BackupBuddy Wordfence Conflict

Had a BackupBuddy Wordfence conflict the other day. I noticed in the BackupBuddy logs that BackupBuddy failed to make a backup as it tried to backup the Wordfence tmp file while that was being used by Wordfence. And therefore it failed.

Calling BackupBuddy..

I contacted BackBuddy support. They responded quite quickly as they always do. Love that and love BackupBuddy for making complete backups and taking care of migrations. Just like I love Wordfence for taking care of my sites’ security.

Site to Site Solution

To deal with this you need to excluded the directory for all file and complete backups:


in BackupBuddy under general settings > Default excluded files & directories (relative to WordPress root):

BackupBuddy File and Directory Defaults


That way that directory will always be ignored / excluded. Did use directory exclusion on BackupBuddy before the exclude certain error logs, backup directories. I also excluded some tables like Slimstat tables as they can get really big if you intend on keeping data for a year or more.

Database Defaults Settings BackupBuddy:

BackupBuddy Database Defaults

This was the first time I bumped into a specific BackupBuddy Wordfence conflict though.

TMP in Plugin Directory?

In my correspondence with BackupBuddy they stated that:

Plugins really should not create temporary directories/data under their own plugin installation directory but Wordfence tends to play by its own rules 🙂

Whether a plugin author should place a tmp folder in the plugin directory or in the webroot is a discussion I would love to have. I think it is OK to have it in the plugin root. I love to keep the webroot clean and avoid conflicts with other plugins. Would love to hear what other people think about this.

Permanent Solution

You would think that BackupBuddy – commercial WordPress plugin for backups – would make sure it would work well with the most populair Freemium Security plugin out there. Even though iThemes have their own commercial Security plugin they should still play nice with others out there, shouldn’t they? Especially if the other party is populair and has a free version.

But that is my opinion. I will not leave either plugin any time soon. Would however love to have this conflict out of the way and not being forced to add this exclusion to every WordPress site I work on.

What do you think?

If you have an opinion on the location of the tmp directory for plugins or have questions on the blog post do let me know. Would love to hear about it all!


Update Feedback BackupBuddy

Quite happy to discuss tmp file locations, but under a plugin installation directory is not a location to use as you cannot rely on write access. Here is the code from WF related to this:

private static function getCacheFile(){
    return WORDFENCE_PATH . 'tmp/configCache.php';

and this simply will not yield a usable file if there is no write access. WordPress provides a specific function to yield a (base) temporary directory location which also allows the user to set their own temporary directory and a plugin might then create their own subdirectory for their own use – this allows the user to control where theywant temporary files to go and makes it simpler for all such temporary data to be excluded from a backup by simply excluding that directory. Of course a user can define this to be outside the installation directory provided PHP has access to it (it doesn’t need to be externally accessible).

Would be nice though if BB would play nice with Wordfence – very populair security plugin – without using this directory
exclusion solution.

Yes, it certainly would be good if the Wordfence developers gave a little more thought to their design decisions and the impact they are going to have on their users. WordPress is a largely “uncontrolled” ecosystem and it relies upon developers thinking in a wider context than just their product and sadly with Wordfence this is not an isolated case.

WordFence’s Take

I have had no feedback from WordFence yet. Must say that I do feel that BackupBuddy seems to be having a point here..

  1.  BackupBuddy is an awesome WordPress backup plugin
  2. Wordfence is the best freemium security WordPress plugin out there
Tagged in : Tagged in : ,
Jasper Frumau

Jasper has been working with web frameworks and applications such as Laravel, Magento and his favorite CMS WordPress including Roots Trellis and Sage for more than a decade. He helps customers with web design and online marketing. Services provided are web design, ecommerce, SEO, content marketing. When Jasper is not coding, marketing a website, reading about the web or dreaming the internet of things he plays with his son, travels or run a few blocks.