diff --git a/features/checksum-core.feature b/features/checksum-core.feature
index ce6d796c..1ca0d397 100644
--- a/features/checksum-core.feature
+++ b/features/checksum-core.feature
@@ -27,6 +27,30 @@ Feature: Validate checksums for WordPress install
     When I run `rm readme.html`
     Then STDERR should be empty
 
+    When I run `wp core verify-checksums`
+    Then STDOUT should be:
+      """
+      Success: WordPress installation verifies against checksums.
+      """
+
+  Scenario: Core checksums don't verify because wp-cli.yml is present
+    Given a WP install
+    And a wp-cli.yml file is present
+
+    When I try `wp core verify-checksums`
+    Then STDERR should be:
+      """
+      Warning: File should not exist: wp-includes/extra-file.txt
+      """
+    And STDOUT should be:
+      """
+      Success: WordPress installation verifies against checksums.
+      """
+    And the return code should be 0
+
+    When I run `rm wp-cli.yml`
+    Then STDERR should be empty
+
     When I try `wp core verify-checksums`
     Then STDERR should be:
       """
@@ -96,23 +120,67 @@ Feature: Validate checksums for WordPress install
       """
     And the return code should be 0
 
-    Scenario: Verify core checksums when extra files prefixed with 'wp-' are included in WordPress root
-      Given a WP install
-      And a wp-extra-file.php file:
-        """
-        hello world
-        """
-
-      When I try `wp core verify-checksums`
-      Then STDERR should be:
-        """
-        Warning: File should not exist: wp-extra-file.php
-        """
-      And STDOUT should be:
-        """
-        Success: WordPress installation verifies against checksums.
-        """
-      And the return code should be 0
+  Scenario: Verify core checksums when extra files prefixed with 'wp-' are included in WordPress root
+    Given a WP install
+    And a wp-extra-file.php file:
+      """
+      hello world
+      """
+
+    When I try `wp core verify-checksums`
+    Then STDERR should be:
+      """
+      Warning: File should not exist: wp-extra-file.php
+      """
+    And STDOUT should be:
+      """
+      Success: WordPress installation verifies against checksums.
+      """
+    And the return code should be 0
+
+  Scenario: Verify core checksums when extra files are included in WordPress root and --include-root is passed
+    Given a WP install
+    And a extra-file.php file:
+      """
+      hello world
+      """
+    And a unknown-folder/unknown-file.php file:
+      """
+      taco burrito
+      """
+    And a wp-content/unknown-file.php file:
+      """
+      foobar
+      """
+
+    When I try `wp core verify-checksums --include-root`
+    Then STDERR should be:
+      """
+      Warning: File should not exist: unknown-folder/unknown-file.php
+      Warning: File should not exist: extra-file.php
+      """
+    And STDERR should not contain:
+      """
+      Warning: File should not exist: wp-content/unknown-file.php
+      """
+    And STDOUT should be:
+      """
+      Success: WordPress installation verifies against checksums.
+      """
+    And the return code should be 0
+
+    When I run `wp core verify-checksums`
+    Then STDERR should not contain:
+      """
+      Warning: File should not exist: wp-content/unknown-file.php
+      Warning: File should not exist: unknown-folder/unknown-file.php
+      Warning: File should not exist: extra-file.php
+      """
+    And STDOUT should be:
+      """
+      Success: WordPress installation verifies against checksums.
+      """
+    And the return code should be 0
 
   Scenario: Verify core checksums with a plugin that has wp-admin
     Given a WP install
diff --git a/src/Checksum_Core_Command.php b/src/Checksum_Core_Command.php
index 570c1b0b..bbfc3c60 100644
--- a/src/Checksum_Core_Command.php
+++ b/src/Checksum_Core_Command.php
@@ -10,6 +10,13 @@
  */
 class Checksum_Core_Command extends Checksum_Base_Command {
 
+	/**
+	 * Whether or not to verify contents of the root directory.
+	 *
+	 * @var boolean
+	 */
+	private $include_root = false;
+
 	/**
 	 * Verifies WordPress files against WordPress.org's checksums.
 	 *
@@ -25,6 +32,9 @@ class Checksum_Core_Command extends Checksum_Base_Command {
 	 *
 	 * ## OPTIONS
 	 *
+	 * [--include-root]
+	 * : Verify all files and folders in the root directory, and warn if any non-WordPress items are found.
+	 *
 	 * [--version=<version>]
 	 * : Verify checksums against a specific version of WordPress.
 	 *
@@ -69,6 +79,10 @@ public function __invoke( $args, $assoc_args ) {
 			$locale = $assoc_args['locale'];
 		}
 
+		if ( ! empty( $assoc_args['include-root'] ) ) {
+			$this->include_root = true;
+		}
+
 		if ( empty( $wp_version ) ) {
 			$details    = self::get_wp_details();
 			$wp_version = $details['wp_version'];
@@ -135,7 +149,11 @@ public function __invoke( $args, $assoc_args ) {
 	 *
 	 * @return bool
 	 */
-	protected function filter_file( $filepath ) {
+	protected function filter_file( $filepath, $include_root = false ) {
+		if ( true === $this->include_root ) {
+			return ( 1 !== preg_match( '/^(wp-config\.php$|wp-content\/)/', $filepath ) );
+		}
+
 		return ( 0 === strpos( $filepath, 'wp-admin/' )
 			|| 0 === strpos( $filepath, 'wp-includes/' )
 			|| 1 === preg_match( '/^wp-(?!config\.php)([^\/]*)$/', $filepath )