Package Validation ​

When you rollback a plugin or theme, WP Rollback downloads the package files and validates them before installation. This validation process ensures the downloaded files are safe and properly formatted.

What is Package Validation? ​

Package validation is a security and integrity check that happens automatically during every rollback. Think of it as a quality control inspector that examines the downloaded plugin or theme files before they're installed on your website.

Why is Validation Important? ​

Validation protects your website by:

• Ensuring file integrity - Confirms the downloaded ZIP file isn't corrupted
• Checking package structure - Verifies the plugin/theme contains required files
• Monitoring file sizes - Detects unusually large files that might indicate problems
• Following WordPress standards - Uses the same validation approach as WordPress Core

How Validation Works ​

1. Download Check ​

First, WP Rollback verifies that the package was downloaded successfully and is accessible.

2. ZIP Integrity Validation ​

The system checks if the downloaded file is a valid ZIP archive that can be opened and read properly.

3. WordPress Core Validation ​

WP Rollback uses the same validation methods as WordPress Core's built-in plugin and theme installers:

• File type validation - Ensures the ZIP file format is correct
• Upload size limits - Respects WordPress's maximum file size settings
• File modification permissions - Checks if your server allows file installations

4. Package Structure Validation ​

The validator ensures the package contains the essential files:

For Plugins:

• Must contain a main plugin file (like my-plugin.php)
• Plugin file must have proper headers (Name, Version, etc.)
• Checks PHP and WordPress version compatibility

For Themes:

• Must contain a style.css file with theme headers
• Must have an index.php file OR templates/index.html for block themes
• Validates theme compatibility requirements

5. File Monitoring ​

The system performs basic file monitoring:

• File size check - Reports if any files are unusually large (over 5MB)
• PHP file detection - Counts PHP files for informational purposes
• File count reporting - Tracks total number of files validated

What Files Are Allowed? ​

WP Rollback follows WordPress Core's approach and allows all file types in plugin and theme packages. This includes:

• PHP files (required for functionality)
• CSS and JavaScript files
• Images (JPG, PNG, SVG, etc.)
• Fonts (WOFF, TTF, etc.)
• Configuration files (JSON, XML, etc.)
• Documentation files (TXT, MD, etc.)

This permissive approach matches how WordPress Core handles plugin and theme uploads.

Validation Results ​

Success ✅ ​

When validation passes, you'll see a message like:

"Package validation successful: plugin validated with 45 files checked and 12 PHP files found."

The rollback then proceeds to installation.

Failure ❌ ​

If validation fails, the rollback stops and shows an error message explaining the issue:

• "Package file does not exist" - Download failed
• "ZIP file appears to be corrupted" - File integrity issue
• "Required plugin file not found" - Missing essential files
• "File modifications are not allowed" - Server permission issue

Common Validation Issues ​

Corrupted Downloads ​

Problem: ZIP file is corrupted during download Solution: Try the rollback again - temporary network issues often resolve

Server Permissions ​

Problem: Your server doesn't allow file modifications Solution: Contact your hosting provider about file permission settings

Missing Main Files ​

Problem: Package doesn't contain required plugin.php or style.css Solution: The package may be incorrectly formatted - try a different version

Large File Warnings ​

Problem: Package contains unusually large files Solution: This is just informational - large files (like images/videos) are allowed

Technical Details ​

WordPress Core Integration ​

WP Rollback uses WordPress's built-in validation functions:

• wp_zip_file_is_valid() - ZIP integrity checking
• wp_check_filetype_and_ext() - File type validation
• validate_file() - Path security validation
• get_plugin_data() / get_file_data() - Header validation

No Pattern Scanning ​

Unlike some security plugins, WP Rollback does not scan for suspicious code patterns. This prevents false positives that could block legitimate plugins containing common functions.

Validation Philosophy ​

The validation follows these principles:

1. Trust WordPress Core - Use the same validation as WordPress itself
2. Avoid false positives - Don't block legitimate code
3. Focus on structure - Ensure packages are properly formatted
4. Provide transparency - Report what was validated

Getting Help ​

If you encounter validation errors:

1. Try again - Temporary issues often resolve on retry
2. Check the Troubleshooting Guide for common solutions
3. Review server logs - Your hosting provider can help with permission issues
4. Contact support - We're here to help with persistent problems

The validation system is designed to be reliable and permissive, allowing legitimate plugins and themes while protecting against corrupted or malformed packages.