• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

WP-CLI Guide: Install WordPress via SSH

August 4, 2015Alycia Mitchell

870
SHARES
FacebookTwitterSubscribe

This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database. We also covered a few commands in our third post about how to securely manage your plugins and themes with WP-CLI, including updating, removing, and adding them to WordPress.

Today, we are going to cover installing WordPress core from the ground up using WP-CLI. This is the pièce de résistance, and one of the most secure ways to install WordPress. The SSH protocol encrypts the commands and data transfer, keeping your connection to your website server more private than using FTP clients.

Connect to the Root of Your Website Over SSH

At this point, you should already have SSH access to your server and a fresh database process. Make sure you have all the information you need for your wp-config.php file. To recap the process we outlined in our first post on WP-CLI, connect to your website with the following steps.

Mac/Linux

  • In Terminal replace the username and server info with your own:
    username@ssh.host.server.com
  • Press Enter and type your password.

Windows

  • In PuTTy enter your server as your Host Name
  • Select SSH
  • Click Open
  • You will be prompted for your username and password.
(Optional) Create WordPress Directory
      If you are installing WordPress under a section of your website (example.com/blog instead of all example.com) then make that directory and change your directory so you are in the new directory by running these two lines:
mkdir blog
cd blog

If you are making the entire website with WordPress then don’t do this step.

Download and Configure WordPress

Enter the following command to download the most recent WordPress core files:

wp core download

Replace the examples below with the info for your WordPress database:

wp core config --dbhost=host.db --dbname=prefix_db --dbuser=username --dbpass=password
Configure wp-config.php

Change the permissions on your wp-config file:

chmod 644 wp-config.php

Replace the examples with the information for your website, including the URL of the WordPress install, the Title of the site, and your admin user.

wp core install --url=yourwebsite.com --title="Your Blog Title" --admin_name=wordpress_admin --admin_password=4Long&Strong1 --admin_email=you@example.com
Enable File Uploading

In your main WordPress installation folder enter the following SSH commands:

cd wp-content
mkdir uploads
chgrp web uploads/
chmod 775 uploads/

Still with me?

Good, because you’re done. Now you can install and activate themes and plugins using the slug, ZIP, or URL from the Download button on the repository as we discussed in the last article.

You also want to run this command to remove the history of commands you typed during this session, which contains your super-secret WordPress configuration information!:

history -c && exit

Well done and if you want more, you can even manage WordPress multisite installs using WP-CLI. I encourage you to check out their documentation to learn more about the wonderful world of WP-CLI.

Video Tutorial

As an added bonus, I’ve prepared a quick video tutorial to assist you in the process. Enjoy!

870
SHARES
FacebookTwitterSubscribe

Categories: Security Education, WordPress SecurityTags: Best Practices, Command Line Tools

About Alycia Mitchell

Alycia Mitchell has been Sucuri’s Marketing Manager since 2014. Alycia's main responsibilities include analytics and content strategy. Her professional experience covers 10 years of SEO and digital marketing for cybersecurity. When Alycia isn’t deep in spreadsheets, you might find her exploring nature. Connect with her on Twitter.

Reader Interactions

Comments

  1. Olaf Lederer

    August 5, 2015

    Why do you change the permissions of the wp-config.php file to 0644? On a regular host is this the default value. The same for the upload directory, why is the step necessary?

    • Alycia

      August 6, 2015

      If you aren’t on a regular host the steps may be necessary. It doesn’t hurt to run these commands if you’re on a regular host with these permissions already set, but you are right – not really necessary if you know they are already set.

      As far as initial installation goes, these are just two key areas that I recommend locking down immediately upon installation. I could have gotten into more post-install security stuff, but wanted to keep it pretty simple for this article. Stay tuned though! 🙂

  2. Iskandar Reza

    December 10, 2015

    We always change /etc/ssh/sshd_config to use a different port than 22. Just wanted to add that. It’s a simple yet effective measure to protect ssh access against possible attack.

  3. Nastya

    November 23, 2016

    Great article

  4. Blue Presley

    January 30, 2018

    For chgrp, you’re using “web” here, which on my ubuntu machine comes up “invalid group.” You are meaning to have us change the folder ownership to the default group for the web server user, right? In my case that would be www-data. If that’s so, then it may be helpful to add that above. Also, for those who want to install themes and plugins via the wp admin area, don’t themes and plugins also have to be changed to the web server group with chmod 775 also? Thanks!

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

WordPress Security Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.