If you manage more than two WordPress sites and you don’t use WP-CLI, you’re spending 80% of your admin time clicking through dashboards that the command line could do in five seconds. I run WP-CLI on every managed WordPress server I touch, and it’s installed before the admin password is.
The pitch is simple: instead of logging into wp-admin, navigating to Plugins, clicking “Update Now” for each plugin, doing the same on the next site, and the next, and the next, you run one command. Or you wrap it in a shell loop and update 40 sites in the time it takes to refill your coffee.
What WP-CLI is
WP-CLI is the official command-line interface for WordPress, distributed as a single PHP archive (the wp binary, a .phar file). You install it once on a server, and from then on every WordPress site on that server has a full management surface available from the shell.
Anything you can do from the admin panel, you can do faster from WP-CLI:
- Update WordPress core, plugins, and themes with one command each
- Create, edit, and delete users (including resetting passwords)
- Run database imports, exports, and search-replace operations
- Install and activate plugins from the command line, including premium plugins from a
.zip - Manage multisite networks (add sites, switch users, etc.)
- Run cron events on demand instead of waiting for traffic to trigger them
- Generate test data for staging environments
The phar file is one binary, no dependencies beyond PHP itself, and the install is two commands: download, make executable, move to PATH.
Why I keep recommending it
Three patterns where WP-CLI saves real time on agency work:
- Multi-site bulk operations. A shell loop over your sites runs the same command on each.
for site in $(ls /var/www/); do wp --path=/var/www/$site plugin update --all; doneupdates 40 sites in 30 seconds, with output you can capture for an audit log. - Disaster recovery. Restoring a site to a known-good state takes one
wp db importand onewp search-replaceto fix the URLs. From a backup file to a working dev mirror is two commands. - Search-replace at scale. Migrating from
staging.example.comtowww.example.comtypically means 200,000 database rows mentioning the old domain.wp search-replace 'staging.example.com' 'www.example.com' --skip-columns=guidhandles it in seconds, with serialized data intact.
The commands worth memorizing
A short list that covers 80% of what I use day-to-day:
# Updates
wp core update
wp plugin update --all
wp theme update --all
# Users
wp user create simon simon@example.com --role=administrator --user_pass='...'
wp user reset-password simon
# Database
wp db export backup.sql
wp db import backup.sql
wp search-replace 'old.com' 'new.com' --dry-run
# Cron
wp cron event run --due-now
# Maintenance mode
wp maintenance-mode activate
wp maintenance-mode deactivateAdd --path=/var/www/site if you’re running from somewhere other than the WordPress root.
What WP-CLI doesn’t fix
It isn’t a silver bullet:
- Doesn’t replace backups. Running
wp plugin update --allon a live site without a recent backup is reckless. Snapshot first. - Doesn’t catch security regressions. WP-CLI applies updates; it doesn’t tell you whether a new plugin version is malicious or whether your CSP just broke. Pair with a real security review process.
- Doesn’t cleanly handle hardcoded URLs in PHP files.
wp search-replaceis database-side. Custom plugins that hardcode URLs in code need code changes too.
Closing the loop
WP-CLI is the tool I’d hand a junior agency engineer on day one. It moves you from “click through 40 dashboards” to “write a small shell script that does the boring part”. The learning curve is one weekend; the ROI shows up the first time you have to update 20 client sites at 9pm.
If you run a fleet of WordPress sites without proper automation around them, the Cloud Infrastructure Audit & Hardening engagement covers the WP-CLI integration patterns I deploy for managed clients. For more open-source tools I run for WordPress agencies, the open-source solutions category has the rest.
