# WordPress Backup Service — Verified Byte-for-Byte · WPCloudLab

> Daily encrypted WordPress backups, verified byte-for-byte and proven by weekly restore drills. Offsite on Cloudflare R2, 30-day retention, one-click restore.

Canonical: https://wpcloudlab.com/features/backups

[Home](/)/Backups

backups · verified · weekly restore drills

# A backup isn’t a backup until it restores.

Every webcare service claims backups. Almost none can prove theirs restore. Ours are verified byte-for-byte at capture time and drilled with a real restore every week — because the worst day to discover a broken backup is the day you need it.

[Get started](/signup)[how we audited ourselves →](/security)

Most backup failures are silent: the dump looks valid, the file uploads, and the data inside is already wrong.

001 / the pipelinecapture → verify → ship → drill

01

## Capture, exactly.

Files and database are captured with charset and binary data preserved — including the serialized arrays, emojis and BLOB columns that naive export tools quietly mangle.

02

## Verify byte-for-byte.

After every backup we compare what was captured against the source. Not “the file exists” — the bytes match. An empty or truncated dump is rejected and flagged, never uploaded and forgotten.

03

## Encrypt and ship offsite.

Backups are encrypted and stored in a private Cloudflare R2 bucket, away from your hosting. Downloads happen through short-lived scoped links — there is no public URL to leak.

04

## Drill the restore. Weekly.

Every week we restore a real backup into an isolated scratch database and scan the recovered data for corruption. If a backup can't restore cleanly, we find out on our schedule — not during your outage.

002 / why so paranoidwe audited our own pipeline

six ways data quietly rots

## We found these bugs in our own backups first.

We ran a full data-fidelity audit of our backup and restore path, found six ways WordPress data can silently corrupt, fixed every one, and turned each into a permanent automated check. The full write-up is on the [data safety page](/security).

-   01Percent-signs and URLs corrupted by WordPress's own escape layer
-   02Binary / BLOB data mangled through JSON transport
-   03Latin-1 characters lost on legacy sites
-   04SQL comments inside content stripped on restore
-   05Real customer tables mistaken for cache — and skipped
-   06Zero-byte files silently dropped from file backups

003 / the detailsretention · restore · custody

## 30 days, any day.

Thirty days of retention with one-click restore from any of them. Malware discovered two weeks late is still inside your restore window.

## Before every update.

Updates run against a fresh restore point, with [Safe Updates](/features/safe-updates) screenshotting before and after. A bad update rolls back instead of becoming your client’s problem.

## Your data. Actually.

Ask for your backups and we hand them over — no lock-in, no export fee. Cancel and your data leaves with you. It’s in the [terms](/terms), not just the marketing.

004 / questionsthe honest answers

## Backup questions, answered.

How often are my WordPress sites backed up?

Daily on Standard and Extended plans, with regular cloud backups on Economy. Every backup is encrypted, shipped offsite to Cloudflare R2 and kept for 30 days, so you can restore from any day in the last month.

How do I know the backups actually work?

Two ways. Each backup is verified byte-for-byte against the source at capture time, and every week we restore a real backup into an isolated database and scan the result for corruption. Both checks are logged in your dashboard.

Where are backups stored?

In a private, encrypted Cloudflare R2 bucket — offsite from your hosting, so a compromised or dying server can't take your backups down with it. Access is via short-lived scoped links only.

How fast can you restore my site?

Restores are one click from the dashboard for any retained day. A real engineer is available for anything gnarly — partial restores, moved domains, or restoring into a fresh environment.

Can I get a copy of my own backups?

Yes, any time — they're your data. Ask and we hand them over. No lock-in, no export fee.

Do you back up sites that aren't WordPress?

Backups are a WordPress feature (they need our agent). Non-WordPress sites get monitoring-only coverage — uptime, broken links, visual regression and reports — from the public URL.

free audit · we check your current backups

## Would your current backups actually restore?

Send us your URL. We’ll look at what your current setup would really recover — and tell you straight, even if the answer is “you’re fine.”

[Get a free audit](/contact)[see plans & pricing →](/pricing)

---

Get started: https://wpcloudlab.com/signup · Talk to an engineer: https://wpcloudlab.com/contact · Full agent index: https://wpcloudlab.com/llms.txt
