Integrity Checks
Integrity checks verify that WordPress core files match the official checksums. RunIntegrityChecks command dispatches IntegrityCheckJob per site; IntegrityCheckService::run() executes wp core verify-checksums and records the result. Modified files can be excluded via config (e.g. patched l10n.php).
Flow
flowchart LR
Cmd[RunIntegrityChecks] --> Job[IntegrityCheckJob]
Job --> Svc[IntegrityCheckService]
Svc --> WP[wp core verify-checksums]
WP --> Record[IntegrityCheckRun]
Svc --> Alert[AlertManager on failure]
Implementation
IntegrityCheckService::run(Site):
- Builds command:
wp core verify-checksums --format=json. Ifwphoster.integrity.exclude_filesis set (comma-separated), adds--exclude=.... - Runs process in
site.root_pathwith configured timeout. - Exit 0 → create
IntegrityCheckRunwithstatus=passed. - Exit non-zero → parse JSON output for failed files, create run with
status=failedandfailed_filesJSON, then raise alert viaAlertManager.
Key files
| Path | Purpose |
|---|---|
app/Services/Integrity/IntegrityCheckService.php | Run checks, parse output, record and alert |
app/Jobs/IntegrityCheckJob.php | Queue job |
app/Console/Commands/RunIntegrityChecks.php | Artisan command |
app/Models/IntegrityCheckRun.php | Model for run history |
Config
| Key | Purpose |
|---|---|
wphoster.integrity.exclude_files | Comma-separated paths to exclude (e.g. wp-includes/l10n.php) |
wphoster.integrity.alert_severity | Severity when checks fail (default warning) |
Scheduling
wphoster:run-integrity-checks runs daily at 06:00 (routes/console.php).