The WPtool is suite of (SSH) bash functions to administer Wordpress installs. With this tool you will be able to determine problems and make changes that we find to be most common among Wordpress users.
No Longer Maintained
tl;dr I'm not updating it anymore, but you can use WP-CLI instead.
Long ago, in a tech center far away, there was a really helpful droid, I mean tool, called
wptool that assisted techs in helping customers repair and manage their WordPress installations.
But life changes, and I've moved on to other things (such as Jekyll and Hugo), and haven't done anything with WordPress in a long time. This tool doesn't work with the latest versions, and I've decided to archive it. Feel free to fork and update it if you wish. You can still use
wpscan to scan sites for malware, as that should always work, even on non-WordPress sites that are still PHP-based.
For a command line tool to login as a given user, there is a WP-CLI plugin called WP-CLI Login Command. See the page for how to install and use it. You may also need to enable permalinks on the site.
I hope that will get you in the right direction. This was a fun project, and I'm glad it helped some people out.
- Auto removal of tool once SSH session ends.
- Login as any user on the site, or make a new user. (wpuser/wplogin)
- Reinstall/fix core files in a single command (wpcore)
- Fix common problems and htaccess issues (wpfix/wpht)
- Test for issues and find problems (wptests/wptrace)
- Show the latest site errors (wperr)
- List and change theme (wptheme)
- List and activate/deactivate plugins (wpplug)
- Change the url address and update that url in posts (wpurl)
- Quickly backup and restore the site (wpbackup/wprestore)
- Scan for common malware (wpscan)
- Man pages for each command for quick syntax references:
How to load it
Once you have made a SSH connection to an account with wordpress installed run this command:
. <(curl -sS https://raw.githubusercontent.com/bagley/wptool/master/wptool)
If the toolkit has been enabled you should have a response like this:
Injected WPtool into current bash session. For details, type 'wptool'.
Recent Changes: [Any important changes or new features are displayed here]
If you would like to use newer features you can use the devel branch. Or you can easily use previous versions. Useful if you find something broken that was working before. See the Developent Versions and Previous Versions sections for move info.
Hosting Note: If you plan on putting wptool on your own server/website, like onto a hosting account you have, please see the note in the "Hosting WPTool" section before doing so.
Some Basic Starting Options
Here are some basic ones to get you started off right:
wpstats <--- Show basic infomation about the site (url, theme, status)
wpdb <--- Show info about the database (user, password, tables)
wplogin <--- This will give you a link that you can click with your browser and automatically be logged in as an administrator.
wpfix <--- This will quickly clear up most caches and clear things up. Also try 'wpht'
Towards the bottom I have some scenarios of what commands to use in common situations, like a wsod.
Here is a list of all the commands and how to use them.
This tool shows a quick guide and lists the commands injected by the wptool kit.
This tool returns a basic overview of the Wordpress install.
This tool returns the current URL settings in the database, or updates them to a specified URL. It can also be used to replace existing urls in posts (useful in site moves).
Show the site's url:
Change the site to a different url:
Search and replace every instance of oldurl with newurl in the posts and postsmeta tables.
wpurl oldurl newurl
Set the siteurl to [url]
Set the homeurl to [url]
You may also use --site and --home to get just the siteurl and home.
Note: If the URL does not start with 'http://' or 'https://' it will automatically be prepended with 'http://'..
This tool returns the current theme, as well as listing any available ones found in the wp-content/themes folder. It also can change to a specified stylesheet, template, both, or to a new copy of twentytwelve.
Outputs the current used theme and available themes to choose from:
Update theme and style sheet to new theme
Update wordpress style sheet only
wptheme ThemeName -s
Update the template only
wptheme ThemeName -t
Installs a brand new twentytweleve theme for testing and renames the old one. Useful if none of the themes are working.
This tool tests the database connectivity based on settings in the wp-config.php file, and can import/export a database based on its settings.
List database name, credentials, hostname, and other information.
Uses wp-config.php to import database.
wpdb -i file.sql
Exports current database to wordpress home.
wpdb -e file.sql
Show the size of all tables and the database
Output will look like:
+------------------------------+------------+------------+ | TABLE_NAME | table_rows | Size in MB | +------------------------------+------------+------------+ | wptEiW_commentmeta | 845 | 16.75 | | wptEiW_comments | 345 | 31.59 | ..... DB size: 98.24 MB DB tables: 31 tables
This tool does basic plugin functions, such as displaying active and available plugins, or disabling them all.
Usage: wpplug [disable |disable-all|restore-all|disable-all-via-folder]
List currently enabled/disabled plugins of the current install (no options).
Disable selected plugin in the database, by its folder name Hint: list all the plugins, and you'll see it in there.
-d, disable <plugin>
Disable all plugins in the database (this is just how WP does it)
Restore the plugins that were active before, as --disable-all saves them to $wpt_disabled_plugins. Of course it's only valid for this session
Disables plugins by renaming the plugin folder (warning! may cause data loss).
This tool uses wordpress to create a fresh .htaccess file with required wordpress settings. Please note that the original .htaccess is renamed. This command has no options.
This tool downloads the latest core, a new core of the current version, or a specified version while leaving wp-config.php and wpcontent untouched.
Only download the latest archive of core files for wordpress.
Download and install/replace the core wordpress files based on the version specified in wp-includes/version.php
Download and install/replace the core wordpress files based on the database version. Useful if enough wordpress files are missing that the above 'cur' method can't figure out the version number, or is getting the wrong version number.
Download and install/replace the newest version of the core wordpress files. This option can also be used to install a brand new wordpress version.
Download and install/replace a specific version of the Wordpress core, in the form of #.#.#
wpcore #.#.# # example: wpcore 4.0.0
This tool runs various built-in Wordpress functions and fixes, and a few others.
Clear WordPress's cache and runs any needed database updates. This is safe, as it's what you normally do when you upgrade WP
Fix the permissions of WP files to writeable.
This tool performs various user functions, including creating access links to allow you to enter wordpress as any user, returning info for a specified user, changing usernames, passwords, changing a user to an admin, creating new admin users, and deleting users.
Return a list of current users/ID# for that wordpress install.
Create a link that will allow you to enter the WordPress site as the given user in your chosen browser.
wpuser USERID -l # example: get a link to login as user 1 wpuser 1 -l
Return details about specified user USERID
wpuser USERID # example: get the info of user 1 wpuser 1
Change username of user USERID to NAME
wpuser USERID -u NAME # example: change the name of user 1 to mark wpuser 1 -u mark
Change password of user USERID to PASS
wpuser USERID -p PASS # example: change the password of user 4 wpuser 4 -p My@New%Prase!
Promote user USERID to admin
wpuser USERID -a
Delete user USERID
wpuser USERID -d
Create a new admin user. The user will be called 'deleteme' and will be given a random password.
wpuser -n wpuser new
This tool shows the last few lines of the error_log and wp-admin/error_log if they exist. It has no options.
This tool will scan the site for signs of malware. Note that is is not a complete solution. It only helps you out in determining if you have breaking. It does not fix it. It will give you several false positives. But it's helpful.
Note! Scanning can take a huge amount of cpu and disk drive. If you abuse your provider's resources, they may shut you down.
Scans the core files, plugins, and themes:
Scan all files in the current directory and down:
Only show the actual phrase being matched. Not the whole line:
wpscan [quick|full] quiet
wpscan uses strings to find bad files. By default it will load a default set when a scan is run, if none are already loaded.
In short, the following methods are optional.
Show a list of the scan strings that are currently loaded.
Optional method to set the strings back to the default list. Optionally specify devel or alpha to use the strings located in those branches. They might be new, or they might not.
wpscan default-strings [devel|alpha]
You may also override the strings with your own set(s).
Set any custom strings to this variable to be included in the scan. Use single quotes (') and separate each with a '\n':
# first set the extra strings to use: extra_strings='string1\nstring2\nstring3' # then run the scan. It will automatically add the strings to the current list. wpscan full
Load your own strings from the given address. See the scanstrings file for an example. Default strings are not be added if you do this first, as they are only loaded on a empty string list. So do this after loading the default strings if you want to use those.
wpscan add-strings [url]
Clear out all scan strings.
This tool creates a backup of db and/or files.
Makes a backup of files.
Makes a backup of the database.
Makes a backup of database and files.
This too restores the database. It is a shortcut to wpdb -i /file.
Restores from a regular .sql/.sql.gz file.
wprestore db <file>
Restores from a sql file w/o checking it's type.
wprestore forcedb <file>
Restores from a sql.gz file w/o checking it's type.
wprestore forcegz <file>
This tool shows the WordPress file and database versions.
Common Scenarios and What to do
You get a white screen (wsod)
Check the error logs.
Reset htaccess file (and try moving it out of the way).
Clear site's cache
Reinstall core files (this helps out a lot)
Reset Theme to TwentyTwelve
Disable all plugins
wpplug --disable-all # verify, and then restore previous setting: wpplug --restore-all
Need to login
wplogin wpuser # -l
That's the simple answer. But if that fails (and let me know the details, if you can), you can make a new user with 'wpuser -n'.
This is how to use previous versions, which is useful if I change or break something (I am human). As we are using git, it makes it trivial to to this.
Browse for the file
This way may be the simplest. Either click on Commits or Releases, and then click the one you want. Then click on the 'wptool' file. It will shows the code, but we want the Raw file. So click where it says Raw. It will then show the file. Copy the link and replace ADDRESS with it below:
. <(curl -sS ADDRESS)
To use a particular version number, just substitute VERSION below with the version you would like to use:
. <(curl -sS https://raw.githubusercontent.com/bagley/wptool/VERSION/wptool)
For example, to use version v22.214.171.124 we would use:
. <(curl -sS https://raw.githubusercontent.com/bagley/wptool/v126.96.36.199/wptool)
You can either browse the commits and get the file path, or if you get the commit hash just put it in:
# put the hash in where <commit> is: . <(curl -sS https://raw.githubusercontent.com/bagley/wptool/<commit>/wptool)
For example, to use commit b0381758e548cb8bf6bca8ef209ff4869dca89ff we would use:
. <(curl -sS https://raw.githubusercontent.com/bagley/wptool/b0381758e548cb8bf6bca8ef209ff4869dca89ff/wptool)
The devel and alpha branches contain the most recent changes that are being tested out before rolling out a release. I do this because the main code is constantly being used by people on various sites. I can't just roll out a change and "hope for the best."
The Development branch (devel) is code that while being new, has been tested and used by me. It may still have issues, but most of the bugs should be gone.
If you would like to try the devel branch, we just substitute "devel" for "master" in the regular link, as follows:
. <(curl -sS https://raw.githubusercontent.com/bagley/wptool/devel/wptool)
The Alpha branch (alpha) is where I put the most recent changes. Just so you know, the code here is usually not tested, and may contain lots of bugs. It may be completely broken and not even load.
But if you want the latest and greatest, or you want to help out, or you are just feeling brave, you can load it with the following line:
. <(curl -sS https://raw.githubusercontent.com/bagley/wptool/alpha/wptool)
WPTool is free software, and you are welcome to copy it to your host/website/etc as you see fit.
Just know that you don't have to host wptool to use it. Just run the command under "How to load it" and you will have the necessary tools.
The only issue with hosting is that "scanstrings" file has strings in it that a hosting provider may think are bad. But these strings are just to look for bad website files. And they don't have any effect if you just load the program as described in "How to load it." They only can effect your hosting account if you copy the "scanstrings" file onto the actual account.
WPTool itself does not have any of these strings. I kept them separate on purpose.
So before you copy the "scanstrings" file onto your hosting account, you need to verify with your hosting provider whether or not they are going to flag it. Or just copy WPTool over, and it will fetch the file from here. Also note that the .git folder will contain these strings.
Again, the strings have no effect on the accounts that the script is loaded into, only if you actually copy the "scanstrings" file onto the hosting account's filesystem. When we only load the strings via the wpscan command, we are only loading it into the user's shell. When the shell is closed, the whole program with the strings are cleared out.
Current Developer and Maintainer: Matt Bagley
Based on the original code by Thomas Bradshaw and Jacob Cloutier (not associated with this fork).
Contributors: Cameron Larsen - database repair/optimization, additional malware rules and methods, recursive re-installing.
To have your name added for code/help you have added (some people don't want their name on here), either email/message me, or send me a pull request!