We’ve been working on building a first usable implementation of the plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party checksum verification project. Now we need your help to test the current implementation.
The WordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ infrastructure now calculates MD5 and SHA-256 checksums for all plugin files and stores them in a publically accessible way. You can find a specification of the current endpoint to retrieve the checksums here.
wp checksum plugin command we’ve built goes through some or all of the plugins installed on a machine, downloads the checksums for each plugin, and then verifies the downloaded checksums against freshly generated ones.
We now need help testing this command to make sure we weed out all edge cases and that its output serves all expected scripting requirements.
Right now, the output on
STDOUT will provide you with a list of checksum mismatches or added/removed files.
STDERR will contain warnings about skipped plugins. The exit code will return
0 if all compared checksums were valid, and
1 otherwise. Any feedback on whether that is a good approach, or on alternative approaches for the output are welcome!
Let us know as well when a plugin’s checksums is not found that you would expect to be found in the official plugin repository. Note: Right now, only the checksums for the latest versions of every plugin have been calculated, older versions will be added later.
How To Test
The implemented command can be found in the
plugin-checksums branch of the
You can easily install the version to test through the following command:
wp package install wp-cli/checksum-command:dev-plugin-checksums
To get back to the stable bundled command later on, just type the following command:
wp package uninstall wp-cli/checksum-command
The easiest way to run the test is to enter the root folder of an existing WordPress site and run the following command:
wp checksum plugin --all
Note: the output will be most useful right now if all plugins are up-to-date (as older checksums have not been calculated yet), so you might want to run a
wp plugin update --all against local sites you test. Obviously, don’t do this without backups on production sites.
Please report any feedback or issues you find in the GitHub issue tracker of the checksum command.