外掛標籤
開發者團隊
② 後台搜尋「CloudScale Backup & Restore」→ 直接安裝(推薦)
原文外掛簡介
Most backup plugins fail on large or busy sites. They hit PHP memory limits, execution timeouts, or external storage quotas. CloudScale Backup & Restore is built differently.
It uses a pure PHP streaming implementation for database dumps and restores that reads the database in chunks and never loads the whole thing into memory at once, so it works reliably on any WordPress host without requiring server-level tools.
What it backs up
Choose any combination of:
Full WordPress database: all tables, all data
Media uploads folder (/wp-content/uploads/)
Plugins folder (/wp-content/plugins/)
Themes folder (/wp-content/themes/)
Each backup is packaged as a single .zip file with a descriptive filename that reflects exactly what it contains.
Key features
Run manual backups with one click: choose which components to include each time
Configurable automatic scheduling: set your interval in days (1, 7, 30, or any number) and the exact hour of day to run
Configurable retention: keep the last N backups; older ones are deleted automatically after each run
Full backup history: view all stored backups with filename, type label, size, creation date, and age
Download any backup directly from the WordPress admin
Restore the database from any stored backup or by uploading a .zip or .sql file
Safe restore workflow: puts the site into WordPress maintenance mode before restoring and removes it after
Explicit snapshot warning before any restore operation: requires confirmation before proceeding
System info panel: shows which backup and restore method will be used on your server, memory limits, and backup storage path
Backup directory protected from direct web access with .htaccess deny-all
All passwords passed to CLI tools via environment variable, not shell arguments
Automatic backups are off by default. Run your first backup manually to confirm everything works on your server, then configure a schedule if you need one.
Reliable PHP-native implementation
The plugin uses a pure PHP streaming implementation for all database operations: no server-level tools required.
For database backup:
Reads each table in 500-row chunks via $wpdb. Never loads the full database into memory. Works on any WordPress host.
For database restore:
Parses SQL statement by statement with a character-level parser that correctly handles quoted strings, escaped characters, and multi-line INSERT statements. Handles files of any size.
The System Info card on the plugin page shows the backup and restore method in use on your server.
Backup file naming
Backup filenames describe their contents exactly, making them easy to identify without opening them:
backup_full_2026-02-21_03-00-00.zip: all four components
backup_db_2026-02-21_14-35-00.zip: database only
backup_db-media-plugins_2026-02-21_09-10-00.zip: three components
backup_plugins-themes_2026-02-21_22-00-00.zip: files only, no database
Restore safety
Clicking Restore DB opens a confirmation modal that:
Shows the exact backup file name and creation date you are restoring from
Displays a warning box explaining what will happen step by step
Requires you to tick a checkbox: “I have taken a server snapshot and understand this will overwrite the live database”
Only enables the Restore button after that checkbox is ticked
During restore, WordPress’s native .maintenance file is created so visitors see the standard maintenance page. It is always removed when restore finishes, whether the restore succeeded or failed. The plugin header shows a live badge indicating whether the site is online or in maintenance mode.
Backup zip contents
Each zip includes a backup-meta.json with metadata: plugin version, creation timestamp, WordPress version, site URL, table prefix, and which components were included. This makes it easy to verify a backup without restoring it.
External Services
Telegram Bot API
Service: Telegram Messenger Inc.
Website: https://telegram.org
Endpoint: https://api.telegram.org/bot{token}/sendMessage
Data sent: An error summary message containing: the PHP error message, the file name and line number where the error occurred, and the relevant operation context (e.g. backup or restore task name). No personal visitor data or post content is transmitted.
When data is sent: Only when a plugin error is caught and you have configured a Telegram bot token and chat ID in the plugin’s Notifications settings. No data is sent if the Telegram integration is not configured.
Purpose: Sends real-time error alert notifications to a Telegram chat of your choosing so site owners can respond to backup or restore failures quickly.
Telegram Privacy Policy: https://telegram.org/privacy
Telegram Terms of Service: https://telegram.org/tos
Telegram Bot API documentation: https://core.telegram.org/bots/api
External services
This plugin optionally connects to third-party services when those features are configured by the site administrator. No data is sent to any external service unless the administrator has explicitly enabled the relevant integration.
Amazon S3 (optional cloud backup)
When S3 settings are configured, the plugin uploads backup zip files directly
to the administrator’s own S3 bucket via the AWS S3 REST API (no external
tools required). Only the backup zip file is transmitted. Credentials (bucket
name, access key ID, secret access key, region) are stored in the WordPress
options table and are never sent anywhere except to the AWS S3 endpoint.
API endpoint contacted: https://s3.{region}.amazonaws.com/
Terms of Service: https://aws.amazon.com/service-terms/
Privacy Policy: https://aws.amazon.com/privacy/
Google Drive (optional cloud backup)
When Google Drive settings are configured, the plugin transfers backup zip files
to the administrator’s own Google Drive account using the Google Drive v3 REST
API and OAuth 2.0. No data is sent unless the administrator has completed the
OAuth authorisation flow (entered a Client ID and Client Secret from Google
Cloud Console and clicked “Connect to Google Drive”). Only the backup zip file
is uploaded. OAuth tokens (access token and refresh token) are stored in the
WordPress options table.
API endpoint contacted: https://www.googleapis.com/ and https://oauth2.googleapis.com/
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy
Dropbox (optional cloud backup)
When Dropbox settings are configured, the plugin transfers backup zip files to
the administrator’s own Dropbox account using the Dropbox v2 REST API and
OAuth 2.0. No data is sent unless the administrator has completed the OAuth
authorisation flow (entered an App Key and App Secret from the Dropbox App
Console and clicked “Connect to Dropbox”). Only the backup zip file is
uploaded. OAuth tokens are stored in the WordPress options table.
API endpoint contacted: https://api.dropboxapi.com/ and https://content.dropboxapi.com/
Terms of Service: https://www.dropbox.com/terms
Privacy Policy: https://www.dropbox.com/privacy
Microsoft OneDrive (optional cloud backup)
When OneDrive settings are configured, the plugin transfers backup zip files to
the administrator’s own Microsoft OneDrive account using the Microsoft Graph
REST API and OAuth 2.0. No data is sent unless the administrator has completed
the OAuth authorisation flow (entered an Azure App Client ID and Client Secret
and clicked “Connect to OneDrive”). Only the backup zip file is uploaded.
OAuth tokens are stored in the WordPress options table.
API endpoint contacted: https://graph.microsoft.com/ and https://login.microsoftonline.com/
Terms of Service: https://www.microsoft.com/en-us/servicesagreement/
Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
CloudScale Managed Cloud Backup (optional, paid service)
When the administrator subscribes to the optional CloudScale Managed Cloud Backup
service, the plugin contacts the CloudScale broker to request a short-lived,
prefix-scoped Amazon S3 access token, then uploads backup zip files directly to
CloudScale’s managed S3 storage (hosted in the EU, eu-west-1). Only the site’s
domain name, the subscription licence key, and the backup zip file are involved;
the backup bytes are uploaded straight to S3 and do not pass through the broker.
No data is sent unless the administrator has subscribed and entered a licence key.
API endpoint contacted: https://api.cloudscale.consulting/ (broker) and
https://cloudscale-backup-restore-global.s3.eu-west-1.amazonaws.com/ (storage)
Terms of Service: https://cloudscale.consulting/terms
Privacy Policy: https://cloudscale.consulting/privacy
Paystack (optional, payment for Managed Cloud Backup)
Subscription payments for the optional CloudScale Managed Cloud Backup service are
processed by Paystack. Card details are entered on Paystack’s own hosted checkout
page and are never collected, stored, or transmitted by this plugin. When the
administrator starts a subscription, the subscriber’s email address is sent to
CloudScale to create the Paystack checkout session; no payment-card data is handled
by the plugin or the WordPress site. No data is sent unless the administrator
chooses to subscribe to the paid service.
API endpoint contacted: https://api.paystack.co/ (via the CloudScale broker) and
https://checkout.paystack.com/ (hosted checkout)
Terms of Service: https://paystack.com/terms
Privacy Policy: https://paystack.com/privacy
AWS EC2 / AMI snapshots (optional, AMI snapshot feature only)
When the AMI snapshot feature is used, the plugin reads instance metadata
(instance ID and region) from the local EC2 Instance Metadata Service at
http://169.254.169.254. This address is only reachable from within an EC2
instance and no data leaves the server at this step. AMI creation, status poll,
deregister, and snapshot delete requests are then issued directly to the AWS
EC2 REST API (no external tools required). The same AWS credentials
(access key ID and secret key) used for S3 are used; if none are configured
the plugin attempts to use the EC2 instance role via IMDS.
API endpoint contacted: https://ec2.{region}.amazonaws.com/
Terms of Service: https://aws.amazon.com/service-terms/
Privacy Policy: https://aws.amazon.com/privacy/
Automatic Crash Recovery: health check probe (optional)
When Automatic Crash Recovery is enabled, the plugin periodically sends an HTTP
request to the administrator-configured health check URL to verify the site is
responding. The URL defaults to the site’s own home URL. No personal data is
transmitted. The request is a plain GET with no authentication payload. The
same probe is made when the administrator clicks “Test Health Check” in the
plugin settings. If a system-cron watchdog script is installed on the server,
that script also probes this URL independently via curl. The health check URL
is set by the administrator and is never shared with any third party.
No Terms of Service or Privacy Policy apply (the request goes to a URL you own).
Twilio (optional SMS crash alerts)
When Twilio SMS alerting is configured, the plugin sends an SMS notification to
the administrator’s phone number via the Twilio Messaging API whenever Automatic
Crash Recovery rolls back a plugin. Only the alert text, the configured “from”
number, and the configured “to” number are transmitted. No backup data or
personal user data is sent. No data is transmitted unless Twilio credentials
have been explicitly entered and the SMS feature is enabled.
Terms of Service: https://www.twilio.com/en-us/legal/tos
Privacy Policy: https://www.twilio.com/en-us/legal/privacy
ntfy (optional push notifications)
When ntfy is enabled, the plugin sends a push notification to the
administrator-configured ntfy topic URL on backup, restore, and plugin rollback
events. The notification contains the site name and a brief status message (e.g.
“Backup completed” or “Plugin rolled back”). No backup data, no personal user
data, and no authentication credentials are transmitted in the notification
payload. No data is sent unless ntfy has been explicitly enabled and a topic URL
entered by the administrator.
The plugin defaults to the hosted ntfy.sh service, but any self-hosted ntfy
server URL may be entered instead. When using the hosted ntfy.sh service:
Terms of Service: https://ntfy.sh/tos
Privacy Policy: https://ntfy.sh/privacy
Files written outside the plugin folder
The Automatic Crash Recovery feature writes a single file outside the plugin
folder when it is enabled: wp-content/fatal-error-handler.php. This is a
WordPress-recognised drop-in file (documented in the WordPress Developer
Handbook under get_dropins()). WordPress core checks for this file on every
request; if present, it replaces the default fatal-error screen with a custom
handler. The plugin uses this mechanism to show a branded recovery page to
visitors while a crash is being fixed, instead of a blank white screen.
The file is written using the WordPress Filesystem API (WP_Filesystem). It is
only written when the feature is enabled, only overwritten if it was written by
this plugin (identified by an internal marker), and is deleted when the feature
is disabled or the plugin is uninstalled. No personal data is stored in this file.
Privacy Policy
CloudScale Backup & Restore does not collect, transmit, or store any personal data. All backups are stored locally in the cloudscale-backups/ folder inside your WordPress uploads directory. No telemetry or analytics are sent by this plugin. Optional cloud backup features (S3, Google Drive, Dropbox, OneDrive, AMI snapshots) transmit data only when explicitly configured by the site administrator. See the External services section above.
