You should know the importance of securing your backups. Ideally backups are placed within your server AND should be placed somewhere else. Redundancy is a good backup solution strategy.

Now if you store it somewhere else like in the remote cloud, or in your USB drive , or just left it in your Desktop, how secure is it? Are you sure no one is peeking your files?

The only solution is to encrypt your WordPress uploads directory. In this quick tutorial, I will illustrate a great solution that you can use in your WordPress site and how to use it.


Prime Mover PRO offers solution to encrypt your uploads directory (in addition to database) when creating a backup package. The encryption is pretty strong (AES-256) and this should be able to protect your files from any unauthorized use.

As of May 2020, I do not see any WordPress backup plugins (both free and premium) that does this. There lots of backup plugins out there that you can use to encrypt your database but NOT the WordPress uploads media files.

Let’s dive deeper into the media encryption feature of Prime Mover PRO. Take note that this solution will work in both WordPress single-site and multisite.

Server Requirements

The media encrypt support depends on your PHP and libzip version. Your server should be at least:

  • Using PHP 7.2.0
  • Using Libzip extension version 1.2.0

If your server does not meet these requirements, then Prime Mover plugin will still work but you will not be able to encrypt your WordPress upload media files.

For more information on these server requirements and troubleshooting, please read this guide.

If you server does not meet the requirements, the only solution to upgrade your PHP version and libzip version to meet the minimum requirements. There is no other workaround.

Enabling Encryption Support

When your server meet the required technical requirements, it is time to enable encryption. By default, Prime Mover Pro does not have encryption feature enabled.

Take note that once encryption support is enabled, you can still decide whether to encrypt or not encrypt your upload media files when you create a backup package.

Please read this dedicated tutorial on enabling encryption support.

Creating Encrypted Backup Package

Once encryption support is enabled, it is time to create an encrypted backup package

  • Go to Prime Mover -> Packages.
  • Click Create New Package.
  • You should see export options. The most important thing is to check the encryption box. See screenshot for the setting enclosed in red box:

The above setting instructs Prime Mover to encrypt BOTH the database and WordPress uploads files in the backup package.

  • Finally click “Export” button.
  • When the export is done, download the package to your Desktop for checking.
  • Done.

Manually extracting upload media files in an encrypted Prime Mover backup

How to test if the encryption is working? Is it possible to extract media files in an encrypted Prime Mover backup? The answer is YES.

  • Download the Prime Mover backup package to your Desktop.
  • Extract the main backup package zip.
  • Inside the extracted folder, you should see This is your WordPress uploads directory files.
  • Try extracting If encryption is working, it should ask for a password before you can view the content!

There is no way to view the image or media file content without providing the password. Now if anyone wants to individually extract file inside, it also ask for a password too.

  • So what is the password to use? The password to use is simply the encryption key that you use to create the backup package. This is defined in the wp-config.php of the site where the backup package is created. Only administrators can read this WordPress configuration, so do not share this key to everyone.
  • After providing the correct key, should be able to see the media file contents.

How Prime Mover import or restore encrypted backup package?

Everything is handled automatically by Prime Mover as long as correct decryption key is provided.

  • When an encrypted package is restored, Prime Mover first check if a correct decryption key is defined in the target site (where the package is restored). This key should be the same as the one used to encrypt the package (at the source site).
  • If the key is incorrect or not provided, Prime Mover bails out and show decryption error. The restoration is immediately stop prompting the user to provide correct decryption key in the wp-config.php.
  • If correct decryption key is provided, it will proceed to extraction until the restoration is completed.
  • If you restore an un-encrypted package, there is no decryption check done and all will proceed normally.

GDPR Compliant solution for your backups

GDPR (General Data Protection Regulation) requires user data to be encrypted for maximum privacy. These data does not only belong to you, it could also be your client files and content. So provide them with maximum protection.

Want to try this cool feature in your site ? Try our 14 day risk free trial. As usual, if you have doubts, questions , please add your comment or contact us.

Emerson Maningo Tutorials

Leave a Reply

Your email address will not be published. Required fields are marked *