The WP-CLI team has announced a new project in which they are going to bring Checksum verification to themes and plugins. As we know checksum, methods are helpful in verifying the integrity of files. WP-CLI provides a great assistance in ensuring the integrity of WordPress core files. It was happened to launch three years ago, and it uses MD5 Algorithm to perform checksums. It is an excellent feature that helps developers to look if any of the files have been compromised or not.
The checksums of WordPress core files are done with the support of WordPress official API https://api.wordpress.org/core/checksums/, and WP-CLI team wants to extend this feature to include plugins and themes as well.
WP-CLI co-maintainer Alain Schlesser said in the announcement that this kind of functionality in the websites powered by WordPress would be a huge security benefit. With this functionality, one can easily check file integrity of the whole site without doing much labor. However, there is no centralized system of retrieving the plugin and themes file checksum yet. And downloading themes and plugins from their official servers just to check against them would be a waste of time and resources.
Contributors are currently turning every stone for implementation in a discussion on GitHub which is inspired by an existing project wp-checksum project by Erik Torsner.
The team is thinking about building the API under a separate URL for iteration and testing and then integrating it into WordPress.org’s core once it’s ready. Nonetheless, the CPU required to sync the files and sheer size of SVN checkouts make it a fascinating challenge. DreamHost has volunteered and provided a server to the team to run the checksum tests while infrastructure is in-process of development.
WordPress Plugin and Theme Checksums Project are still in its initiation stage, and the team will have a kickoff on Tuesday, October 3, 2017, 9:30 PM GMT+5:30. Anyone who is interested in involving and volunteer is highly encouraged to attend especially those who have interest in ensuring the security of their WordPress websites.