Priskribo
The UpdraftPlus Backup & Migration Plugin is trusted by the WordPress community to backup, restore and migrate their WordPress websites. UpdraftPlus is actively installed on more than 3 million websites around the world.
Backup with UpdraftPlus
UpdraftPlus is the world’s highest ranking and most popular scheduled backup and migration plugin. Backup to your preferred storage location and restore in just three clicks.
Backup to Dropbox, Google Drive, Amazon S3 (or compatible), Rackspace Cloud, FTP, DreamObjects, Openstack Swift or email.
The paid version also allows you to backup to Microsoft OneDrive, Microsoft Azure, Google Cloud, Backblaze B2, SFTP, SCP, pCloud, WebDAV or UpdraftVault, our integrated storage option for UpdraftPlus.
Backup manually or schedule to run every 2, 4, 8 or 12 hours, daily, weekly, monthly or fortnightly.
Restore with UpdraftPlus
Your WordPress website is vulnerable. Your site may get hacked. Something could go wrong with an update or your server could crash. You might need to reverse a change made or a mistake caused by human error.
Whatever the reason, you can restore your WordPress website in just a few clicks with UpdraftPlus. Choose which components to restore (e.g. plugins, themes, database etc.), click again to restore, then click again to return to the main screen.
Migrate with UpdraftPlus
It’s easy to migrate your WordPress website to another web host, server or domain with this free version of UpdraftPlus.
To migrate, simply download your database, plugins, themes etc. from the source site, then upload them into your destination site.
When migrating, a built-in search-and-replace engine identifies old strings and replaces these to reflect the new location. UpdraftPlus saves you time and reduces the risk of broken links or missing files associated with manual migrations.
Why UpdraftPlus?
Writing a reliable backup and migration plugin that ‘just works’ consistently across millions of different WordPress deployments is hard. UpdraftPlus is relied upon to do exactly that. We’re trusted and actively deployed on more websites around the world than any other WordPress backup and migration plugin.
UpdraftPlus:
- Backs up, migrates and restores
- Offers a huge number of remote storage locations
- Allows you to schedule backups, so you can ‘set and forget’
- Is comprehensive and easy to use
- Is proven to work on over 3 million sites.
UpdraftPlus Premium
The free version of UpdraftPlus will back up and migrate your website perfectly well. However if you need more features and options you can purchase our Premium version.
Backup and Migrate with UpdraftPlus Premium, and:
-
Get automatic backups before updates. Restore the very latest version if a WordPress or plugin update breaks your site.
-
Backup Incrementally. Changes are added to the master, saving server resources vs repeatedly backing up in full.
-
Get more remote storage options including Microsoft OneDrive, SFTP, Microsoft Azure, WebDAV, Google Cloud, SCP, Backblaze and pCloud.
-
Get 1GB of integrated storage with UpdraftVault for 99.999% reliability, redundancy and scalability.
-
Get more control over how many backups are stored in a specified interval.
Restore from other backup plugins including BackWPup, BackupWordPress, Simple Backups and more. -
Run backups at set times e.g. during periods of low traffic.
-
Backup to more than one location for added protection.
-
Get detailed reports. Includes cryptographic checksums so you can verify the integrity of the backup files and more.
-
Get Premium migration. Migrating to the destination site is more direct and can be done from the source site.
-
Get Multisite / multi-network compatibility.
-
Backup non-WP files and databases e.g. tables belonging to your e-commerce store or customisations to WordPress core.
-
Get database encryption.
-
Manage your backups and migrations from the WP-CLI.
-
Get Premium Support.
Find out more on our comparison page. UpdraftPlus Premium is available for purchase here.
Managing multiple websites?
UpdraftCentral is a powerful remote control dashboard for WordPress that allows you to manage your backups, as well as updates, users, pages, posts, plugins and themes from one central location. Choose between:
- UpdraftCentral (free, self-hosted)
- UpdraftCentral Premium (paid-for, self-hosted)
- UpdraftCentral Cloud (paid-for, fully-hosted)
Optimize your sites centrally by combining the power of WP-Optimize and UpdraftCentral or manage your backups centrally by combining the power of UpdraftPlus with UpdraftCentral.
Need to create a temporary clone of your site?
UpdraftClone makes it quick and easy to create a temporary sandbox for changes you want to try out. Simply select the versions of WordPress and PHP that you want, and we’ll do the rest. More about UpdraftClone
The full suite of plugins from Team Updraft and friends
-
UpdraftPlus.
Backup, migrate and restore. Rated 5* on the plugin directory and trusted by more than 3 million WordPress website owner -
WP-Optimize.
Clean the database, compress images and caching. Optimize your WordPress website. 5* user rating. 1 million + active installs. -
All-In-One Security (AIOS).
Secure your WordPress website. Comprehensive, feature rich and easy to use. 5* user rating and 1 million + active installs. -
WP Overnight.
Quality Extensions for your WooCommerce store. 5* rated invoicing, order and product management, customer management solutions and more. -
Easy Updates Manager.
Take control of updates. Lots of features for free, and a Premium version with even more – over 300,000 users. -
Internal Link Juicer.Boost your SEO. Automate internal links within your WordPress website. Save time and rank higher in the search engines.
For other useful, free plugins see our lead developer’s profile, here.
Are you multilingual? Can you translate?
Do you want to help people that speak your language to backup, migrate and restore their WordPress websites?
The UpdraftPlus backup, migration and restoration plugin is ready and waiting. The translation process is easy, and web-based – please go here for instructions: https://updraftplus.com/translate/.
Or, if you’re already an expert WordPress translator, just pick out the .pot file from the wp-content/plugins/updraftplus/languages/ directory – if you scan for translatable strings manually, then you need to get these functions: _x(), __(), _e(), _ex(), log_e().
Many thanks to our existing translators.
License
Copyright 2011-24 David Anderson
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Non-English translators are provided by volunteers, and wordpress.org does not give plugin developers control over their translations; thus relying on them is at your own risk; UpdraftPlus cannot guarantee that translations from the original English are accurate.
We recognise and thank those mentioned at https://updraftplus.com/acknowledgements/ for code and/or libraries used and/or modified under the terms of their open source licences.
Ekrankopioj
OD
-
How do I install the UpdraftPlus backup & migration plugin?
-
Here are the installation guidelines from our YouTube channel or from our website.
-
What if I have a problem / need support ?
-
If you’re struggling to backup, migrate or restore there’s help available.
Search existing topics on the WordPress support forum or post a new one. Our support and development teams check and respond to queries everyday.
UpdraftPlus Premium customers can log a ticket directly with our support and development teams via the UpdraftPlus support hub.
Before you get in touch, please ensure that you have read through our <a href=https://updraftplus.com/frequently-asked-questions/”>FAQs and that you’ve updated to the latest release of our plugin.
It helps greatly if you can include the backup log and as much other information as possible in your report, for example the PHP version, your website, the error description, how you got to the page that caused it, any other relevant plugins you have installed, plus any other information that might be of use.
To find the backup log: there are links to download the logs on the UpdraftPlus settings page in the plugin – or you may be emailed it. Failing that, FTP into the directory wp-content/updraft and look for it there.
If you know how, please send your PHP error logs – just the few lines that appear when you run a backup, often the file called error_log, possibly in your wp-admin directory which you can check via FTP. If you’re a programmer that can debug and send a patch, that’s even better.
-
Migrating in the free plugin involves downloading the backups from the source site then uploading these to the destination site.
To find the backup log: there are links to download the logs on the UpdraftPlus settings page- or you may be emailed it. Failing that, FTP into the directory wp-content/updraft and look for it there.
Both free and Premium plugins include a built-in search-and-replace engine to replace old strings with the new location.
If migration is all you require, and for simple single site migrations the free plugin will likely be enough to meet your needs. If you have additional needs around backups e.g. the ability to backup before updates, if you require more remote storage locations or if you have a WordPress multisite then we recommend UpdraftPlus Premium for the additional benefits that it brings.
-
UpdraftPlus runs out of time when it’s trying to backup, after I have left it for some time to give it a good chance. What can I do?
-
This problem is probably caused by your account being starved of resources by your (cheap) web host provider. This is far from ideal; although UpdraftPlus supports resuming backup runs right from the beginning to avoid everything having to be done at once, it has its limits. The best thing is to choose a more reputable web host. Failing this, try going into the “Expert settings” and reducing the size at which zip files are split. UpdraftPlus is known to successfully backup websites that run into the multiple-gigabytes on web servers that are not resource-starved.
Pritaksoj
Kontribuantoj k. programistoj
“UpdraftPlus: WP Backup & Migration Plugin” estas liberkoda programo. La sekvaj homoj kontribuis al la kromprogramo.
Kontribuantoj“UpdraftPlus: WP Backup & Migration Plugin” has been translated into 36 locales. Thank you to the translators for their contributions.
Traduki “UpdraftPlus: WP Backup & Migration Plugin” en vian lingvon.
Ĉu interesita en programado?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Ŝanĝprotokolo
The UpdraftPlus backup blog is the best place to learn in more detail about any important changes.
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.16.32.x of the free version correspond to changes made in 2.16.32.x of the paid version.
= 1.25.1 – 11/Jan/2025
- SECURITY: Fix a non-persistent reflected XSS vulnerability due to a missing nonce combined with missing sanitisation. This could allow an attacker, who persuaded you to click a personally-crafted link to your site’s dashboard whilst you were logged in, to once run JavaScript code in your dashboard. Thanks to Asaf Mozes for finding and responsibly disclosing this issue.
- FIX: Prevent the restoration from failing when there is a ‘sync-xhr=()’ permission policy on the response header.
- FIX: Improve the approach of acquiring a suggested region for Amazon AWS S3 if a failure arises during the getBucketLocation() call, particularly when the XML response fails to provide a field for the suggested region – this resolves issues with regions (e.g. us-east-2) which recently changed their response behaviour
- TWEAK: Broaden the support to incorporate the “ap-southeast-4” region of Amazon AWS S3 and additional recently updated regions
- TWEAK: A regression in the paid version update checker to version 4.13.2, resulting in non-appearance of notices concerning subscription status or WP version compatibility.
1.24.12 – 23/Dec/2024
- FIX: The pre-restoration stage failed to properly address the tables that were to be excluded, which caused a logical error that misread the checked “include all tables not listed” option as an instruction to restore every table
- FIX: Update PHPSecLib library to version 2.0.48 which has the fixes for the “gmp_pow(): base and exponent overflow” on certain PHP versions and could cause backups to fail on the SFTP remote storage
- TWEAK: Complete the review and removal of calls to the unserialize() PHP function allowing class instantiation begun in 1.24.7. (The final removal involved a theoretical security defect, if your development site allowed an attacker to post content to it which you migrated to another site, and which contained customised code that could perform destructive actions which the attacker knew about, prior to you then cloning the site. The result of this removal is that some search-replaces, highly unlikely to be encountered in practice, will be skipped).
- TWEAK: Drop search and replace feature for PHP 5.2 users (to fulfil the preceding item)
- TWEAK: Tweak UpdraftCentral media module to add “has_image_editor” property to each media item
- TWEAK: On the restoration screen in a multisite configuration, the dropdown labeled “which site to restore” was covering other HTML elements, which caused some buttons to be positioned at the bottom instead of at the top
- TWEAK: Avoid deregistering jQuery-UI CSS if already printed by other plugins to prevent compatibility issues
- TWEAK: In the context of database restoration, the execution of LOCK and/or ALTER SQL statements must be avoided for any tables that are part of the “skipped tables” list
- TWEAK: openssl_free_key() is only needed on PHP < 8
- TWEAK: Various coding style changes to comply with “Plugin Check” rules
1.24.11 – 15/Nov/2024
- TWEAK: Do not request drive.readonly scope on Google Drive connections, due to Google’s app permissions review (unannounced and requires us to create a Youtube video for their review process) – this means that (until the review completes) new connections to Google Drive can only access backups created by UpdraftPlus directly, and not backups which you manually upload to Google Drive. This restores the ability to make new connections to Google Drive.
- TWEAK: Adjustment of the UpdraftPlus_S3_Compat class to preserve compatibility with the external UpdraftPlus AWS SDK plugin (https://github.com/DavidAnderson684/updraftplus-aws-sdk).
1.24.9 – 14/Nov/2024
- FIX: A regression in 1.24.8 when handling restoration of wp-config.php
- TWEAK: The changes in handling of loading text domains in 1.24.8 did not cover most cases
- TWEAK: Introduce the “updraftplus_use_builtin_wpcore_restoration” filter which can be used to restore WP-Core entity using a different WP-Core restoration mechanism especially in a case that the admin-ajax.php file couldn’t be deleted during the restoration
1.24.8 – 13/Nov/2024
- TWEAK: Add descriptions for the ‘Clone Package’ dropdown when creating a clone.
- TWEAK: Move the “load_plugin_textdomain” call from being called through “plugins_loaded” action to being called via “init” action
- TWEAK: Update the log message to specify that backup files are marked as “processed” when no remote storage is selected, and as “uploaded” when remote storage is selected.
- TWEAK: Some code tidying in the restore class
1.24.7 – 04/Nov/2024
- TWEAK: Include the .part file extension into the cleanup list, guaranteeing that files associated with this extension are regularly deleted from the backup directory
- TWEAK: The update functionalities in the WordPress plugin information box (6.5 and later) have been adjusted to stop updates from taking place in the same window, ensuring that the “auto-backup before update” dialog appears as intended
- TWEAK: Add customized “unserialized” method into the UpdraftPlus class which can handle the use of the “options” argument or its absence when running across different PHP versions
- TWEAK: Add the UPDRAFTPLUS_SEND_UNWRITABLE_BACKUP_DIRECTORY_EMAIL constant to disable the sending of unwritable backup directory emails to users.
- TWEAK: Clearer notifications to users regarding unconfigured remote storage settings and/or the selection of remote storage that are not part of their UpdraftPlus version
- TWEAK: During the resumption of OneDrive’s chunk uploads, the authorisation header and bearer token should not be included as it may lead to an unauthenticated error due to a different upload URL.
- TWEAK: Implement code to enable automatic activation of the UpdraftPlus plugin during the migration process from a multisite setup to a standalone site
- TWEAK: In a multisite environment, ensure that users can access the UpdraftPlus plugin page even in the absence of the WP_ALLOW_MULTISITE constant
- TWEAK: UpdraftClone now supports PHP 8.4
- TWEAK: Prevent a potential PHP deprecation notice when zip creation fails
1.24.6 – 25/Sep/2024
- TWEAK: In 1.24.5, the browser title wrongly displayed as “UpdraftPlus” when accessing an unrelated plugin page using the main menu.
1.24.5 – 24/Sep/2024
- FIX: Incorrect regular expression for DigitalOcean Spaces endpoint
- FIX: CSS conflicts with the LearnDash LMS Instructor Role Add-on plugin which caused some UI elements to disappear
- TWEAK: Reorganize UpdraftPlus in left-hand menu and rename it to “UpdraftPlus”; to disable it, follow this guide: https://updraftplus.com/new-location-of-updraftplus-in-the-wordpress-dashboard/
- TWEAK: Add span wrapper to UpdraftCentral connection failed message
- TWEAK: Add the “Go here to complete your settings” link into the appropriate admin notice that when clicked will jump to the UpdraftVault configuration if no settings are specified.
- TWEAK: Adjust regex patterns that didn’t match some temporary files, causing them to not be automatically removed
- TWEAK: After a restoration, clicking “Delete old folders” will also remove the wp-config-pre-ud-restore-backup.php file
- TWEAK: On the settings page/tab; prevent the floating “Save changes” button from getting clicked multiple times and/or sending multiple AJAX requests
- TWEAK: Remove pCloud from the add-ons list on the “Premium / Extensions” tab (there is no change in its availability)
- TWEAK: Renamed wp-config-backup.php to wp-config-pre-ud-restore-backup.php to clarify its purpose as a backup file created before restoring WordPress core entities, and it will only be generated if the user does not select the “Over-write wp-config.php” option during restoration, as the previous name was too generic and could cause confusion
- TWEAK: The popup modal for automatic plugin updates fails to retain the backup checkbox selection when the “remember” option is enabled in a Multisite environment.
- TWEAK: Updated autobackup selector to resolve issues caused by the missing “update-link” class in WPForms Pro plugin
1.24.4 – 2/Jul/2024
- FIX: Case-sensitive issue of bit field type names in a table.
- FIX: Resolved issue where backup files could not be deleted from remote storage when either the root directory was active or no directory was specified in the OneDrive configuration form.
- FIX: When users attempt to update a plugin using the “View Version x.x.x Details” link instead of choosing “Update Now,” the plugin is successfully updated; however, the UI incorrectly displays an “Update Failed” message
- FIX: Conflict with the Gravity Forms plugin when there was an older version of jQuery UI presented on the “Installed Plugins” page.
- TWEAK: Ensure compliance with Google Granular Consent and check for required permissions during storage access authorisation of Google Drive and Google Cloud
- TWEAK: Prevent PHP warning and deprecation messages after completing access authorisation to Google Drive storage.
- TWEAK: Prevent PHP warning when Dropbox remote storage has been authenticated and the page is refreshed.
- TWEAK: Added filter updraftplus_working_dir_localpath to allow temporary unzip path to be modified by developers
- TWEAK: Modify the displayed title of the plugin from “WordPress Backup & Migration Plugin” to “WP Backup & Migration Plugin” as required by the plugin directory team
- TWEAK: Parse certain php events and log proper error messages
1.24.3 – 30/Apr/2024
- FIX: Regression in 1.23.16 for improving logs which then caused incorrect_offset error reported by Dropbox wasn’t properly handled.
- TWEAK: The UpdraftVault remote storage can handle Wasabi as well as Amazon S3 storage in the background.
- TWEAK: Fix WP_Theme_JSON_Resolver::theme_has_support deprecation warning for UpdraftCentral
- TWEAK: Prevent “PHP Warning: Undefined property: UpdraftPlus_BackupModule_pcloud::$description” during rescan remote storage.
- TWEAK: Prevent PHP deprecation warnings during database backups when encountering null values in bit field types.
- TWEAK: Show a warning message when the WP_ACCESSIBLE_HOSTS constant is defined and updraftplus.com is not permitted by its value
- TWEAK: Update notices
- TWEAK: Split multiple sentences into separate translation function calls.
- TWEAK: Trim spaces from S3-Compatible (Generic) endpoint.
1.24.2 – 26/Mar/2024
- FIX: The “Continue restoration” and “Dismiss” buttons on the unfinished restoration dialog were not responsive to being pressed due to a recent regression
- FIX: Conflict with other plugins due to different version of third party library (Guzzle) and the composer autoload.php was called too early
- FIX: Undefined “NET_SCP_LOCAL_FILE” constant when SCP was in use for the SFTP/SCP remote storage
- TWEAK: Add compatibility fields when returning plugins and themes to UpdraftCentral
- TWEAK: Due to issues in some cURL versions 7.x in handling HTTP/2 connections, all HTTP connections to the OneDrive API are now forced to use HTTP/1.1 version, on cURL versions after 7.61 and before 8.0. Also, a constant named UPDRAFTPLUS_ONEDRIVE_CURL_HTTP_VERSION can be set in the wp-config.php file to change the default HTTP version to another preferred version
- TWEAK: Adjust margin to fix broken UI for the ‘View logs’ button on backups.
- TWEAK: Ensure all “SET SQL_MODE” statements in the database backup file are internally handled and are subjected only to a restoration outside UpdraftPlus plugin
- TWEAK: Prevent PHP 8.2 coding style deprecation notices in the autobackup addon
- TWEAK: In the context of OneDrive’s chunk upload, authorisation header and bearer token should not be included during upload session as it may lead to 401 HTTP status due to different upload URL
- TWEAK: Remove default value for updraftplus_https_to_http_additional_warning and updraftplus_http_to_https_additional_warning filters.
- TWEAK: Set the SQL_MODE to ‘NO_AUTO_VALUE_ON_ZERO’ in the database backup file.
- TWEAK: Seasonal notice content update for 2024
- TWEAK: During the operations that require phpseclib, include the composer autoload.php only when the phpseclib is really needed
1.24.1 – 21/Feb/2024
- FEATURE: Implement Backblaze Object Lock support (Premium version)
- FIX: The email backup and basic report setting didn’t work causing notification email confirming backup status couldn’t be delivered to admin’s email address (free version)
- FIX: Fix WP-Optimize premium discovery for UpdraftCentral
- FIX: Regression in 1.23.16 for correcting calls to translation functions which then caused some HTML attributes to be empty
- FIX: Restoring backup sets via Migrate/Clone tab had caused all associated backup entities being downloaded immediately ignoring user preferences about the entities they wanted to restore
- FIX: Third-party library conflict (phpseclib) with WP All Import Pro and AIO WP Migration plugins that caused failure in testing SFTP credentials and backing up to the SFTP remote storage
- FIX: Restore compatibility with WordPress multisite running on versions < 4.9 caused by use of function not present before then
- TWEAK: Add new translation entries for UpdraftCentral
- TWEAK: Got rid of PHP 8.2 deprecation messages caused by a null value being passed to the htmlspecialchars() function and creation of dynamic property
- TWEAK: Got rid of PHP 8.3 deprecation messages caused by calling get_class() without arguments.
- TWEAK: Refactor methods in UpdraftPlus_Database_Utility class
- TWEAK: Send an email if the backup directory is not writable.
- TWEAK: Add and set the
filename_only
parameter to reduce search times when looking for specific backup files in Dropbox. - TWEAK: Autoload PHP secure communication library (phpseclib) in a better way that would prevent already-loaded phpseclib classes (by other plugin) from being used in certain operations
- TWEAK: Add updraftplus_backup_db_header_append filter to allow site owners to include arbitrary content in their database backup header
1.23.16 – 23/Dec/2023
- TWEAK: Added demo link for the family plugin in advertisement
- TWEAK: Removed https / http prefix from s3generic endpoints
- TWEAK: Resolve PHP 8.0 compatibility with ob_implicit_flush function
- TWEAK: Dropbox error logs improvement
- TWEAK: As required by the wordpress.org plugin team, all UpdraftPlus news is forbidden to be displayed in the “WordPress News” section of the dashboard for users of the free plugin even if consent is first given.
- TWEAK: Fix some incorrect calls to translation functions
1.23.14 – 30/Nov/2023
- FIX: Resolved Google Cloud remote storage authentication flow
- TWEAK: Changed updraftvault links functionality to open in different tab
- TWEAK: Clarify significance of warnings in report emails
- TWEAK: Make the news-consent’s layer fit with the confirmation text thus removing empty space that can reveal some of the UpdraftPlus news
- TWEAK: Declare a shim “php_uname” function when it’s found to be undefined to prevent a fatal error in the phpseclib library (which calls it)
1.23.13 – 22/Nov/2023
- FIX: An issue that prevented incremental backups from running via WP-CLI or Cron when the option to backup mu-plugins was enabled but no mu-plugins existed
- FIX: OneDrive remote storage authentication was giving the error “Invalid input.”
- FIX: The option to back up additional, user-chosen files (i.e. the morefiles entity) was no longer present in the UI
- TWEAK: Remove unused “migrator-lite.php” string during search and replace operations
- TWEAK: Replace remaining hardcoded text domain with UPDRAFTCENTRAL_TEXT_DOMAIN placeholder within the central folder
- TWEAK: LiteSpeed admin dashboard warning is now displayed upon completion of migration on the destination site, even after dismissing the message on the source site.
- TWEAK: Do not show UpdraftPlus news in the WordPress events and news widget section without first gaining user consent
- TWEAK: Change order of checks when seeing if cPanel is present/accessible for asking about disk quota in order to prevent unwanted an PHP notice when safe_mode is active
- TWEAK: Prevent potential fatal error if something has modified an updates check’s ‘translation’ property to be invalid before passing on to UpdraftPlus
- TWEAK: Update bundled cacert.pem file
1.23.12 – 08/Nov/2023
- FIX: Issue that prevented some database restores from completing due to a change in wpdb in WordPress 6.4
- TWEAK: Replace Javascript onchange event with oninput event to detect changes made for HTML tags on the settings page, also to add to the event handler so that unsaved changes can be detected
1.23.11 – 03/Nov/2023
- SECURITY: Fix a vulnerability which could, if you had Google Drive storage enabled, and if an attacker targetted a logged-in administrator on your site and persuaded them to access a specific URL that the attacker creates, add the attacker’s own Google Drive account to the saved storage methods. Thanks to Nicolas Decayeux of Patrowl for finding and disclosing this issue.
- FEATURE: Add JSTree for Google Drive to select existing folder
- FEATURE: The “Must-use plugins” backup entity can be backed up and restored separately in a normal WordPress site
- FIX: OneDrive folder case sensitivity issue (successfully uploaded backup files to the remote storage but failed in pruning old backup files due to different letter capitalisation; also happened in manual deletions)
- FIX: When two instances of WebDav remote storage were sequentially added in the Premium version, filling some fields of the latest instance would break the WebDav URL of the previous instance
- TWEAK: Update phpseclib library from version 1 to 2. As previously advised, this also means that these features (Database Encryption, Dropbox & SFTP/SCP remote storage, and UpdraftCentral key creations) will no longer be available and can cause a fatal error when running on PHP 5.2
- TWEAK: Add a link to Trustpilot in the review prompt
- TWEAK: Added a warning message when the WP_HTTP_BLOCK_EXTERNAL is defined and set to true
- TWEAK: Added the “Copy to clipboard” button under the self-hosted central option
- TWEAK: File size is shown when pressing on the backup entity
- TWEAK: Fix the restore dialog to not display “plugins” checkbox when only there’s “mu-plugins” entity
- TWEAK: Fixed PHP 8.2 deprecation messages caused by a null value being passed to the rtrim() function
- TWEAK: Resolve PHP deprecations for the dynamic property access by declaring the variables in the class
- TWEAK: Includes the plugin.php file path if “get_mu_plugins” function does not exist.
- TWEAK: Provide default options for function UpdraftPlus::backup_all()
- TWEAK: Add and call the
litespeed_finish_request()
function to ensure the HTTP connection made from the browser gets closed immediately without having to wait the process to complete thus leaving it run in the background - TWEAK: Ensure no PHP “Class not found” is showing up during credentials testing
- TWEAK: Add type checking in UpdraftPlus::handle_url_actions() to prevent plugin conflicts causing PHP errors on PHP 8+
1.23.10 – 05/Sep/2023
- TWEAK: New S3 signature version setting is added to the S3-Compatible (Generic) configuration form, giving an opportunity for the user to choose which signature version to use (SigV2 or SigV4)
- TWEAK: Enable PHP 8.3 (see: https://stitcher.io/blog/new-in-php-83) support in UpdraftClone
- TWEAK: Adjust fread() sizes for better performance when uploading an archive via the widget
1.23.9 – 14/Aug/2023
- FIX: Fatal error of Uncaught ArgumentCountError when the UpdraftPlus settings page is browsed from an IP-adressed site (i.e. no hostname) on PHP 7.1+
- FIX: Incorrect caching mechanism such that when multiple Google Drive storage back-ends were in use (Premium feature), uploading to a storage would fail due to unmatched folder ID taken from a different storage instance
- TWEAK: Define class properties in UpdraftPlus_Addons_Migrator class for PHP 8.2 compatibility
1.23.8 – 08/Aug/2023
- FEATURE: Given the basic migration feature in the free plugin
- FIX: Content-MD5 and any V2-related headers were always included in the S3’s V4 SignedHeaders even though the headers were not presented in a HTTP request
- FIX: Generating URL-encoded queries for a canonical request should have used a method/mechanism which encoded query values according to RFC 3986 (for consistency and for not breaking the code)
- FIX: Search / replace database not working on Admin dashboard > Settings > UpdraftPlus Backups > Advanced Tools > Search / replace database on PHP 8.2 due to stricter type checking
- FIX: A newly added subsite that was restored from a normal site to the multisite was not listed in the site list in the multisite
- FIX: Manual deletion of backup sets appeared to skip some files when multiple instance and/or remote storage were in use
- FIX: The SFTP remote storage stopped working in the UpdraftPlus 2.23.6 release. Reverted the change “TWEAK: Validate SFTP key field on credential test and before save”
- TWEAK: Add a warning in the log file if AWS connection fails and a TLSv1.2 connection test fails
- TWEAK: Add warning for user if only PclZip available
- TWEAK: Fix unable to switch tab when a plugin (wrongly) loads certain CSS onto UD’s settings page
- TWEAK: Remove the word ‘apparently’ in the backup success message
- TWEAK: Update to latest phpseclib 1.0.X version (prevents deprecation notice on PHP 8.1+)
- TWEAK: Change “s3” property to “public” in UpdraftPlus_AWSRequest class for PHP 8.2 deprecation compatibility [https://source.updraftplus.com/team-updraft/updraftplus/-/merge_requests/1481]
- TWEAK: Fixed Missing/ broken links for the pCloud image in addons tab
- TWEAK: Buying UpdraftClone tokens through inline checkout
- TWEAK: Fixed Spelling errors in updraftplus repo
- TWEAK: Added save button at the top of setting tab content
- TWEAK: UpdraftCentral module now, by default, overwrites the same existing theme installed on the remote sites (if any), regardless of what version is currently installed or what version being uploaded and installed
- TWEAK: Define class properties in Updraft_Checkout_Embed class for PHP 8.2 deprecation compatibility
- TWEAK: Update the composer package yahnis-elsts/plugin-update-checker for PHP 8.2 compatibility
- TWEAK: Added username and email details for authenticated dropbox account in updraftplus settings
- TRANSLATIONS: Split sentences to make one sentence in any translation functions
1.23.7 – 04/Jul/2023
- FIX: When Dropbox returns an error, this error was not always correctly passed up to the logging layer
- FIX: Search / replace database not working on Admin dashboard > Settings > UpdraftPlus Backups > Advanced Tools > Search / replace database on PHP 8.2 due to stricter type checking
- FIX: The SFTP remote storage stopped working in the UpdraftPlus 2.23.6 release. Reverted the change “TWEAK: Validate SFTP key field on credential test and before save”
- TWEAK: Fixed Missing/ broken links for the pCloud image in addons tab
- TWEAK: Buying UpdraftClone tokens through inline checkout
- TWEAK: Prevent PHP warning during some migrations when no table list provided
1.23.6 – 19/Jun/2023
- FIX: Search / replace database not working on Admin dashboard > Settings > UpdraftPlus Backups > Advanced Tools > Search / replace database on PHP 8.2 due to stricter type checking
- TWEAK: Remove the incremental dropdown on incremental backup restore when the user selects only the database to restore
- TWEAK: Validate SFTP key field on credential test and before save
- TWEAK: Remove the unused UpdraftPlus_S3::getHttpUploadPostParams() method
- TWEAK: Attempt to workaround some web hosts’ opcode cache producing incorrect error upon upgrade
- COMPATIBILITY: Fix pCloud deprecated warning in PHP 8.2
- COMPATIBILITY: Fix Google Cloud deprecated warning in PHP 8.2
- COMPATIBILITY: Fix Google Drive deprecated warning in PHP 8.2
- TWEAK: Fixed issue with cron jobs not clearing after wiping settings
- TWEAK: Added link to WP-Optimize in the database size tab in the advanced tools
1.23.4 – 16/May/2023
- SECURITY: Fixed a missing nonce combined with a URL sanitisation failure, which could lead to a targeted XSS opportunity (if an attacker persuades a logged-in administrator to both re-authorise their connection to a remote storage (e.g. Dropbox) and then to follow a link personally crafted for their site before re-authorising whilst logged in, he can then store a fixed JavaScript payload in the WP admin area (they would need a further route to use that ability to cause any damage). Because of the need for the administrator to co-operate in multiple steps, this attack is very unlikely (but you should of course still update).
- FIX: DigitalOcean S3-compatible storage does not work with disabled SSL entirely where possible settings.
- FIX: If there was an error or network connectivity issue on first attempt of uploading a plugin/theme file, then the second attempt of uploading the same file would make the file become corrupted thus resulting in installation failure.
- COMPATIBILITY: Suppress htmlspecialchars deprecation warnings on PHP 8.1
- COMPATIBILITY: Suppress some PHP 8.2 deprecation notices from use of ${} style variables, and others from use of dynamic properties
- TWEAK: Handle web hosting company setup that disabled pclose() but not popen()
- TWEAK: All HTTP requests to the Google Drive API now, by default, forces to use HTTP/1.1 version. Also, a constant named UPDRAFTPLUS_GDRIVE_CURL_HTTP_VERSION can be set in the wp-config.php file to change the default HTTP version to another preferred version
- TWEAK: Improve ‘move’ and ‘copy’ filesystem functions in restoring directories containing files to a different mount point/partition than where they reside
- TWEAK: Improve files pruning mechanism, by not repeating already-done ones when resuming deletions
- TWEAK: Improve the Handlebars templates of the Google Drive, Dropbox and UpdraftVault remote storage modules by taking PHP code out of them
- TWEAK: Improve widget layout when decrypting a backup
- TWEAK: Remove Bootstrap CSS in Restore Wizard and replace with Flexbox CSS
- TWEAK: Add multisite subsites header information to the database backup file that will be used for converting a network subsite to a standalone normal WordPress site
- TWEAK: Add the UpdraftPlus plugin slug header to the database backup file
- TWEAK: Include next-level-up directory path along with deleted folder’s name when deleting a folder
- TWEAK: Update seasonal notices
- TWEAK: Make common logic for getting backup history from the database
- TWEAK: Remove usage of the file_get_contents() function from WebDAV remote storage without chunking upload
- TWEAK: Pass through some previously unhandled Dropbox error codes
- TWEAK: Added the “non-core” word to the WordPress database tables excluded warning.
- TWEAK: Remove WordPress core tables from the non-core WordPress database tables excluded list in restoration step 2
- TWEAK: When migrating the www site, the search replace will be performed in database tables on the non-www domain too, and vice versa
1.23.3 – 16/Mar/2023
- SECURITY: This release fixes an important security defect – please update. Full details: https://updraftplus.com/updraftplus-1-23-3-2-23-3-important-security-release/. Sites are affected if there are WordPress users (i.e. people who can login) who can reach the back-end (i.e. wp-admin) dashboard (but we recommend everyone updates in any case).
1.23.2 – 15/Mar/2023
- FIX: Automatic backups before updating a plugin, theme, or WP core were not working (regression in 1.23.1)
- FIX: A database backup couldn’t be taken from WP-Optimize and All-In-One Security (AIOS) (regression)
- TWEAK: Add a user capabilities check when downloading a backup (this is not believed to have any security implications, as the download operation already requires knowledge of a further nonce that there is no mechanism for a non-administrator to obtain).
- TWEAK: Improve the Handlebars template of the UpdraftVault remote storage by taking PHP code out of it
- TWEAK: Prevent making a nonce available to logged-in users who could not manage UpdraftPlus (this did not give access to any unauthorised actions)
- TWEAK: Improve the Handlebars template of the UpdraftVault remote storage by taking PHP code out of it
- TWEAK: Improve the Handlebars template of the pCloud remote storage by taking PHP code out of it
1.23.1 – 08/Mar/2023
- FEATURE: Support Cloudflare R2 as a generic S3 storage provider (always use v4 signature)
- FEATURE: Added the ability to get an accurate row count for all tables in the advanced tools
- FEATURE: Expose an option in the UI to disable chunked uploading when using WebDAV remote storage (previously required a constant)
- FEATURE: Add the ability to anonymize WooCommerce order data when cloning a site
- FIX: An over-ride enforcing use of V4 signatures on Aliyuncs S3 storage was no longer working
- FIX: pCloud error handling in chunked uploading did not pass the error message up to the logging layer
- FIX: Backups started under WP-CLI could not backup the database only without any files
- FIX: Couldn’t add any file/directory inclusion for “Other” entity due to access to one directory up from the current (ABSPATH) isn’t permitted
- FIX: Atomic restore is not renaming a few tables when not restoring specific tables by using the filter
updraftplus_restore_this_table
. - FIX: Sometimes the “delete old directories” notice displayed even though the actual
-old
directory didn’t exist - FIX: The restore point date time was incorrect in the restore screen when restoring the incremental backup, and the WordPress site has a non-GMT timezone set.
- TWEAK: Improve manual rescanning and deletion of backup sets by setting up a time limit to a value defined in UPDRAFTPLUS_SET_TIME_LIMIT constant to minimise chances of getting fatal error (maximum execution time exceeded)
- TWEAK: Add a filter updraftplus_mysqldump_arguments to allow changing of arguments passed to the mysqldump binary when that is being used
- TWEAK: Include PHP version in default S3 user agent to aid debugging
- TWEAK: Disable Gravatar on UpdraftClone
- TWEAK: Cleanup .list.tmp files when a cloud backup completes
- TWEAK: Use the function that lists our own cron schedules to simplify the way backup intervals are prepared and to avoid schedules mismatch
- TWEAK: Improve manual deletion of backup sets by setting up a time limit to a value defined in UPDRAFTPLUS_SET_TIME_LIMIT constant to minimise chances of getting fatal error (maximum execution time exceeded)
- TWEAK: Improve the Handlebars template of the S3-Compatible (Generic) remote storage by taking PHP code out of it
- TWEAK: Increase max_recursion value to 20 in class-search-replace.php
- TWEAK: Add a new function that lists our own cron schedules so that it can later be used as schedules sorting purpose also as a main source from which our schedules list is originated
- TWEAK: Display Google drive email address along with account holder name
- TWEAK: Fixed WebDAV PHP 8.1+ deprecated warnings
- TWEAK: Updated text message displayed on Web Server – Localhost UC Dashboard Key Creation.
- TWEAK: Use nonce in every part of a restoration process to prevent direct access that has allows an unwanted log file to be begun. On sites running on end-of-lifed PHP versions (<8.0) it was possible to read the beginning of the log file, causing an unintended information disclosure about the server environment, e.g. Apache version, PHP version and available memory (but current PHP versions are …