Report if files (core, theme, plugins) don't match checksums

Question

Report if files (core, theme, plugins) don't match checksums

Opened this issue 4 years ago · 3 comments

Feature request/bug description

Similar to WP-CLI's verify-checksums feature
https://developer.wordpress.org/cli/commands/core/verify-checksums/

It would be helpful if Health Check warned you when a checksum mismatch occurred. A bunch of sites I manage had wp-includes/general-template.php altered, and Site Health didn't warn of the problem.

Answer 1 · 2020-11-17T09:09:45.000Z

This is part of the Health Check plugin since #41 - but only for core WordPress files.

Themes and plugins are possible but they seem to be creating much more false positives:
#41 (comment)
Therefore the /wp-content folder is not checked at all, I think.

And this feature needs to be manually started. There is no schedule at the moment. If I remember correctly this was classified as plugin territory. Maybe this feature request could be revisited again.

Answer 2 · 2020-11-17T13:05:13.000Z

@Zodiac1978 from a security POV, this is very important. It'd be good to check core filess at least hourly.

Answer 3 · 2023-06-26T09:58:40.000Z

I do believe this falls a bit out of scope for the Health Check plugin (the intent of which is to be a troubleshooting tool, and not necessarily something that remains installed permanently, at least not now that the Site Health checks are part of WP core).

There are many security plugins that are aimed at this use case though, and I believe it is better to leave this behavior to them.