How to Update, Install & Remove WordPress Plugins & Themes With WP-CLI

WP-CLI: How to Connect to WordPress via SSH

WordPress, like other open-source content management systems, allows you to enhance your website’s appearance and functionality through custom code and third-party components like plugins and themes. It’s these extensions that allow you to publish content with added functionality for your visitors and facilitate the unique look of your brand.

While the developers who build these extensions often have extensive knowledge of development best practices, security is not always their core competency — and third party components may contain known (or undiscovered) bugs and vulnerabilities that can pose a serious threat to your website. There are a plethora of ways to break a website or exploit a plugin vulnerability, so it’s essential to keep third party plugins and themes patched with the latest security and bug fixes to minimize risk.

WP-CLI over Secure Shell (SSH) is a great way to use the command line while keeping your connection to your website encrypted; it allows you to easily execute text commands to manage your WordPress website. In this post, we are going to take a look at the most popular ways to manage your WordPress themes and plugins securely over SSH. We assume that you have read the previous posts on how to connect to your website via SSH and installing WP-CLI.

To begin, connect to your WordPress environment using SSH. Then, proceed with the following steps to securely install, update, and remove your plugins and themes.

List installed plugins or themes and check for updates:

Maybe you want to start off by checking which plugins are installed on your WordPress site, and which components have updates available?

To check for updates and obtain a list of installed plugins and themes, leverage the following commands:

CommandDescription
wp plugin listShows a list of actively installed plugins along with information about available updates.
wp theme listShows a list of actively installed themes along with information about available updates.

With these results, you’ll now have the slugs for any plugins installed on your website. You can use these slugs in your commands to manipulate specific plugins, such as adding and removing components from your environment.

Manage plugins by slug with WP-CLI

If you know the slug of the plugin that you want to manage, you can use these commands to add, remove, or update plugins from your site:

CommandDescription
wp plugin install {slug}Installs a specific plugin based on the provided slug.
wp plugin activate {slug}Activates an installed plugin based on the provided slug.
wp plugin update {slug}Updates an installed plugin based on the provided slug.
wp plugin deactivate  {slug}Deactivates an installed plugin based on the provided slug.
wp plugin delete {slug}Deletes a plugin based on the provided slug.

Manage themes by slug with WP-CLI

The same goes for managing themes! If you know the slug of the theme that you want to manage, you can use these commands to manage them:

CommandDescription
wp theme install {slug}Installs a specific theme based on the provided slug.
wp theme activate {slug}Activates an installed theme based on the provided slug.
Wp theme update {slug}Updates an installed theme based on the provided slug.
wp theme deactivate  {slug}Deactivates an installed theme based on the provided slug.
wp theme delete {slug}Deletes a theme based on the provided slug.

Locating plugin and theme slugs

If you want to install a brand new plugin or theme but you don’t know the slug for it, you can find it as a directory under the WordPress.org repository URL:

Installing a plugin with WP-CLI from a URL

You can hover over the download button from the plugin’s download page, right-click the button and copy the ZIP file location that the button goes to.

Copy the download link to obtain the zip file location for a plugin

Of course, take care to only install plugins and themes from trusted sources because pirated and nulled themes and plugins are dangerous and often contain some nasty backdoors.

Hacking has become a fairly common criminal activity; new vulnerabilities are discovered on a regular basis by bad actors who read through lines and lines of code until they find something they can exploit. It’s impossible to guess exactly how many zero-day vulnerabilities exist that haven’t been disclosed yet.

Update all plugins and themes in WordPress:

To update all actively installed plugins and themes in your environment, simply type the following commands:

CommandDescription
wp plugin update –allUpdates all plugins installed in your WordPress site.
wp theme update –allUpdates all themes installed in your WordPress site.

Reducing risk by limiting third-party plugins and themes

For every plugin and theme you add to your website, you are adding a whole directory of files that might contain a serious bug or vulnerability. This is the exact reason why you should choose additional themes and plugins for your site wisely — and always remove anything that you don’t need.

You can accomplish this directly in the WordPress console, as long as you have write access to the server and your SFTP credentials.

Plain FTP is an insecure communication mechanism, please leverage SFTP when it’s available.

Bonus video tutorial

For additional guidance, check out this short video tutorial we’ve prepared to help you through the process. Enjoy!

You May Also Like