In the dynamic world of website development and server administration, maintaining reliable backups is more critical than ever. WordPress users often rely on trusted tools like BackupBuddy to handle this task. However, even with robust backup tools, oversights in configuration and default settings can lead to inefficiencies. Recently, a concerning trend emerged around BackupBuddy’s failure to properly exclude temporary files, resulting in bloated backup sizes and wasted storage resources.
TLDR (Too Long, Didn’t Read)
BackupBuddy, while a popular WordPress backup plugin, was discovered to include temporary files in backups by default, leading to excessive backup sizes and unnecessary storage usage. This issue stemmed from an omission in the exclusion settings. By implementing a workflow that carefully manages the exclusion list—especially targeting folders like cache, tmp, and session data—users have significantly reduced storage waste across servers. This article discusses how the issue was uncovered and the exact steps taken to resolve it effectively.
The Root of the Problem
BackupBuddy is revered for its all-in-one backup, migration, and restoration capabilities for WordPress websites. However, despite its strengths, a recent review of high server storage utilization revealed an unexpected culprit: temporary files included in full-site backups.
These files—typically found in directories like /wp-content/cache, /tmp, and plugin-specific folders—are not intended for preservation. They serve transient purposes, such as processing uploads, storing session data, or caching external resources. Under normal circumstances, they neither contain critical data nor require archiving.
Unfortunately, BackupBuddy’s default configuration did not exclude these directories. This oversight meant that every scheduled backup included massive quantities of disposable data, significantly increasing backup file sizes and consuming valuable disk space.
Uncovering the Oversight
This behavior came to light during a routine review by server administrators attempting to trace storage bloat across several WordPress installations. By dissecting the contents of backup archives, they discovered that:
- Cache folders contained duplicate media files and transient cache data from CDNs and optimization plugins like WP Rocket.
- Temporary upload directories were filled with partial file uploads or plugin-generated temp files.
- Session files from plugins like WooCommerce and Wordfence accounted for tens of thousands of files in some installations.
In one particularly egregious case, a backup from a WooCommerce site weighed in at 4.2 GB. Post-review and proper exclusion of temporary content, the new backup was just 1.3 GB—a reduction of nearly 70%.
Risks of Allowing Temporary Files in Backups
While one could argue that “more is better” when it comes to backups, including unnecessary files introduces several significant risks:
- Increased server load and costs: Each backup cycle consumes more CPU, I/O, and storage, potentially pushing users into higher hosting tiers or causing slowdowns on shared hosting plans.
- Risk of incomplete restores: Temporary files can conflict with genuine site content when restoring from a backup, leading to overwritten files or corrupted sessions.
- Longer recovery times: Larger backups take longer to download, transfer, and deploy, increasing downtime during critical restoration operations.
To address these risks, administrators needed a focused strategy to optimize BackupBuddy’s exclusion lists.
The Exclusion List Workflow That Solved the Problem
After identifying the flaw, a repeatable workflow was established to customize BackupBuddy’s exclusion settings at the site level. The goal? Eliminate unnecessary data from the backup builds without compromising the integrity of the website.
Step 1: Conduct a One-Time Audit
Administrators started by extracting a recent full backup and analyzing its directory structure. Using tools like du -sh * and tree visualization commands, they identified non-critical folders contributing to the bloat.
Step 2: Build a Targeted Exclusion List
Based on the audit, a master exclusion file template was created. Typical exclusions included directories such as:
/wp-content/cache//wp-content/tmp//wp-content/uploads/tmp//wp-content/wflogs//wp-content/uploads/wpcf7_captcha//wp-content/plugins/wp-rocket/cache/
The exclusion rules were carefully validated to ensure no business-critical data—like media uploads or configuration files—was left out.
Step 3: Apply and Test the Exclusions
The exclusions were applied in BackupBuddy through the plugin’s “Exclude Files & Directories” section. Once live, backup sizes were compared before and after the change to confirm effectiveness.
Step 4: Automate the Workflow
To streamline the process across multiple sites, the exclusion template was packaged into an onboarding script utilized during initial plugin installation. In large site environments, this drastically reduced setup time and improved consistency.
Results and Measurable Improvements
The implementation of the exclusion-list workflow yielded impressive results across diverse hosting plans and multiple site types:
- Average backup size reduction: 55-70%, depending on previous cache volume.
- Backup time improvement: A consistent 40-60% reduction in processing time.
- Storage cost savings: Immediate drop in usage on cloud storage platforms like Amazon S3 and Google Cloud Storage.
Additionally, clients reported faster download times and more predictable restoration behavior. By narrowing the scope of what’s preserved, backup files became more purposeful and manageable.
Additional Recommendations for WordPress Backups
While BackupBuddy’s capabilities are extensive, further best practices were identified during the optimization phase:
- Enable database-only backups nightly and full-site backups weekly—limiting overhead.
- Store at least three backup copies in redundant storage locations: local, offsite, and cloud.
- Regularly validate restore points through periodic simulated restores or staging environment tests.
- Use a retention policy to automatically delete backups older than a specified timeframe.
These routines ensure that even if a primary system is compromised, a lean and recoverable backup remains available.
Plugin Development Feedback and Future Improvements
This issue highlights the importance of default plugin configurations. Although BackupBuddy offers extensive customization, its default exclusion list leaves room for improvement. Feedback has already been submitted to iThemes (the plugin’s developer), suggesting that future releases:
- Include smart detection and automatic exclusion of cache and tmp folders.
- Offer site-specific exclusion profiles based on plugin usage and folder activity.
- Alert users if backups exceed previous sizes by a defined threshold—indicating anomalous behavior.
Open discussions in WordPress admin communities and GitHub feature requests suggest a growing momentum toward making intelligent backups a standard, not an afterthought.
Conclusion
Backup integrity is non-negotiable for modern websites, but efficiency is equally vital. The oversight in BackupBuddy’s default behavior regarding temporary files serves as a cautionary tale and an opportunity. Through careful auditing and a repeatable exclusion workflow, users now produce leaner, faster, and more reliable backups.
As WordPress and its ecosystem continue to scale in complexity, proactive configuration and intelligent backup strategies will be central to keeping storage efficient and sites recoverable. BackupBuddy remains a powerful tool—but only when wielded with awareness and precision.
