Hello @teti86,
I just created a completely new web server, installed WordPress 4.9.10, and then installed the Sucuri WordPress plugin. The “WordPress Integrity” panel shows a green message saying “All Core WordPress Files Are Correct”.
Please double check that the files in your installation are legitimate. Even if they have a single extra character, the checksum will be different, this includes new lines, and white spaces. The content of the file must be exactly the same as the one provided by the archive with WordPress 4.9.10 to generate the same hashes.
Let me know if you need more information.
Thread Starter
teti86
(@teti86)
Hi @yorman, thanks for your reply.
I just do the same things, download wordpress from wordpress.org, installed it, installed the Sucuri plugin and it show me that all the file are changed.
I check the file with Diff Utility and it show that there are no difference.
I test it also in a local enviroment the same fresh install and it show no difference.
-
This reply was modified 7 years ago by
teti86.
Pick one of the files in the list, share the content using this website [1], then post the link here, and include the checksum of the file [2]. I’ll do the same in my website, and we can compare if the checksum and content are correct.
If they are the same, then the only explanation is that WordPress is advertising the wrong checksums in their web APIs. The plugin uses WordPress.org web API service to fetch the most recent version of the checksums, per version, and compares it with whatever your server’s MD5 function is returning. So either the checksums are wrong, the MD5 PHP function is wrong, or the files actually have different code.
[1] https://pastebin.com/
[2] md5 /path/to/the/file
Thread Starter
teti86
(@teti86)
This is the file content
https://pastebin.com/Z1cdG4P8
And this is the checksum for the file 8edbcbcc51de98432f95aee15a561263
I test the installation also in a local enviroment the same fresh install and the scan results is ok.
-
This reply was modified 7 years ago by teti86.
The checksum you provided is indeed correct, according to WordPress.org web API [1] there’s a file called “wp-load.php” which matches this hash. However, the code that you shared via Pastebin returns a different checksum:
$ curl -o test.php "https://pastebin.com/raw/Z1cdG4P8"
$ php -r 'var_dump(md5_file("test.php"));'
string(32) "19dbc38651ff8c56c62723009a09c42a"
If you have wp-cli [2] you may want to run this command [3].
What happens when you select “wp-load.php”, and execute the option “Restore File”? The plugin should download the original file from WordPress’ repository, and replace the one in your server with it. Test this file alone, and let’s see what happens.
[1] https://api.wordpress.org/core/checksums/1.0/?version=4.9.10&locale=en_US
[2] https://developer.wordpress.org/cli/commands/core/verify-checksums/
[3] wp core verify-checksums --version=4.9.10 --locale=en_US
Thread Starter
teti86
(@teti86)
I don’t have wp-cli installed. I restore the file and the checksum is always the same. This is the code
https://pastebin.com/fRiQUu9G
Thread Starter
teti86
(@teti86)
There is some news?
I have another question. This error keeps showing in the audit log with the IP of the server.
SplFileInfo::isFile(): open_basedir restriction in effect. File(\/var\/www\/vhosts\/mysite.com\/httpdocs\/..) is not within the allowed path(s): …..
