Skip to content

Verifies file integrity by comparing to published checksums.

License

Notifications You must be signed in to change notification settings

wp-cli/checksum-command

Repository files navigation

wp-cli/checksum-command

Verifies file integrity by comparing to published checksums.

Testing

Quick links: Using | Installing | Contributing | Support

Using

This package implements the following commands:

wp core verify-checksums

Verifies WordPress files against WordPress.org's checksums.

wp core verify-checksums [--include-root] [--version=<version>] [--locale=<locale>] [--insecure] [--exclude=<files>]

Downloads md5 checksums for the current version from WordPress.org, and compares those checksums against the currently installed files.

For security, avoids loading WordPress when verifying checksums.

If you experience issues verifying from this command, ensure you are passing the relevant --locale and --version arguments according to the values from the Dashboard->Updates menu in the admin area of the site.

OPTIONS

[--include-root]
	Verify all files and folders in the root directory, and warn if any non-WordPress items are found.

[--version=<version>]
	Verify checksums against a specific version of WordPress.

[--locale=<locale>]
	Verify checksums against a specific locale of WordPress.

[--insecure]
	Retry downloads without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack.

[--exclude=<files>]
	Exclude specific files from the checksum verification. Provide a comma-separated list of file paths.

EXAMPLES

# Verify checksums
$ wp core verify-checksums
Success: WordPress installation verifies against checksums.

# Verify checksums for given WordPress version
$ wp core verify-checksums --version=4.0
Success: WordPress installation verifies against checksums.

# Verify checksums for given locale
$ wp core verify-checksums --locale=en_US
Success: WordPress installation verifies against checksums.

# Verify checksums for given locale
$ wp core verify-checksums --locale=ja
Warning: File doesn't verify against checksum: wp-includes/version.php
Warning: File doesn't verify against checksum: readme.html
Warning: File doesn't verify against checksum: wp-config-sample.php
Error: WordPress installation doesn't verify against checksums.

# Verify checksums and exclude files
$ wp core verify-checksums --exclude="readme.html"
Success: WordPress installation verifies against checksums.

wp plugin verify-checksums

Verifies plugin files against WordPress.org's checksums.

wp plugin verify-checksums [<plugin>...] [--all] [--strict] [--version=<version>] [--format=<format>] [--insecure] [--exclude=<name>]

OPTIONS

[<plugin>...]
	One or more plugins to verify.

[--all]
	If set, all plugins will be verified.

[--strict]
	If set, even "soft changes" like readme.txt changes will trigger
	checksum errors.

[--version=<version>]
	Verify checksums against a specific plugin version.

[--format=<format>]
	Render output in a specific format.
	---
	default: table
	options:
	  - table
	  - json
	  - csv
	  - yaml
	  - count
	---

[--insecure]
	Retry downloads without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack.

[--exclude=<name>]
	Comma separated list of plugin names that should be excluded from verifying.

EXAMPLES

# Verify the checksums of all installed plugins
$ wp plugin verify-checksums --all
Success: Verified 8 of 8 plugins.

# Verify the checksums of a single plugin, Akismet in this case
$ wp plugin verify-checksums akismet
Success: Verified 1 of 1 plugins.

Installing

This package is included with WP-CLI itself, no additional installation necessary.

To install the latest version of this package over what's included in WP-CLI, run:

wp package install [email protected]:wp-cli/checksum-command.git

Contributing

We appreciate you taking the initiative to contribute to this project.

Contributing isn’t limited to just code. We encourage you to contribute in the way that best fits your abilities, by writing tutorials, giving a demo at your local meetup, helping other users with their support questions, or revising our documentation.

For a more thorough introduction, check out WP-CLI's guide to contributing. This package follows those policy and guidelines.

Reporting a bug

Think you’ve found a bug? We’d love for you to help us get it fixed.

Before you create a new issue, you should search existing issues to see if there’s an existing resolution to it, or if it’s already been fixed in a newer version.

Once you’ve done a bit of searching and discovered there isn’t an open or fixed issue for your bug, please create a new issue. Include as much detail as you can, and clear steps to reproduce if possible. For more guidance, review our bug report documentation.

Creating a pull request

Want to contribute a new feature? Please first open a new issue to discuss whether the feature is a good fit for the project.

Once you've decided to commit the time to seeing your pull request through, please follow our guidelines for creating a pull request to make sure it's a pleasant experience. See "Setting up" for details specific to working on this package locally.

Support

GitHub issues aren't for general support questions, but there are other venues you can try: https://wp-cli.org/#support

This README.md is generated dynamically from the project's codebase using wp scaffold package-readme (doc). To suggest changes, please submit a pull request against the corresponding part of the codebase.