WP-CLI lets administrators list, create, update, delete, and inspect WordPress users from the command line. It is especially useful for audits, incident response, migrations, and multisite operations, but every command runs with powerful access and needs a preview, backup, and audit trail.
Production rule: connect through an approved administrative path, confirm the environment, use least privilege, preview the affected users, avoid secrets in shell history, and verify the result.
Confirm the site and current state
wp core is-installed
wp option get home
wp user list --fields=ID,user_login,user_email,roles --format=table
In multisite, include the correct --url. A network user can exist without membership on the selected site, so site roles and network identity must be treated separately.
List and inspect users
wp user list --role=administrator --fields=ID,user_login,user_email,user_registered --format=table
wp user get 42 --fields=ID,user_login,user_email,display_name,roles
Use JSON or CSV output for controlled automation, but protect the file because user records contain personal data.
Create a user without exposing a password
wp user create [email protected] [email protected] --role=editor --send-email
Letting WordPress send the account email is safer than placing a password directly on a shared command line. If automation must supply credentials, use an approved secret-delivery method and ensure process lists, logs, CI output, and shell history cannot reveal them.
Change roles carefully
wp user set-role 42 editor
wp user add-role 42 author
wp user remove-role 42 author
set-role replaces the user’s role set on that site. add-role and remove-role change individual assignments. Confirm custom capabilities and plugin behavior before changing privileged accounts.
Update profile data
wp user update 42 --display_name='Editorial Manager'
wp user meta get 42 department
Only edit approved metadata keys. Plugins can store security, identity, billing, or integration state in user meta. Blind bulk changes can break authentication or privacy workflows.
Delete or offboard users safely
wp user delete 42 --reassign=7
Reassign owned content when the editorial record must remain. First inspect posts, pages, custom post types, media, orders, comments, API credentials, scheduled actions, and external systems. Deleting a WordPress user does not automatically revoke hosting, Git, CDN, DNS, SFTP, or identity-provider access.
Bulk operations
Generate a preview, review it, then process small batches. Do not parse human-formatted tables in scripts. Use IDs and machine-readable output.
wp user list --role=subscriber --field=ID
wp user list --role=subscriber --format=json
- Set an explicit site URL and environment.
- Apply an allowlist or reviewed input file.
- Log the job ID, operator, filters, IDs, result, and time.
- Stop on unexpected errors and make retries idempotent.
- Reconcile the final count and spot-check accounts.
Enterprise access governance
- Use named accounts and prohibit shared administrators.
- Integrate single sign-on where appropriate and keep an audited emergency account.
- Review privileged roles, application passwords, and dormant accounts regularly.
- Separate request, approval, execution, and review for sensitive bulk changes.
- Document joiner, mover, and leaver workflows across WordPress and connected systems.
- Retain only necessary audit data and protect it as sensitive.
Common mistakes
- Running against the wrong environment or multisite URL
- Passing passwords on the command line
- Deleting a user without content reassignment
- Assuming a WordPress role covers hosting and infrastructure access
- Changing custom user meta without understanding ownership
- Running an unreviewed CSV loop as root
- Keeping exports of user data indefinitely
For repeatable operational controls, see production WP-CLI commands and WordPress maintenance plans.
Primary sources
Frequently asked questions
Yes. Use the correct URL and understand the difference between a network user and that user’s membership and role on a specific site.
Avoid putting secrets directly in commands because they may appear in history, logs, or process lists. Prefer an account email or an approved secret channel.
Use the reassign option when content must transfer to another user. Review custom post types and plugin-owned data first.
Yes, but validate every row, avoid plain-text passwords, use small idempotent batches, log results, and reconcile the final state.
List users by administrator role for each relevant site, then review identity, business owner, last-use evidence, and connected access.
No. Revoke identity-provider, email, hosting, source control, DNS, CDN, SFTP, API, and vendor access too.






