WP File Manager Backup: A Complete Guide

Bulletproof Backups for Your WordPress Website

Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.

The WP File Manager backup is a popular way to take a WordPress backup.

Backups serve as a lifeline during unforeseen disruptions. They allow you to restore your site to a previous state swiftly and with minimal hassle. There is a world of backup plugins that you can use like BlogVault and UpdraftPlus. On the other end of the spectrum is the manual method of exporting your files and your database separately. WP File Manager plugin is a mix of both. 

This plugin provides an interface for managing your site’s files directly from the WordPress dashboard. It also has a backup and restore feature that can be helpful. It’s a popular plugin and we were curious about the hype. In this article, we tested it out and will break down all our thoughts. 

TL;DR: The WP File Manager is a quick way to back up your site from the admin panel. However, it comes with the serious security risk of attacks like privilege escalation. This is why we recommend you take backups with Blogvault instead. BlogVault automatically takes daily backups of your files and your database without putting your site at risk. 

Creating backups for your WordPress site is not just a precautionary measure; it’s an essential part of site management. Backups can save the day in critical scenarios like security breaches and malware attacks. 

The WP File Manager plugin offers a straightforward method to manually handle your website’s files. Just install the plugin and you can start editing, downloading, or uploading files to your site’s server. While this is their primary function, they also have a backup feature. However, their backups lack essential features like offsite storage and automatic backups. Backups taken like this will be far more time-consuming, in the long run, when compared to the ease of using a plugin like BlogVault.

If that’s not bad enough, let’s talk about the security risks. The WP File Manager plugin can serve as a gateway for hackers to manipulate your site’s files; specifically like a  privilege escalation attack. 

A privilege escalation attack occurs when a hacker creates a low-level user account on your site, and exploits a vulnerability to increase their permissions to finally take over your site. With WP File Manager’s open access to site files and database, hackers don’t even require a vulnerability to gain full access. It is all there for the taking. Code injection becomes easy, and presents a serious risk, given that the plugin allows users to add, edit, and delete files. 

If it wasn’t clear, we do not recommend that you use this plugin. However, because of its popularity, we tested it out and we’ll talk about our experience. 

Taking a WP File Manager backup and restore

Not all website hosts offer cPanel, which means you may not have direct access to a file manager through your hosting provider. You may also not be comfortable using FTP to access files. This is where the WP File Manager plugin comes in. Here is how to take a backup with the plugin:

  1. Navigate to your WordPress dashboard and go to Plugins. Click on Add New and search for WP File Manager. Then install and activate the plugin.
  1. Once activated, find the WP File Manager option in your WordPress sidebar. Click on Backup/Restore. By default, it will select your database and your files. Click Backup Now
  1. If you scroll further down, you can see the details of the backup. Click Restore or Delete if you want. 

Unfortunately, you can’t automate the process. So, if you want up to date backups, you will have to repeat this process daily. 

Configuring WP File Manager

Going into this process, we were worried about user access. If a subscriber logged in, could they access the WP File Manager and make changes? So, we looked for configurations. 

In the sidebar, we clicked WP File Manager and clicked Settings. At first glance, we were excited. There was a lot of customizability in who can access your database or files. But, to our disappointment, we were met with an error message at the top: 

So, that failed. But, let’s move on. As a side note, they have a similar page for logs. 

We then created test user accounts of different roles and tested out the dashboards for all of them. We were glad to see that only the admins had access. This isn’t a clean chit for the risk of privilege escalation. But, it means that an unsavvy subscriber can’t crash your site accidentally. 

If you click WP File Manager within the plugin’s sidebar menu, you can see all your files. But, the dashboard is pretty terrible. The icons are minuscule and delayed. Even the tooltip shows up after hovering for a couple of seconds. It is also really clunky. Overall, not our favorite dashboard. 

Among the things that we appreciated was you can view system details like the PHP version in the System Properties tab.

Also, the Preferences tab contains quite a few configurable items. For example, you can change what is displayed when you open the WP File Manager tab. By default, it is the root folder. You can also enable the ability to upload images.  

Having looked through the plugin, does it objectively pass with flying colors? Not really.

What was the WP File Manager plugin missing?

While the WP File Manager plugin offers a straightforward method to manage and retrieve files directly from your WordPress dashboard, it falls short in several critical areas necessary for robust and comprehensive site backups. Here are some key features that the WP File Manager plugin lacks:

  • Automatic backups: One of the most significant limitations of the WP File Manager plugin is the absence of automatic backups. Manually taking backups is time-consuming and increases the risk of human error. In contrast, automatic backup solutions ensure your site data is safeguarded regularly without requiring user intervention.
  • Real-time backup for WooCommerce sites: For sites running complex solutions like WooCommerce, real-time backups are indispensable. The WP File Manager plugin does not offer the capability to perform real-time backups that are essential for capturing transactional data instantly. This way, if your site is in trouble, you may not have the latest backup of all the transactions and orders that were placed. 
  • External dashboard: The WP File Manager operates within the WordPress interface, which is not the safest. We test a lot of things for our articles and we often crash our site. Thankfully we take backups with BlogVault and can restore it from the external dashboard. One click and our site is back. What will you do if you’re reliant on WP File Manager for backups and lose access to your admin panel?
  • External storage
  • Encrypted backups
  • Restore functionality (I guess)

What is the best way to backup your WordPress site?

When it comes to ensuring the safety and integrity of your WordPress site, using a robust and comprehensive backup solution like BlogVault is the best way forward. Here are the myriad benefits that BlogVault offers, making it the ideal choice for backup and recovery:

  • Complete backups: BlogVault provides full backups of your WordPress site, covering both site files and the database. This ensures that your entire site can be restored seamlessly.
  • Automated backup routines: BlogVault enables you to schedule automatic backup routines, eliminating the need to remember to perform manual backups. This convenience ensures that your site is regularly and consistently backed up without any extra effort on your part.
  • Effortless restorations: One of the standout features of BlogVault is its one-click restore function. This simplifies the restoration process, minimizing downtime and getting your site back online quickly and efficiently.
  • Incremental backups: By using incremental backup, BlogVault only backs up the changes made since the last backup. This reduces server load and backup time, making the process faster and more efficient.
  • Secure offsite storage: BlogVault stores backups on its own secure servers. This protects your data from local failures or disasters. 
  • Facilitates site migration: BlogVault also facilitates site migration, allowing you to transfer your site to a new server or domain without any downtime or data loss.
  • Real-time backups: For websites that constantly change, such as WooCommerce sites, BlogVault offers real-time backup options, capturing changes as they happen to ensure zero data loss.
  • Customer support and resources: BlogVault provides strong customer support for troubleshooting and assistance. Helpful resources and guides are also available to help you maximize the use of the backup features.

Final thoughts

While plugins like WP File Manager offer a way to handle backups manually, they do not provide a comprehensive solution. For a full, secure, and efficient backup of both your site’s files and database, it’s best to use a dedicated backup plugin like BlogVault. This ensures that every aspect of your WordPress site is safeguarded, easily restorable, and consistently up-to-date, giving you peace of mind and protection against data loss.


How do I back up all my WordPress files?

To back up all your WordPress files, you can use FTP clients such as FileZilla or plugins like WP File Manager to manually download your site files. However, for a complete backup that includes both your files and database, it is advisable to use a comprehensive backup plugin like BlogVault, which automates the process and ensures all critical site data is secured.

How do I get to WP File Manager?

Once you have installed and activated the WP File Manager plugin, you can find it in your WordPress dashboard sidebar. Simply click on “WP File Manager” to access the interface where you can manage, download, and upload your site files.

What does WP File Manager do?

WP File Manager is a plugin that allows users to manage their WordPress site files directly from the WordPress dashboard. It provides functionalities like uploading, downloading, editing, and deleting files and directories, making it convenient to handle site files without needing FTP access.

Where are WordPress backup files stored?

The location of your WordPress backup files depends on the backup method you use. If you are using a plugin like BlogVault, the backups are typically stored on secure cloud servers. For manual backups done via FTP or file manager plugins, the files are stored on your local computer or whichever storage destination you specify during the download. It is always advisable to store backups in multiple locations, including external storage options like cloud services, for additional security.


You may also like

restore wordpress site to previous date
Restore WordPress Site to Previous Date: 5 Easy Ways

When your WordPress site crashes, it’s not just an inconvenience—it’s a full-blown crisis! Key pages go AWOL, essential content disappears, and this disruption sends shockwaves across your operation. Frustrated customers…

How do you update and backup your website?

Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.

Updating Everything Manually?

But it’s too time consuming, complicated and stops you from achieving your full potential. You don’t want to put your business at risk with inefficient management.

Backup Your WordPress Site

Install the plugin on your website, let it sync and you’re done. Get automated, scheduled backups for your critical site data, and make sure your website never experiences downtime again.