Title: Integrity Checker
Author: Erik Torsner
Published: <strong>2017年1月2日</strong>
Last modified: 2026年6月8日

---

プラグインを検索

![](https://ps.w.org/integrity-checker/assets/banner-772x250.png?rev=1571575)

このプラグインは **WordPress の最新3回のメジャーリリースに対してテストされていま
せん**。もうメンテナンスやサポートがされていないかもしれず、最新バージョンの WordPress
で使用した場合は互換性の問題が発生する可能性があります。

![](https://ps.w.org/integrity-checker/assets/icon-256x256.png?rev=1571575)

# Integrity Checker

 作者: [Erik Torsner](https://profiles.wordpress.org/eriktorsner/)

[ダウンロード](https://downloads.wordpress.org/plugin/integrity-checker.0.11.0.zip)

 * [詳細](https://ja.wordpress.org/plugins/integrity-checker/#description)
 * [レビュー](https://ja.wordpress.org/plugins/integrity-checker/#reviews)
 *  [インストール](https://ja.wordpress.org/plugins/integrity-checker/#installation)
 * [開発](https://ja.wordpress.org/plugins/integrity-checker/#developers)

 [サポート](https://wordpress.org/support/plugin/integrity-checker/)

## 説明

Integrity-checker uses a mix of traditional and new techniques to scan your website
for potential issues. First and foremost, it verifies that all installed code is
identical to it’s original version. By comparing WordPress core, plugins and themes
in your installation with the original versions available at wordpress.org, Integrity-
checker can quickly determine if there are any changes you need to be aware of. 
Integrity-checker also lets you compare your local version to the original to help
you determine if you’ve been hacked.

Additionally, Integrity-checker scans all installed files for permission issues.
Ensuring correct permissions is vital for WordPress security, as with any PHP based
web application.

Lastly, Integrity-checker will look through some of the basic WordPress configuration
to look for common security problems like user enumeration, directory index weak
credentials etc.

#### Features

 * Helps you track down hacked WordPress files in core, plugins and themes
 * Makes it easy to find issues with file permissions
 * Detects common configuration problems

#### 3rd party software

[cron-expression](https://github.com/mtdowling/cron-expression) copyright Michael
Dowling, see [license](https://raw.githubusercontent.com/mtdowling/cron-expression/v1.1.0/LICENSE).
Cron-expression is slightly adopted to use the Integrity Checker namespace to avoid
potential conflicts.

[php-diff](https://github.com/chrisboulton/php-diff) copyright Chris Boulton under
the [BSD license](https://opensource.org/licenses/BSD-3-Clause). php-diff is slightly
adopted to use the Integrity Checker namespace to avoid potential conflicts.

[silexphp/Pimple](https://github.com/silexphp/Pimple/) copyright Fabien Potencier,
see [license](https://github.com/silexphp/Pimple/blob/v3.0.2/LICENSE). Pimple is
slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.

[DataTables](https://datatables.net) 1.10.13 copyright 2008-2016 SpryMedia Ltd. 
Licensed under the MIT license, see [datatables.net/license](https://datatables.net/license)

[jqCron.js](https://github.com/arnapou/jqcron) Licensed under the MIT license, see
[license](https://github.com/arnapou/jqcron/blob/master/LICENSE)

## スクリーンショット

[⌊Scan results showing issues found in WordPress core. Some issues are marked as"
SOFT" meaning that they're most likely a false positive. Other issues are marked"
HARD" and needs to be examined.⌉⌊Scan results showing issues found in WordPress 
core. Some issues are marked as "SOFT" meaning that they're most likely a false 
positive. Other issues are marked "HARD" and needs to be examined.⌉[

Scan results showing issues found in WordPress core. Some issues are marked as “
SOFT” meaning that they’re most likely a false positive. Other issues are marked“
HARD” and needs to be examined.

[⌊Showing the diff between the version from the WordPress repository and the version
currently found in your installation⌉⌊Showing the diff between the version from 
the WordPress repository and the version currently found in your installation⌉[

Showing the diff between the version from the WordPress repository and the version
currently found in your installation

[⌊Showing scan results for each plugin individually. Issues are marked as HARD of
SOFT. Diff can be shown for modified files.⌉⌊Showing scan results for each plugin
individually. Issues are marked as HARD of SOFT. Diff can be shown for modified 
files.⌉[

Showing scan results for each plugin individually. Issues are marked as HARD of 
SOFT. Diff can be shown for modified files.

[⌊Showing results from scanning WordPress settings.⌉⌊Showing results from scanning
WordPress settings.⌉[

Showing results from scanning WordPress settings.

## インストール

This section describes how to install the plugin and get it working.

e.g.

 1. Upload the plugin files to the `/wp-content/plugins/integrity-checker` directory,
    or install the plugin through the WordPress plugins screen directly.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress
 3. Use the Tools->Plugin Name screen to use the plugin

## FAQ

### Why should I use Integrity Checker instead of…

Integrity Checker have a few quite unique features: the ability to compare checksums
for individual themes and plugins and the ability to see the diff between two versions
of the same file. But there are lots of other great security tools around for WordPress
and you should try them out. Some tools put an emphasis on preventing security problems
while other tools, like Integrity Checker, deals more with trying to discover problems
after the fact.

One very fundamental idea in all security related work is the concept of defense
in depth. That means that you should not rely on any one single security technique.
Instead, you should embrace multiple forms of security, good password standards,
using https where it matters, keep WordPress updated at all times etc. As a consequence,
you will want/need more than one security tool to help you with that. We think Integrity
Checker is an excellent addition to your security toolbox, we hope you agree.

### Integrity Checker reports some issues, but how do I fix them

Integrity Checker is a checker tool. It scans and reports but it doesn’t have any
ambition to fix anything. Some tools try to do both, Integrity Checker doesn’t (
yet).

### What does a SOFT issue mean?

A soft issue is almost always a false positive, but something you’d want to have
a look at. The most common reason for a SOFT issue is that the readme.txt file in
a plugin is different. This is because a plugin developer might update the readme.
txt without bumping the plugin to a new version. For instance when a new version
of WordPress is released, a lot of plugin developers updates so that the “Tested
up to” information reflects the new WordPress version number. Another common reason
is that you (or someone else) may have added .htaccess files for added security,
when Integrity Checker finds an .htaccess file, it will issue a SOFT warning.

### I’d like to run Integrity Checker on a schedule

Integrity Checker has an older brother, the wp-cli sub command [wp-checksum](https://github.com/eriktorsner/wp-checksum).
Integrity Checker and wp-checksum uses the same backend database and shares a lot
of code. So currently we think that the best way to schedule checksum scanning is
via the wp-cli tool. Having said that, we’d like to hear your opinion how to go 
forward. One way would be to open up the API (see below) to Integrity Checker and
have you solve the scheduling in your own environment, another way could be to integrate
a scheduled into the plugin itself. Or both, let us know what would benefit you 
the most.

### Does Integrity Checker support wp-cli

No, but there [a separate tool](https://github.com/eriktorsner/wp-checksum) for 
that, see above.

### How about an API?

Integrity Checker actually implements a REST API (that’s why it requires WordPress
4.4) that your web browser uses to scan and report issues. The authentication method
is currently limited to cookies, meaning that the only practical way to use this
API is via the Integrity Checker page in WordPress admin. Right now, WordPress doesn’t
ship with oAuth authentication for REST clients and therefore Integrity Checker 
doesn’t even attempt to support oAuth. Secure access to the Integrity Checker API
is something we’re looking to add in the near future.

### How does Integrity Checker work

We have a database and an API over at https://api.wpessentials.io where we collect
data about most plugins and themes on the WordPress.org repo. As we get requests
for comparing checksums for plugins we haven’t previously seen, we add it to the
database. Integrity Checker relies on using the API for this database. We index 
as many plugins and themes from the .org repository as we can and we’ve asked a 
few commercial plugin vendors if they want to contribute to the database.

### How does access to the backend API work

Integrity Checker uses our backend api to retrieve checksums for themes and plugins.
As an anonymous user, you can query our API 25 times per hour. We think (but would
love your input) that this is sufficient for most small and medium sized WordPress
installations with 20-25 plugins and a theme. There are some caching going on in
the background, so repeated scans doesn’t always result in more queries to us. We
create an anonymous user in our database and assign an API key to that user, that
API key is sent back to your WordPress installation and stored in your database.
You can see your API key in the About section in Integrity Checker as well as your
current API usage.

If you are willing to share your email address with us, we increase that hourly 
quota up to 75 requests per hour.

The API key’s can be reused between sites, so once you have registered with us, 
you can use that key on more than one site.

If you need more than 75 requests per hour assigned to one API key, you can purchase
a premium subscription.

Integrity Checker is currently in version 0.9 and we’re actively trying to figure
this out. Any feedback on rate limits is most welcome.

### Why isn’t the backend API 100% free

Because we need to eat and pay bills. We’d like our database to be 100% free for
all and at the same time find a business model that allow us to devote 100% of our
time to it. With the business model we’re currently using, we can have most casual
users access our database free and at the same time have a model where larger users
can pay a monthly fee to access the database via the API.

The API keys can be shared between different WordPress installations and between
Integrity Checker and the wp-cli tool so if you’re hosting 10-20 WordPress installations
on a few different server, you’ll only need to get one premium subscription. If 
you’re a hosting provider looking to analyze all your clients installations, we 
suggest you contact us.

### Can I help?

Absolutely! Integrity Checker is open source and pull requests are welcome. We use
github for our ongoing development efforts. Have a look at https://github.com/eriktorsner/
integrity-checker

## 評価

![](https://secure.gravatar.com/avatar/83aeb477238b3aef04a04b4cc6d447f8ddc5ccdb9afacb835508037b9a08a7bd?
s=60&d=retro&r=g)

### 󠀁[Awesome!](https://wordpress.org/support/topic/awesome-5711/)󠁿

 [mattish.91](https://profiles.wordpress.org/mattish91/) 2018年5月24日

Since i installed this i finaly found my site secure, only modifications to the 
core were the ones i mage my self. it’s not showing any iframes but there clearly
is one, you can find my topic about it here: https://wordpress.org/support/topic/
found-miner-in-majority-of-wordpress-sites/#post-10317242 im still investigating
what this might be tho, since the main adress of that iframe is a monero miner page…
Any sugestions about this iframe would be greatly appreciated!

![](https://secure.gravatar.com/avatar/345025fc3fcb9b613af3175f40c2c7cd692225038d2472a95b1dd75e49ca785d?
s=60&d=retro&r=g)

### 󠀁[Found loads of malicious modifications on my site](https://wordpress.org/support/topic/found-loads-of-malicious-modifications-on-my-site/)󠁿

 [Larzans](https://profiles.wordpress.org/larzans/) 2017年7月24日

Of course this plugin is not THE magic cure for infected sites, but it helped me
to find many infected scripts on my site and i was able to fight back the hackers
in a more efficient way. Great tool, does exactly what it says in a convenient way,
showing you a diff view of the detected changes if you want, even realizing when
there are ‘only whitespace changes’. This saved me a lot of work!

![](https://secure.gravatar.com/avatar/e8617c9d725fa451e83fae0c1e2a53d111f088f859759b45736efe09e9784749?
s=60&d=retro&r=g)

### 󠀁[Promising!](https://wordpress.org/support/topic/not-usable-12/)󠁿

 [Stanislav Khromov](https://profiles.wordpress.org/khromov/) 2017年3月11日 1 reply

I’ve modified the review after discussion with the author This is a very useful 
tool! The free API limit might be a little low if you want to test the site recurrently
but it’s still a useful tool.

![](https://secure.gravatar.com/avatar/6e4bcdcb4749bb317b8260ca1bf9504a16088105d056a2b0d8c5cf0a145a688c?
s=60&d=retro&r=g)

### 󠀁[Perfect security solution](https://wordpress.org/support/topic/perfect-security-solution/)󠁿

 [Mike V. Gorbunov](https://profiles.wordpress.org/michael_zloi/) 2017年3月7日

Works as expected and finds integrity issues. Thank you!

![](https://secure.gravatar.com/avatar/3dd3ffebe7410fc7330a29fd61793657f1e36208bd6a225853bcc54889d9b3a1?
s=60&d=retro&r=g)

### 󠀁[Thank You!!](https://wordpress.org/support/topic/thank-you-1281/)󠁿

 [nitantsoni](https://profiles.wordpress.org/nitantsoni/) 2017年3月7日

Just saw this tool and created an account just to Thank you guys. Very useful tool
for finding malware. You guys need to be more famous!! PS: There needs to be an 
option to ignore blank line, whitespace and other non-important changes

![](https://secure.gravatar.com/avatar/2583158802b25a6188eca5fd604e36c12d5248e7520d0857baf3d86bf5a5ef14?
s=60&d=retro&r=g)

### 󠀁[Perfect! An absolute must use for every wp admin!](https://wordpress.org/support/topic/perfect-an-absolute-must-use-for-every-wp-admin/)󠁿

 [grantdb](https://profiles.wordpress.org/sixer/) 2017年1月17日

Simple, easy to use, fast scan and display of the most essential security base for
any WordPress install >> the correct file/folder permissions and checksums for core,
plugins, themes and miscellaneous files! Just awesome! Thank you!

 [ 6件のレビューをすべて表示 ](https://wordpress.org/support/plugin/integrity-checker/reviews/)

## 貢献者と開発者

Integrity Checker はオープンソースソフトウェアです。以下の人々がこのプラグインに
貢献しています。

貢献者

 *   [ Erik Torsner ](https://profiles.wordpress.org/eriktorsner/)

[“Integrity Checker” をあなたの言語に翻訳しましょう。](https://translate.wordpress.org/projects/wp-plugins/integrity-checker)

### 開発に興味がありますか ?

[コードを閲覧](https://plugins.trac.wordpress.org/browser/integrity-checker/)する
か、[SVN リポジトリ](https://plugins.svn.wordpress.org/integrity-checker/)をチェック
するか、[開発ログ](https://plugins.trac.wordpress.org/log/integrity-checker/)を 
[RSS](https://plugins.trac.wordpress.org/log/integrity-checker/?limit=100&mode=stop_on_copy&format=rss)
で購読してみてください。

## 変更履歴

#### 0.10.0

 * Feature: Improved file scanner, store results in custom table
 * Feature: Added detailed settings for file scanner
 * Feature: Scheduler (requires registration)
 * Feature: Support for alternative checksum data, reduces the risk for false positives
 * Feature: Reinstall compromised plugins via plugin screen
 * Fix: Missed-wp-version-meta in version leak test. reported by @sixer
 * Fix: REST calls would not work at all on sites without pretty permalinks
 * Fix: Previous versions would store too much result data in auto loading options

#### 0.9.3

 * First version on WordPress repo

#### 0.9.1

 * Ripped out CMB2, more/better docblocks

#### 0.9

 * Initial submit to WordPress repository

## メタ

 *  バージョン **0.11.0**
 *  最終更新日 **3週間前**
 *  有効インストール数 **200+**
 *  WordPress バージョン ** 4.4またはそれ以降 **
 *  検証済み最新バージョン: **6.7.5**
 *  言語
 * [English (US)](https://wordpress.org/plugins/integrity-checker/)
 * タグ
 * [checksum](https://ja.wordpress.org/plugins/tags/checksum/)[secure](https://ja.wordpress.org/plugins/tags/secure/)
   [security](https://ja.wordpress.org/plugins/tags/security/)[security plugin](https://ja.wordpress.org/plugins/tags/security-plugin/)
 *  [詳細を表示](https://ja.wordpress.org/plugins/integrity-checker/advanced/)

## 評価

 5つ星中4.8つ星

 *  [  5 5-星レビュー     ](https://wordpress.org/support/plugin/integrity-checker/reviews/?filter=5)
 *  [  1 4-星レビュー     ](https://wordpress.org/support/plugin/integrity-checker/reviews/?filter=4)
 *  [  0 3-星レビュー     ](https://wordpress.org/support/plugin/integrity-checker/reviews/?filter=3)
 *  [  0 2-星レビュー     ](https://wordpress.org/support/plugin/integrity-checker/reviews/?filter=2)
 *  [  0 1-星レビュー     ](https://wordpress.org/support/plugin/integrity-checker/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/integrity-checker/reviews/#new-post)

[すべてのレビューを見る](https://wordpress.org/support/plugin/integrity-checker/reviews/)

## 貢献者

 *   [ Erik Torsner ](https://profiles.wordpress.org/eriktorsner/)

## サポート

意見や質問がありますか ?

 [サポートフォーラムを表示](https://wordpress.org/support/plugin/integrity-checker/)