Knowledge Base Hub

Browse through our helpful how-to guides to get the fastest solutions to your technical issues.

Home  >  WordPress FAQ  >  Verifying WordPress Checksums Using WP-CLI
Top Scroll

Verifying WordPress Checksums Using WP-CLI

 2 min

In case you don’t update your site plugins along with WordPress core then there are chances that your site might get hacked or infected by malware. If malware infects your website, it is easy to find any of the non-standard WordPress core and plugin files by using the verify checksums commands in WP-CLI (the WordPress Command Line Interface).

Preparing to Run Commands

At first, login to your portal via SSH.

Getting Started

Security plugins are used for specific purposes, but plugins aren’t the appropriate tool for verifying WordPress core along with installed plugins on the checksums. For your information, WP-CLI comprises of checksum commands for both WordPress core and all plugins.

Checksums Commands

  • Run the below command, to verify that all WordPress core files checksum match:
    wp core verify-checksums
  • For verifying checksum against specific versions of WordPress, the version number can be added in the command. For example for verifying for version 5.2.1 of WordPress core, the command would be:
    wp core verify-checksums --version=5.2.1
  • For an older version of WordPress, for example version 4.9.10, the command would be:
    wp core verify-checksums --version=4.9.10
  • If you want to verify checksum of all plugins installed on your site server (this would only include plugins available from WordPress), then you would need to run the below command:
wp plugin verify-checksums --all
  • For verifying the checksums of a specific plugin (e.g., WooCommerce), you will need to know the plugin “slug” (or short name). You can find it by searching in the plugins links on the WordPress website.

The WooCommerce’s plugin slug is woocommerce, so to verify the checksums of the WooCommerce plugin, you need to use the below command:

wp plugin verify-checksum woocommerce


The files in WP-CLI that the core verify checksum or plugin verify checksum commands will display will be any of the non-standard PHP or other files that shouldn’t be present in WordPress folders. The files need to be deleted (it is always better to take backups prior to deleting data from your server) and then the same verify checksums commands can be run to check there aren’t any other files that shouldn’t exist on your site server.

By learning to verify the checksums of WordPress core files, plugins installed from, and those installed from with easy-to-use WP-CLI commands will help you stay tension free. This is because you will know that no non-standard files exist in those folder directories.

Also Read:

How to work with file checksums?
How To Improve The Security Of Your WordPress Website?<

For our Knowledge Base visitors only
Get 10% OFF on Hosting
Special Offer!
Claim the discount before it’s too late. Use the coupon code:
Note: Copy the coupon code and apply it on checkout.