CloudScale Backup & Restore Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Most backup plugins fail on large or busy sites. They hit PHP memory limits, execution timeouts, or external storage quotas. CloudScale Backup & Restore is built differently.
It uses a pure PHP streaming implementation for database dumps and restores that reads the database in chunks and never loads the whole thing into memory at once, so it works reliably on any WordPress host without requiring server-level tools.
What it backs up
Choose any combination of:
- Full WordPress database — all tables, all data
- Media uploads folder (
/wp-content/uploads/) - Plugins folder (
/wp-content/plugins/) - Themes folder (
/wp-content/themes/)
Each backup is packaged as a single .zip file with a descriptive filename that reflects exactly what it contains.
Key features
- Run manual backups with one click — choose which components to include each time
- Configurable automatic scheduling — set your interval in days (1, 7, 30, or any number) and the exact hour of day to run
- Configurable retention — keep the last N backups; older ones are deleted automatically after each run
- Full backup history — view all stored backups with filename, type label, size, creation date, and age
- Download any backup directly from the WordPress admin
- Restore the database from any stored backup or by uploading a
.zipor.sqlfile - Safe restore workflow — puts the site into WordPress maintenance mode before restoring and removes it after
- Explicit snapshot warning before any restore operation — requires confirmation before proceeding
- System info panel — shows which backup and restore method will be used on your server, memory limits, and backup storage path
- Backup directory protected from direct web access with
.htaccessdeny-all - All passwords passed to CLI tools via environment variable, not shell arguments
Automatic backups are off by default. Run your first backup manually to confirm everything works on your server, then configure a schedule if you need one.
Reliable PHP-native implementation
The plugin uses a pure PHP streaming implementation for all database operations — no server-level tools required.
For database backup:
- Reads each table in 500-row chunks via
$wpdb. Never loads the full database into memory. Works on any WordPress host.
For database restore:
- Parses SQL statement by statement with a character-level parser that correctly handles quoted strings, escaped characters, and multi-line
INSERTstatements. Handles files of any size.
The System Info card on the plugin page shows the backup and restore method in use on your server.
Backup file naming
Backup filenames describe their contents exactly, making them easy to identify without opening them:
backup_full_2026-02-21_03-00-00.zip— all four componentsbackup_db_2026-02-21_14-35-00.zip— database onlybackup_db-media-plugins_2026-02-21_09-10-00.zip— three componentsbackup_plugins-themes_2026-02-21_22-00-00.zip— files only, no database
Restore safety
Clicking Restore DB opens a confirmation modal that:
- Shows the exact backup file name and creation date you are restoring from
- Displays a warning box explaining what will happen step by step
- Requires you to tick a checkbox: “I have taken a server snapshot and understand this will overwrite the live database”
- Only enables the Restore button after that checkbox is ticked
During restore, WordPress’s native .maintenance file is created so visitors see the standard maintenance page. It is always removed when restore finishes, whether the restore succeeded or failed. The plugin header shows a live badge indicating whether the site is online or in maintenance mode.
Backup zip contents
Each zip includes a backup-meta.json with metadata: plugin version, creation timestamp, WordPress version, site URL, table prefix, and which components were included. This makes it easy to verify a backup without restoring it.
External services
This plugin optionally connects to third-party services when those features are configured by the site administrator. No data is sent to any external service unless the administrator has explicitly enabled the relevant integration.
Amazon S3 (optional cloud backup)
When S3 settings are configured, the plugin uploads backup zip files directly
to the administrator’s own S3 bucket via the AWS S3 REST API (no external
tools required). Only the backup zip file is transmitted. Credentials (bucket
name, access key ID, secret access key, region) are stored in the WordPress
options table and are never sent anywhere except to the AWS S3 endpoint.
API endpoint contacted: https://s3.{region}.amazonaws.com/
Terms of Service: https://aws.amazon.com/service-terms/
Privacy Policy: https://aws.amazon.com/privacy/
Google Drive (optional cloud backup)
When Google Drive settings are configured, the plugin transfers backup zip files
to the administrator’s own Google Drive account using the Google Drive v3 REST
API and OAuth 2.0. No data is sent unless the administrator has completed the
OAuth authorisation flow (entered a Client ID and Client Secret from Google
Cloud Console and clicked “Connect to Google Drive”). Only the backup zip file
is uploaded. OAuth tokens (access token and refresh token) are stored in the
WordPress options table.
API endpoint contacted: https://www.googleapis.com/ and https://oauth2.googleapis.com/
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy
Dropbox (optional cloud backup)
When Dropbox settings are configured, the plugin transfers backup zip files to
the administrator’s own Dropbox account using the Dropbox v2 REST API and
OAuth 2.0. No data is sent unless the administrator has completed the OAuth
authorisation flow (entered an App Key and App Secret from the Dropbox App
Console and clicked “Connect to Dropbox”). Only the backup zip file is
uploaded. OAuth tokens are stored in the WordPress options table.
API endpoint contacted: https://api.dropboxapi.com/ and https://content.dropboxapi.com/
Terms of Service: https://www.dropbox.com/terms
Privacy Policy: https://www.dropbox.com/privacy
Microsoft OneDrive (optional cloud backup)
When OneDrive settings are configured, the plugin transfers backup zip files to
the administrator’s own Microsoft OneDrive account using the Microsoft Graph
REST API and OAuth 2.0. No data is sent unless the administrator has completed
the OAuth authorisation flow (entered an Azure App Client ID and Client Secret
and clicked “Connect to OneDrive”). Only the backup zip file is uploaded.
OAuth tokens are stored in the WordPress options table.
API endpoint contacted: https://graph.microsoft.com/ and https://login.microsoftonline.com/
Terms of Service: https://www.microsoft.com/en-us/servicesagreement/
Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
AWS EC2 / AMI snapshots (optional, AMI snapshot feature only)
When the AMI snapshot feature is used, the plugin reads instance metadata
(instance ID and region) from the local EC2 Instance Metadata Service at
http://169.254.169.254. This address is only reachable from within an EC2
instance and no data leaves the server at this step. AMI creation, status poll,
deregister, and snapshot delete requests are then issued directly to the AWS
EC2 REST API (no external tools required). The same AWS credentials
(access key ID and secret key) used for S3 are used; if none are configured
the plugin attempts to use the EC2 instance role via IMDS.
API endpoint contacted: https://ec2.{region}.amazonaws.com/
Terms of Service: https://aws.amazon.com/service-terms/
Privacy Policy: https://aws.amazon.com/privacy/
Automatic Crash Recovery — health check probe (optional)
When Automatic Crash Recovery is enabled, the plugin periodically sends an HTTP
request to the administrator-configured health check URL to verify the site is
responding. The URL defaults to the site’s own home URL. No personal data is
transmitted — the request is a plain GET with no authentication payload. The
same probe is made when the administrator clicks “Test Health Check” in the
plugin settings. If a system-cron watchdog script is installed on the server,
that script also probes this URL independently via curl. The health check URL
is set by the administrator and is never shared with any third party.
No Terms of Service or Privacy Policy apply (the request goes to a URL you own).
Twilio (optional SMS crash alerts)
When Twilio SMS alerting is configured, the plugin sends an SMS notification to
the administrator’s phone number via the Twilio Messaging API whenever Automatic
Crash Recovery rolls back a plugin. Only the alert text, the configured “from”
number, and the configured “to” number are transmitted. No backup data or
personal user data is sent. No data is transmitted unless Twilio credentials
have been explicitly entered and the SMS feature is enabled.
Terms of Service: https://www.twilio.com/en-us/legal/tos
Privacy Policy: https://www.twilio.com/en-us/legal/privacy
ntfy (optional push notifications)
When ntfy is enabled, the plugin sends a push notification to the
administrator-configured ntfy topic URL on backup, restore, and plugin rollback
events. The notification contains the site name and a brief status message (e.g.
“Backup completed” or “Plugin rolled back”). No backup data, no personal user
data, and no authentication credentials are transmitted in the notification
payload. No data is sent unless ntfy has been explicitly enabled and a topic URL
entered by the administrator.
The plugin defaults to the hosted ntfy.sh service, but any self-hosted ntfy
server URL may be entered instead. When using the hosted ntfy.sh service:
Terms of Service: https://ntfy.sh/tos
Privacy Policy: https://ntfy.sh/privacy
Files written outside the plugin folder
The Automatic Crash Recovery feature writes a single file outside the plugin
folder when it is enabled: wp-content/fatal-error-handler.php. This is a
WordPress-recognised drop-in file (documented in the WordPress Developer
Handbook under get_dropins()). WordPress core checks for this file on every
request; if present, it replaces the default fatal-error screen with a custom
handler. The plugin uses this mechanism to show a branded recovery page to
visitors while a crash is being fixed, instead of a blank white screen.
The file is written using the WordPress Filesystem API (WP_Filesystem). It is
only written when the feature is enabled, only overwritten if it was written by
this plugin (identified by an internal marker), and is deleted when the feature
is disabled or the plugin is uninstalled. No personal data is stored in this file.
Privacy Policy
CloudScale Backup & Restore does not collect, transmit, or store any personal data. All backups are stored locally in the cloudscale-backups/ folder inside your WordPress uploads directory. No telemetry or analytics are sent by this plugin. Optional cloud backup features (S3, Google Drive, Dropbox, OneDrive, AMI snapshots) transmit data only when explicitly configured by the site administrator — see the External services section above.
Screenshots
Schedule and settings panel showing configurable backup interval in days, run-at hour, retention count, folder sizes, and system information including detected backup and restore methods.
Manual backup panel with individual component checkboxes and live progress bar, plus the full backup history table showing stored backups with type badges, age, and Download / Restore DB / Delete actions.
