• Home
  • \
  • Posts

    • Product Update: Verify Checksums

    Dusty Candland | May 24, 2023 | post, commandwp, wp-cli, wordpress, security

    We’ve just released a new feature for CommandWP that verifies the checksums of your WordPress core and plugins files.

    This can give you an early warning if any of your files have been modified, which could be a sign of a security breach. It also creates some false-positives, so some manual investigation is required.

    We’re working on some additional features to help you investigate and resolve issues.

    How it works

    Nightly, we run wp core verify-checksums and our own checksums code for plugins. We’ll probably create our own code for core as well. This allows us a lot more control over what are errors vs warnings.

    If any errors are found, we’ll send you an email with the details.

    Both error and warnings are logged in the console.

    False Positives

    Check out our guide to investigating false positives.

    I wrote up some interesting findings running against my sites, WordPress verify checksums.