WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] WordPress.org hacked? Downloads don't match size listed on the site... (12 posts)

  1. graphnical
    Member
    Posted 2 years ago #

    Just downloaded both the zip and tar versions @ http://wordpress.org/download/

    Zip is listed at 3mb but downloads as 3.79, tar is listed as 2.7mb but downloads as 3.43mb...

    Is the site wrong? Or is the download compromised? Is there a CRC listed anywhere?

    Would like to get confirmation before I install this anyhwhere.

  2. graphnical
    Member
    Posted 2 years ago #

    I was hoping this would be a bit more alarming and there would be a reply or two by now...

    Is there a different place I can report this?

  3. esmi
    Forum Moderator
    Posted 2 years ago #

    There's no hack. The download hasn't been compromised. The download size has simply been mis-calculated.

  4. graphnical
    Member
    Posted 2 years ago #

    Great... how were you able to confirm this?

    Is there a place that lists CRCs?

    Mis-calculated download sizes is a rather large oversight.

    Thanks... seriously, I am sitting here waiting to install a site because I want to make sure that nothing extra was added to the install file.

  5. esmi
    Forum Moderator
    Posted 2 years ago #

    Just hang tight. I've asked Those Who Know for further details. :-)

  6. graphnical
    Member
    Posted 2 years ago #

    Thank you ;)

  7. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Both MD5 and SHA1 hashes are available for all versions of WP on this page, if you're uncertain about authenticity:

    http://wordpress.org/download/release-archive/

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    As for those size listings, they're hardcoded into that page, not generated from the build. We simply haven't updated them in a while.

  9. Marventus
    Member
    Posted 2 years ago #

    Hi all,

    I am subscribed to the wp-forum email list so I received Esmi's message regarding this thread. However, I think I should clarify (as a Disclaimer) that I am not among the people Esmi referred to as "Those Who Know" and that this is just an user's opinion, :-)
    Could the difference in file sizes be related to file system differences between the servers in which the downloads are hosted and the OP's computer?

    Edit: Disregard my post: Otto's reply came while I was answering. Sorry for the confusion!

  10. graphnical
    Member
    Posted 2 years ago #

    Yea MD5... haha was working on something else and CRC was stuck in my head.

    Just wanted to confirm...

    Thanks everyone.

    ps. why not include md5 on the download page?

  11. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    ps. why not include md5 on the download page?

    This question has an inherent assumption that there is a reason they're not there. I would surmise that no such reason exists. ;)

    That page isn't exactly generated or anything. It's just a plain old static page, mostly. We'd probably need to write some more code to have it always have the proper links and such, and presumably nobody has bothered with it much.

    There's no reason it can't have those, since we do have them on the release-archive page, but hashes aren't exactly user friendly and there's not really any need to confuse people with them. And if you think that nobody would be confused by a link that is largely irrelevant to their particular purpose, you should see some of the emails I get...

    ps. Sizes on the download page are fixed.

  12. graphnical
    Member
    Posted 2 years ago #

    Heh... understood.

    Thanks Otto.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.