diff --git a/bin/bundle.sh b/bin/bundle.sh
index 577ccfae..664e1dc2 100755
--- a/bin/bundle.sh
+++ b/bin/bundle.sh
@@ -54,6 +54,12 @@ for VERSION in $AVAILABLE_VERSIONS; do
 	curl -sSL "$WP_ZIP_URL" -o "$WP_ZIP_FILE"
 	EXPECTED_HASH=$(curl -sSL "$WP_ZIP_URL.sha1")
 
+	# Skip if we can't get a valid hash.
+	if ![[ $EXPECTED_HASH =~ ^[a-z0-9]{40}$ ]]; then
+		echo "Failed to fetch valid hash for $VERSION" >&2
+		continue
+	fi
+
 	# Verify the checksum.
 	# (sha1 is suboptimal, but it's all we've got.)
 	echo "  Verifying checksum" >&2