We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.
Black Friday starts now. Get 75% off Nexcess premium managed hosting
Shop plans
Contact Us
Contact Us
Sign in
Sign in
Nexcess Logo

How to Verify WordPress Checksums Using WP-CLI

June 10, 2019


Verifying WordPress Checksums Using WP-CLI


If you do not keep site plugins updated along with WordPress core updated, then you run into the chance of your site being hacked or infected by Malware. If your site does get infected by malware, a way to easily find any of the non-standard WordPress core and plugin files is by using the verify checksums commands in the WP-CLI (WordPress Command Line Interface).


Preparing to Run Commands


First, you will need to login to your portal via SSH. For directions on generating credentials for sFTP/SSH creds from your site manager, see Finding Your SFTP/SSH Credentials in Managed WordPress Portal. For help using SSH, see Logging into Your Server via Secure Shell (SSH).

Getting Started


Security plugins have definite uses, but when you need to verify WordPress core as well as all installed plugins on the WordPress.org checksums, plugins are just not the appropriate tool. WP-CLI already has checksum commands for both WordPress core and all plugins.

Optimized WordPress Hosting


Checksum Commands


For WordPress Core Files


To verify that all WordPress core files checksum match, the WP-CLI command to run is:

wp core verify-checksums


For a Specific Version of WordPress Core Files


To verify checksum against specific versions of WordPress, you can include the version number in the command. To verify for version 6.1 of WordPress core, for example, the command would be:

wp core verify-checksums --version=6.1



If you were using an older version of WordPress, for example version 6.0.3, the command would be:

wp core verify-checksums --version=6.0.3


For All Plugins


To verify the checksum of all plugins which are installed on your site server (this would only include plugins available from WordPress), then the command to run would be:

wp plugin verify-checksums --all


For a Specific Plugin


To verify the checksums of a specific plugin (e.g., WooCommerce), you will need to know the plugin “slug” (or short name). You can find the slug by looking in the plugin links on the WordPress website.

The plugin slug for WooCommerce is woocommerce, so to verify the checksums of the WooCommerce plugin, the command would be:

wp plugin verify-checksum woocommerce


Summing Up


The files that the core verify checksum or the plugin verify checksum commands in WP-CLI will display will be any of the non-standard PHP or other files that should not exist in WordPress folders. The files should be deleted (it’s always a good idea to take backups before deleting data from your server). and then you can rerun the same verify checksums commands to check that there are no other files which should not exist on your site server.

Knowing how to verify the checksums of WordPress core files, all plugins installed from WordPress.org, and specific plugins installed from WordPress.org using simple-to-use WP-CLI commands will give you peace of mind in knowing that there are no non-standard files that exist in those folder directories.

Consider Managed Hosting with Nexcess


Managed hosting is a service where the hosting provider carries out all of the administration, setup, and maintenance and offers an excellent customer support service. If anything goes wrong with your WordPress managed hosting, the service provider will fix all the problems as quickly as possible, so your WordPress site is kept up and running correctly. With 24/7 support, you can rest assured knowing you’ll have the Nexcess team to help you with any step of the process.

Nexcess offers a wide variety of managed hosting packages and a constantly growing superb Nexcess Knowledge Base. Consider managed hosting with Nexcess!

Now that you’ve seen the advantages of a WordPress staging environment and how easy it is to set one up, you’ll most likely want your next hosting plan to include this awesome feature. Managed WordPress hosting with Nexcess makes setting up your staging environment easy.


Fully Managed Hosting Plans with Nexcess


Nexcess Managed Hosting
offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:

Plugin Performance Monitor — Test Your WordPress Plugins Automatically


Don’t let changes to your website slow you down. The Nexcess Plugin Performance Monitor watches your site hourly, so you don’t just see the problem - you know how to fix it.


Why Your Hosting Provider Matters


We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.

No one optimizes hosting for open-source applications better than Nexcess!



Recent Articles

Related Articles

Luke Cavanagh
Luke Cavanagh


Product Operations Manager at Nexcess. A devoted husband and tween wrangler. Synthwave enthusiast. Jerry Goldsmith fan. Doctor Who fan and related gubbins.