Had a client using Worldpay for their website that was getting "the MD5 signature could not be verified" - the MD5 signature had been checked in both Worldpay and on the client app. Upon investigation I found it was to do with Worldpay signatureFields rather than the MD5 signature.
So the set-up was this - the client used WordPress and Woocommerce to allow people to buy products AND they used Trekksoft.com software to allow clients to book activities. Both used the same Worldpay Installation ID and MD5 signature, which should logically be fine, BUT this is Worldpay! 🙂
It turns out Woocommerce Worldpay plugin and Trekksoft use different signatureFields and this was the problem.
Woocommerce uses - instId:amount:currency:cartId:name:email:address1:postcode
TREKKPAY uses - amount:currency:instId:cartId:email
The only way to solve this is to use a separate installation for Woocommerce and another one for Trekksoft. Guess that's what they are there for.