How VaultPress Works

We’ve recently updated the way VaultPress stores your backup data, to make it more space-efficient and to allow for faster restore times.

Now seems like a great time to describe how VaultPress works.

Replicated, but not duplicated

Everything that VaultPress backs up is pushed to a replicated filesystem. We store multiple copies of everything to protect your data.

However, VaultPress also works hard to avoid backing up duplicate copies of unchanged data we already have on file. Taking more copies of your data than our replication system already produces would be a waste of storage space, and would add unwanted extra traffic to your site during each backup.

Before taking a fresh copy of anything from your site, we check to make sure it has changed and is worth backing up again.

Keeping track of your data

Because we avoid unnecessarily duplicating unchanged data, each backup snapshot can contain data taken at various times, depending on when each file or database table was last changed. Most pieces of data in our replicated filesystem are reused in multiple backup snapshots, too.

To track which files belong in each snapshot, VaultPress generates a Manifest file for each snapshot. Manifest files contain a list of every piece of data that belongs in each snapshot.


For example, if photo.jpg is changed once, we keep two copies of it and reference each version from multiple snapshot manifests.

Every day, VaultPress scans your site for any file or database table that is new or has changed, and generates a fresh backup copy as required.

Staying up to date

Some of our plans offer live backups, in which we keep an up-to-date backup of your site and generate hourly snapshots that include all of your latest updates.

If your VaultPress account has live backups enabled, the VaultPress plugin installed on your site quietly watches for changes to your data. Whenever you upload a file, create or edit a post, or make other changes to your site, the VaultPress plugin detects it and notifies of the change.

When a file is changed on your site, VaultPress backs up a fresh copy of that file and includes it in the next snapshot manifest file.

When you make a change to a database table, however, VaultPress doesn’t take a full copy of that table. Some WordPress tables can get quite large, and re-copying a table for every update would be slow and bandwidth-hungry.

Instead, VaultPress creates a new file that describes what has changed, adds it to our replicated filesystem, and includes it in your next snapshot manifest file. As you make multiple changes to your database, multiple sequential SQL change files are stored to track each change.


When a table is modified, we store a record of the changes between daily full backups. Each manifest contains more change records than the last.

Building a restore file

When you tell VaultPress to restore your site or choose to download a backup snapshot, VaultPress generates a new restore file. Each restore file is a zipped archive containing all of your site’s files and SQL table dumps to regenerate your database.

To generate a restore file, VaultPress first reads your backup snapshot’s manifest file. It uses that file to find every piece of data relevant to that backup and combines them into one archive file ready for restore or download.

Each table in your database is assembled from one full table dump, and all of the change records generated up to the snapshot you requested.

About the VaultPress update

Before the VaultPress update, we were storing each SQL row in a separate file in our replicated filesystem. That slowed our restore times, because each table had to be regenerated from potentially millions of individual files.

Now we store table dumps and changes, building a restore typically involves far fewer files per table.

Based on our tests, the new backup system reduces the time required to build restore files by anywhere from 25% to 90%, depending on the contents of each backup. Sites with large database tables will be affected the most, but the speed improvements will vary from site to site.

Aside from faster restore times, you shouldn’t notice any further differences in our backup service.

If you run into any trouble, or have any further questions, please let us know at

Posted in General | Leave a comment

Custom Contact Forms Plugin Vulnerability

The web security team at Sucuri recently discovered a vulnerability in the Custom Contact Forms plugin.

If the Custom Contact Forms plugin is installed on your self-hosted WordPress site, your site’s security may be at risk, and you should upgrade to the latest version of the plugin immediately.

The vulnerability was fixed in version

We automatically updated the plugin for VaultPress customers. For the small number of cases where were not able to update the plugin we’ve emailed the site owners directly about updating.

Posted in General | Leave a comment

VaultPress + Akismet

Earlier this year, we announced new Akismet + VaultPress bundles available from

Now you can sign up for a bundle from too, to protect your site from security threats, unforeseen disasters, and spam. Head over to our plans page to take a look.


If you’re already a VaultPress user, you can take advantage of the bundle savings too. Just visit the Subscriptions & Billing page in your VaultPress dashboard and click “Change Plan” to switch to an Akismet Bundle.

akismet_plan_switch akismet_key

When you switch to a bundle, you’ll be given a new Akismet key instantly.

If you have any questions, let us know at Happy bundling!

Posted in General | Leave a comment

Connect through Jetpack for a free 5-day VaultPress Trial

We’re excited to announce that there’s a new and easy way to connect your Jetpack-powered WordPress site to VaultPress. With a single click, you can register for a free 5-day VaultPress trial and begin backing up your site immediately!

During your trial, you’ll have access to everything that VaultPress Lite has to offer, including daily backups, our automated site restore system, and support from our team of WordPress experts.

Great! How do I get started?

To use our one-click setup and free trial offer, you first need to install Jetpack and connect it to

Once Jetpack is connected, install the VaultPress plugin and head to the “VaultPress” page in your admin dashboard. From there, you can click the “Start free trial” button to connect to VaultPress.

VaultPress menu Instantly connect through Jetpack

When you click the trial button, you’ll receive a free VaultPress Lite account to try for 5 days. Your site will be automatically connected to VaultPress, and your first backup will begin.

First Backup

What happens when my trial ends?

If you’d like to continue using VaultPress when your trial ends, you can subscribe by visiting your VaultPress dashboard and entering your credit card information. Here, you can also choose a different plan level or annual billing.

Your VaultPress account will be automatically linked to your account when you register through Jetpack. In order to access the VaultPress dashboard, you’ll need to log in using your username and password.

Login via WPCC

If you decide that VaultPress is not for you, the service will be automatically canceled after the 5-day trial period ends. Please note that you don’t need to do anything.

We hope you’ll take VaultPress for a spin! If you have any questions, please send us a message at

Posted in General | Leave a comment

Fix for the MailPoet Plugin AKA wysija-newsletters

A vulnerability was found in the MailPoet Newsletters WordPress plugin ( known as wysija-newsletters at the plugin repository ). All versions below 2.6.7 of the plugin are vulnerable.

We’ve deployed a hot fix to VaultPress sites running the MailPoet plugin to protect you from this issue. This hot fix is included as part of the VaultPress 1.6.1 plugin.

When you are ready you should still update to the latest version of the MailPoet plugin. The hot fix that we pushed out addresses the vulnerability, so you have some time to review the update before upgrading.

Providing VaultPress with SSH, SFTP, or FTP connections allows us to push security updates like this to your sites as soon as we have hot fixes for them. You can provide the login credentials in the account dashboard.

If you have any questions about this update please drop us a note.

Posted in General | Tagged | Leave a comment