• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

WP-CLI Guide: Connect to WordPress via SSH Intro

July 14, 2015Alycia Mitchell

FacebookTwitterSubscribe

Do you use the WordPress dashboard to update plugins and themes? How do you back up your database? If you have not used it yet, WP-CLI is an efficient way to manage your WordPress installation using a command line interface, meaning you type text commands like these two:

wp core update
wp plugin update-all

You type these lines into a Secure Shell (SSH) window that is connected to your website server. If you are new to using command line interfaces, this is a great place to start learning. Beginners will feel like masters of the Matrix in no time.

This is the first part in a series on WP-CLI for secure WordPress management. This post includes the basics of getting connected.

WP-CLI is a set of command-line tools for managing WordPress installations. You can update plugins, set up multisite installs and much more, without using a web browser. – WP-CLI.org

A Note on Secure Server Access

File Transfer Protocol (FTP) is inherently insecure. The command and data channels are unencrypted, meaning that anything transferred between your computer and the server can be intercepted and read. Imagine your wp-config.php file, containing its super-secret database codes, transmitted in plain text across the internet for any traffic-sniffing trojan to grab. Not ideal, is it?

Also worth noting, SSH stands for Secure Shell Protocol. It’s a good sign when the protocol has the word “secure” built into its acronym.

What You Will Need

To access to your website over SSH, you need to find your server and login information. This is not the same as your WordPress Dashboard login (wp-admin), this is a set of credentials you use with your web host. Once we have the server credentials, Windows users just need to install an application to get connected.

SSH Access

Log in to the website for your hosting company. If possible, you may want to call or chat with your host and ask them for assistance with getting SSH access to the root directory of your website. You can also look through your hosting control panel or cPanel for anything related to SSH or Shell Access. Make sure it’s enabled. You also need your server and login information, which often looks like this:

  • Server: server.name.com
  • User: username
  • Password: ***************

In most cases your server is just your website domain name (example.com) and the username and password are the same ones used to log in to your hosting company’s website. You can try searching for “SSH” in your host’s knowledge base. Depending on the host’s setup, you may need to generate a key pair, and they can guide you through that process.

SSH Client

You take the above credentials and connect to your server using a program on your computer. For Mac and Linux users there is no need to install anything. For Windows users, we have included a screen shot.

Mac/Linux: Open Terminal (built-in)

    • Type this, replacing the username and server.name.com:
ssh username@server.name.com
  • You will be prompted for your password.
  • When you are connected successfully, you won’t receive an error or a confirmation, just a prompt where you can start typing. You should now be in the root of your website!
  • You can check that you are in the root of your website by typing:
    ls

    This will list the contents of the folder you are in. You should see your WordPress files in those folders (wp-admin, wp-content, wp-includes, etc). If you see a bunch of folders like publichtml or httpdocs or www, type:

    cd folder

    This changes your directory to that folder and then you can use the ls command again to see what’s inside.

Windows: Install an SSH client, we included instructions for PuTTy.

PuTTy asks for your Hostname (Server) and then click Open.
PuTTy asks for your Host Name (Server) and then you click Open.
  • Click the first putty.exe link on this page: PuTTy website
  • Like all SSH clients, PuTTy just asks for your hostname (server), then you can select SSH from the radio buttons, and click Open. You will be prompted to type your username and your password.
  • When you are connected successfully, you won’t receive an error or a confirmation, just a prompt where you can start typing. You should now be in the root of your website!
  • You can check that you are in the root of your website by typing:
    ls

    This will list the contents of the folder you are in. You should see your WordPress files in those folders (wp-admin, wp-content, wp-includes, etc). If you see a bunch of folders like publichtml or httpdocs or www, type:

    cd folder

    This changes your directory to that folder and then you can use the ls command again to see what’s inside.

  • You can find plenty of videos and information on how to connect with PuTTy.
Fingerprints

The first time you connect, you may be prompted to verify your host’s fingerprints. Don’t accept a public key fingerprint without checking its validity. Have the phone support representative read the alphanumeric code to you while you check it, or look for “fingerprints” in their documentation.

Installing WP-CLI

Once you have successfully connected, you can copy and paste the following command into the prompt and press Enter to get the latest version of WP-CLI:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

Or if that doesn’t work, try:

wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

If you still can’t run the following commands, try the alternate install methods on Github.

You know it works when you get a fresh prompt and no error messages. You will see signs of download progress just prior to the new prompt. For newbies to the command line, welcome!: When you type something incorrect, you will get an error message telling you exactly what went wrong.

To verify that WP-CLI is installed, simply type:

wp cli version

You should see the version number if it’s installed. Now you are ready for our next post on using WP-CLI to fully back up your WordPress website and update the core files and database. Stay tuned!

Video Tutorial

As an added bonus, I’ve prepared a quick video tutorial to assist you in the process. Enjoy!

FacebookTwitterSubscribe

Categories: Security Education, WordPress SecurityTags: Best Practices, Command Line Tools

About Alycia Mitchell

Alycia Mitchell has been Sucuri’s Marketing Manager since 2014. Alycia's main responsibilities include analytics and content strategy. Her professional experience covers 10 years of SEO and digital marketing for cybersecurity. When Alycia isn’t deep in spreadsheets, you might find her exploring nature. Connect with her on Twitter.

Reader Interactions

Comments

  1. asheboro

    July 14, 2015

    I love the CLI. It’s pretty easy to use and works quite fantastically, especially for checking and running updates, and installing and removing items. Much faster than using the browser, especially if you have multiple sites and aren’t using something like ManageWP or IWP (though it’s still much faster than those anyway).

  2. Syneic

    July 15, 2015

    A few things worth mentioning is.
    PHP need phar module compiled with it.

    and if suhosin is active in php you might need to whitelist phar by putting the following in php.ini file.
    suhosin.executor.include.whitelist = phar

    Also if its run under root make sure to use sudo -u user in front of command else the files generated will get root as owner.

  3. Magalie

    November 13, 2017

    Hello,
    How are you use WP-CLI ??

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.