Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line.
Before we get into changing anything, we’ll show you how to back up your database and compress it with your files to make sure you have a complete backup of your system. For this, we’ll have to go a bit beyond WP-CLI’s capabilities and use some normal command-line tools to finish the backup.
After your website (database and files) is securely backed up and transferred to a safe location, you can update the WordPress core and DB without any worries.
Sometimes, things go wrong! Be sure to read our tips on how to back up your website safely.
WP-CLI: Backup
Before updating anything, it is important to first backup your website, including your database and files. WP-CLI makes the hardest part of this process easy.
WordPress Database Backup
At the prompt, type this and press Enter:
wp db export
Now you have a backup of your database in an .SQL file at the root of your website.
WordPress File System Backup
Copying files from the server is not available in WP-CLI, but you can quickly compress all of your files, including the recent .SQL backup of your database.
Make sure you are in the root of your website, as we described earlier. Using the tar command with a few special parameters that make the backup better, and the trailing period at the end is very important, it ensures the new compressed file is saved in the same directory (i.e., folder).
tar -vczf yourbackupfilename.gz .
Transfer Backups
This will only get your backup file compressed and ready. From there, like with any good backup, you should transfer it off the server. You can use FileZilla with SFTP, your SSH credentials should work. If not – talk to your host.

You should always have a recent working copy of your WordPress files stored off your server. If a plugin conflict breaks your website, you will want to have at least the following ready to recover:
- Core files for your current versions of WordPress, plugins, and themes.
- Any custom or altered files.
- Your wp-config.php or database credentials.
It is possible that your backup plugin has WP-CLI commands of their own.
WP-CLI: WordPress Core File and Database Update
We saved the best for last. You need to do these two back-to-back, and the first one may take a moment to process:
wp core update
wp core update-db
At this point, you will want to check your website to make sure everything looks good and you can log in successfully.
Give WP-CLI a try and stay tuned for the next post in the series to learn more. You can use WP-CLI every day to check for critical WordPress updates, and with some practice, it can be an efficient way to manage WordPress securely.
Video Tutorial
As an added bonus, I’ve prepared a quick video tutorial to assist you in the process. Enjoy!
Just found the article I asked. Maybe this should have a link to this article on the 1s post on this WP CLI series…
My WordPress site had been hacked and no backup.Does Sucuri offer a diagnostic service and malicious code removal for a fee and if so what is the best way to get in contact? Also require a security consultation and implementation to ensure limited chance of re-occurrence.
One minor correction: In your discussion of the “tar” command, you said that the trailing period is important because it “ensures the new compressed file is saved in the same directory.” Actually, that period simply tells the tar command what exactly is being tar-ed, i.e. the current directory.