Verifying WordPress Checksums Using WP-CLI
If you do not keep site plugins updated along with WordPress core updated, then you run into the chance of your site being hacked or infected by Malware. If your site does get infected by malware, a way to easily find any of the non-standard WordPress core and plugin files is by using the verify checksums commands in the WP-CLI (WordPress Command Line Interface).
Preparing to Run Commands
First, you will need to login to your portal via SSH. For directions on generating credentials for sFTP/SSH creds from your site manager, see Finding Your SFTP/SSH Credentials in Managed WordPress Portal. For help using SSH, see Logging into Your Server via Secure Shell (SSH).
Security plugins have definite uses, but when you need to verify WordPress core as well as all installed plugins on the WordPress.org checksums, plugins are just not the appropriate tool. WP-CLI already has checksum commands for both WordPress core and all plugins.
For WordPress Core Files
To verify that all WordPress core files checksum match, the WP-CLI command to run is:
wp core verify-checksums
For a Specific Version of WordPress Core Files
To verify checksum against specific versions of WordPress, you can include the version number in the command. To verify for version 6.1 of WordPress core, for example, the command would be:
wp core verify-checksums --version=6.1
If you were using an older version of WordPress, for example version 6.0.3, the command would be:
wp core verify-checksums --version=6.0.3
For All Plugins
To verify the checksum of all plugins which are installed on your site server (this would only include plugins available from WordPress), then the command to run would be:
wp plugin verify-checksums --all
For a Specific Plugin
To verify the checksums of a specific plugin (e.g., WooCommerce), you will need to know the plugin “slug” (or short name). You can find the slug by looking in the plugin links on the WordPress website.
The plugin slug for WooCommerce is woocommerce, so to verify the checksums of the WooCommerce plugin, the command would be:
wp plugin verify-checksum woocommerce
The files that the core verify checksum or the plugin verify checksum commands in WP-CLI will display will be any of the non-standard PHP or other files that should not exist in WordPress folders. The files should be deleted (it’s always a good idea to take backups before deleting data from your server). and then you can rerun the same verify checksums commands to check that there are no other files which should not exist on your site server.
Knowing how to verify the checksums of WordPress core files, all plugins installed from WordPress.org, and specific plugins installed from WordPress.org using simple-to-use WP-CLI commands will give you peace of mind in knowing that there are no non-standard files that exist in those folder directories.
Consider Managed Hosting with Nexcess
Managed hosting is a service where the hosting provider carries out all of the administration, setup, and maintenance and offers an excellent customer support service. If anything goes wrong with your WordPress managed hosting, the service provider will fix all the problems as quickly as possible, so your WordPress site is kept up and running correctly. With 24/7 support, you can rest assured knowing you’ll have the Nexcess team to help you with any step of the process.
Nexcess offers a wide variety of managed hosting packages and a constantly growing superb Nexcess Knowledge Base. Consider managed hosting with Nexcess!
Now that you’ve seen the advantages of a WordPress staging environment and how easy it is to set one up, you’ll most likely want your next hosting plan to include this awesome feature. Managed WordPress hosting with Nexcess makes setting up your staging environment easy.
Fully Managed Hosting Plans with Nexcess
Nexcess Managed Hosting offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:
- Managed WordPress Hosting with automatic plugin and platform updates.
- Managed WooCommerce Hosting with built-in image compression and the acclaimed StoreBuilder interface.
- Managed Magento Hosting with instant auto scaling, PCI compliance and premium security.
Plugin Performance Monitor — Test Your WordPress Plugins Automatically
Don’t let changes to your website slow you down. The Nexcess Plugin Performance Monitor watches your site hourly, so you don’t just see the problem - you know how to fix it.
Why Your Hosting Provider Matters
We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.
No one optimizes hosting for open-source applications better than Nexcess!
- GatsbyJS vs. NextJS for Your Headless WordPress Site | Nexcess
- WooCommerce & WordPress Staging Environment Setup | Nexcess
- How to Use XAMPP for Local WordPress Development | Nexcess