Download Plugin

Using WordPress Revisions for Rollback

WordPress automatically saves revisions of your posts. These revisions provide a safety net for recovering content that existed before an infection.

Understanding Revisions #

What Are Revisions? #

Revisions are snapshots of your post content saved automatically:

  • Every time you click Save/Update
  • Auto-saved periodically while editing
  • Stored in the database indefinitely (by default)

What Revisions Capture #

  • Post title
  • Post content (the main body)
  • Post excerpt
  • Some meta fields (varies by configuration)

What Revisions Don’t Capture #

  • Custom fields / post meta (typically)
  • Featured images
  • Taxonomy assignments (categories, tags)
  • Page builder data (Elementor stores separately)

Finding Pre-Infection Revisions #

Identify the Infection Timeline #

1. Check the finding’s “First Seen” date
2. Note when the infection was introduced
3. Look for revisions from before that date

Access Revision History #

1. Open the affected post in the editor
2. In Gutenberg: Click Revisions in the Post panel
3. In Classic Editor: Click Browse next to Revisions

Revision Browser #

The revision browser shows:

  • Timestamp of each revision
  • Author who made the change
  • Visual diff between revisions
  • Ability to restore any revision

Identifying Clean Revisions #

Visual Comparison #

1. Select a revision to compare
2. Look for the appearance of malicious content
3. Compare multiple revisions to find the injection point

What to Look For #

  • New script tags appearing
  • New external URLs
  • Hidden div sections added
  • Unusual link additions
  • SEO spam text appearing

Example Timeline #

Revision 5 - March 15, 2:00 PM - Clean ✓
Revision 6 - March 16, 10:30 AM - Clean ✓
Revision 7 - March 17, 3:45 PM - INFECTED ✗ (script added)
Revision 8 - March 17, 3:50 PM - INFECTED ✗ (more scripts)
Current   - March 18, 9:00 AM - INFECTED ✗

In this case, restore Revision 6 to get clean content.

Restoring a Revision #

In Gutenberg #

1. Go to Revisions panel
2. Navigate to the clean revision
3. Click Restore This Revision
4. Review the restored content
5. Click Update to save

In Classic Editor #

1. Click Browse next to Revisions
2. Use the slider to select the revision
3. Click Restore This Revision
4. Review and click Update

After Restoration #

Verify Content #

1. Check the post on the front end
2. Verify malicious content is gone
3. Run a scan to confirm clean status

Check for Data Loss #

Review what may have been lost:

  • Legitimate edits between clean revision and now
  • New images or media added
  • Formatting changes

Re-scan the Post #

1. Open the post in the editor
2. Click Scan in the Content Guard Pro panel
3. Verify no findings detected

Revisions and Quarantine #

Before Quarantine #

If you quarantine content and later find a clean revision:
1. Restore the revision (removes need for quarantine)
2. The finding auto-resolves on save
3. No need to manually un-quarantine

After Quarantine #

Quarantine doesn’t create revisions. If you:
1. Quarantine content
2. Then want to restore via revision
3. Restore the revision
4. Quarantine filter is automatically bypassed for restored content

Limitations #

Missing Revisions #

Revisions may not exist if:

  • Post was created via import
  • Revisions are disabled in wp-config.php
  • Revisions were purged

Custom Fields Not Included #

If malicious content is in:

  • Post meta / custom fields
  • ACF fields
  • Page builder data

These aren’t typically covered by revisions. You’ll need to:

  • Edit manually
  • Restore from a database backup
  • Use page builder’s revision system (if available)

No Revision Pre-Infection #

If the first revision already contains the infection:

  • Content was infected from creation
  • May have been imported infected
  • Need database backup or manual cleanup

Managing Revisions #

Revision Settings #

Control revisions in wp-config.php:

// Limit revisions per post (default: unlimited)
define('WP_POST_REVISIONS', 10);
// Disable revisions entirely (not recommended)
define('WP_POST_REVISIONS', false);

Recommendation #

For security purposes, keep revisions enabled:

  • At least 10-20 revisions per post
  • Provides recovery options
  • Helps identify infection timeline

Cleaning Old Revisions #

Don’t delete revisions immediately after a security incident:

  • They help track when infection occurred
  • Useful for forensic analysis
  • Wait until you’re confident the site is clean

Revision Alternatives #

Database Backups #

More comprehensive than revisions:

  • Include all tables (meta, options, etc.)
  • Point-in-time recovery
  • Full site restoration possible

Staging Site #

If you have a staging site:

  • May have clean copy of content
  • Can copy content manually
  • Compare staging vs. production to find differences
What are your feelings
Updated on December 4, 2025
Scroll to Top