wp_trusted_keys() WordPress Function

The wp_trusted_keys() function is used to generate and display a list of trusted public keys. This function is used by the WordPress security team to manage and maintain a list of trusted keys that are used to verify the integrity of WordPress releases.

wp_trusted_keys() #

Retrieves the list of signing keys trusted by WordPress.

Contents

Return

(string[]) Array of base64-encoded signing keys.

Top ↑

Source

File: wp-admin/includes/file.php

function wp_trusted_keys() {
	$trusted_keys = array();

	if ( time() < 1617235200 ) {
		// WordPress.org Key #1 - This key is only valid before April 1st, 2021.
		$trusted_keys[] = 'fRPyrxb/MvVLbdsYi+OOEv4xc+Eqpsj+kkAS6gNOkI0=';
	}

	// TODO: Add key #2 with longer expiration.

	/**
	 * Filters the valid signing keys used to verify the contents of files.
	 *
	 * @since 5.2.0
	 *
	 * @param string[] $trusted_keys The trusted keys that may sign packages.
	 */
	return apply_filters( 'wp_trusted_keys', $trusted_keys );
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-admin/includes/file.php:wp_trusted_keys

Filters the valid signing keys used to verify the contents of files.

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

Top ↑

Changelog

Changelog
VersionDescription
5.2.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.