Product Update: Verify Checksums

Dusty Candland | Tue May 23 2023 | commandwp, wp-cli, wordpress, security

We've just released a new feature for CommandWP that verifies the checksums of your WordPress core and plugins files.

This can give you an early warning if any of your files have been modified, which could be a sign of a security breach. It also creates some false-positives, so some manual investigation is required.

We're working on some additional features to help you investigate and resolve issues.

How it works

Nightly, we run wp core verify-checksums and our own checksums code for plugins. We'll probably create our own code for core as well. This allows us a lot more control over what are errors vs warnings.

If any errors are found, we'll send you an email with the details.

Both error and warnings are logged in the console.

False Positives

Check out our guide to investigating false positives.

I wrote up some interesting findings running against my sites, WordPress verify checksums.