Nexcess Logo

How to Verify WordPress Checksums Using WP-CLI

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
June 10, 2019


Verifying WordPress Checksums Using WP-CLI


If you do not keep site plugins updated along with WordPress core updated, then you run into the chance of your site being hacked or infected by Malware. If your site does get infected by malware, a way to easily find any of the non-standard WordPress core and plugin files is by using the verify checksums commands in the WP-CLI (WordPress Command Line Interface).


Preparing to Run Commands


First, you will need to login to your portal via SSH. For directions on generating credentials for sFTP/SSH creds from your site manager, see Finding Your SFTP/SSH Credentials in Managed WordPress Portal. For help using SSH, see Logging into Your Server via Secure Shell (SSH).

Getting Started


Security plugins have definite uses, but when you need to verify WordPress core as well as all installed plugins on the WordPress.org checksums, plugins are just not the appropriate tool. WP-CLI already has checksum commands for both WordPress core and all plugins.

Optimized WordPress Hosting


Checksum Commands


For WordPress Core Files


To verify that all WordPress core files checksum match, the WP-CLI command to run is:

wp core verify-checksums


For a Specific Version of WordPress Core Files


To verify checksum against specific versions of WordPress, you can include the version number in the command. To verify for version 6.1 of WordPress core, for example, the command would be:

wp core verify-checksums --version=6.1



If you were using an older version of WordPress, for example version 6.0.3, the command would be:

wp core verify-checksums --version=6.0.3


For All Plugins


To verify the checksum of all plugins which are installed on your site server (this would only include plugins available from WordPress), then the command to run would be:

wp plugin verify-checksums --all


For a Specific Plugin


To verify the checksums of a specific plugin (e.g., WooCommerce), you will need to know the plugin “slug” (or short name). You can find the slug by looking in the plugin links on the WordPress website.

The plugin slug for WooCommerce is woocommerce, so to verify the checksums of the WooCommerce plugin, the command would be:

wp plugin verify-checksum woocommerce


Summing Up


The files that the core verify checksum or the plugin verify checksum commands in WP-CLI will display will be any of the non-standard PHP or other files that should not exist in WordPress folders. The files should be deleted (it’s always a good idea to take backups before deleting data from your server). and then you can rerun the same verify checksums commands to check that there are no other files which should not exist on your site server.

Knowing how to verify the checksums of WordPress core files, all plugins installed from WordPress.org, and specific plugins installed from WordPress.org using simple-to-use WP-CLI commands will give you peace of mind in knowing that there are no non-standard files that exist in those folder directories.

Consider Managed Hosting with Nexcess


Managed hosting is a service where the hosting provider carries out all of the administration, setup, and maintenance and offers an excellent customer support service. If anything goes wrong with your WordPress managed hosting, the service provider will fix all the problems as quickly as possible, so your WordPress site is kept up and running correctly. With 24/7 support, you can rest assured knowing you’ll have the Nexcess team to help you with any step of the process.

Nexcess offers a wide variety of managed hosting packages and a constantly growing superb Nexcess Knowledge Base. Consider managed hosting with Nexcess!

Now that you’ve seen the advantages of a WordPress staging environment and how easy it is to set one up, you’ll most likely want your next hosting plan to include this awesome feature. Managed WordPress hosting with Nexcess makes setting up your staging environment easy.


Fully Managed Hosting Plans with Nexcess


Nexcess Managed Hosting
offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:

Plugin Performance Monitor — Test Your WordPress Plugins Automatically


Don’t let changes to your website slow you down. The Nexcess Plugin Performance Monitor watches your site hourly, so you don’t just see the problem - you know how to fix it.


Why Your Hosting Provider Matters


We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.

No one optimizes hosting for open-source applications better than Nexcess!



Recent Articles

Related Articles

Luke Cavanagh
Luke Cavanagh


Luke Cavanagh, Strategic Support & Accelerant at Liquid Web, brings a decade of experience working with WordPress and WooCommerce to our Product Team. His GitHub page offers a glimpse into his multiple areas of subject matter expertise. Luke elicits "ideation" for new website management and ecommerce software needs. Then, he collaborates with the Liquid Web team in the development of next generation product features and wins.


With proficiency, Luke infuses the product roadmap with a curated vision of the next enhancements while quickly evolving the functional requirements to align with innovations in the industry. He brings structure to ambiguous situations. His professional acumen and precise communication style have won him respect among stakeholders and engineers alike. "Ninja stuff with WordPress and WooCommerce," is an apropos way to describe Luke's savviness with these platforms — and his way of influencing our organization for improving to them.


Coming out of the University of Brighton with a Business and Technology Education Council (BTEC) Higher National Diploma (HND) in 2D & 3D Design, Luke's credentials prepared him well for his current role that blends both web development and design. His HND credential leveraged his foundational learning at West Kent College, where is received a National Diploma (ND) in Graphic Design.


Prolific are Luke's contributions to our knowledge libraries that are available within the Liquid Web Family of Brands:

- Nexcess blog for the WordPress category

- Nexcess blog for the WooCommerce category

- Nexcess knowledge library for the WordPress category

- Nexcess knowledge library for the WooCommerce category

- Liquid Web blog for the WordPress category

- Liquid Web blog for the WooCommerce category

- Liquid Web knowledge library for the WordPress category

- Liquid Web knowledge library for the WooCommerce category


In his personal life, Luke is a devoted husband and teen wrangler. He considers himself a Synthwave enthusiast, Jerry Goldsmith fan, and Doctor Who aficionado. He is happy to introduce his friends and teammates to essential vocabulary for life found only in British English, such as "gubbins" and similar terms.


We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.