Version: 1.7.0 | CLI tool for managing WordPress sites on VPS with automatic HTTPS, Docker isolation, and security auditing.
- Fresh Ubuntu VPS (22.04 or 24.04 LTS)
- Docker 20.10+ installed and running
- Root or sudo access
- Domain DNS pointed to VPS IP
curl -fsSL https://raw.githubusercontent.com/vibery-studio/vibewp/main/install.sh | sudo bashvibewp site createFully automated! Generates secure credentials, installs WordPress, sets up HTTPS.
- One-command site creation (<5 minutes with auto-HTTPS)
- Multi-site management (unlimited sites per VPS)
- Three engines (FrankenWP, WordPress Official, OpenLiteSpeed)
- Automatic HTTPS (Let's Encrypt via Caddy)
- Security auditing (system + WordPress + CVE scanning)
- SFTP access (chroot jails, wp-content only)
- Backups (local + S3-compatible remote)
- Recovery tools (fix permissions, reinstall core, malware cleanup)
- Interactive UI (beautiful CLI with arrow-key menus)
vibewp site create # Create WordPress site
vibewp site list # List all sites
vibewp site start|stop|restart <name> # Control sites
vibewp site delete <name> # Remove site
vibewp site fix-permissions <name> # Fix permission issues
vibewp site reinstall-core <name> # Recover from hack
vibewp site migrate <name> # Migrate to new FrankenPHP image
vibewp site migrate-all # Batch migrate all FrankenWP sitesvibewp domain add <site> <domain> # Add domain
vibewp domain remove <site> <domain> # Remove domain
vibewp domain list <site> # List domains
vibewp domain ssl-status <site> # Check SSL certsvibewp security audit-server # Full security audit
vibewp security scan # Quick scan
vibewp backup create <site> # Local backup
vibewp backup create <site> --remote # Local + S3 upload
vibewp backup restore <site> <backup> # Restore backupvibewp sftp add-key <site> <pub-key> # Grant SFTP access
vibewp malware scan|cleanup <site> # Malware operations
vibewp firewall list|open|close <port># Firewall management
vibewp php set-limits <site> # PHP configuration
vibewp system status|doctor # System monitoring
vibewp update check|install # Self-update
vibewp menu # Interactive menu| Component | Minimum | Recommended |
|---|---|---|
| CPU | 1 core | 2 cores |
| RAM | 1GB | 2GB+ |
| Disk | 10GB base | 20GB+ |
| Sites | 1-2 | 3-5 |
Internet (80/443)
↓
Caddy Reverse Proxy (auto-HTTPS)
├── FrankenWP Sites (shinsenter/frankenphp + MariaDB)
├── WordPress Sites (wordpress:latest + MariaDB)
└── OpenLiteSpeed Sites (OLS + Redis + MariaDB)
Each site runs in isolated Docker network with separate database, filesystem, and network access.
Config auto-generated at ~/.vibewp/sites.yaml during installation.
vibewp config show # View current config
vibewp config edit # Edit config fileOptional settings:
wpscan_api_token- For vulnerability scanning (free at wpscan.com)
which vibewp
curl -fsSL https://raw.githubusercontent.com/vibery-studio/vibewp/main/install.sh | sudo bashvibewp site logs <site-name>
docker ps -a | grep <site-name>
vibewp doctor checkvibewp domain ssl-status <site-name>
dig +short yourdomain.com # Verify DNS points to VPS- SSH key-only authentication (no passwords)
- Custom SSH port with safe change mechanism
- UFW firewall with fail2ban protection
- Automatic security updates
- 32-character database passwords
- Per-site network isolation
- SFTP chroot jails (wp-content access only)
- Server + WordPress security auditing
- WPScan vulnerability scanning (optional, free API)
- VibeWP CLI (Python package with all dependencies)
- Caddy reverse proxy (Docker container)
- Docker networks (isolated per site)
- Configuration files (~/.vibewp/)
Prerequisites (must be pre-installed):
- Docker Engine 20.10+
- Python 3.10+
Optional (auto-installed when needed):
- rclone (for S3 backups)
- lynis (for hardening audit)
vibewp site create \
--site-name myblog \
--domain blog.example.com \
--wp-type frankenwp \
--admin-email admin@example.comvibewp domain add myblog www.blog.example.com
vibewp domain add myblog cdn.blog.example.comvibewp sftp add-key mysite ~/.ssh/id_rsa.pub --id john
# Client connects: sftp sftp_mysite_john@your-server.com
# Can only access wp-content (no shell access)# Interactive setup (AWS S3 / R2 / B2)
vibewp backup configure-remote
# Create backup and upload to S3
vibewp backup create mysite --remote
# List remote backups
vibewp backup list-remote --site mysite# Basic audit
vibewp security audit-server
# With WPScan API (requires token)
vibewp security set-wpscan-token YOUR_TOKEN
vibewp security audit-server
# Save HTML report
vibewp security audit-server --format html --output ~/audit.htmlvibewp ssh change-port 2222
# Automatic rollback if connection failsVibeWP updates itself automatically:
vibewp update check # Check for new version
vibewp update install [--yes] # Install latest
vibewp update cleanup --keep 3 # Cleanup old backups
vibewp update info # Show install details
vibewp --version # Show versionAutomatic backup + rollback on failure.
Launch full menu UI:
vibewp menuNavigate with arrow keys, select with Enter. Complete management interface for all operations.
- Full docs: See
./docs/directory - API reference:
./docs/codebase-summary.md - Architecture:
./docs/system-architecture.md - Code standards:
./docs/code-standards.md - Security audit guide:
./docs/security-audit-guide.md - SFTP guide:
./docs/sftp-access-guide.md
- Site CRUD operations
- Multi-domain support
- FrankenWP + OpenLiteSpeed
- Automatic HTTPS
- Security auditing
- WPScan integration
- SFTP management
- Local + remote backups
- Self-update system
- Malware scanning
- Interactive menus
- VPS hardening automation
- Scheduled backups
- Multi-VPS management
- Site cloning
- Monitoring dashboard
Contributions welcome! Please:
- Fork repository
- Create feature branch
- Test on Ubuntu 22.04 or 24.04
- Submit pull request
- Issues: https://github.com/vibery-studio/vibewp/issues
- Docs: https://github.com/vibery-studio/vibewp/wiki
- Discord: Coming soon
MIT License - See LICENSE file
Built with ❤️ by Vibery Studio