Akeeba Backup for WordPress

#39589 Latest Updates Overwriting File Called for CRON Backups

Posted in ‘Akeeba Backup for WordPress’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

WordPress version
PHP version
Akeeba Backup version /

Latest post by nicholas on Thursday, 05 October 2023 10:33 CDT


For many years I've kept a file (initiate_wpbackup.php) in the Akeeba Backup plugin folder which is called by the server's CRON routine to initiate backups.

During the latest update to Akeeba Backup that file was deleted/overwritten by the update procedure on three sites, effectively canceling all backups.  They are all using WP 6.3.1 and PHP 7.4.

Since added files of that sort have not been over-written in the past, I thought you should know of the change.

Thanks for a great extension/plugin!
Gary Marsh

Akeeba Staff

That's part of the WordPress issue I described in our article.

Normally, WordPress does something really stupid when updating a plugin: it deletes the plugin's folder, then replaces it with the new version. Anything stored in the plugin's folder is removed during the upgrade.

To avoid that, we use a WordPress filter (a special kind of hook) to tell WordPress to NOT do that, but instead simply extract the new version's ZIP file in the plugin folder. Since WordPress introduced an issue which is crashing the hook handler it appears that this instruction does not make it, therefore WordPress falls back to its usual stupid self, removing the entire plugin folder.

This also explains some of the issues people had upgrading from 7.9.2 directly to I managed to reproduce exactly that just two hours ago.

Which brings me to what I was saying in the article: WordPress' plugin updater cannot be trusted. Even worse, it is actively dangerous. Deleting the software's folder on update is something that no updater written by anyone moderately sane with at least two working brain cells would ever do! Automatic loss of data by default is immensely stupid. And yet, that is exactly how WordPress works!

By deleting the plugin folder it also removes the settings encryption key, which means that your backup profiles' configuration is lost.

This means that I have to remove the integration with WordPress plugin updater, you will only be able to update the plugin with our (far more reliable) updater inside the plugin itself, and the next version will be a manual update, with specific instructions on how to do it.

For now, the best you can do, is restore the site from a backup, or at least the wp-content/plugins/akeebabackupwp folder and all the wp_ak_* tables.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!