Product Update: Verify Checksums
We've just released a new feature for CommandWP that verifies the checksums of your WordPress core and plugins files.
This can give you an early warning if any of your files have been modified, which could be a sign of a security breach. It also creates some false-positives, so some manual investigation is required.
We're working on some additional features to help you investigate and resolve issues.
How it works
Nightly, we run
wp core verify-checksums and our own checksums code for plugins. We'll probably create our own
code for core as well. This allows us a lot more control over what are errors vs warnings.
If any errors are found, we'll send you an email with the details.
Both error and warnings are logged in the console.
Check out our guide to investigating false positives.
I wrote up some interesting findings running against my sites, WordPress verify checksums.