Verdant TCS


2 min read


No, I mean, REALLY, why?

Good question, let me elaborate… currently vCanopy servers are locked down by SSH to root users only, which somewhat curtails wp-cli and leads to a few gotchas. 

It means that wp-cli can only be run as the root user using the --allow-root flag with every command.

This means that any file changes that occur during your running of the wp-cli command will have a permissions error as they will belong to the root user and not the site system-user. It also means wp-cli is running as root, which can be insecure if your site is already, unbeknownst to you, compromised.

It also means things like the wp-cli configurations per system user are unavailable. This means, amongst other things, you need to navigate to the path of the WordPress installation or provide the path to htdocs with the --path=/var/www/{site.url}/htdocs flag.

So as a part remedy to this we developed a GP-CLI wrapper for WP-CLI. It can navigate our security settings and run the WP-CLI commands as the correct system user. It doesn’t require a filepath providing, nor does it need to be run from within the site’s htdocs directory, it can be run from anywhere on the server.


That said, it does need to have a full path for any file created (for example, when exporting a database) and the destination of the file needs to be in a location writable by the sites php system user. Your website’s htdocs folder –/var/www/{site.url}/htdocs – is the easiest option for this. 

If you are running the command from root and not passing an explicit full path for the output, it will try to create the file in a location that is inaccessible.vCanopy 

GP WP-CLI Syntax

The syntax is as follows:

gp wp {site.url} {wp.cli.command} {arg} {arg} {arg} {arg.n}

You will replace {site.url} with your site’s primary domain, {wp.cli.command} with the wp-cli command you wish to use, and then pass all the subcommands or arguments you would use with wp-cli sequentially afterward.


So, for example, the following wp-cli plugin command:

wp plugin install hello-dolly --activate 
 --path=/var/www/ --allow-root

in gp-wp-cli is:

gp wp plugin install hello-dolly -activate

or the following wp-cli DB search and replace command:

wp search-replace 
 --dry-run --precise --all-tables --skip-columns=guid 
 --report-changed-only --path=/var/www/ --allow-root

in gp-wp-cli is:

gp wp search-replace 
 --dry-run --precise --all-tables --skip-columns=guid 

Obviously this is shorter, but it also has the advantage of allowing us to keep your secures locked down tight, and not running wp-cli php as root. 


When dealing with the --ssh parameter in WP CLI it is best to use pure WP CLI. GP CLI will not accommodate this parameter.

Search the Knowledge Base

New to vCanopy?

Get started with our FREE Core plan today! We bring the software, you bring the hardware.