Code Monkey home page Code Monkey logo

Comments (3)

jasongill avatar jasongill commented on May 27, 2024

I believe that this is actually a feature, not a bug. wp core verify-checksums will verify the checksum of the WordPress-related files in the root directory, but does not check for the addition of new files in the root directory. This is because you could (and very likely do) have other non-WordPress related files in the root directory of your site, which cannot be verified.

So, having a robots.txt or an /images/ folder or some other unrelated PHP script in the root directory of the site is fine; we just want to be sure that none of the WordPress scripts in the root directory have been modified. But, having some files hidden in wp-includes is bad, as there should not be anything in that directory which isn't WordPress-related.

If we were to start alerting on unexpected files in the root directory, then it would just lead to tons of false positives which would not be ideal.

I think the tool, as it is now, does it's job of making sure that none of WordPress'es core files have been modified, and that nothing else is trying to be included in an area where most webmasters wouldn't look/wouldn't know if it was really created by WordPress or not.

from checksum-command.

timoshka-lab avatar timoshka-lab commented on May 27, 2024

Thanks for reply @jasongill.
I agree to your opinion. But at the same time, I think it would be nice to have two options like ‘—include-root’ and ‘—exclude’ to keep current usage safe for current users and provide functions to keep root to be safe too.

For the users who want to keep them root directory safly, they would able to use ‘ wp core verify-checksums —include-root —exclude=images’.

from checksum-command.

paulschreiber avatar paulschreiber commented on May 27, 2024

I agree 100% with @timoshka-lab. I have come across multiple instance of malware dumping files in the root directory.

from checksum-command.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.