This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database. We also covered a few commands in our third post about how to securely manage your plugins and themes with WP-CLI, including updating, removing, and adding them to WordPress.
Today, we are going to cover installing WordPress core from the ground up using WP-CLI. This is the pièce de résistance, and one of the most secure ways to install WordPress. The SSH protocol encrypts the commands and data transfer, keeping your connection to your website server more private than using FTP clients.
Connect to the Root of Your Website Over SSH
At this point, you should already have SSH access to your server and a fresh database process. Make sure you have all the information you need for your wp-config.php file. To recap the process we outlined in our first post on WP-CLI, connect to your website with the following steps.
Mac/Linux
- In Terminal replace the username and server info with your own:
username@ssh.host.server.com
- Press Enter and type your password.
Windows
- In PuTTy enter your server as your Host Name
- Select SSH
- Click Open
- You will be prompted for your username and password.
(Optional) Create WordPress Directory
- If you are installing WordPress under a section of your website (example.com/blog instead of all example.com) then make that directory and change your directory so you are in the new directory by running these two lines:
mkdir blog
cd blog
If you are making the entire website with WordPress then don’t do this step.
Download and Configure WordPress
Enter the following command to download the most recent WordPress core files:
wp core download
Replace the examples below with the info for your WordPress database:
wp core config --dbhost=host.db --dbname=prefix_db --dbuser=username --dbpass=password
Configure wp-config.php
Change the permissions on your wp-config file:
chmod 644 wp-config.php
Replace the examples with the information for your website, including the URL of the WordPress install, the Title of the site, and your admin user.
wp core install --url=yourwebsite.com --title="Your Blog Title" --admin_name=wordpress_admin --admin_password=4Long&Strong1 --admin_email=you@example.com
Enable File Uploading
In your main WordPress installation folder enter the following SSH commands:
cd wp-content
mkdir uploads
chgrp web uploads/
chmod 775 uploads/
Still with me?
Good, because you’re done. Now you can install and activate themes and plugins using the slug, ZIP, or URL from the Download button on the repository as we discussed in the last article.
You also want to run this command to remove the history of commands you typed during this session, which contains your super-secret WordPress configuration information!:
history -c && exit
Well done and if you want more, you can even manage WordPress multisite installs using WP-CLI. I encourage you to check out their documentation to learn more about the wonderful world of WP-CLI.
Video Tutorial
As an added bonus, I’ve prepared a quick video tutorial to assist you in the process. Enjoy!
Why do you change the permissions of the wp-config.php file to 0644? On a regular host is this the default value. The same for the upload directory, why is the step necessary?
If you aren’t on a regular host the steps may be necessary. It doesn’t hurt to run these commands if you’re on a regular host with these permissions already set, but you are right – not really necessary if you know they are already set.
As far as initial installation goes, these are just two key areas that I recommend locking down immediately upon installation. I could have gotten into more post-install security stuff, but wanted to keep it pretty simple for this article. Stay tuned though! 🙂
We always change /etc/ssh/sshd_config to use a different port than 22. Just wanted to add that. It’s a simple yet effective measure to protect ssh access against possible attack.
Great article
For chgrp, you’re using “web” here, which on my ubuntu machine comes up “invalid group.” You are meaning to have us change the folder ownership to the default group for the web server user, right? In my case that would be www-data. If that’s so, then it may be helpful to add that above. Also, for those who want to install themes and plugins via the wp admin area, don’t themes and plugins also have to be changed to the web server group with chmod 775 also? Thanks!