WP-CLI Commands

Full reference for DPOKit WP-CLI commands — scan, retention, reports, DSAR management, and vendor library import.

7 min read

WP-CLI Commands

Version: 1.9.0

DPOKit registers WP-CLI commands under the dpo-kit namespace. All commands require WP-CLI to be installed and WordPress to be fully loaded.

All commands require an administrator user account to exist in the database. If no user is currently authenticated, the command will automatically use the first administrator account found.

Installation Check

Verify WP-CLI is available and DPOKit commands are registered:

wp dpo-kit --help

Commands

wp dpo-kit status

Display an overview of the DPOKit installation.

Usage:

wp dpo-kit status

Output includes:

  • Plugin and database schema versions
  • Vendor library count
  • Active data map entries
  • Total consent records
  • Open DSAR cases
  • Active retention policies
  • Last scan date and next scheduled run
  • Next scheduled retention enforcement

Example output:

+---------------------------+-------------------------------+
| Key                       | Value                         |
+---------------------------+-------------------------------+
| Plugin Version            | 1.9.0                         |
| DB Schema Version         | 1.9.0                         |
| Vendors (library)         | 52                            |
| Active Data Map Entries   | 14                            |
| Consent Records           | 3847                          |
| Open DSARs                | 2                             |
| Active Retention Policies | 6                             |
| Last Scan                 | 2026-03-11 02:03:45           |
| Next Scheduled Scan       | 2026-03-18 03:00:00 UTC       |
| Next Retention Run        | 2026-03-12 02:00:00 UTC       |
+---------------------------+-------------------------------+

wp dpo-kit scan

Run a full site scan for third-party resources.

The scan crawls all discoverable URLs (sitemap, sitemaps, linked pages), detects scripts, iframes, pixels, cookies, GTM containers, and form endpoints, then saves findings to the database.

Usage:

wp dpo-kit scan [--depth=<n>] [--format=<format>]

Options:

OptionDefaultDescription
--depth=<n>50 (from settings)Maximum number of pages to scan.
--format=<format>tableOutput format: table, json, csv, count.

Examples:

# Run a standard scan
wp dpo-kit scan
 
# Scan up to 200 pages
wp dpo-kit scan --depth=200
 
# Output results as JSON for piping
wp dpo-kit scan --format=json > /tmp/scan-results.json
 
# Count items found without full output
wp dpo-kit scan --depth=10 --format=count

What it does:

  1. Creates a scan record in the database with type cli.
  2. Fetches all scannable URLs up to the depth limit.
  3. Crawls each URL and saves findings (scripts, iframes, pixels, cookies, etc.).
  4. Marks the scan as complete and fires the dpo_kit_scan_complete action.
  5. Displays a vendor summary table (with --format=table).

wp dpo-kit retention

Run retention enforcement for all active policies (or a specific policy).

Usage:

wp dpo-kit retention [--dry-run] [--policy-id=<n>] [--format=<format>]

Options:

OptionDefaultDescription
--dry-runfalsePreview affected records without modifying data.
--policy-id=<n>all activeRun only the specified policy ID.
--format=<format>tableOutput format: table, json.

Examples:

# Preview all policies (no data modified)
wp dpo-kit retention --dry-run
 
# Run all active policies (modifies data)
wp dpo-kit retention
 
# Run a single policy
wp dpo-kit retention --policy-id=3
 
# Run a specific policy as dry-run in JSON format
wp dpo-kit retention --policy-id=3 --dry-run --format=json

Output:

+------------------+----------+-----------+----------+---------+
| Policy           | Category | Action    | Affected | Dry Run |
+------------------+----------+-----------+----------+---------+
| Old Comments     | comments | anonymise | 47       | No      |
| Expired Consents | consents | delete    | 102      | No      |
+------------------+----------+-----------+----------+---------+
Success: 2 policies affected 149 record(s).

Note: Each enforcement run is logged to the tamper-evident retention audit log, including dry runs. Legal hold overrides are respected automatically.

wp dpo-kit export-report <type>

Generate and export a compliance report to a file or stdout.

Usage:

wp dpo-kit export-report <type> [--output=<file>] [--date-from=<date>] [--date-to=<date>] [--site-name=<name>] [--contact-email=<email>]

Arguments:

ArgumentDescription
<type>Report type (see table below).

Available report types:

TypeFormatDescription
privacy_noticeHTMLAuto-generated privacy notice draft based on data map and legal bases.
ropaCSVRecord of Processing Activities (Article 30 GDPR).
consent_auditCSVConsent record volume and breakdown by category and date range.
dsar_activityCSVDSAR requests received, completed, and response times.
retention_reportCSVData deleted/anonymised per policy per period.

Options:

OptionDescription
--output=<file>File path to write the report. Omit to print to stdout.
--date-from=<YYYY-MM-DD>Start date for date-range reports.
--date-to=<YYYY-MM-DD>End date for date-range reports.
--site-name=<name>Site name for privacy notice and ROPA reports.
--contact-email=<email>Contact email for privacy notice and ROPA reports.

Examples:

# Export ROPA to CSV
wp dpo-kit export-report ropa --output=/tmp/ropa.csv
 
# Export consent audit for Q1 2026
wp dpo-kit export-report consent_audit \
    --date-from=2026-01-01 \
    --date-to=2026-03-31 \
    --output=/tmp/consent-q1-2026.csv
 
# Export DSAR activity report
wp dpo-kit export-report dsar_activity \
    --date-from=2025-01-01 \
    --date-to=2025-12-31 \
    --output=/tmp/dsar-2025.csv
 
# Export privacy notice with custom contact details
wp dpo-kit export-report privacy_notice \
    --site-name="Acme Ltd" \
    --contact-email=dpo@acme.com \
    --output=/tmp/privacy-notice.html
 
# Print retention report to stdout
wp dpo-kit export-report retention_report \
    --date-from=2026-01-01 \
    --date-to=2026-03-31

wp dpo-kit import-vendors <file>

Import vendor library entries from a JSON file.

The JSON file must be an array of vendor objects with the same structure as the built-in includes/data/vendors.json file. Use this command to bulk-import a custom vendor library or to update vendor entries programmatically.

Usage:

wp dpo-kit import-vendors <file> [--dry-run]

Arguments:

ArgumentDescription
<file>Absolute or relative path to the JSON file.

Options:

OptionDescription
--dry-runPreview what would be imported without writing to the database.

File format:

[
    {
        "name": "My Analytics",
        "slug": "my-analytics",
        "description": "First-party analytics platform",
        "website": "https://myanalytics.com",
        "privacy_policy_url": "https://myanalytics.com/privacy",
        "purpose": "Website traffic analysis",
        "data_categories": ["IP address", "Page views", "Browser type"],
        "default_retention": "13 months",
        "detection_patterns": ["cdn.myanalytics.com", "ma-track.js"]
    }
]

Examples:

# Preview import
wp dpo-kit import-vendors /path/to/vendors.json --dry-run
 
# Run import
wp dpo-kit import-vendors /path/to/vendors.json

Example output:

Found 3 vendor(s) in file.
  + [my-analytics] My Analytics
  ~ [google-analytics] Google Analytics  (already exists, will update)
  + [my-crm] My CRM Integration
Success: 2 created, 1 updated, 0 skipped.

wp dpo-kit dsar list

List DSAR cases from the database.

Usage:

wp dpo-kit dsar list [--status=<status>] [--limit=<n>] [--format=<format>]

Options:

OptionDefaultDescription
--status=<status>allFilter by status: received, verified, in_progress, completed, rejected.
--limit=<n>25Maximum number of cases to list.
--format=<format>tableOutput format: table, json, csv, count.

Examples:

# List all recent cases
wp dpo-kit dsar list
 
# List only open cases
wp dpo-kit dsar list --status=in_progress
 
# Export all completed cases as CSV
wp dpo-kit dsar list --status=completed --limit=100 --format=csv > /tmp/completed-dsars.csv
 
# Count open cases
wp dpo-kit dsar list --status=received --format=count

wp dpo-kit hooks

Display all action and filter hooks provided by DPOKit.

Usage:

wp dpo-kit hooks [--type=<type>] [--format=<format>]

Options:

OptionDefaultDescription
--type=<type>allFilter by type: action or filter.
--format=<format>tableOutput format: table, json.

Examples:

# Show all hooks
wp dpo-kit hooks
 
# Show only filters
wp dpo-kit hooks --type=filter
 
# Export hook reference as JSON
wp dpo-kit hooks --format=json > /tmp/pv-hooks.json

Scripting & Automation

Running scans in a CI/CD pipeline

#!/bin/bash
# Run weekly scan and check for new vendors
wp dpo-kit scan --depth=100 --format=json | jq '.summary'

Automated retention enforcement via server cron

While DPOKit uses WP-Cron, you can replace it with a real server cron:

  1. Disable WP-Cron in wp-config.php:
define( 'DISABLE_WP_CRON', true );
  1. Add a server cron job:
# Run retention enforcement daily at 2am
0 2 * * * cd /var/www/html && wp dpo-kit retention --quiet

Exporting scheduled reports

#!/bin/bash
YEAR=$(date +%Y)
MONTH=$(date +%m)
DATE_FROM="${YEAR}-${MONTH}-01"
DATE_TO=$(date -d "$(date +%Y-%m-01) +1 month -1 day" +%Y-%m-%d)
 
wp dpo-kit export-report consent_audit \
    --date-from="$DATE_FROM" \
    --date-to="$DATE_TO" \
    --output="/reports/consent-${YEAR}-${MONTH}.csv"
 
wp dpo-kit export-report dsar_activity \
    --date-from="$DATE_FROM" \
    --date-to="$DATE_TO" \
    --output="/reports/dsar-${YEAR}-${MONTH}.csv"