WP-CLI on Live Sites?!?

The first time I saw WP-CLI in use I wept. It’s an amazing tool! I’d go so far as to say that > 50% of hello-dolly uninstalls are done via WP-CLI and probably a good chunk of those are scripted.

But, WP-CLI is a bad thing on live sites.
Maybe my thought process is irrational, but hear me out…or don’t…it’s the internet and I don’t do any analytics on this site *shrug*.

WP-CLI gives complete unfettered access to the WP install.  “But, wait!” you say…  WP-CLI is accessed via SSH and one of those S’s stands for secure!

Hmm…maybe I don’t think WP-CLI is the problem.  Maybe, SSH is…but that makes for a boring post title.

Look, best practices would have us run our sites on a machine we deploy to after testing theme, plugin, core, or whatever updates on a staging site. Very often we run updates on live sites…and rarely is that problematic.

Jumping in with both feet onto a trafficked production site and using WP-CLI, especially non-core commands, seems like a recipe for “Crap…how old is the last backup?”

If you’re still reading I am ready to confess. I constantly use WP-CLI on prod sites. And it has only ever bit me on the ass due to my own carelessness. The point I’m trying to make is that when we deploy code it goes through many steps. When we run CLI commands we just type and hit enter, no filter, no double-check. Then, our hearts sink because unlike gmail there is no “unsend” button.

I started this post like 3 years ago and then forgot I had a website or whatever. It was half complete. I could have just deleted it but I like the reminder to be careful around CLI on prod.