Documentation

OAuth Quick connect (Google Drive, Dropbox, OneDrive)

Three Pro destinations support one-click OAuth in BackupRidge → Remote Storage. You sign in with your cloud account; BackupRidge stores a refresh token for backups. No Client ID or secret is required on your site when Quick connect is configured by your license or hosting provider.

Which providers use OAuth?

Quick connect in WordPress

1. Remote Storage → Add storage → choose Google Drive, Dropbox, or OneDrive.
2. Under Connection method, leave Quick connect (sign in with your account) selected (default).
3. Click Connect with Google, Connect with Dropbox, or Connect with Microsoft and complete sign-in.
4. Name the destination, set Remote path, run Test connection, then Save.

If Connect shows Quick connect is not configured, switch to Use your own app (Client ID and secret) and follow the provider section below (register an OAuth app, then Connect again).

Google Drive: even with Quick connect, the Google Cloud project must have the Google Drive API enabled or uploads fail after Connect.

Amazon S3

BackupRidge uploads backups to Amazon S3 using an IAM access key (not OAuth). Create a dedicated bucket and IAM user with list and object permissions on your backup prefix, then enter credentials in Remote Storage.

Prerequisites

• An AWS account with permission to create S3 buckets and IAM users.
• Outbound HTTPS from your WordPress server to S3 in your bucket region.

1. Create an S3 bucket

1. AWS S3 console → Create bucket.
2. Choose a globally unique bucket name and an AWS Region (for example eu-west-1).
3. Keep Block all public access enabled (BackupRidge uses IAM credentials, not public URLs).

2. IAM user and access key

Create an IAM user (for example backupridge-s3) with programmatic access. Attach a policy that allows at least:

• s3:ListBucket on the bucket (optionally limited to prefix backups/*)
• s3:PutObject, s3:GetObject, s3:DeleteObject on arn:aws:s3:::YOUR-BUCKET/backups/*
• s3:AbortMultipartUpload and s3:ListMultipartUploadParts for large backups

Create an access key and copy the Access key ID and Secret access key (shown once). For a dedicated backup bucket, allow s3:ListBucket on the bucket and object read/write on arn:aws:s3:::YOUR-BUCKET/* so you can change Remote path in WordPress without editing IAM. BackupRidge creates the remote folder in S3 when you test or upload.

3. Configure BackupRidge

1. BackupRidge → Remote Storage → Add storage → Amazon S3.
2. Enter Access Key ID, Secret Access Key, Bucket name, and Region (must match the bucket region).
3. Leave Custom endpoint empty for real AWS S3.
4. Set Remote path (for example /backups; trailing slashes are optional).
5. Run Test connection, then Save.

What Test connection checks

1. Lists objects in the bucket (validates credentials, region, and s3:ListBucket).
2. Uploads a small test file under your remote path prefix.
3. Lists again to verify the upload.
4. Deletes the test file.

Troubleshooting

• Connection failed — wrong access key, secret, bucket name, or region.
• Upload succeeded, listing returned no objects — IAM allows PutObject but not ListBucket on the prefix; extend the policy.
• Access Denied — check bucket policy and object ARN in the IAM policy.

More detail: Troubleshooting → Amazon S3 storage.

Cloudflare R2

BackupRidge uploads backups to Cloudflare R2 using the S3-compatible API and an R2 API token (not OAuth). Create a dedicated R2 bucket and credentials with object read/write access, then enter the access key, secret, bucket name, and account S3 API endpoint URL in Remote Storage (signing region auto is applied automatically).

Prerequisites

• A Cloudflare account with R2 enabled.
• Outbound HTTPS from your WordPress server to https://<account_id>.r2.cloudflarestorage.com.

1. Create an R2 bucket

1. Cloudflare dashboard → Build → Storage & databases → R2 object storage → Overview.
2. Click Create bucket (top right), choose a name (for example backupridge), and create the bucket.
3. Note the bucket name from the list for BackupRidge Bucket name (not Account ID).

2. Account details (endpoint URL)

On the same R2 Overview page, use the Account details panel on the right:

• S3 API — copy this URL into BackupRidge R2 endpoint URL (for example https://<account_id>.r2.cloudflarestorage.com).
• Account ID — same ID as in the S3 API URL (for reference).
• API Tokens — click the { } Manage button to create or view tokens (see next step).

3. Create an Account API token

Open the token page via Account details → { } Manage on R2 Overview, or via Manage account → Account API tokens in the profile menu. Both show the same screen.

1. Under Account API tokens (recommended for production), click Create Account API token. User API tokens are optional and tied to an individual user.
2. Set permission to Object Read & Write (or Admin Read & Write) and scope the token to your backup bucket.
3. Copy the Access Key ID and Secret Access Key (secret shown once).
4. Use the S3 API URL from Account details on R2 Overview as R2 endpoint URL.

4. Configure BackupRidge

1. BackupRidge → Remote Storage → Add storage → Cloudflare R2 (not Amazon S3).
2. Enter Access Key ID, Secret Access Key, and Bucket name.
3. Set R2 endpoint URL to your account S3 API endpoint (required; use https:// and do not add :9000).
4. Set Remote path (for example /backups). BackupRidge creates this prefix in the bucket when you test or upload.
5. Run Test connection, then Save.

What Test connection checks

1. Lists objects in the bucket (validates credentials and endpoint).
2. Uploads a small test file under your remote path prefix.
3. Lists again to verify the upload.
4. Deletes the test file.

Troubleshooting

• Connection failed — wrong access key, secret, bucket name, or endpoint URL (check https and account ID).
• 403 / Access Denied — API token needs write access and must be scoped to the correct bucket.
• Using AWS region codes — use auto for R2, not us-east-1.
• Configured under Amazon S3 — use the Cloudflare R2 provider so the endpoint field is required and labeled for R2.

More detail: Troubleshooting → Cloudflare R2 storage.

FTP and SFTP: PHP host requirements

BackupRidge FTP and SFTP remote storage use native PHP extensions. They are not available on every WordPress host unless those extensions are installed for the same PHP SAPI that serves WordPress (Apache mod_php, PHP-FPM, etc.).

Other destinations (Amazon S3, Cloudflare R2, Backblaze B2, Google Drive, Dropbox, OneDrive) use HTTPS and work on typical WordPress stacks without extra PHP modules. If FTP or SFTP is greyed out in Remote Storage, the plugin detected a missing extension — use the steps below before configuring a provider.

Required extensions

Verify on your server

From WP-CLI (replace with your site path if needed):

wp eval 'var_export(function_exists("ftp_connect"));'
wp eval 'var_export(function_exists("ssh2_connect"));'

Both should print true for the provider you want. You can also use a temporary phpinfo() page and search for ftp and ssh2. If you use PHP-FPM, run checks against FPM's php.ini, not only the CLI binary (wp eval uses CLI — if CLI and FPM differ, ask your host which SAPI serves WordPress).

Enable via package manager or php.ini

Linux (Debian/Ubuntu) — install distro packages for your PHP version, then restart PHP-FPM or Apache:

# FTP (example for PHP 8.3)
sudo apt-get install php8.3-ftp
sudo systemctl restart php8.3-fpm   # or apache2

# SFTP — PECL ssh2 needs build headers, then enable in php.ini
sudo apt-get install php-pear php8.3-dev libssh2-1-dev
sudo pecl install ssh2-1.4.1
echo "extension=ssh2.so" | sudo tee /etc/php/8.3/mods-available/ssh2.ini
sudo phpenmod ssh2
sudo systemctl restart php8.3-fpm

On some builds the ftp extension is compiled in but disabled. In php.ini (or a drop-in under conf.d), ensure a line like extension=ftp is present and not commented out. For PECL ssh2, you typically add extension=ssh2.so after pecl install.

Official WordPress Docker image

Stock wordpress:php*-apache (and FPM variants) images do not include ftp or ssh2. Extend the image, for example:

FROM wordpress:6.9-php8.3-apache

RUN set -eux; \
  apt-get update; \
  apt-get install -y --no-install-recommends libssh2-1-dev; \
  docker-php-ext-install -j"$(nproc)" ftp; \
  pecl install ssh2-1.4.1; \
  docker-php-ext-enable ssh2; \
  apt-get purge -y --auto-remove libssh2-1-dev; \
  rm -rf /var/lib/apt/lists/*

Rebuild your image and redeploy the WordPress container. Outbound TCP from that container to your FTP/SFTP server (ports 21 or 22, or your host's custom ports) must be allowed.

Shared and managed hosting

• Ask support to enable the PHP ftp extension and/or PECL ssh2 for your site's PHP version.
• If extensions cannot be enabled, use S3-compatible, Backblaze B2, or OAuth cloud destinations instead.

FTP

BackupRidge uploads backups to your FTP or FTPS server using the PHP ftp extension. Configure host, port, credentials, remote path, and connection options in Remote Storage.

Prerequisites

• PHP ftp extension loaded for the WordPress PHP SAPI (see FTP/SFTP PHP requirements).
• An FTP or FTPS server with a dedicated account and a writable directory for backups.
• Outbound TCP from your WordPress server to the FTP host (port 21 by default, or your server's port).

1. Prepare the FTP server

1. Create a user (or use an existing account) limited to a backup directory.
2. Note hostname, port (21 for plain FTP, often 990 for implicit FTPS), username, and password.
3. If uploads fail behind a firewall, ensure passive mode ports are open on the server, or try toggling Passive mode in BackupRidge (enabled by default).

2. Configure BackupRidge

1. BackupRidge → Remote Storage → Add storage → FTP.
2. Enter Host, Port (default 21), Username, and Password.
3. Enable Use SSL/TLS for FTPS (ftp_ssl_connect); requires OpenSSL on PHP.
4. Leave Passive mode on unless your host or Docker network requires active mode (some container-to-container setups need passive off).
5. Set Remote path (for example /backups/) — must exist and be writable.
6. Run Test connection, then Save.

What Test connection checks

1. Connects and logs in to the FTP server.
2. Uploads a small test file under your remote path.
3. Lists the directory to confirm the upload.
4. Deletes the test file.

Troubleshooting

• FTP greyed out or “PHP ftp extension is not installed” — enable ftp on the host; see Docker or php.ini steps.
• Connection timeout or login failed — wrong host, port, credentials, or firewall blocking outbound FTP.
• Upload fails with passive mode on — try disabling Passive mode (or fix passive port range on the server).
• FTPS fails — confirm Use SSL/TLS, correct port, and that OpenSSL is enabled in PHP.

SFTP

BackupRidge uploads backups over SSH file transfer using the PHP ssh2 (PECL) extension. Use password or PEM private key authentication.

Prerequisites

• PHP ssh2 extension loaded (see FTP/SFTP PHP requirements).
• An SFTP-capable SSH server and account with a writable backup directory.
• Outbound TCP from WordPress to the SSH host (port 22 by default).

1. Prepare the SFTP server

1. Create an SSH user restricted to SFTP if your server supports it.
2. Ensure the remote directory exists and is writable. Some images (for example atmoz/sftp) chroot the home directory — use a subdirectory such as /upload/backups/ rather than the chroot root.
3. For key auth, use an RSA or ED25519 private key in PEM format; paste into Private key (optional) or use password auth.

2. Configure BackupRidge

1. BackupRidge → Remote Storage → Add storage → SFTP.
2. Enter Host, Port (default 22), and Username.
3. Provide Password and/or Private key (optional) PEM content.
4. Set Remote path (for example /backups/ or /upload/backups/ on chrooted servers).
5. Run Test connection, then Save.

What Test connection checks

1. SSH connect and authenticate (password or key).
2. Opens an SFTP session and uploads a small test file.
3. Verifies the file via SFTP stat/list semantics.
4. Deletes the test file.

Troubleshooting

• SFTP greyed out or “PHP ssh2 extension is not installed” — install PECL ssh2; see Docker or php.ini steps.
• Authentication failed — wrong password, key format, or username; ensure the key matches the server's authorized keys.
• Upload test failed — remote path not writable (common on SFTP chroots — use a subdirectory like /upload/).

Google Drive Pro

BackupRidge Pro stores backups in Google Drive using OAuth. Use Quick connect to sign in with one click when your site supports it, or register your own Google Cloud OAuth app. The Google Drive API must be enabled on the OAuth project or uploads fail after Connect.

Prerequisites

• BackupRidge Pro with an active license.
• A Google Cloud project where you can enable APIs and create OAuth credentials.
• HTTPS on your live site (localhost HTTP is fine for local development).

1. Enable the Google Drive API

Creating an OAuth client is not enough. Uploads and Test connection use the Google Drive API.

1. Open Google Cloud Console and select your project.
2. Go to APIs & Services → Library.
3. Search for Google Drive API and click Enable.
4. Wait a few minutes before testing in WordPress.

If the API is disabled, Connect with Google may still work (OAuth tokens refresh), but Test connection fails with Connection succeeded but file upload test failed.

2. Create an OAuth client

1. APIs & Services → Credentials → Create credentials → OAuth client ID.
2. Complete the OAuth consent screen if prompted (add test users while in testing mode).
3. Application type: Web application.
4. Add this Authorized redirect URI (replace host/port with your site):

   https://YOUR-DOMAIN/wp-admin/admin.php?page=backupridge-storage&action=oauth-callback

   Local example: http://localhost:8080/wp-admin/admin.php?page=backupridge-storage&action=oauth-callback
5. Copy the Client ID and Client secret.

3. Connect in WordPress

Quick connect (recommended): leave Quick connect (sign in with your account) selected, click Connect with Google, sign in, then name the provider, set remote path (for example /backups), optional Folder ID, Test connection, and Save.

Use your own app: select that connection method, enter Client ID and secret (or define BACKUPRIDGE_OAUTH_GDRIVE_CLIENT_ID / BACKUPRIDGE_OAUTH_GDRIVE_CLIENT_SECRET in wp-config), then Connect with Google — do not skip Connect; the plugin needs a refresh token.

What Test connection checks

1. OAuth token refresh (credentials + refresh token).
2. Upload a small test file via the Drive API.
3. List files to confirm the upload.
4. Delete the test file.

Troubleshooting

• Upload test failed after Connect worked — enable Google Drive API on the same project as your OAuth client.
• redirect_uri_mismatch — redirect URI in Google Console must match your site exactly (see step 2).
• Missing refresh_token — complete Connect with Google before Save.

More detail: Troubleshooting → Google Drive storage.

Dropbox Pro

BackupRidge Pro stores backups in Dropbox using OAuth. Use Quick connect when available, or create a Dropbox app with scoped permissions enabled and submitted before Connect (own app only).

Prerequisites

• BackupRidge Pro with an active license.
• A Dropbox app (Scoped access) in the Dropbox App Console.
• HTTPS on your live site (localhost HTTP is fine for local development).

1. Create a Dropbox app

1. Dropbox App Console → Create app → Scoped access.
2. App folder (backups under Apps/<app name>/) or Full Dropbox — both work with BackupRidge.

2. Permissions and Submit

Open your app → Permissions → enable:

• files.content.write
• files.content.read
• files.metadata.read
• files.metadata.write (files.metadata.read is required with it)

Scroll down and click Submit. Until you submit, OAuth shows No scope requested can be granted and uploads fail after Connect.

3. Redirect URI

https://YOUR-DOMAIN/wp-admin/admin.php?page=backupridge-storage&action=oauth-callback

Local example: http://localhost:8080/wp-admin/admin.php?page=backupridge-storage&action=oauth-callback

4. Connect in WordPress

Quick connect: default connection method → Connect with Dropbox → sign in → remote path → Test connection → Save.

Use your own app: complete Permissions + Submit above, enter App key and secret (or wp-config constants), Connect with Dropbox, then test and save. Remote path example: /backups.

What Test connection checks

1. OAuth token refresh.
2. Upload a small test file.
3. List files to confirm the upload.
4. Delete the test file.

Troubleshooting

• No scope requested can be granted — enable permissions above and click Submit in the Dropbox console.
• Upload test failed after Connect — permissions were missing at authorize time; Submit permissions, then Connect with Dropbox again.

More detail: Troubleshooting → Dropbox storage.

OneDrive Pro

BackupRidge Pro stores backups in OneDrive via Microsoft Graph and OAuth. Use Quick connect when available, or register your own Azure app (redirect URI must not contain a query string; login endpoint must match account types).

Prerequisites

• BackupRidge Pro with an active license.
• An app registration in Microsoft Entra ID (Azure Portal).
• HTTPS on your live site (localhost HTTP is fine for local development).

1. Register an Azure app

1. Azure Portal → Microsoft Entra ID → App registrations → New registration.
2. Personal OneDrive: Supported account types → Personal Microsoft accounts only (BackupRidge uses the consumers login endpoint by default).
3. Work + personal: choose multitenant + personal accounts and configure BACKUPRIDGE_ONEDRIVE_OAUTH_AUTHORITY=common in wp-config.

2. Redirect URI (no query string)

https://YOUR-DOMAIN/wp-admin/admin.php

Local example: http://localhost:8080/wp-admin/admin.php — add under Authentication → Web. Do not register admin.php?page=backupridge-storage&action=oauth-callback (Azure rejects ? in redirect URIs).

3. Client secret and Graph permissions

1. Certificates & secrets → create a client secret.
2. API permissions → Microsoft Graph → Delegated → Files.ReadWrite, offline_access.

4. Connect in WordPress

Quick connect: Connect with Microsoft → sign in → name provider, remote path (for example /backups), optional Folder ID → Test connection → Save.

Use your own app: Application (client) ID and secret (or wp-config constants), then Connect with Microsoft before Save.

Troubleshooting

• URL may not contain a query string — register /wp-admin/admin.php only.
• not enabled for consumers / Consumer vs /common/ — match Azure account types to the login endpoint (personal → consumers).

More detail: Troubleshooting → OneDrive storage.

Backblaze B2 Pro

BackupRidge Pro uploads backups to Backblaze B2 using an application key (Key ID + secret, not OAuth). You need the bucket Bucket ID from B2 console settings, not only the bucket name.

Prerequisites

• BackupRidge Pro with an active license.
• A B2 bucket and an application key with read and write access to that bucket.

1. Create a bucket

1. B2 Buckets → Create a Bucket → Private recommended.
2. Open Bucket Settings and copy the Bucket ID (24-character ID, not the bucket name).

2. Application key

1. App Keys → Add a New Application Key.
2. Restrict to your backup bucket with Read and Write access.
3. Copy keyID and applicationKey (secret shown once).

3. Configure BackupRidge

1. BackupRidge → Remote Storage → Add storage → Backblaze B2.
2. Key ID and Application Key from step 2.
3. Bucket ID from bucket settings; Bucket name as shown in B2.
4. Remote path: /backups (default; trailing slashes optional).
5. Run Test connection, then Save.

What Test connection checks

1. Authorizes the account (Key ID + Application Key).
2. Uploads a small test file via the B2 Native API.
3. Lists and deletes the test file.

Troubleshooting

• Auth succeeded, upload test failed — wrong Bucket ID, read-only key, or read-only bucket.
• Connection failed — invalid or revoked application key.

More detail: Troubleshooting → Backblaze B2 storage.