How To Use WP-CLI To Verify WordPress Checksums and Identify Malware
What is WP-CLI?
WP-CLI is the command-line interface (CLI) for WordPress. You can use wp-cli to update your installations, install and remove plugins, backup databases, and much more. It is especially useful when you’re managing multiple sites, or you don’t have access to the admin dashboard.
What are MD5 checksums and why should I care?
MD5 checksums are a type of cryptographic hash function that can be used to verify the integrity of files. WordPress installations can use MD5 checksums to ensure that the installation has not been compromised by malicious actors.
By comparing the MD5 checksum of the WordPress installation file to the checksum of the original file, users can ensure that the file has not been tampered with. If the checksums do not match, it could mean that the files are infected with malware, although this is not always the case.
How to use WP-CLI
Before you can use WP-CLI, you must SSH into the server where your WordPress is hosted. You will need to use the username associated with your installation. Never use the root account for WP-CLI operations. Once you’re connected, navigate to the root folder of your WordPress installation.
Verify checksums for WordPress core files
To check which version of WordPress your installation is running, use:
$ wp core version
To verify the checksums for the WordPress core files, use:
$ wp core verify-checksums
You can also verify the checksums against your specific version of WordPress, using:
$ wp core verify-checksums --version=6.4.3
Verify checksums for WordPress plugins
To verify the checksums of all your WordPress plugins, use:
$ plugin verify-checksums --all
To verify the checksum of a specific plugin, use:
$ wp plugin verify-checksums patchstack
How to reinstall your WordPress core files
If the checksums of the core files do not match, your files may have been tampered with. To replace the core files from the WordPress repository, use the following command (make sure to indicate the right version):
$ wp core download –version=6.4.3 –force
If your WordPress checksums don’t match
If the checksums don’t match, you could have malware on your server. You can try replacing the core files as shown above, but it may not always be enough. If you are concerned that your server is infected with malware, get in touch and I’ll help look into it.