robmiller/wp-audit

## wp-audit
#!/usr/bin/env ruby
# Usage: wp-audit [options]
#     -a, --all-plugins                Show all plugins, not just outdated ones
#     -c, --[no-]color                 Highlight outdated versions in colour
#     -f, --format [format]            Specify output format. Accepted values: html, term (Terminal output and colours), md (Markdown, no colours). term is default.
#
# Requires: Ruby >= 2.0; a Unix-like operating system (one that ships
# with `find`, `less`, and `diff`)
#
# Installation:
# 1. Download script
# 2. $ ruby path/to/wp-audit


at_exit do
  options = {
    format: "term",
    color: true
  }

  OptionParser.new do |opts|
    opts.banner = "Usage: wp-audit [options]"

    opts.on("-a", "--all-plugins", "Show all plugins, not just outdated ones") do |v|
      options[:all_plugins] = v
    end

    opts.on("-c", "--[no-]color", "Highlight outdated versions in colour") do |c|
      options[:color] = c
    end

    opts.on("-f", "--format [format]", "Specify output format. Accepted values: html, term (Terminal output and colours), md (Markdown, no colours). term is default.") do |f|
      if %w(html md term).include? f
        options[:format] = f
      end
    end
  end.parse!

  page_output do
    WPAudit.new(Dir.pwd, options).run
  end
end


require "pathname"
require "open-uri"
require "json"
require "yaml/store"
require "optparse"
require "erb"
require "digest"

# Outputs an audit of all WordPress installs under a given directory,
# including:
#
# * What version of WordPress is installed
# * All the plugins that are present (even if they're not activated)
# * The version of each plugin
# * Whether the plugin is out of date — provided the plugin can be found
#   on the WordPress.org plugins repository.
class WPAudit
  def initialize(dir = Dir.pwd, options = {})
    @dir     = Pathname(dir)
    @options = options
  end

  def run
    scanner = Scanner.new(dir)

    output "start-scan", scanner: scanner

    scanner.scan

    output "end-scan", scanner: scanner

    scanner.sites.each do |site|
      output "site-summary", site: site
      output "wp-version", site: site

      site.plugins.group_by(&:outdated?).each do |outdated, plugins|
        next if !outdated && !options[:all_plugins]

        output "plugin-summary", outdated: outdated, plugins: plugins
      end

      output "hashes", invalid_hashes: site.hashes.invalid

      output "divider"
    end
  end

  private

  attr_reader :dir, :options

  def output(template_name, locals = {})
    format = options[:format]
    renderer = template(template_name, format)

    b = binding
    locals.each do |local, value|
      b.local_variable_set(local, value)
    end
    puts renderer.result(b)
  end

  def template(name, format)
    templates.fetch(name).fetch(format)
  end

  def templates
    @templates ||=
      begin
        templates = {}
        template, format = nil, nil
        DATA.each_line do |line|
          case line
          when /^@@ (.+)/
            template = $1
          when /^@@@ (.+)/
            format = $1
          else
            templates[template] ||= {}
            templates[template][format] ||= ""
            templates[template][format] << line
          end
        end

        templates.each do |template, formats|
          formats.each do |format, erb|
            templates[template][format] = ERB.new(erb, nil, ">")
          end
        end

        templates
      end
  end
end


# Scans recursively for WordPress installs below the given directory.
class Scanner
  attr_reader :sites

  def initialize(dir)
    @dir = dir
  end

  def scan
    @sites ||= begin
      dirs
        .reject { |f|
          (
            %w(wp wp-config.php wp-config-live.php) &
              f.children.map { |p| p.basename.to_s }
          ).empty?
        }
        .map { |d| Site.new(d.basename, d) }
        .select { |s| s.is_wp? }
    end
  end

  private

  def dirs
    `find #{@dir} -type d`
      .each_line
      .map { |l| Pathname(l.strip) }
  end
end


# A WordPress install on disk.
class Site
  attr_reader :name, :path

  def initialize(name, path)
    @name = name
    @path = Pathname(path)
  end

  def is_wp?
    !!wp_version_file
  end

  def wp_version
    return false unless is_wp?

    File.readlines(wp_version_file)
      .grep(/^\$wp_version/)
      .first
      .match(/'([^']+)'/)[1]
  end

  def latest_wp_version
    WPVersionLookup.latest_version
  end

  def wp_outdated?
    Gem::Version.new(wp_version) < Gem::Version.new(latest_wp_version) rescue false
  end

  def plugins
    return [] unless has_plugins?

    plugins_dir.children
      .reject { |p| p == plugins_dir + "index.php" }
      .map { |p| Plugin.new(p.basename, p) }
  end

  def hashes
    SiteHashes.new(wp_dir, wp_version)
  end

  private

  def content_dir
    [
      path + "wp-content",
      path + "wp" + "wp-content",
      path + "wordpress" + "wp-content",
    ].find(&:exist?)
  end

  def plugins_dir
    content_dir + "plugins"
  end

  def has_plugins?
    plugins_dir.exist?
  end

  def wp_dir
    [
      path + "wp-load.php",
      path + "wp" + "wp-load.php",
      path + "wordpress" + "wp-load.php",
    ].find(&:exist?).dirname
  end

  def wp_version_file
    [
      path + "wp-includes" + "version.php",
      path + "wp" + "wp-includes" + "version.php",
      path + "wordpress" + "wp-includes" + "version.php"
    ].find(&:exist?)
  end
end


# A particular WordPress plugin on a particular site.
class Plugin
  attr_reader :name, :path

  def initialize(name, path)
    @name = name
    @path = Pathname(path)
  end

  def version
    find_plugin_file

    header && header.match(/Version:\s*(.+)$/) { |m| m[1].strip } or "Unknown"
  end

  def latest_version
    PluginLookup.new(name).version || "Unknown"
  end

  def outdated?
    false unless latest_version
    Gem::Version.new(version) < Gem::Version.new(latest_version) rescue false
  end

  private

  attr_reader :plugin_file, :header

  def find_plugin_file
    @plugin_file ||= begin
      if path.file?
        File.open(path, "r") { |f| @header = f.read(1024) }
        return path
      end

      path.children.find do |file|
        next if file.directory?
        next unless file.extname == ".php"

        File.open(file, "r") do |f|
          @header = f.read(1024)
          @header && @header.include?("Plugin Name:")
        end
      end
    end
  end
end


# Performs a lookup of the latest WordPress version using the
# WordPress.org API.
class WPVersionLookup
  def self.latest_version
    @latest_version ||= begin
      data = open(api_url) do |u|
        json = u.read
        JSON.parse(json) rescue {}
      end

      data["offers"].find { |o| o["response"] == "upgrade" }.fetch("version", "")
    end
  end

  private

  def self.api_url
    "https://api.wordpress.org/core/version-check/1.7/"
  end
end


# Looks up data for a given plugin on the WordPress.org plugin API,
# caching it to disk so that future lookups are faster.
class PluginLookup
  attr_reader :slug

  def initialize(slug)
    @slug = slug.to_s
  end

  def version
    cached = PluginCache[slug]
    return cached["version"] if cached

    version = data["version"]
    PluginCache[slug] = { "version" => data["version"] }

    version
  end

  private

  def api_url
    "https://api.wordpress.org/plugins/info/1.0/#{slug}.json"
  end

  def json
    @json ||= begin
      open(api_url) do |u|
        u.read
      end
    end
  end

  def data
    return {} if json == "null"
    JSON.parse(json)
  rescue
    {}
  end
end


# Looks up data for the latest version of GravityForms
class GravityFormsLookup

end


# Caches plugin data on disk and performs lookups from that cache.
class PluginCache
  def self.[](slug)
    initialize
    @store.transaction { @store[slug] }
  end

  def self.[]=(slug, data)
    initialize
    @store.transaction { @store[slug] = data }
  end

  def self.initialize
    @store ||= begin
      YAML::Store.new(Pathname(Dir.home) + "wp-audit-cache.yml")
    end
  end
end

def page_output(&block)
  return block.call unless $stdout.tty?

  old_stdout = $stdout
  $stdout = open("|less -RFX", "w")

  r = block.call

  $stdout.close
  $stdout = old_stdout

  r
end


# For a given WordPress install, compares hashes of the files on the
# filesystem with known-good hashes, to check for compromised files.
class SiteHashes
  def initialize(path, version)
    @path    = path
    @version = version
  end

  def invalid
    hash_files unless hashed?

    @invalid
  end

  private

  def valid_hashes
    ValidHashes.hashes(version)
  end

  def hashed?
    @hashed
  end

  def hash_files
    @actual_hashes = {}
    @invalid = []

    valid_hashes.each do |file, hash|
      full_path = path + file
      next unless File.exist?(full_path)

      actual_hash = Digest::MD5.file(full_path).to_s
      @actual_hashes[file] = actual_hash

      if hash != actual_hash
        diff = Diff.diff(full_path, ValidContent.content(version, file))
        unless diff.empty?
          @invalid << { file: file, expected: hash, actual: actual_hash, diff: diff }
        end
      end
    end

    @hashed = true

    @actual_hashes
  end

  attr_reader :path, :version
end


# For a given WordPress version, returns known-good hashes for the
# files for that install.
class ValidHashes
  def self.hashes(version)
    @hashes ||= {}

    unless @hashes[version]
      open(url(version)) do |u|
        data = JSON.parse(u.read)
        @hashes[version] = data["checksums"] || {}
      end
    end

    @hashes[version]
  rescue
    {}
  end

  def self.url(version)
    "https://api.wordpress.org/core/checksums/1.0/?version=#{version}&locale=en_US"
  end
end


# Given a WordPress version and a file path, returns the genuine
# content for that file in that version.
class ValidContent
  def self.content(version, file)
    url = "https://raw.githubusercontent.com/WordPress/WordPress/#{version}/#{file}"
    open(url) { |u| u.read }
  rescue OpenURI::HTTPError
    ""
  end
end


class Diff
  def self.diff(file, string)
    open("|diff -uwB #{file} -", "r+") do |diff|
      diff.write(string)

      diff.close_write

      diff.read
    end
  end
end

__END__
@@ start-scan
@@@ term
Scanning for WordPress installs in <%= dir %>...
@@@ html
<p>Scanning for WordPress installs in <%= dir %>...</p>
@@@ md
### Scanning for WordPress installs in <%= dir %>...
@@ end-scan
@@@ term
<%= scanner.sites.length %> sites found.


@@@ html
<p><%= scanner.sites.length %> sites found.</p>
<ul>
@@@ md
<%= scanner.sites.length %> sites found.


@@ site-summary
@@@ term
<%= site.name %> - <%= site.path %>
@@@ html
<h2><%= site.name %> - <%= site.path %></h2>
@@@ md
<%= site.name %> - <%= site.path %>
@@ wp-version
@@@ term
Running WordPress v<%= site.wp_version %> <%= "\e[31m" if site.wp_outdated? %>(Latest version: <%= site.latest_wp_version %><%= "\e[0m" %>
@@@ html
<p>Running WordPress v<%= site.wp_version %> <span<%= " style='color: red'" if site.wp_outdated? %>>(Latest version: <%= site.latest_wp_version %></span></p>
@@@ md
Running WordPress v<%= site.wp_version %> <%= "*" if site.wp_outdated? %>(Latest version: <%= site.latest_wp_version %><%= "*" if site.wp_outdated? %>
@@ plugin-summary
@@@ term
<%= outdated ? "Outdated plugins" : "Up-to-date plugins" %> (<%= plugins.length %>)
<% plugins.each do |plugin| %>
* <%= plugin.name %> v<%= plugin.version %> <%= "\e[31m" if plugin.outdated? %>(Latest version: <%= plugin.latest_version %>)<%= "\e[0m" %>

<% end %>


@@@ html
<p><%= outdated ? "Outdated plugins" : "Up-to-date plugins" %> (<%= plugins.length %>)</p>
<ul>
<% plugins.each do |plugin| %>
<li><%= plugin.name %> v<%= plugin.version %> <span<%= " style='color:red'" if plugin.outdated? %>>(Latest version: <%= plugin.latest_version %>)</span></li>

<% end %>


@@@ md
<%= outdated ? "Outdated plugins" : "Up-to-date plugins" %> (<%= plugins.length %>)
<% plugins.each do |plugin| %>
* <%= plugin.name %> v<%= plugin.version %> <%= "*" if plugin.outdated? %>(Latest version: <%= plugin.latest_version %>)<%= "*" if plugin.outdated? %>

<% end %>


@@ divider
@@@ term

---


@@@ html
<hr>
@@@ md

___


@@ hashes
@@@ term
<%= "Possibly hacked files:" if invalid_hashes.length > 0 %>

<% invalid_hashes.each do |hash| %>
File <%= hash[:file] %> had hash <%= hash[:actual] %>, expected <%= hash[:expected] %>

<% if hash[:diff].empty? %>
Files differ only by whitespace.
<% else %>
Diff:
<%= hash[:diff] %>
<% end %>

<% end %>
@@@ html
<%= "<p>Possibly hacked files:</p>" if invalid_hashes.length > 0 %>

<ul>
<% invalid_hashes.each do |hash| %>
<li>
  <p>File <%= hash[:file] %> had hash <%= hash[:actual] %>, expected <%= hash[:expected] %></p>

  <% if hash[:diff].empty? %>
  <p>Files differ only by whitespace.</p>
  <% else %>
  <p>Diff:</p>
  <pre>
  <%= hash[:diff] %>
  </pre>
  <% end %>
</li>
<% end %>
</ul>
@@@ md
<%= "Possibly hacked files:" if invalid_hashes.length > 0 %>

<% invalid_hashes.each do |hash| %>
* File <%= hash[:file] %> had hash <%= hash[:actual] %>, expected <%= hash[:expected] %>

<% if hash[:diff].empty? %>
Files differ only by whitespace.
<% else %>
Diff:
<%= hash[:diff] %>
<% end %>

<% end %>
	#!/usr/bin/env ruby
	# Usage: wp-audit [options]
	# -a, --all-plugins Show all plugins, not just outdated ones
	# -c, --[no-]color Highlight outdated versions in colour
	# -f, --format [format] Specify output format. Accepted values: html, term (Terminal output and colours), md (Markdown, no colours). term is default.
	#
	# Requires: Ruby >= 2.0; a Unix-like operating system (one that ships
	# with `find`, `less`, and `diff`)
	#
	# Installation:
	# 1. Download script
	# 2. $ ruby path/to/wp-audit


	at_exit do
	options = {
	format: "term",
	color: true
	}

	OptionParser.new do \|opts\|
	opts.banner = "Usage: wp-audit [options]"

	opts.on("-a", "--all-plugins", "Show all plugins, not just outdated ones") do \|v\|
	options[:all_plugins] = v
	end

	opts.on("-c", "--[no-]color", "Highlight outdated versions in colour") do \|c\|
	options[:color] = c
	end

	opts.on("-f", "--format [format]", "Specify output format. Accepted values: html, term (Terminal output and colours), md (Markdown, no colours). term is default.") do \|f\|
	if %w(html md term).include? f
	options[:format] = f
	end
	end
	end.parse!

	page_output do
	WPAudit.new(Dir.pwd, options).run
	end
	end


	require "pathname"
	require "open-uri"
	require "json"
	require "yaml/store"
	require "optparse"
	require "erb"
	require "digest"

	# Outputs an audit of all WordPress installs under a given directory,
	# including:
	#
	# * What version of WordPress is installed
	# * All the plugins that are present (even if they're not activated)
	# * The version of each plugin
	# * Whether the plugin is out of date — provided the plugin can be found
	# on the WordPress.org plugins repository.
	class WPAudit
	def initialize(dir = Dir.pwd, options = {})
	@dir = Pathname(dir)
	@options = options
	end

	def run
	scanner = Scanner.new(dir)

	output "start-scan", scanner: scanner

	scanner.scan

	output "end-scan", scanner: scanner

	scanner.sites.each do \|site\|
	output "site-summary", site: site
	output "wp-version", site: site

	site.plugins.group_by(&:outdated?).each do \|outdated, plugins\|
	next if !outdated && !options[:all_plugins]

	output "plugin-summary", outdated: outdated, plugins: plugins
	end

	output "hashes", invalid_hashes: site.hashes.invalid

	output "divider"
	end
	end

	private

	attr_reader :dir, :options

	def output(template_name, locals = {})
	format = options[:format]
	renderer = template(template_name, format)

	b = binding
	locals.each do \|local, value\|
	b.local_variable_set(local, value)
	end
	puts renderer.result(b)
	end

	def template(name, format)
	templates.fetch(name).fetch(format)
	end

	def templates
	@templates \|\|=
	begin
	templates = {}
	template, format = nil, nil
	DATA.each_line do \|line\|
	case line
	when /^@@ (.+)/
	template = $1
	when /^@@@ (.+)/
	format = $1
	else
	templates[template] \|\|= {}
	templates[template][format] \|\|= ""
	templates[template][format] << line
	end
	end

	templates.each do \|template, formats\|
	formats.each do \|format, erb\|
	templates[template][format] = ERB.new(erb, nil, ">")
	end
	end

	templates
	end
	end
	end


	# Scans recursively for WordPress installs below the given directory.
	class Scanner
	attr_reader :sites

	def initialize(dir)
	@dir = dir
	end

	def scan
	@sites \|\|= begin
	dirs
	.reject { \|f\|
	(
	%w(wp wp-config.php wp-config-live.php) &
	f.children.map { \|p\| p.basename.to_s }
	).empty?
	}
	.map { \|d\| Site.new(d.basename, d) }
	.select { \|s\| s.is_wp? }
	end
	end

	private

	def dirs
	`find #{@dir} -type d`
	.each_line
	.map { \|l\| Pathname(l.strip) }
	end
	end


	# A WordPress install on disk.
	class Site
	attr_reader :name, :path

	def initialize(name, path)
	@name = name
	@path = Pathname(path)
	end

	def is_wp?
	!!wp_version_file
	end

	def wp_version
	return false unless is_wp?

	File.readlines(wp_version_file)
	.grep(/^\$wp_version/)
	.first
	.match(/'([^']+)'/)[1]
	end

	def latest_wp_version
	WPVersionLookup.latest_version
	end

	def wp_outdated?
	Gem::Version.new(wp_version) < Gem::Version.new(latest_wp_version) rescue false
	end

	def plugins
	return [] unless has_plugins?

	plugins_dir.children
	.reject { \|p\| p == plugins_dir + "index.php" }
	.map { \|p\| Plugin.new(p.basename, p) }
	end

	def hashes
	SiteHashes.new(wp_dir, wp_version)
	end

	private

	def content_dir
	[
	path + "wp-content",
	path + "wp" + "wp-content",
	path + "wordpress" + "wp-content",
	].find(&:exist?)
	end

	def plugins_dir
	content_dir + "plugins"
	end

	def has_plugins?
	plugins_dir.exist?
	end

	def wp_dir
	[
	path + "wp-load.php",
	path + "wp" + "wp-load.php",
	path + "wordpress" + "wp-load.php",
	].find(&:exist?).dirname
	end

	def wp_version_file
	[
	path + "wp-includes" + "version.php",
	path + "wp" + "wp-includes" + "version.php",
	path + "wordpress" + "wp-includes" + "version.php"
	].find(&:exist?)
	end
	end


	# A particular WordPress plugin on a particular site.
	class Plugin
	attr_reader :name, :path

	def initialize(name, path)
	@name = name
	@path = Pathname(path)
	end

	def version
	find_plugin_file

	header && header.match(/Version:\s*(.+)$/) { \|m\| m[1].strip } or "Unknown"
	end

	def latest_version
	PluginLookup.new(name).version \|\| "Unknown"
	end

	def outdated?
	false unless latest_version
	Gem::Version.new(version) < Gem::Version.new(latest_version) rescue false
	end

	private

	attr_reader :plugin_file, :header

	def find_plugin_file
	@plugin_file \|\|= begin
	if path.file?
	File.open(path, "r") { \|f\| @header = f.read(1024) }
	return path
	end

	path.children.find do \|file\|
	next if file.directory?
	next unless file.extname == ".php"

	File.open(file, "r") do \|f\|
	@header = f.read(1024)
	@header && @header.include?("Plugin Name:")
	end
	end
	end
	end
	end


	# Performs a lookup of the latest WordPress version using the
	# WordPress.org API.
	class WPVersionLookup
	def self.latest_version
	@latest_version \|\|= begin
	data = open(api_url) do \|u\|
	json = u.read
	JSON.parse(json) rescue {}
	end

	data["offers"].find { \|o\| o["response"] == "upgrade" }.fetch("version", "")
	end
	end

	private

	def self.api_url
	"https://api.wordpress.org/core/version-check/1.7/"
	end
	end


	# Looks up data for a given plugin on the WordPress.org plugin API,
	# caching it to disk so that future lookups are faster.
	class PluginLookup
	attr_reader :slug

	def initialize(slug)
	@slug = slug.to_s
	end

	def version
	cached = PluginCache[slug]
	return cached["version"] if cached

	version = data["version"]
	PluginCache[slug] = { "version" => data["version"] }

	version
	end

	private

	def api_url
	"https://api.wordpress.org/plugins/info/1.0/#{slug}.json"
	end

	def json
	@json \|\|= begin
	open(api_url) do \|u\|
	u.read
	end
	end
	end

	def data
	return {} if json == "null"
	JSON.parse(json)
	rescue
	{}
	end
	end


	# Looks up data for the latest version of GravityForms
	class GravityFormsLookup

	end


	# Caches plugin data on disk and performs lookups from that cache.
	class PluginCache
	def self.[](slug)
	initialize
	@store.transaction { @store[slug] }
	end

	def self.[]=(slug, data)
	initialize
	@store.transaction { @store[slug] = data }
	end

	def self.initialize
	@store \|\|= begin
	YAML::Store.new(Pathname(Dir.home) + "wp-audit-cache.yml")
	end
	end
	end

	def page_output(&block)
	return block.call unless $stdout.tty?

	old_stdout = $stdout
	$stdout = open("\|less -RFX", "w")

	r = block.call

	$stdout.close
	$stdout = old_stdout

	r
	end


	# For a given WordPress install, compares hashes of the files on the
	# filesystem with known-good hashes, to check for compromised files.
	class SiteHashes
	def initialize(path, version)
	@path = path
	@version = version
	end

	def invalid
	hash_files unless hashed?

	@invalid
	end

	private

	def valid_hashes
	ValidHashes.hashes(version)
	end

	def hashed?
	@hashed
	end

	def hash_files
	@actual_hashes = {}
	@invalid = []

	valid_hashes.each do \|file, hash\|
	full_path = path + file
	next unless File.exist?(full_path)

	actual_hash = Digest::MD5.file(full_path).to_s
	@actual_hashes[file] = actual_hash

	if hash != actual_hash
	diff = Diff.diff(full_path, ValidContent.content(version, file))
	unless diff.empty?
	@invalid << { file: file, expected: hash, actual: actual_hash, diff: diff }
	end
	end
	end

	@hashed = true

	@actual_hashes
	end

	attr_reader :path, :version
	end


	# For a given WordPress version, returns known-good hashes for the
	# files for that install.
	class ValidHashes
	def self.hashes(version)
	@hashes \|\|= {}

	unless @hashes[version]
	open(url(version)) do \|u\|
	data = JSON.parse(u.read)
	@hashes[version] = data["checksums"] \|\| {}
	end
	end

	@hashes[version]
	rescue
	{}
	end

	def self.url(version)
	"https://api.wordpress.org/core/checksums/1.0/?version=#{version}&locale=en_US"
	end
	end


	# Given a WordPress version and a file path, returns the genuine
	# content for that file in that version.
	class ValidContent
	def self.content(version, file)
	url = "https://raw.githubusercontent.com/WordPress/WordPress/#{version}/#{file}"
	open(url) { \|u\| u.read }
	rescue OpenURI::HTTPError
	""
	end
	end


	class Diff
	def self.diff(file, string)
	open("\|diff -uwB #{file} -", "r+") do \|diff\|
	diff.write(string)

	diff.close_write

	diff.read
	end
	end
	end

	__END__
	@@ start-scan
	@@@ term
	Scanning for WordPress installs in <%= dir %>...
	@@@ html
	<p>Scanning for WordPress installs in <%= dir %>...</p>
	@@@ md
	### Scanning for WordPress installs in <%= dir %>...
	@@ end-scan
	@@@ term
	<%= scanner.sites.length %> sites found.


	@@@ html
	<p><%= scanner.sites.length %> sites found.</p>
	<ul>
	@@@ md
	<%= scanner.sites.length %> sites found.


	@@ site-summary
	@@@ term
	<%= site.name %> - <%= site.path %>
	@@@ html
	<h2><%= site.name %> - <%= site.path %></h2>
	@@@ md
	<%= site.name %> - <%= site.path %>
	@@ wp-version
	@@@ term
	Running WordPress v<%= site.wp_version %> <%= "\e[31m" if site.wp_outdated? %>(Latest version: <%= site.latest_wp_version %><%= "\e[0m" %>
	@@@ html
	<p>Running WordPress v<%= site.wp_version %> <span<%= " style='color: red'" if site.wp_outdated? %>>(Latest version: <%= site.latest_wp_version %></span></p>
	@@@ md
	Running WordPress v<%= site.wp_version %> <%= "" if site.wp_outdated? %>(Latest version: <%= site.latest_wp_version %><%= "" if site.wp_outdated? %>
	@@ plugin-summary
	@@@ term
	<%= outdated ? "Outdated plugins" : "Up-to-date plugins" %> (<%= plugins.length %>)
	<% plugins.each do \|plugin\| %>
	* <%= plugin.name %> v<%= plugin.version %> <%= "\e[31m" if plugin.outdated? %>(Latest version: <%= plugin.latest_version %>)<%= "\e[0m" %>

	<% end %>


	@@@ html
	<p><%= outdated ? "Outdated plugins" : "Up-to-date plugins" %> (<%= plugins.length %>)</p>
	<ul>
	<% plugins.each do \|plugin\| %>
	<li><%= plugin.name %> v<%= plugin.version %> <span<%= " style='color:red'" if plugin.outdated? %>>(Latest version: <%= plugin.latest_version %>)</span></li>

	<% end %>


	@@@ md
	<%= outdated ? "Outdated plugins" : "Up-to-date plugins" %> (<%= plugins.length %>)
	<% plugins.each do \|plugin\| %>
	* <%= plugin.name %> v<%= plugin.version %> <%= "" if plugin.outdated? %>(Latest version: <%= plugin.latest_version %>)<%= "" if plugin.outdated? %>

	<% end %>


	@@ divider
	@@@ term

	---


	@@@ html
	<hr>
	@@@ md

	___


	@@ hashes
	@@@ term
	<%= "Possibly hacked files:" if invalid_hashes.length > 0 %>

	<% invalid_hashes.each do \|hash\| %>
	File <%= hash[:file] %> had hash <%= hash[:actual] %>, expected <%= hash[:expected] %>

	<% if hash[:diff].empty? %>
	Files differ only by whitespace.
	<% else %>
	Diff:
	<%= hash[:diff] %>
	<% end %>

	<% end %>
	@@@ html
	<%= "<p>Possibly hacked files:</p>" if invalid_hashes.length > 0 %>

	<ul>
	<% invalid_hashes.each do \|hash\| %>
	<li>
	<p>File <%= hash[:file] %> had hash <%= hash[:actual] %>, expected <%= hash[:expected] %></p>

	<% if hash[:diff].empty? %>
	<p>Files differ only by whitespace.</p>
	<% else %>
	<p>Diff:</p>
	<pre>
	<%= hash[:diff] %>
	</pre>
	<% end %>
	</li>
	<% end %>
	</ul>
	@@@ md
	<%= "Possibly hacked files:" if invalid_hashes.length > 0 %>

	<% invalid_hashes.each do \|hash\| %>
	* File <%= hash[:file] %> had hash <%= hash[:actual] %>, expected <%= hash[:expected] %>

	<% if hash[:diff].empty? %>
	Files differ only by whitespace.
	<% else %>
	Diff:
	<%= hash[:diff] %>
	<% end %>

	<% end %>