When cloning a website, you have to get the backup set that is created on the source website into UpdraftPlus on the destination website.

There are currently a few options you can choose from to do this…

  • Use the same remote storage (e.g. same Dropbox) for both, and press the “Rescan remote storage” link on the destination website.
  • Set the remote storage for the source website to use the FTP details for the destination website’s UpdraftPlus directory. After backing up, press the “Rescan local storage” link on the destination website.
  • Just download the backup by hand on the source site, and upload into UpdraftPlus on the destination website.

We think (and some of you think) that this still leaves room for something more convenient. Wouldn’t it be handy if you could just press a button and send a backup, once, directly to the destination site?

Even better would be if UpdraftPlus could remember several remote destinations (each set up only once), and you could choose to send to whichever you wanted (e.g. development site, staging site, live site)?

And how about if the setup only involved copy and pasting one key, and all communications were encrypted with industry standard encryption, and required nothing special to be set up on either end apart from UpdraftPlus?

You’ve guessed it – we’ve been working on it!

It’s not finished yet, and we’re not yet sure if it’ll be finished for the next release (which should be next week); but if not then it’ll be close. (For those who don’t know – we aim to release every 3-4 weeks). Here’s a screenshot of the new window that’ll open when you press the “Clone/Migrate” window, when this feature is done. We’ve worked hard to try to keep up UpdraftPlus’s reputation for making complicated things simple, and this is what we’ve come up with:

Direct site-to-site transfers

David Anderson (founder, lead developer, UpdraftPlus)

Just a quick note…

Our Google Drive setup guide used to have a note saying that Google did not allow WordPress installs hosted on ‘localhost’ (i.e. a development machine not reachable from the public Internet) to access Google Drive.

This restriction was arbitrary, and we never knew why they had it. It appears that they no longer do. We didn’t spot notice of this anywhere, but Google no longer sends back an error if you try – it works.

You don’t need to update UpdraftPlus to be able to do this – the restriction was always at Google’s end. You can just use it!

David Anderson (founder, lead developer, UpdraftPlus)

UpdraftPlus 1.10.1 (free version) / 2.10.1 (Premium version) is in the process of being released.

The biggest new feature is in UpdraftPlus Premium, and is support for Microsoft OneDrive. Microsoft’s Dropbox/Google Drive/etc. competitor gives you 15Gb of free storage (or more for completing some simple steps), and is backed by the strength of one of the world’s largest companies. UpdraftPlus now includes full OneDrive support.

It’s also now possible to totally exclude the backup of a particular table, if you wish to.

Beyond that, there are a number of small tweaks and fixes, to make sure your backups keep running smoothly and quickly. The fuller changelog will appear at this link.

As ever, we recommend everybody updates – this is our best UpdraftPlus yet!

David Anderson (founder, lead developer, UpdraftPlus)


Microsoft OneDrive

It’s coming – support for Microsoft’s Dropbox/Google Drive/etc. competitor (with 15Gb of free storage, or a bit more for completing some simple steps) is coming to UpdraftPlus.

There’s currently an FAQ that says that we can’t support Microsoft OneDrive, because they forbid backup utilities by policy.

This information is out of date – Microsoft have removed this policy and been encouraging use of OneDrive for all sorts of storage needs.

We currently have a working Microsoft OneDrive storage module for UpdraftPlus. We need to complete the documentation, and change how one of its capabilities works… but all being well, this will be in the next release of UpdraftPlus Premium. We know that some of you have been waiting for this for a long time – it’s nearly here!

David Anderson (founder, lead developer, UpdraftPlus)

UpdraftPlus version 1.9.4, release almost exactly a year ago (23rd April 2014), introduced an all-new back-end for Google Drive.

One of the reasons we did this, was because Google had previously announced that in April 2015, they would be shutting down one of their interfaces for programs to use Google Drive.

Google have now done what they said they would. Their old way of accessing Google Drive has now been permanently removed. If you are still using a version of UpdraftPlus from before 1.9.4 to use Google Drive, then you must update to be able to carry on doing so.

David Anderson (founder, lead developer, UpdraftPlus)


You may already have spotted that WordPress 4.2 is out. Follow that link to get the low-down. Safe to say, as we reported earlier, that this release is mostly about incremental improvements, rather than any dramatic leaps – except for users in certain foreign languages, for whom improvements in handling their character sets will be very welcome.

It’s been quite a week for WordPress updates, with the mass plugin release followed by the WordPress 4.1.2 security release, and now this. Just to confirm: if you’re on the current release of UpdraftPlus (1.9.64 / 2.9.64)  then you’re already compatible with WordPress 4.2. (The previous 1.9.63 / 2.9.63 release made a week before for WP 4.2 compatibility won’t do it – as some more changes went into the final release of WP 4.2).

As ever, if you’ve got UpdraftPlus Premium installed, then it can take a helpful automatic backup of everything before you update to WordPress 4.2. So, if WP 4.2 causes a problem, you’re covered with a backup. If you’ve not yet got UpdraftPlus Premium, please do take a look!

David Anderson (founder, lead developer, UpdraftPlus)

Trying to predict the future timings of a backup on shared web hosting with certain web hosting companies I could mention reminded me of this cartoon from XKCD

XKCD cartoon

Which is why UpdraftPlus does not estimate how long your backup will take to complete! Instead, it has algorithms found in no other backup plugin to attempt to make sure, as much as possible, that no matter how cheap and nasty your web hosting, it will complete. Why not give UpdraftPlus Premium a look today?

David Anderson (lead developer, founder, UpdraftPlus)

In case you’ve not seen, there was a new critical security release made for WordPress itself a few hours ago.

Most sites should update automatically within 12 hours – but since the release notes say that the security hole allows complete site take-over by an unauthenticated user (i.e. the worst possible kind of security vulnerability), I’d recommend updating right away. I’ve just updated around 100 sites!

David Anderson (founder, lead developer, UpdraftPlus)

Last week, security researchers at Sucuri (their advisory is here) discovered a security defect affecting a large number of WordPress plugins – including UpdraftPlus in versions before our current release (1.9.64 for the free version, 2.9.64 for the paid version).

Because many plugins were affected, news of this defect has been under wraps until now, whilst Sucuri searched for more affected plugins. Announcing at the same time means that hackers who spot the announcement in one plugin can’t go and search for it in other plugins that haven’t yet made updates available.

The defect is an “XSS” vulnerability (Wikipedia link). This means that it is possible for a hacker to inject unwanted content in your website. What kind of content, and who it can affect, depends on the details of the plugin itself and how it works.

In UpdraftPlus, the danger is as follows: an attacker would need to a) send you a specially crafted link, and b) persuade you to click on it, on a computer on which you are also logged in to the WordPress dashboard on your site, with admin privileges. If you clicked on that link, then the attacker could run code in your dashboard page one time (i.e. not persistent – it won’t remain in your dashboard), performing UpdraftPlus administrative actions (e.g. download a backup, run a backup, delete a backup). We do not believe that there is a way for an attacker to upload and restore their own backup. (i.e. They cannot modify your site through injecting and restoring their own backups).

For clarity: since UpdraftPlus never has any cause, and hence has no code, to display anything on the front-end of your website, it is not possible for this defect to result in code being shown to visitors to your website. Logged-in users who do not have administrative access to the UpdraftPlus dashboard also have no way of being affected.

Other plugins will be affected in other ways. The above description does not describe what the risks may be through other affected plugins. To check all 40,000-ish WordPress plugins would be impossible (plugin authors will have to check themselves), but Sucuri have been auditing many popular plugins, and at least these plugins are known to be vulnerable:

  • WordPress SEO
  • JetPack
  • All In One SEO
  • Gravity Forms
  • Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • P3 Profiler
  • Give
  • Ithemes Exchange
  • Two Factor Authentication
  • Broken Link Checker

You should immediately check that all of these plugins have been updated to the latest version.How has this vulnerability affected so many plugins? Basically, it was easy to do. The WordPress coding manual, for a particular function, included an example of its use that was vulnerable. If you used the function in a way like the example suggested, then you’d introduce a security vulnerability into your plugin. The page has now been corrected to give specific guidance on the potential pitfall, and showing secure examples instead. Sucuri, who realised the mistake, set about looking for plugins that were using the function in the way previously suggested.This defect is fixed in UpdraftPlus 1.9.64 (free users) and 2.9.64 (paying users). So, if your version number is below that, then please update. Many free users will find that they are already updated – wordpress.org has been pushing out instructions to sites to automatically update. So don’t be surprised if you’re already on a safe version!

David Anderson (founder, lead developer, UpdraftPlus)

UpdraftPlus 1.9.64 (free version) / 2.9.64 (paid version) is in process of being released. You should see it available in your WP dashboard in the next day or so.

This release includes:

The full changelog is available here (though usually takes a few hours to catch up).

All users not already running 1.9.64 / 2.9.64 are advised to update as soon as they see that an update is available.

David Anderson (founder, lead developer, UpdraftPlus)


UpdraftPlus is a trade mark of Simba Hosting Limited, UK registered company number: 8570611, VAT number: 202 1260 80

$0.000 items