admin管理员组

文章数量:1122832

How can I verify the authenticity of a wordpress release after downloading it?

I tried to securely download wordpress today, but I didn’t find any information on the page about how I can verify that it’s authentic

  • /

My understanding is that wordpress started cryptographically signing their releases in 2019, but I haven’t found any documentation describing how users can verify the authenticity of wordpress releases after downloading it, and the above page doesn’t provide any such information.

How can I verify the authenticity of a wordpress release after downloading it and before installing it?

How can I verify the authenticity of a wordpress release after downloading it?

I tried to securely download wordpress today, but I didn’t find any information on the page about how I can verify that it’s authentic

  • https://wordpress.org/download/

My understanding is that wordpress started cryptographically signing their releases in 2019, but I haven’t found any documentation describing how users can verify the authenticity of wordpress releases after downloading it, and the above page doesn’t provide any such information.

How can I verify the authenticity of a wordpress release after downloading it and before installing it?

  • security
  • installation
Share Improve this question asked Feb 29, 2024 at 21:39 Michael AltfieldMichael Altfield 18015 bronze badges 2
  • See also wordpress.org/support/topic/… – Michael Altfield Commented Feb 29, 2024 at 21:43
  • Following the trail of your Trac experience, I found this: "To be blunt: We won't be implementing signing of releases, without that core support being present. The discussion of this can continue on the core ticket." on this ticket, which appears to be your answer. (Not, I realize, the answer you're looking for.) – Pat J Commented May 16, 2024 at 3:39
Add a comment  | 

1 Answer 1

Reset to default -1

If you downloaded the latest version then your download URL would have been: https://wordpress.org/wordpress-6.5.3.zip

You can find the md5 hash for this file by adding .md5 to the end of that URL, like this: https://wordpress.org/wordpress-6.5.3.zip.md5

The md5 hash for this file is: ad3b0a21dec368341d64906e86db49f7

So, theoretically, you should be able to get the md5 hash of the downloaded file via Linux command line or ssh using the command md5sum followed by the file name.

... or in PHP, with a line of code like this: md5_file('wordpress-6.5.3.zip');

本文标签: securityVerify Cryptographic Authenticity after Downloading Releases (Signatures)

版权声明:本文标题:security - Verify Cryptographic Authenticity after Downloading Releases (Signatures) 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736306976a1933153.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。