How does WP Fingerprint work?
When files on your website change, WP Fingerprint uses checksums to verify if these files are authentic. The WP Fingerprint plugin on your WordPress website runs through each of your plugins and creates a SHA-1 checksum for each file within any plugin folder it finds. It also compiles some other basic information about the plugins such as version number.
That information is then relayed back to the WP Fingerprint servers. The WP Fingerprint servers have a large database of plugins (and their versions) we’ve seen in the wild, along with the checksums for each file. We compare the two checksums and let you know what we find. If the checksums match you have the trusted plugin installed on your website. If the checksums do not match, you might have an exploited file on your website.
If we’ve not yet encountered the plugin (or specific version) you are using, WP Fingerprint spins up a special instance of WordPress on our servers; it then downloads the plugin you are using frown the WordPress repository, exactly as you would do on your own website. We can then validate and store the correct checksum.
WP Fingerprint can do all of this for any plugin listed in the WordPress.org repository.
What if my plugin isn’t in the WordPress repository
For plugins not in the WordPress repository we typically can’t validate against a known secure copy of the plugin; most premium plugins are behind paywalls for example. Instead we take a different approach and crowdsource checksum data across the WP Fingerprint network. Every time we see a non-repo plugin we record its checksum. Once we’ve seen enough instances of this plugin/version across the WP Fingerprint network, we can start to report with some confidence the correct checksum. In these cases, we’ll report back with how confident we are of the correct checksum.
How long does the process take
The whole process is automated. Simply install the plugin on your WordPress website, sit back and wait. Initial processing can take up to one hour. Likewise, after any change occurs to a plugin file on your site, you’ll be alerted to any issues within an hour.
Other security checks
In addition to the above, there are times where we know certain files and checksums are 100% malicious. If we detect any known malware and backdoors we warn instantly as well.