WP-CLI: How to Install WordPress via SSH

WP-CLI: How to Install WordPress via SSH

Sure, there are tons of one-click installers floating around for WordPress. But they’re not always the most secure option — and can still be tedious to use, especially if you need to update default configurations after installation. But what if I told you there’s a simple and reliable way to manage and install WordPress using WP-CLI over SSH?

In today’s post, we’ll cover the basics of connecting to your server and installing WordPress core over SSH (Secure Shell). So, let’s dive into one of the most secure and convenient ways to install WordPress on your web server!


Is SSH really more secure than FTP?

Using terminal to access and install WordPress isn’t just convenient — it has another added bonus: SSH authenticates and encrypts all connections. And since the SSH protocol encrypts the commands and data transfers to and from your server, it does a better job keeping your website’s server connection private than regular FTP (File Transfer Protocol) clients.

FTP has been around since before the evolution of public networks and wasn’t designed with security in mind. While FTP clients may be convenient, there are some disadvantages to using them — including the fact that files, usernames, and passwords are sent in plain text. Any data that’s transferred using an unencrypted protocol is subject to possible eavesdropping, which could put your system or data at risk.

SSH, on the other hand, was born after a sniffing attack was performed on the HelSinki University of Technology and users realized they needed a more secure method of transferring data. This client-server based protocol works by using authentication methods and encrypting remote connections for users and processes.

Furthermore, FTP is only able to perform basic file operations and transfer files from one destination to another. But SSH provides secure access to the server shell, allowing you to perform and execute a full range of server commands. It also supports extra functionalities such as monitoring running services or applications and transferring or modifying files.

If these SSH instructions are a little intimidating, consider using SFTP (Secure File Transfer Protocol) over regular FTP.

SFTP is a file transfer protocol that uses SSH encryption to securely transfer files between systems. It comes as a standard part of SSH version 2.0 and most FTP clients support it.

How to install WordPress using WP-CLI

Before we get started, make sure you have the following:

  • SSH access and key pairs
  • Server details

You’ll also want to ensure you have defined the necessary information for your wp-config.php file, too.

Next, let’s review the steps to install WordPress using WP-CLI.

1 – Connect to your website’s root over SSH

First, connect to your website’s docroot over SSH. You can use terminal for Mac or Linux, and PuTTy for Windows.


  • Open terminal.
  • Type the following, replacing the username and server info (ssh.host.server.com) with your own:
ssh username@ssh.host.server.com
  • Press Enter and type your password to authenticate.


  • Open PuTTy.
  • Enter your server IP as your Host Name.
  • Select SSH.
  • Click Open.
  • Enter your username and password

Windows Putty Client

2 – Install WP-CLI

Once you’ve connected to your server, you’ll want to check if WP-CLI has already been pre-installed by your host. Type the following command into terminal:

wp cli version

If WP-CLI is present, you should get an output that looks something like this:

$ wp cli version
WP-CLI 0.24.1

If WP-CLI has not yet been installed by your host, copy and paste the following command into the prompt and press Enter to install the latest version of WP-CLI.

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

And if that doesn’t work, try:

wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

Next, verify that WP-CLI is properly installed by running the wp cli version command again.

3 – Create a new WordPress directory (optional)

If WordPress is going to be your primary CMS, skip this step to install WordPress in the docroot of your website.

But if you intend on using different CMS platforms in addition to WordPress, create a subdirectory and navigate to it with the following commands.

mkdir blog

cd blog

These two commands will create a new directory for you to install WordPress in a subfolder of your website (for example, site.com/blog instead of site.com) and then move you to your new subfolder.

4 – Download and configure WordPress

Next, let’s download and configure WordPress. Enter the following command to download the most recent WordPress core files:

wp core download

Then, replace the examples below with the info for your WordPress database:

wp core config --dbhost=host.db --dbname=prefix_db --dbuser=username --dbpass=password

In this example, this would configure your new database with the following settings:

  • Database Host: host.db
  • Database Name: prefix_db
  • Database User: username
  • Database Password: password

Make sure you modify these default credentials to something unique and secure.

5 – Change permissions for wp-config.php

Now you’ll need to change the permissions on your wp-config file.

chmod 600 wp-config.php

Use 600 or 400 for a more secure configuration, especially if you’re using a shared environment.

6 – Configure wp-config.php

Next, configure your wp-config.php file. Replace the examples below with the information for your website, including the URL for your new WordPress install, the Title of the site, and your admin user.

wp core install --url=yourwebsite.com --title="Your Blog Title" --admin_name=wordpress_admin --admin_password=4Long&Strong1 --admin_email=you@example.com

In this example, this would configure your new WordPress website with the following settings:

  • Installation URL: yourwebsite.com
  • Website Title: Your Blog Title
  • Admin User: wordpress_admin
  • Admin Password: 4Long&Strong1!!!

Another gentle reminder here to use strong, unique credentials for every account on your website.

7 – Enable file uploads

Enter the following SSH commands to enable file uploads for your WordPress website.

cd wp-content
mkdir uploads
chgrp web uploads/
chmod 775 uploads/

8 – Clear command history

Run this command to remove the history of any you typed during this session, which contains your super-secret WordPress configuration information!

history -c && exit

Still with me? Good, because you’re done.

Now you can use WP-CLI to install and activate themes and plugins using the slug, ZIP, or URL from the Download button on the repository.

Well done! If you want more, you can even manage WordPress multisite installs using WP-CLI. I encourage you to check out the WP-CLI documentation to learn more about the wonderful world of WordPress’ command-line interface.

Video: How to install WordPress via SSH

If you’re looking for step-by-step instructions, check out this video tutorial on how to install WordPress using WP-CLI and SSH.

Additional resources

Check out these additional resources for common WP-CLI commands and instructions.

You May Also Like