When running the Exploit Scanner (versions 0.6 thru 0.93) the top "Blocker" always states the following:
The file containing the checksums of all the core WordPress files appears to be missing. Either you have upgraded WordPress and this plugin hasn't been updated with the new hashes or the file has been deleted/renamed. You will find that a lot more files have been returned in the Suspicious Strings section.
Considering that the scan is returning blockers and severities on the vast majority of WP core files on a newly installed, clean and secure test site I'd really like to know how to fix this. Unfortunately, I'm at a complete loss as how to do this and searching for a possible fix has yielded no results.
I checked the hash files in the "Exploit Scanner" directory via FTP and there's hash files for WordPress 2.7.1 thru 2.9 but not for 2.9.1. Is there a way to create a hash file for 2.9.1?