Storage Providers
Configure any of SafeGuard's 20 supported storage providers for your WordPress backups.
SafeGuard supports 20 storage providers across cloud, self-hosted, and enterprise categories.
Cloud Storage
Amazon S3, Google Cloud Storage, Azure Blob, Backblaze B2, Wasabi, DigitalOcean Spaces, Cloudflare R2, Linode, Vultr, IDrive e2
Consumer Cloud
Dropbox, Google Drive, OneDrive, pCloud — all authenticated via OAuth 2.0
Self-Hosted / Protocol
FTP, SFTP, WebDAV, and local filesystem for on-premise or custom server storage
Enterprise
MinIO and any S3-compatible endpoint for private cloud and enterprise deployments
Cloud Storage
| Provider | Auth Method |
|---|---|
| Amazon S3 | Access key + Secret |
| Google Cloud Storage | Service account JSON |
| Azure Blob Storage | Connection string |
| Backblaze B2 | Application key |
| Wasabi | S3-compatible keys |
| DigitalOcean Spaces | S3-compatible keys |
| Cloudflare R2 | S3-compatible keys |
| Linode Object Storage | S3-compatible keys |
| Vultr Object Storage | S3-compatible keys |
| IDrive e2 | S3-compatible keys |
Consumer Cloud
| Provider | Auth Method |
|---|---|
| Dropbox | OAuth 2.0 |
| Google Drive | OAuth 2.0 |
| OneDrive | OAuth 2.0 |
| pCloud | OAuth 2.0 |
Self-Hosted / Protocol
| Provider | Auth Method |
|---|---|
| FTP | Host + credentials |
| SFTP | Host + key or password |
| WebDAV | URL + credentials |
| Local filesystem | Path only |
Enterprise
| Provider | Auth Method |
|---|---|
| MinIO | S3-compatible keys |
| Any S3-compatible | Endpoint + keys |
Configuring Providers
Each provider is configured through SafeGuard → Storage in your WordPress admin. Below are detailed setup guides for the most commonly used providers.
Amazon S3
Never use your root AWS account credentials. Always create a dedicated IAM user with the minimum required permissions for SafeGuard.
Create an S3 Bucket
In the AWS Console, create an S3 bucket in your preferred region. Note the bucket name and region (e.g., us-east-1).
Create an IAM User with a Scoped Policy
Create an IAM user with programmatic access. Attach a policy that grants the minimum required permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}
]
}Configure SafeGuard
In SafeGuard → Storage → Add Provider, select Amazon S3 and enter:
- Access Key ID and Secret Access Key from the IAM user
- Bucket name
- Region — must match the region where you created the bucket
- Path prefix (optional) — a folder path within the bucket, e.g.,
backups/mysite
Choose a region geographically close to your web server for faster upload speeds. If your server is in Europe, use eu-west-1 or eu-central-1 rather than us-east-1.
Dropbox
Dropbox uses OAuth 2.0 for authentication. No API keys are needed — SafeGuard handles the entire flow.
Select Dropbox
In SafeGuard → Storage → Add Provider, select Dropbox.
Authorize with Dropbox
Click Connect to Dropbox — a new window opens redirecting you to Dropbox. Sign in to your Dropbox account and click Allow to grant SafeGuard access.
Return to WordPress
You are redirected back to your WordPress admin. The connection is now active.
Set Folder Path (Optional)
Optionally set a folder path where backups will be stored (default: /Apps/SafeGuard).
SafeGuard only requests access to its own app folder, not your entire Dropbox.
Google Drive
Google Drive also uses OAuth 2.0.
Select Google Drive
In SafeGuard → Storage → Add Provider, select Google Drive.
Authorize with Google
Click Connect to Google Drive — you are redirected to Google's consent screen. Sign in with your Google account and grant SafeGuard permission to manage files in its own folder.
Return to WordPress
After authorization, you are returned to your WordPress admin.
Verify Backup Location
Backups are stored in a SafeGuard Backups folder in your Google Drive.
The OAuth token is stored securely in your WordPress database and refreshed automatically.
SFTP
SFTP supports two authentication methods: password and SSH key.
Password authentication:
Select SFTP
In SafeGuard → Storage → Add Provider, select SFTP.
Enter Connection Details
Enter the Host, Port (default: 22), Username, and Password.
Set the Remote Path
Set the Remote path where backups should be stored (e.g., /home/user/backups).
SSH key authentication:
Select SFTP and Enter Host Details
Select SFTP and enter the Host, Port, and Username. Leave the password field empty.
Add Your SSH Key
Paste your private key into the SSH Key field, or upload the key file. If your key has a passphrase, enter it in the Key Passphrase field.
Set the Remote Path
Set the Remote path where backups should be stored.
SSH key authentication is recommended for automated environments as it avoids storing passwords and is more secure.
S3-Compatible Providers
Cloudflare R2, Wasabi, Backblaze B2, DigitalOcean Spaces, Linode, Vultr, IDrive e2, and MinIO all use S3-compatible APIs. The configuration is the same across all of them:
Select the Provider
Select S3-Compatible (or the specific provider name) in SafeGuard → Storage.
Enter the Endpoint URL
Enter the provider's endpoint URL (e.g., https://<account-id>.r2.cloudflarestorage.com for R2).
Enter Your Credentials
Enter your Access Key and Secret Key.
Configure Bucket and Region
Enter the Bucket name. Some providers require a specific Region value — check your provider's documentation.
OneDrive
OneDrive follows the same OAuth 2.0 pattern as Dropbox and Google Drive:
Select OneDrive
Select OneDrive in SafeGuard → Storage.
Authorize with Microsoft
Click Connect to OneDrive and sign in with your Microsoft account. Authorize SafeGuard and return to your admin panel.
Verify Backup Location
Backups are stored in an Apps/SafeGuard folder in your OneDrive.
FTP
Enter Connection Details
Select FTP and enter the Host, Port (default: 21), Username, and Password.
Set the Remote Path
Set the Remote path where backups should be stored.
Configure Transfer Settings
Enable Passive mode if your server is behind a firewall (recommended for most setups). Enable SSL/TLS (FTPS) if your server supports it.
Plain FTP transmits credentials in clear text. Always enable SSL/TLS (FTPS) when available, or prefer SFTP instead.
WebDAV
Enter WebDAV URL
Select WebDAV and enter the full URL to your WebDAV endpoint (e.g., https://cloud.example.com/remote.php/webdav/).
Enter Credentials
Enter your Username and Password.
Set the Folder Path
Set a folder path within the WebDAV share.
Local Filesystem
Local storage saves backups to a directory on your server. This is useful for development or as a secondary backup location.
Set the Directory Path
Select Local and enter an absolute path on your server (e.g., /var/backups/safeguard).
Ensure Permissions
The directory must be writable by your web server user.
For security, choose a path outside your web root so backups are not publicly accessible.
Testing Your Connection
After configuring any provider, always test the connection before relying on it for backups:
Run the Connection Test
Go to SafeGuard → Storage, find the provider you configured, and click Test Connection.
Verify the Result
SafeGuard will upload a small test file, verify it exists, and then delete it. A success message confirms the provider is ready.
Troubleshoot if Needed
If the test fails, check:
- Credentials are correct and have not expired
- The bucket or directory exists and is writable
- Your server can reach the provider's endpoint (check firewall rules)
- For S3-compatible providers, confirm the endpoint URL and region are correct
You can also test from the command line:
wp safeguard storage test s3Using Multiple Providers
You can configure as many storage providers as you need. This enables several useful patterns:
Redundant Storage
Send the same backup to two providers for extra safety. For example, store daily backups on both Amazon S3 and Dropbox so that if one provider has an outage, your backups are still accessible from the other.
Tiered by Schedule
Use a fast, nearby provider for frequent incremental backups (e.g., local or a regional S3 bucket) and a separate provider for weekly full backups (e.g., Backblaze B2 for cost-effective long-term storage).
Staging vs. Production
Configure one provider for your production site and a different provider for staging, keeping backups cleanly separated.
To assign a provider to a schedule:
Open Schedules
Go to SafeGuard → Schedules.
Select a Storage Provider
When creating or editing a schedule, select the desired provider from the Storage dropdown. Each schedule can target a different provider independently.