Why does WordPress Toolkit require sudo to work?
For security reasons, WordPress Toolkit works under the "wp-toolkit" user. As a result, system files cannot be touched and changed by WordPress Toolkit, but to work with different clients and websites, it does need to use "sudo" for some operations like:
- Interacting with cPanel, cPanel WHM API calls to get a list of accounts, domains, and read different cPanel settings.
- To become a domain owner for various operations with WordPress sites, such as create/remove files, clone, and sync operations. It is needed by wp-cli calls to avoid any access issues.
- Create databases, users, and password protection directories.