Title: WordPress Integrity False Positive?
Last modified: May 7, 2019

---

# WordPress Integrity False Positive?

 *  [teti86](https://wordpress.org/support/users/teti86/)
 * (@teti86)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/)
 * Hi, i have a problem with the WordPress Integrity check. After a fresh install
   of wordpress the sucuri scanner show that all the core file where modified.
 * I enable the WordPress Integrity Diff Utility on the setting page and by clicking
   on the name of modified file it show that there are no difference…
 * The wordpress version is 4.9.10
 * How it’s possible?
    Thanks
    -  This topic was modified 7 years ago by [teti86](https://wordpress.org/support/users/teti86/).

Viewing 7 replies - 1 through 7 (of 7 total)

 *  [yorman](https://wordpress.org/support/users/yorman/)
 * (@yorman)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11506955)
 * Hello [@teti86](https://wordpress.org/support/users/teti86/),
 * I just created a completely new web server, installed WordPress 4.9.10, and then
   installed the Sucuri WordPress plugin. The “WordPress Integrity” panel shows 
   a green message saying “All Core WordPress Files Are Correct”.
 * Please double check that the files in your installation are legitimate. Even 
   if they have a single extra character, the checksum will be different, this includes
   new lines, and white spaces. The content of the file must be exactly the same
   as the one provided by the archive with WordPress 4.9.10 to generate the same
   hashes.
 * Let me know if you need more information.
 *  Thread Starter [teti86](https://wordpress.org/support/users/teti86/)
 * (@teti86)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11507717)
 * Hi [@yorman](https://wordpress.org/support/users/yorman/), thanks for your reply.
   
   I just do the same things, download wordpress from wordpress.org, installed it,
   installed the Sucuri plugin and it show me that all the file are changed.
 * I check the file with Diff Utility and it show that there are no difference.
 * I test it also in a local enviroment the same fresh install and it show no difference.
    -  This reply was modified 7 years ago by [teti86](https://wordpress.org/support/users/teti86/).
 *  [yorman](https://wordpress.org/support/users/yorman/)
 * (@yorman)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11507765)
 * Pick one of the files in the list, share the content using this website [1], 
   then post the link here, and include the checksum of the file [2]. I’ll do the
   same in my website, and we can compare if the checksum and content are correct.
 * If they are the same, then the only explanation is that WordPress is advertising
   the wrong checksums in their web APIs. The plugin uses WordPress.org web API 
   service to fetch the most recent version of the checksums, per version, and compares
   it with whatever your server’s MD5 function is returning. So either the checksums
   are wrong, the MD5 PHP function is wrong, or the files actually have different
   code.
 * [1] [https://pastebin.com/](https://pastebin.com/)
    [2] `md5 /path/to/the/file`
 *  Thread Starter [teti86](https://wordpress.org/support/users/teti86/)
 * (@teti86)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11507826)
 * This is the file content
 * [https://pastebin.com/Z1cdG4P8](https://pastebin.com/Z1cdG4P8)
 * And this is the checksum for the file 8edbcbcc51de98432f95aee15a561263
 * I test the installation also in a local enviroment the same fresh install and
   the scan results is ok.
    -  This reply was modified 7 years ago by [teti86](https://wordpress.org/support/users/teti86/).
 *  [yorman](https://wordpress.org/support/users/yorman/)
 * (@yorman)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11507901)
 * The checksum you provided is indeed correct, according to WordPress.org web API[
   1] there’s a file called “wp-load.php” which matches this hash. However, the 
   code that you shared via Pastebin returns a different checksum:
 *     ```
       $ curl -o test.php "https://pastebin.com/raw/Z1cdG4P8"
       $ php -r 'var_dump(md5_file("test.php"));'
       string(32) "19dbc38651ff8c56c62723009a09c42a"
       ```
   
 * If you have wp-cli [2] you may want to run this command [3].
 * What happens when you select “wp-load.php”, and execute the option “Restore File”?
   The plugin should download the original file from WordPress’ repository, and 
   replace the one in your server with it. Test this file alone, and let’s see what
   happens.
 * [1] [https://api.wordpress.org/core/checksums/1.0/?version=4.9.10&locale=en_US](https://api.wordpress.org/core/checksums/1.0/?version=4.9.10&locale=en_US)
   [
   2] [https://developer.wordpress.org/cli/commands/core/verify-checksums/](https://developer.wordpress.org/cli/commands/core/verify-checksums/)[
   3] `wp core verify-checksums --version=4.9.10 --locale=en_US`
 *  Thread Starter [teti86](https://wordpress.org/support/users/teti86/)
 * (@teti86)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11507978)
 * I don’t have wp-cli installed. I restore the file and the checksum is always 
   the same. This is the code
 * [https://pastebin.com/fRiQUu9G](https://pastebin.com/fRiQUu9G)
 *  Thread Starter [teti86](https://wordpress.org/support/users/teti86/)
 * (@teti86)
 * [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11509674)
 * There is some news?
 * I have another question. This error keeps showing in the audit log with the IP
   of the server.
 * SplFileInfo::isFile(): open_basedir restriction in effect. File(\/var\/www\/vhosts\/
   mysite.com\/httpdocs\/..) is not within the allowed path(s): …..

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘WordPress Integrity False Positive?’ is closed to new replies.

 * ![](https://ps.w.org/sucuri-scanner/assets/icon-256x256.png?rev=2875755)
 * [Sucuri Security - Auditing, Malware Scanner and Security Hardening](https://wordpress.org/plugins/sucuri-scanner/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/sucuri-scanner/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/sucuri-scanner/)
 * [Active Topics](https://wordpress.org/support/plugin/sucuri-scanner/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/sucuri-scanner/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/sucuri-scanner/reviews/)

 * 7 replies
 * 2 participants
 * Last reply from: [teti86](https://wordpress.org/support/users/teti86/)
 * Last activity: [7 years ago](https://wordpress.org/support/topic/wordpress-integrity-false-positive/#post-11509674)
 * Status: not resolved