handle with care.

So why use this stuff?

The use of Pipe and Xargs are two of the most useful unix commands around, along with writing output to a file. While basic it’s often bits most people don’t realise can be used in combination with each other and with programs like WP-CLI.

The ability to daisy chain actions, manipulate the string and then store the result in a single line of code, which can be run at any time or even through a cron job really what’s not to like?

Where I regularly find uses with WP-CLI:

  • Automating WordPress core updates without needing to give WordPress the ability to write to itself
  • Likewise Automating plugin updates in a similar manner
  • Bulk importing users and posts
  • Likewise Exporting data, reports etc

For more complicated sites such as membership and e-commerce sites, I often prefer to run intensive checks such as membership status checks via WP-CLI commands then a cron job. Often rather then extending the Membership software I will build quick scripts. To process all the people who’s expiry date is prior to the job run and then update their usermeta with expired status.

Another example though this was combined with a custom module, was comparing users password hashes. So we took a list of recently announced exploited passwords, we then used a custom WP-CLI extended plugin to use WordPress built in function to hash each password with the salt. Then looped through all users and looked for matches, recording just the ID NOT what password they matched on. Finally we passed the list of IDs through to retrieve their email address and output the data to a file. The system admin then sent the users an email reminding them of password security and asking them to reset their password.

One massive advantage of using WP-CLI to offset process intensive tasks apart from the performance improvements for users and admins is it completely bypasses caching except very highly aggressive DB or Object caching so is often safer to rely that the data being passed is not a cached object.

A final thought you don’t have to use Shell Script language like Bash, you can use anything which can execute WP-CLI so Ruby, Go, Lua pretty much any language even PHP.

Coming up next

In our next video we are going to look at Community Packages and some more interesting hints and tips

  • Working with wp-cli.yml files for more advanced config options
  • Remotely controlling WordPress sites through WP-CLI via SSH and using WP-API
  • Using and creating community packages

Helping you and your customers stay safe

WordPress Security Consulting Services

Power Hour Consulting

Want to get expert advice on your site's security? Whether you're dealing with a hacked site or looking to future-proof your security, Tim will provide personalised guidance and answer any questions you may have. A power hour call is an ideal starting place for a project or a way to break deadlocks in complex problems.

Learn more

Site Reviews

Want to feel confident about your site's security and performance? A website review from Tim has got you covered. Using a powerful combination of automated and manual testing to analyse your site for any potential vulnerabilities or performance issues. With a comprehensive report and, importantly, recommendations for each action required.

Learn more

Code Reviews

Is your plugin or theme code secure and performing at its best? Tim provides a comprehensive code review, that combine the power of manual and automated testing, as well as a line-by-line analysis of your code base. With actionable insights, to help you optimise your code's security and performance.

Learn more

Or let's chat about your security?

Book a FREE 20 minute call with me to see how you can improve your WordPress Security.

(No Strings Attached, honest!)