Added wordpress files md5sum whitelisting

2026-06-16 12:30:35 +00:00 · 2018-10-23 17:52:10 +10:00
parent f5d8e6a430
commit 3ce01f42ae
2 changed files with 54 additions and 20 deletions
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ Usage: php scan.php -d <directory>
    -t                   --time             Show time of last file change
    -L                   --line-number      Display matching pattern line number in file
    -o                   --output-format    Custom defined output format
+    -j                   --wordpress-version  Version of wordpress to get md5 signatures
 ```

 Ignore argument could be used multiple times and accept glob style matching ex.: "`cache*`", "`??-cache.php`" or "`/cache`" etc.
@@ -70,6 +71,15 @@ Whitelisting

 See [whitelist.txt](https://github.com/scr34m/php-malware-scanner/blob/master/whitelist.txt) file for a predefined MD5 hash list. Only the first 32 characters are used, rest of the line ignored so feel free to leave a comment.

+Wordpress md5 sum whitelisting
+-------------
+You can automatically add md5sum from wordpress core files by specifing version as argument to --wordpress-version or -j. 
+Example:
+```
+scan -d . -j 4.9.2
+```
+That will automatically get md5sums from wordpress api (https://api.wordpress.org/core/checksums/1.0/?version=x.x.x) and add it to whitelist. To check your version simply check wp-includes/version.php file of your wordpress
+
 Tools
 -----