Absurd: WPM

WPM is the WordPress Mangler. It was initially created to automate backup creation of WordPress installations while I was working at a managed WebHost. It then immediately gained the ability to do WordPress installations, and then to change the domain of a WordPress installation. It has continued to grow since.

The usage of WPM is as follows:

wpm version 4.1.0

-r       rename a wordpress installation
-c       copy a wordpress installation
-i       install wordpress
-u       update a wordpress installation
-p       attempt to set sane permissions on a WP installation
-d       delete a wordpress installation
-b       backup a wordpress installation
-w       change a wordpress user's password
-e       change wpm settings
-s       search for wordpress installations
-m       find and update wordpress installations
-v       verify a wordpress installation

Each different wpm mode then has it's own help that can be accessed by using the help option:

sudo wpm -h -r

Which will then show you help for just that mode:

wpm version 4.1.0

  -r | --rename 
         -o | --oldname          old domain name to be abandoned 
         -n | --newname          new domain name to be in use 
         -p | --path             location of installation 

This function will change the domain name of WordPress installation.
If you provide no path, it will default to your current directory.
Example: wpm -r -o foo.com -n bar.com -p /var/www/example
Example: wpm -r -o foo.com -n bar.com


WPM calls /etc/wpm.conf for those environmental options that it has.


As root, just type 'make install' within this archive. There is one configurable option within the make file, and that is the installation prefix. It will default to /usr/local. The script assumes it is running as root, and the install will set permissions accordingly. Usage information is available with wpm --help. There is a make uninstall as well if you decide you hate it, and there is a make reinstall if you modify something and make the script worse.


The --install mode, by default, configures WordPress to use ftpsockets for FS_METHOD. This will require that you have an FTP server running even if it's only listening on This same assumption is made by the --permissions mode. Both --install and --permissions will set the user and group such that the web process is not the owner of the files, and that the web group will have read access only. This is to attempt to prevent file injection. The --permissions mode does make permission settings backups if the getfacl command is available. FTP sockets configuration can be skipped via the --skip-ftp for both -i and -u.

The --verify mode requires maldet and clamdscan if you wish to use the --scan option. The --md5 option will download a copy of the installed WP version from WordPress.org and will md5 every file and compare. If you select the --replace option, any file will get replaced if a difference is detected. The --replace option also enables quarantining in --scan. It is highly recommended to only use --replace if you use --backup.

You may notice that the --mangle mode has an option for skipping search. This is because the --search mode will generate lists in which can be modified, should you wish to skip a particular installation.

The --delete mode will NOT remove the FTP user used for ftpsockets.


WPM is licensed under the terms of the Licentiam Absurdum. Development of WPM is currently closed in model, but the license is ISC compatible.

⇠ back

© MMIX - MMXXI, absurd.wtf
Licentiam Absurdum