Last updated: 9 March 2022

In the previous article about WP-CLI we installed and configured the utility. We will now start using WP-CLI in earnest by installing WordPress.

It is worth reading this article, even if you already have WordPress installed. We will go over a few useful WP-CLI commands and provide some tips and tricks along the way.

The installation process

The WordPress install process involves four steps:

  • Download and extract the core files.
  • Create a database and database user.
  • Create a wp-config.php file.
  • Run the install script.

WP-CLI can take care of three of the four steps. The one thing you need to do manually is creating the database. So, for this article we will assume that you have created a database and database user.

Download and extract WordPress

The first step is to download and extract the core WordPress files. Before you do so, please always make sure that the directory from which you are executing the wp core download command doesn’t contain website files:

[example@cpweb6-premium public_html]$ ls -1FA

Here, we got an almost empty directory, so there won’t be any file clashes. In case you’re wondering, the cgi-bin folder is a historic artefact related to the CGI handler, and the .well-known directory is used to validate SSL certificates.

The wp core download command doesn’t overwrite files, unless you use the --force option. It can be useful to overwrite files, for instance when some of the core files have been corrupted. For a fresh install, though, it is best to make sure that the directory doesn’t contain website files.

The command has a few other options. A commonly used option is --locale, which specifies the language version you want to download. By default, you get the American English version. As we are on the other side of the pond we will instead grab the British English version:

[example@cpweb6-premium public_html]$ wp core download --locale=en_GB
Downloading WordPress 5.3.2 (en_GB)...
md5 hash verified: 216fb56bf62185027930728caee31335
Success: WordPress downloaded.

Another interesting option is --skip-content. The option installs everything apart from the default themes and plugins. In other words, the option saves you a bit of time if you routinely purge the Hello Dolly and Akismet plugins and the default WordPress themes.

As you can see, the wp core download command automatically extracts the WordPress archive:

[example@cpweb6-premium public_html]$ ls -1FA --group-directories-first

What about the .htaccess file?

It is worth noting that the default install doesn’t include a .htaccess file. That means that, out of the box, WordPress doesn’t support pretty URLs. For instance, the sample post included in a new install has a URL like instead of The .htaccess file is created when you change the Permalink Settings via the WordPress dashboard (under Settings).

There is, of course, also the option to change the permalink structure via WP-CLI. However, the wp rewrite structure command is one a few commands that is relatively complicated and not at all intuitive. For some things using the WordPress dashboard is easier.

Create the wp-config.php file

Next, you need to create the wp-config.php file. You can do that manually, by copying the wp-config-sample.php file to wp-config.php and then defining the database settings using your favourite text editor. However, it is quicker to use the config create command.

Avoiding passwords on the WP-CLI command line

Before we create the config file we should briefly touch on the --prompt subcommand. You can use this to avoid entering passwords on the command line. Instead, you can put the password in a plain text file and then use input redirection to read the password into your command.

To illustrate, you can define the database password like so:


However, the password will be visible in your Bash history. To instead read the password from a file you can use this syntax:

--prompt=dbpass < /path/to/password_file

In the below example we are in the /home/example/public_html directory. Our database password is stored in the file /home/example/dbpw.txt. The reason we put the file below the public_html directory is that the file won’t be accessible through the browser – you don’t want people to accidentally stumble upon your database password.

[example@cpweb6-premium public_html]$ wp config create \
 --dbname=example_wpdb20 \
 --dbuser=example_usr \
 --prompt=dbpass < ../dbpw.txt
Success: Generated 'wp-config.php' file.

Running the install script

We now got a database, the core WordPress files and a wp-config.php file. It is time to run the install script using the wp core install command.

The core install command has six options, all of which are relevant. The first five options define basic settings and let you create a user account:

  • --url defines the domain.
  • --title is the website’s name.
  • --admin_user defines the WordPress admin’s username (both the display and login name)
  • --admin_email is the admin user’s email address.
  • --admin_password is the admin user’s password.

In addition, you can use the --skip-email option to prevent an email is sent to the admin user. The below command uses all six options:

[example@cpweb6-premium public_html]$ wp core install \ \
 --title='Examples Rock!' \
 --admin_user=Catalyst2 \ \
 --skip-email \
 --prompt=admin_password < ../pw.txt
Success: WordPress installed successfully.

There are a few things worth noting in the above command:

  • On the last line we again use input redirection to read the admin password into our command. This is exactly how we passed the database password to the wp config create command a minute ago.
  • The website title (Examples Rock!) includes a space and an exclamation mark. Because the argument contains a space we need to put the title inside quotes. Normally, you can use either double or single quotes. However, when the title includes an exclamation mark you need to use single quotes. The reason is that the exclamation mark has a special function in Bash: it is used to re-run commands from the command line history. Using single quotes ensures that exclamation marks aren’t interpreted as part of a new command.

Checking the new install

You should now be able to log into the WordPress dashboard, which is the best way to verify that everything is working as expected. That said, we might as well check a few things while we are on the command line. First, let’s check what version of WordPress is installed and whether or not there are any updates:

[example@cpweb6-premium public_html]$ wp core version

[example@cpweb6-premium public_html]$ wp core update
Success: WordPress is up to date.

Next, let’s check the website URL (which we defined as

[example@cpweb6-premium public_html]$ wp option get siteurl

[example@cpweb6-premium public_html]$ wp option get home

And finally, let’s have a quick peak at the users table as well:

[example@cpweb6-premium public_html]$ wp user list
| ID | user_login | display_name | user_email            | user_registered     | roles         |
| 1  | Catalyst2  | Catalyst2    | | 2020-03-03 12:43:39 | administrator |

Where to go from here

In the next articles we will go over managing WordPress options and plugins and themes.