Knowledge Base
MilesWeb / WordPress FAQ

Verifying WordPress Checksums Using WP-CLI

Approx. read time : 3 min

In case you don’t update your site plugins along with WordPress core then there are chances that your site might get hacked or infected by malware. If malware infects your website, it is easy to find any of the non-standard WordPress core and plugin files by using the verify checksums commands in WP-CLI (the WordPress Command Line Interface).

Preparing to Run Commands

At first, login to your portal via SSH.

Getting Started

Security plugins are used for specific purposes, but plugins aren’t the appropriate tool for verifying WordPress core along with installed plugins on the WordPress.org checksums. For your information, WP-CLI comprises of checksum commands for both WordPress core and all plugins.

Checksums Commands

  • Run the below command, to verify that all WordPress core files checksum match:
  • For verifying checksum against specific versions of WordPress, the version number can be added in the command. For example for verifying for version 5.2.1 of WordPress core, the command would be:
  • For an older version of WordPress, for example version 4.9.10, the command would be:
  • If you want to verify checksum of all plugins installed on your site server (this would only include plugins available from WordPress), then you would need to run the below command:

  • For verifying the checksums of a specific plugin (e.g., WooCommerce), you will need to know the plugin “slug” (or short name). You can find it by searching in the plugins links on the WordPress website.

The WooCommerce’s plugin slug is woocommerce, so to verify the checksums of the WooCommerce plugin, you need to use the below command:

Conclusion

The files in WP-CLI that the core verify checksum or plugin verify checksum commands will display will be any of the non-standard PHP or other files that shouldn’t be present in WordPress folders. The files need to be deleted (it is always better to take backups prior to deleting data from your server) and then the same verify checksums commands can be run to check there aren’t any other files that shouldn’t exist on your site server.

By learning to verify the checksums of WordPress core files, plugins installed from WordPress.org, and those installed from WordPress.org with easy-to-use WP-CLI commands will help you stay tension free. This is because you will know that no non-standard files exist in those folder directories.

Also Read:

How to work with file checksums?
How To Improve The Security Of Your WordPress Website?

Avatar
Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.
Need help? We’re always here for you.