Plugin Vault
Plugin Vault is an exclusive WP Rollback Pro feature that gives you access to a shared, cloud-hosted library of premium plugin and theme versions — so you can roll back a premium asset even if you've never archived it locally.
License Requirement
You must hold a valid, active license for any plugin or theme you roll back using Plugin Vault. Accessing a version from the Vault does not grant you a license to use that software. Downloading a version without a valid license is a violation of the plugin or theme author's terms of use. WP Rollback enforces access via your active WP Rollback Pro license, but it is your responsibility to ensure you hold valid licenses for the software you are rolling back.
What Is Plugin Vault?
Plugin Vault is a community-contributed repository of premium plugin and theme ZIPs, exclusively available to WP Rollback Pro customers. When a Pro user updates a premium plugin or theme, WP Rollback automatically contributes that version's ZIP to the Vault. Other Pro users with valid licenses for that same product can then pull and restore any available version through the WP Rollback UI.
Every ZIP contributed to the Vault is:
- Verified by SHA-256 checksum before it is stored and again before it is installed on your site
- Deduplicated — if the same version is contributed multiple times, only one copy is stored
- Delivered via signed, time-limited URLs — files are never publicly accessible
How It Works
Contributing Versions
When WP Rollback Pro is active on your site and a premium plugin or theme is updated through WordPress, WP Rollback automatically contributes the version ZIP to the Vault in the background via a scheduled daily task. You do not need to take any manual action — it happens automatically.
- Up to 3 ZIPs are uploaded per run, with short delays between each
- Versions already in the Vault are skipped to avoid redundant uploads
- Contributions are logged and tracked locally so they are never duplicated
Accessing Vault Versions
When you open the rollback UI for a premium plugin or theme, WP Rollback queries the Vault for available versions. Any version contributed by the community appears alongside your local backups and WordPress.org versions, each labeled with a Vault badge.
Select a Vault version and click Rollback — WP Rollback downloads the ZIP via a signed URL, verifies its SHA-256 checksum, and installs it. If the checksum does not match, the rollback is aborted before any files are replaced.
Integrity Verification
Every file downloaded from the Vault is verified before installation:
- A SHA-256 checksum is computed when the ZIP is first contributed to the Vault
- That checksum is returned alongside the signed download URL
- WP Rollback computes a fresh checksum on the downloaded file
- If the two checksums don't match, the rollback is cancelled and no files are changed
This ensures you never install a tampered or corrupted file.
Coverage
Vault coverage depends on community contributions — a version becomes available after at least one Pro user with that plugin or theme has had it installed and updated while WP Rollback Pro was active. Coverage grows as the Pro user base grows.
Supported sources include, but are not limited to:
- Envato / ThemeForest
- Kadence Pro
- Astra Pro
- GeneratePress Pro
- Divi / Elegant Themes
- Gravity Forms
- WooCommerce (and WooCommerce extensions)
- Any premium plugin or theme that delivers updates through the WordPress update system
If a version you need is not yet in the Vault, check your local backups — WP Rollback archives every version locally before each update runs.
Performance & Site Impact
Plugin Vault is designed to be invisible during normal site use. Here is exactly when each network call happens — and when it does not.
Nothing runs on regular page loads
Browsing wp-admin, viewing the Plugins page, or loading any front-end page triggers zero network calls to the Vault. The plugin only registers its hooks at boot; it does not probe the Vault or authenticate on every request.
Authentication is cached and lazy
The first time the Vault is needed (either when the rollback UI is opened for a premium asset, or when the daily contribution task runs), WP Rollback authenticates with the Vault using your WP Rollback Pro license. The resulting token is stored locally and reused for up to one hour without contacting the Vault again.
| Situation | Network calls |
|---|---|
| Token is fresh (< ~1 hour old) | 0 — token read from local cache |
| Token expired, license valid | 1 auth call, then cached again |
| License invalid or expired | 1 auth call, then a 30-minute cooldown before any retry |
| Multiple simultaneous requests at token expiry | 1 auth call total — others wait silently |
No looping, no hammering. A site with an expired or invalid license will attempt one re-auth, receive a rejection, and then make no further calls for 30 minutes.
Version lookups are cached
When the rollback UI queries the Vault for available versions of a specific plugin or theme, the result is cached for 5 minutes. Opening the rollback UI for the same asset multiple times within that window hits the local cache, not the Vault network.
Contributions run once a day, in the background
The daily contribution task uploads at most 3 new ZIPs per run, with a 2-second pause between each. The run happens via WordPress's built-in background task scheduler (WP-Cron) and is never triggered by a visitor loading a page. Files already known to be in the Vault are skipped entirely using a local record — no network check is performed for them.
| What | Frequency | Max calls per site |
|---|---|---|
| Auth token refresh | ~once per hour (if Vault is used) | 1 call |
| Version lookup (rollback UI) | Only when rollback UI is open | 1 call per slug, cached 5 min |
| Contribution run | Once per day | ≤ 3 contribution + ≤ 3 pre-checks |
| Any Vault call on a normal page load | Never | 0 |
Requirements
- WP Rollback Pro with an active license
- Active license for the plugin or theme you are rolling back (see License Requirement above)
- Internet access from your WordPress server to reach the Vault API
Legal Notice and Intellectual Property
Plugin Vault is designed to support legitimate rollback workflows for licensed users only. Please read the following carefully:
You Must Own a Valid License
To use Plugin Vault to roll back a premium plugin or theme, you must hold a current, valid license issued by that product's author or authorized reseller. WP Rollback authenticates your WP Rollback Pro subscription to access the Vault, but does not verify or manage your licenses for third-party products. That responsibility rests entirely with you.
WP Rollback Is Not a Distribution Platform
Plugin Vault is a rollback utility for authorized users — it is not a mechanism for distributing premium software to unlicensed users. Contributing a ZIP to the Vault or downloading a version from it:
- Does not transfer any intellectual property rights
- Does not waive any license terms imposed by the plugin or theme author
- Does not grant access to a product you are not otherwise licensed to use
- Does not constitute resale, redistribution, or piracy
All plugin and theme files stored in the Vault remain the intellectual property of their respective authors. WP Rollback claims no ownership over any contributed files.
Author and Developer Rights
Premium plugin and theme authors retain all rights to their software. If you are a plugin or theme author and have questions or concerns about your product appearing in Plugin Vault, please contact us at support@wprollback.com. We are committed to working with developers to address any concerns promptly.
Compliance with License Terms
Some premium plugin and theme licenses restrict redistribution, even among licensed users. It is your responsibility to review the license terms of any product you roll back via the Vault and confirm that doing so is permitted. If a license prohibits redistribution to any third party, do not use Plugin Vault for that product — use your local backup instead, which restores only from files already on your own server.
Frequently Asked Questions
Why isn't a version available in the Vault?
Vault coverage depends on community contributions. A version only becomes available after a Pro user with that plugin or theme has updated it while WP Rollback Pro was active. If the version you need isn't available, check your local backup archive or try an adjacent version.
Is my data safe when contributing to the Vault?
Yes. The contribution process only uploads the plugin or theme ZIP file — no site data, database content, or credentials are ever sent. Contributed ZIPs are stored in a private, access-controlled storage bucket and are never publicly accessible.
Can I opt out of contributing to the Vault?
Vault contribution is part of the WP Rollback Pro product. If you have concerns about contributing specific files, please contact support@wprollback.com.
Does using the Vault require any extra configuration?
No. Vault access is automatic once your WP Rollback Pro license is active. No API keys, credentials, or configuration steps are required on your end.
What happens if a checksum mismatch is detected?
The rollback is immediately cancelled before any files on your site are modified. You will see an error message in the rollback UI. If this happens repeatedly, contact support — it may indicate an issue with the specific Vault version.
Next Steps
- Learn about all Pro Features
- Understand How Rollbacks Work including local backups
- Troubleshoot issues in the Troubleshooting Guide