Add command to check themes integrity in WP-CLI

[emerson-oliveira]

Feature Request

• Yes, I reviewed the contribution guidelines.

Use Case and Problem Faced

I'm trying to ensure the integrity of the themes installed on my WordPress site. Currently, WP-CLI allows you to check the integrity of WordPress core files and plugins, but not themes. This is a problem because themes, like plugins, can be targets of attacks and compromise website security.

Proposed solution

I would like WP-CLI to include a command to check the integrity of themes, similar to the wp --allow-root plugin verify-checksums --all command. This command, which could be something like wp --allow-root theme verify-checksums --all, would verify the theme files against the checksums provided by the official WordPress theme repository.

This command would help identify any theme files that have been modified or corrupted and could be a valuable tool in maintaining website security.

Possible Disadvantages

A potential disadvantage of this functionality is that it may not be able to verify the integrity of custom themes or themes that have been significantly modified. Furthermore, like any security tool, it is not foolproof and should not be used as the only line of defense against security threats.

[danielbachhuber]

Thanks for the suggestion, @emerson-oliveira.

The theme checksums idea is already tracked here: wp-cli/ideas#149