Which WP-CLI commands can be safely run with –allow-root flag?

No commands are safe when ran as root. Even the help screens aren’t safe as root.

The reason the --allow-root flag is considered dangerous is not because of what the CLI commands themselves do, but because your entire sites code is loaded when WP CLI runs, but now as root. This would mean any hidden malware would now have root on your server, and any code that makes a mistake has no guard rails to prevent it destroying the entire machine. For this reason all commands are just as dangerous.

Fundamentally, it should never be necessary to run WP CLI as a root user, and if you’re logged in as root you can still run WP CLI as another non-root user to avoid the security issues via sudo, e.g. this is one way to do it:

function noroot() {
  sudo -EH -u "your_web_user" "$@";
}

noroot wp post list # <- runs as your_web_user not root

This is one of many ways to run WP CLI as another user even when in a root shell. Using a shell session with a non-root user is still preferable though.

deneme bonusu veren sitelerbahis casinomakrobetceltabettipobet365pinbahispolobet