How to Find an Older Version of a WordPress Plugin

Nearly all software in active development receives updates over time. These updates do everything from patch security holes to add new features to restructure the entire app, and they're essential to the smooth function of modern computers.

Modern websites are powered by apps and plugins, not just directly-developed code, so it stands to reason that they work the same way. Indeed, with WordPress, you have constant updates to WordPress itself and all of the various plugins and extensions you may use, up to and including your WordPress theme.

Unfortunately, sometimes a piece of software updates in a way you might not like. Maybe the developers remove a feature you wanted or change the UI rendering it no longer usable. Or, something in their update breaks compatibility or introduces PHP or JavaScript on your site, so you have to deactivate it and fix the problem.

This situation happens all the time with WordPress. These range from a minor notice in the backend that something is not compatible to a broken form or a site element that stops working. Worst of all is the dreaded white screen of death.

The standard solution to this problem is rolling back to a previous version that's causing you problems with your current WordPress version. The question is, how can you do it? There are several different methods, and I've written a step-by-step beginner's guide for as many techniques as I know.

Before this tutorial, though, a word of caution.

Why You Should Be Careful with Old Versions

In the intro to this post, I mentioned that one of the main reasons apps get updates is to patch security holes. It's one of the biggest drivers of updates for any software. The typical life cycle for a piece of software is to have active development for a while, then have those updates drop off in frequency, then fall into "security-only" updates, where the app gets no new development or additional features beyond fixing security issues.

This phenomenon can be seen in pretty much any level of software, from a minor plugin to entire operating systems themselves. Microsoft allows you to pay for extended security updates to old versions of Windows, even though they don't do any other development or updating for the platform.

All of this brings me to my point:

When a critical vulnerability is known, attackers will scan the internet, looking for:

• WordPress sites that run the self-hosted WordPress.org software.
• WordPress sites that have the plugin and the necessary files in question.
• WordPress sites that are actively using vulnerable files.

Then they'll exploit the vulnerability to compromise the site. If you think this won't happen to you, it happens thousands of times per day.

Will it happen to you if you use a slightly older plugin version? Probably not. The older the plugin is, the riskier the rollback potentially is. Maybe the update you're reverting from wasn't a security update. Perhaps it's not a widely-used plugin, so there aren't many people using it, so there's not much incentive for roving gangs of bots to scan for it. Whatever the case is, the risk is low, but it's there.

Just exercise caution if you're going to use an old version of a plugin or an outdated version of WordPress, especially one that is visible or accessible to users on your site. It can potentially put your site at risk. My recommendation is to check the update every few weeks or months (depending on the development cycle of the plugin and the reason you reverted) to see if they've fixed the issue.

Let's talk about the different methods you can use to find and revert to old versions.

Method 1: The WordPress Repository History

If your plugin was hosted on the WordPress plugin directory, the chances are that the old versions of the plugin are available for download directly. It's part of their archiving and troubleshooting options and helps developers use old versions for testing and other purposes.

How can you find it? Of course, it only works if the plugin you want is hosted there. Plus, if you used a paid upgrade from a free version, you might be able to find the free plugin but won't be able to access the paid features, depending on how the plugin works.

First, find the plugin page for the plugin in question. For example, Akismet, the widely-used anti-spam plugin, has this page. On that page, look in the right-hand column for the link that says "advanced view." This section takes you to advanced metrics and options for the plugin on a page like this.

At the bottom of the page, you see a drop-down box labeled Development Version. This area allows you to select a version before the current one and download the package of all the files necessary to install it.

But, if all you need is one version back, it's usually good enough.

Method 2: Free WP Rollback Plugin

WP Rollback is a plugin that automates the first method for you. All the Rollback WordPress plugin does is take the updater code and allow you to choose the version of the plugin to downgrade, rather than just updating to the most recent version.

This tool adds a rollback link to each of your plugins with old versions available in the WordPress "Plugins" menu. You can find and install it here.

Since it works the same way as method one, it has the same limitations.

If you notice that some of your plugins on your list have the rollback button, and others don't allow you to choose an older version of the plugin, this is why.

Another option you might have is to use something like Rollback Update Failure. This plugin is something that you install ahead of time, and it monitors your site for anything going wrong and breaking when something updates and will gracefully roll it back.

Note that this only works if the update fails; if it works but you don't like the new version, you're out of luck on this front.

Method 3: Check GitHub

Another option is to check if the plugin is available on GitHub. GitHub is the go-to repository for coding projects, everything from tiny niche apps to massive projects. Many different WordPress plugins maintain their code on GitHub, and you can often find their project pages.

Not all projects are as comprehensively organized or easy to navigate, but many are. For example, one of the major WordPress plugins for SEO, Yoast, has a page for their plugin here.

You can browse through their project and see old versions, often sorted by release or with tags for the version.

GitHub isn't necessarily going to get you what you're looking for, but it's an excellent option if the WordPress directory doesn't have what you're looking for. You can also sometimes find plugins there that have since been removed from WordPress's directory.

Method 4: Check Your Backups

Do you maintain regular backups of your site? You should. All kinds of things can go wrong with a WordPress website, pretty much any time, from a hacker compromising it to a hardware crash to corrupted files or a botched upgrade. You never know what disaster can happen, and backups are one of the primary ways you insulate yourself against them.

Even if you maintain backups, what kind of backups do you keep? If you use a WordPress backup utility, you may not be backing up everything. For example, you might be limited to your data and not your files if you go into your hosting and back up your SQL databases. Backing up your SQL database only grabs your DB, not your plugin files.

The trick is comprehensive backups. If you back up your old files and code – especially if you maintain backups of the zip files for plugins you use – you should have old versions.

Just remove the existing version and upload the old version with FTP or by zipping up the folder, visiting the "Plugins" section in the WordPress dashboard, and clicking "Upload Plugin."

Once again, make sure auto-updating is turned off, so it doesn't just install and immediately update back to the broken version.

Unfortunately, this only works if you have backups. You might be able to check your email and see if your backup plugin ever notified you of a successful backup in the past, but that's increasingly a long shot.

Method 5: Look for Old Mirrors

Did you know that Google effectively finds just about anything you're looking for? Of course, you did. You can use all sorts of search operators to refine searches and remove more recent versions out of the equation.

You can also use archiving services to locate mirrors. Archive.org, home of the internet archive and the Wayback Machine, can let you browse older archives of sites and find links that may still work to third-party downloads.

There's one significant risk to this method: you have to trust a third party to have verifiable and safe downloads. There's a small but non-zero chance that a mirror site may have been compromised and their downloads laced with malware, especially if they're older and poorly maintained.

Different plugins throughout the industry work in different ways, so you need to find the right combination of query elements that work. Either way, go to Google and search for the plugin's name and the version number you're looking for. Consider additional operators, like searching for pages with the precise filename in the title, the keyword "download," or filetype .zip, or whatever else seems to work.

Method 6: Ask the Developer Directly

If all else fails, why not ask?

By nature, most WordPress plugins are developed by businesses or developers trying to build a name for themselves. Names are attached to plugin uploads, and most of the time, there are contact emails available. They aren't constantly monitored, but you can use a little bit of internet detective skill to track down a valid contact email for a developer who doesn't seem to check their official email.

In order, I would recommend:

• Check their profiles on the WordPress site directory, GitHub, CodeCanyon, or another website that they use.
• Check their business website. For example, Yoast has a contact page on Yoast.com.
• Identify the developer and find them on social media. Twitter and LinkedIn are the two most likely to get a response since they're the more professional platforms. Reach out to the developer there.
• Use various methods to look up publicly-available email addresses. Tools like Hunter.io, Find That Email, and Voila Norbert all give you options to track down email addresses to try.
• Try checking WHOIS information. These days most domain registrars protect customer information to prevent doxing, but you may find a valid contact email.

If these fail, there are a few other options you can try.

The tricky part here is getting into contact with the developers. Usually, they'll be happy to offer an old version up for download, though it's not always the case. It never hurts to ask, though!

So, there you have it; six different methods you can use to find an old version of a plugin. Once you have it, though, now what? Roll back to the old version, but keep checking to see if whatever problem you had with it has been fixed. You don't want to run with an outdated plugin any longer than you have to.

If you reverted because of a change in functionality or design you don't like – rather than it being broken – you may be out of luck if the developers don't revert their decisions. In that case, you'll be left looking for an alternative instead. Good luck!