Manual backups are better than no backups, but they rely on you remembering to do them. The moment you forget — or get busy, or go on vacation — is exactly when disaster tends to strike. Emnes Backup Migrate Reset Pro eliminates this risk with automated scheduled backups, cloud storage integration, and email notifications. In this post, we explore every Pro feature in detail and show you how to set up a fully automated, offsite backup strategy for your WordPress site.
Scheduled Backups: Set It and Forget It
The Pro add-on adds a Schedule tab to the plugin’s Settings page where you can configure automated backups. Four frequency options are available:
- Hourly — For high-traffic sites where every hour of content matters (e-commerce stores, news sites, active forums).
- Twice Daily — A good balance for busy sites that update frequently.
- Daily — The most popular choice for most WordPress sites.
- Weekly — Suitable for sites with infrequent content updates.
You also choose which components to include in scheduled backups. For example, you might schedule daily database-only backups (which are fast and small) and supplement them with a weekly full-site backup that includes plugins, themes, and uploads.
How Scheduling Works Under the Hood
Scheduled backups use the WordPress cron system (wp_schedule_event) with the hook ebmr_scheduled_backup. When you save the schedule settings, any existing scheduled event is cleared and a new one is registered to fire 60 seconds from now — so you can verify it works immediately after configuration.
The scheduler includes important concurrency guards:
- Skip if running — If a backup is already in progress (e.g., a manual backup started by an admin), the scheduled backup is silently skipped. No queue, no conflict, no corruption.
- Stuck detection — If a previous backup is locked but its semaphore has gone stale (no refresh for over 10 minutes), the scheduler cancels the stuck backup and proceeds with the new one.
- Timeout protection — Scheduled backups call
set_time_limit(0)andignore_user_abort(true)to survive long PHP executions, since cron requests are not tied to a browser session.
Cloud Storage: Your Backups, Offsite
Storing backups on the same server as your WordPress site is a single point of failure. If the server’s disk fails, a fire destroys the data center, or a ransomware attack encrypts the whole server, both your site and your backups are gone. Cloud storage solves this by keeping copies in a completely separate location.
Emnes Backup Migrate Reset Pro supports four cloud storage providers, each implemented as a dedicated storage driver:
Amazon S3 (and S3-Compatible Services)
The S3 driver implements AWS Signature Version 4 authentication in pure PHP — no AWS SDK required. This keeps the plugin lightweight while supporting the full S3 API. Configuration requires:
- Bucket name — Your S3 bucket.
- Region — The AWS region (e.g.,
us-east-1). - Access Key — Your IAM access key (encrypted at rest).
- Secret Key — Your IAM secret key (encrypted at rest).
- Path prefix — Optional subdirectory within the bucket (default:
ebmr-backups). - Custom endpoint — Optional, for S3-compatible services.
The S3-compatible endpoint support means you can use this with DigitalOcean Spaces, MinIO, Backblaze B2, Wasabi, or any other service that implements the S3 API. Just enter the custom endpoint URL in the settings.
Google Drive
The Google Drive driver uses the Google Drive REST API v3 with OAuth2 authentication. It handles two upload strategies automatically:
- Small files (under the chunk threshold) — Uploaded via multipart upload in a single request. A memory guard refuses the upload if the file size exceeds 80% of available PHP memory.
- Large files (over the chunk threshold) — Uploaded using Google’s resumable upload protocol. The driver initiates a session, receives a resumable upload URI, and sends chunks with
Content-Rangeheaders. HTTP 308 responses indicate more chunks are expected; 200/201 means the upload is complete.
The upload URI is validated to end in .googleapis.com to prevent token leakage via potential man-in-the-middle attacks. Token refresh uses a transient-based lock to prevent concurrent refresh races when multiple requests fire simultaneously.
Dropbox
The Dropbox driver uses the Dropbox HTTP API v2 with a three-step chunked upload session for large files:
- Start —
upload_session/startsends the first chunk and receives a session ID. - Append —
upload_session/append_v2sends subsequent chunks, tracking the byte offset. - Finish —
upload_session/finishsends the final chunk and commits the file.
Small files are uploaded in a single request to /files/upload. The driver handles Dropbox-specific edge cases like expired refresh tokens (which Dropbox revokes after 6 months of inactivity) and rate limiting (HTTP 429) with detailed error logging.
Files are stored in a configurable folder (default: /EBMR-Backups) within the connected Dropbox account.
SFTP
For organizations that prefer to control their own offsite storage, the SFTP driver connects to any SSH-capable server using PHP’s ssh2 extension. Two authentication methods are supported:
- Password authentication — Simple username and password.
- Key-based authentication — Public/private key pair, with optional passphrase.
The driver uses fsockopen() with a 10-second timeout before attempting the SSH2 handshake, preventing infinite hangs on unreachable hosts. Remote paths are sanitized with basename() to prevent directory traversal attacks.
Chunk Size Configuration
All cloud storage drivers share a configurable chunk size (default: 5-8 MB depending on the provider, configurable from 1 MB to 64 MB). Larger chunks mean fewer HTTP requests but use more memory per request. The setting is available in the Storage tab and via the ebmr_cloud_chunk_size filter. For Google Drive, chunk sizes are automatically rounded down to the nearest multiple of 256 KB as required by Google’s API.
Test Connection
Each storage provider includes a “Save and Test” button that validates your credentials and connectivity before you rely on them for real backups. The test endpoint sends a lightweight API call to each provider:
- S3 — ListObjectsV2 with
max-keys=1 - Google Drive —
/drive/v3/about?fields=user - Dropbox —
/users/get_current_account - SFTP —
ssh2_sftp_stat()on the remote path
Email Notifications
Automated backups are only useful if you know they are working. The Pro add-on provides three independently configurable email notifications:
Backup Success Notification
Sent after every successful backup (both manual and scheduled). The email includes the backup ID (nonce), number of components backed up, total backup size, site URL, and timestamp. Subject line: [Your Site Name] Backup completed successfully.
Backup Failure Notification
Sent when a scheduled backup fails. The email includes the error message and site URL, giving you immediate visibility into what went wrong. Subject line: [Your Site Name] Backup FAILED.
Corruption Detection Notification
The plugin can perform periodic integrity checks on existing backups. If corruption is detected (checksum mismatch), an email notification alerts you so you can take action before you actually need the backup.
The recipient defaults to the WordPress admin email but can be customized via the ebmr_notification_email filter — for example, routing notifications to an ops team email list:
add_filter('ebmr_notification_email', function() {
return '[email protected]';
});
A “Send Test” button in the Notifications settings tab lets you verify email delivery before relying on it for real alerts.
Admin Dashboard Notice
In addition to email, the Pro add-on displays a dismissible error notice in the WordPress admin when it detects failed backups within the last 24 hours. The notice links to the Server Health page for troubleshooting. Dismissing the notice suppresses it for 24 hours (stored in user meta), so it does not become annoying while you investigate.
Credential Encryption
Cloud storage credentials (API keys, secret keys, OAuth tokens, SFTP passwords) are sensitive data that must never be stored in plaintext in the database. The Pro add-on encrypts all credentials using AES-256-CBC via PHP’s OpenSSL extension.
The encryption key is derived from your WordPress security salts — specifically AUTH_KEY, SECURE_AUTH_KEY, and SECURE_AUTH_SALT. These are unique to your WordPress installation and are already required to be secret. Each encryption call generates a fresh 16-byte initialization vector using random_bytes(), ensuring that encrypting the same value twice produces different ciphertext.
The encrypted format includes a version prefix (ebmr_enc2::) that allows the decryption routine to detect the key derivation method used. Values without the encryption prefix are treated as plaintext, enabling transparent migration from older versions. If OpenSSL is not available on your server, credentials are stored in plaintext with no error — the plugin degrades gracefully rather than failing.
Putting It All Together: A Complete Backup Strategy
Here is a recommended setup that provides comprehensive protection for most WordPress sites:
1. Configure Storage
Go to Settings, then Storage and set up at least one cloud storage provider. Amazon S3 or any S3-compatible service is the most popular choice for its reliability and low cost. Use the Test Connection button to verify everything works.
2. Set Up Daily Database Backups
In the Schedule tab, enable scheduled backups with Daily frequency and select only the Database component. Database-only backups are fast (typically under a minute) and small (compressed SQL dumps are very efficient). This gives you a daily recovery point for all your content, users, orders, and settings.
3. Weekly Full Backups
Supplement the daily database backups with a weekly manual or scheduled full backup that includes all components. This captures plugin updates, theme changes, and new media uploads.
4. Enable Notifications
In the Notifications tab, enable all three notification types and verify with the Test button. You want to know immediately when a backup fails — not discover it weeks later when you actually need to restore.
5. Configure Retention
In the Retention settings (available in the free plugin), set a maximum backup count (e.g., 30 for daily backups, giving you a full month of recovery points) and maximum age (e.g., 60 days). This ensures old backups are cleaned up automatically.
6. Verify Regularly
Periodically verify your most recent backup from the Restore page. A backup that has never been verified is a backup you are hoping works — not one you know works.
Licensing and Installation
Emnes Backup Migrate Reset Pro is a paid add-on that requires the free Emnes Backup Migrate Reset plugin to be installed and active. License management is handled through Freemius, with a seamless activation flow in the WordPress admin. All Pro features are gated behind the license check — without a valid license, the add-on is installed but none of the Pro routes, settings tabs, or cron handlers are registered.
For developers, a EBMR_PRO_DEV_MODE constant can be defined in wp-config.php to bypass the license check during local development.
Clean Uninstall
If you ever need to remove the Pro add-on, it cleans up after itself completely. On uninstall, all cloud credentials are deleted from the database (all S3, Google Drive, Dropbox, and SFTP options), both cron hooks are cleared, and OAuth refresh token locks are removed. No orphaned data is left behind.
Summary
Emnes Backup Migrate Reset Pro transforms a good manual backup tool into a fully automated, enterprise-grade backup solution. Scheduled backups with four frequency options, cloud storage with four provider choices (plus S3-compatible services), email notifications for success, failure, and corruption detection, and AES-256-CBC encrypted credentials — all managed from within the familiar WordPress admin interface. Combined with the free plugin’s comprehensive backup, restore, migration, and reset capabilities, you have everything you need to protect your WordPress site against any disaster scenario.
Get started with the free plugin from the WordPress Plugin Directory, and upgrade to Pro at zqe.io/backup-migrate-reset when you are ready for automated, offsite backups.