Developers
run_php vs SSH: When to Use Each on WordPress
Traditional WordPress development often means SSH into the server, run WP-CLI, edit files with vim, or deploy via CI. AI Bridge adds a third path: run_php executes code in the live PHP runtime through MCP — from the IDE where you already work.
How run_php works
When an agent calls run_php, AI Bridge:
- Authenticates the request via Application Password
- Evaluates PHP in the WordPress bootstrap context
- Returns stdout, return values, or structured errors
- Uses sandbox isolation for newly written files when applicable
POST /wp-json/ai-bridge/v1/tools/run_php
{
"code": "return array(
'wp' => get_bloginfo('version'),
'theme' => wp_get_theme()->get('Name'),
'plugins' => count(get_option('active_plugins'))
);"
}When run_php wins
- Quick diagnostics — inspect options, active plugins, theme mods
- Bootstrap scripts — activate plugins, flush rewrite rules, run setup imports
- Agent deploys — chain write_file then run_php in one session
- Restricted hosts — SSH disabled but HTTPS REST allowed
- IDE-native workflow — no context switch to terminal
When SSH still wins
- Long-running processes or interactive debugging with Xdebug
- System package management (apt, nginx configs)
- Git operations on bare repos outside web root
- Reading server logs in /var/log
Comparison at a glance
| Capability | run_php (MCP) | SSH + WP-CLI |
|---|---|---|
| WordPress API access | ✓ Full | ✓ Full |
| Works from Cursor/Claude | ✓ Native | Terminal only |
| Requires SSH port | ✗ | ✓ |
| Sandbox for new files | ✓ | ✗ |
| System-level access | ✗ | ✓ |
Real-world example
An agency runs nightly agent sessions on staging: the agent calls get_site_info, checks for plugin updates, runs compatibility snippets via run_php, and writes a summary to a Slack webhook. Production SSH credentials never enter the agent context — only staging Application Passwords.
run_php is not a replacement for SSH. It is WordPress-native automation from the AI tools you already use.