Quarantine is Content Guard Pro’s primary remediation method. It neutralizes malicious content without permanently deleting it, allowing for safe review and recovery.
What is Quarantine? #
Quarantine is a non-destructive protection mechanism that:
- Neutralizes threats at render time (when page is displayed)
- Preserves original content in the database
- Allows restoration if the finding was a false positive
- Maintains audit trail of all actions taken
How Quarantine Works #
The Process #
1. Detection: Malicious content is identified during a scan
2. Flagging: Finding is marked with quarantine status
3. Render-time filtering: WordPress filters modify output when content is displayed
4. Neutralization: Malicious elements are stripped or disabled
5. Original preserved: Database content remains unchanged
What Happens to Different Threats #
| Threat Type | Quarantine Action |
| ————- | ——————- |
| Script tags | Completely removed from output |
| Iframe tags | Completely removed from output |
| Malicious links | Converted to span, href disabled |
| Hidden content | Container remains, external resources removed |
| Event handlers | Dangerous attributes stripped |
How Links Are Neutralized #
When a malicious link is quarantined:
- The anchor tag becomes a span element
- Link text is preserved for context
- A title attribute notes it was neutralized
- Clicking does nothing
How Scripts Are Neutralized #
When an external script is quarantined:
- The entire tag is removed from rendered output
- An HTML comment may be left as placeholder
- Database content is unchanged
Quarantine vs. Deletion #
| Aspect | Quarantine | Deletion |
| ——– | ———— | ———- |
| Database content | Preserved | Permanently removed |
| Reversible | Yes, one-click restore | No |
| Audit trail | Full history maintained | Lost |
| False positive risk | Safe – can restore | Dangerous – data lost |
| Performance | Slight filtering overhead | None |
When to Use Quarantine #
Recommended #
- Any Critical finding – Quarantine first, investigate later
- Suspicious findings – When you’re not sure if it’s malicious
- First response – Before deciding on permanent action
Consider Alternatives #
- Confirmed false positive – Use “Ignore” instead
- Known legitimate content – Add to allowlist instead
- Obvious injection – Edit content directly to remove
Quarantine Scope #
What Can Be Quarantined #
- Individual findings
- Multiple findings (bulk action)
- All findings for a specific post
What Cannot Be Quarantined #
- Options (widget content) – must edit directly
- Third-party plugin data – may need plugin-specific handling
- Database-level injections – requires database cleanup
Cache Handling #
When content is quarantined, caches are automatically cleared:
- WordPress Object Cache – clean_post_cache() called
- Popular Cache Plugins:
– WP Super Cache
– W3 Total Cache
– WP Rocket
– LiteSpeed Cache
This ensures visitors immediately see the neutralized content.
Quarantine Limitations #
Not Prevented #
- Future attacks via same vulnerability
- Other copies of malicious content
- Root cause of infection
Best Practices #
1. Quarantine immediately to stop the threat
2. Investigate source – how did this get in?
3. Check related content – infection may be widespread
4. Address root cause – update passwords, plugins, etc.
5. Consider permanent fix – edit content or delete if confirmed malicious
Viewing Quarantined Content #
See all quarantined items:
1. Go to Content Guard Pro → Quarantine
2. View list of all quarantined findings
3. Click any item for details
Or filter the findings list:
1. Go to Content Guard Pro → Findings
2. Set Status filter to “Quarantined”
Quarantine Status in Editor #
When editing a post with quarantined content:
- Warning banner appears in editor
- Quarantined sections are highlighted
- “View Quarantined Items” link provided
- Original content is visible for editing
This helps you see what was quarantined and decide whether to permanently remove or restore it.
