Andromeda Nova WordPress.org

Remote destination

Configure Amazon S3 for WordPress backups.

Amazon S3 is a durable object storage service that works well for production WordPress backups, agency retention policies and larger sites that need scalable off-site storage.

What you need

  • An Amazon Web Services account.
  • Permission to create an S3 bucket.
  • Permission to create IAM policies, IAM users and access keys.
  • StifLi Backup Tools installed and activated.
  • A planned bucket name, region and backup path prefix.

1. Create an Amazon S3 Bucket

  1. Sign in to the AWS Console.
  2. Open Services > S3.
  3. Click Create bucket.
  4. Enter a globally unique bucket name. A domain-based name such as example-com-stifli-backups is usually easy to recognize.
  5. Choose the AWS region where backups should be stored.
  6. Keep Block all public access enabled unless you have a very specific private network design.
  7. Leave bucket versioning disabled for a simple setup, or enable it if you intentionally want object version history.
  8. Enable default encryption if your compliance policy requires it.
  9. Create the bucket.
Important: backup buckets should not be public. A WordPress backup archive can contain the database, uploaded files, private content and credentials stored by plugins.

2. Create a Least-Privilege IAM Policy

Create a policy that allows StifLi Backup Tools to list the bucket, upload backup archives, read them for restore and delete old archives when retention runs.

  1. Open IAM in the AWS Console.
  2. Go to Policies.
  3. Click Create policy.
  4. Choose the JSON editor.
  5. Paste a policy like the one below, replacing BUCKET_NAME with your real bucket name.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::BUCKET_NAME"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::BUCKET_NAME/*"
    }
  ]
}
  1. Click Next.
  2. Name the policy, for example StifLiBackupToolsS3Policy.
  3. Create the policy.

3. Create an IAM User and Access Keys

  1. Open IAM > Users.
  2. Click Create user.
  3. Name the user, for example stifli-backup-example-com.
  4. Choose direct policy attachment.
  5. Attach the policy created in the previous step.
  6. Create the user.
  7. Open the user and go to Security credentials.
  8. Create an access key.
  9. Choose a use case such as third-party application or external service if AWS asks.
  10. Copy the Access key ID and Secret access key, or download the CSV.
Do not use root credentials. Use a dedicated IAM user or role for backups so access can be rotated or revoked safely.

4. Connect Amazon S3 in StifLi Backup Tools

  1. Open the WordPress admin area.
  2. Go to StifLi Backup Tools > Remote Destinations.
  3. Select Amazon S3.
  4. Enter the Access key ID and Secret access key.
  5. Enter the bucket name.
  6. Select or enter the bucket region.
  7. Set a path prefix, such as production/example.com, if you want backups organized inside the bucket.
  8. Set the maximum number of remote backups to keep.
  9. Save and run Test connection.

5. Create the First S3 Backup

  1. Create a manual backup in StifLi Backup Tools.
  2. Select Amazon S3 as the remote destination.
  3. Wait for the backup and upload to complete.
  4. Open the S3 bucket in AWS Console.
  5. Confirm that the backup archive appears in the expected prefix.
  6. If this is a production site, download the archive once and verify it is readable.

6. Configure Scheduled Backups

  1. Create or edit a scheduled backup task.
  2. Choose the backup components: full site, database, uploads, plugins, themes or custom selection.
  3. Select Amazon S3 as the destination.
  4. Choose frequency and start time.
  5. Apply retention settings that match your bucket storage budget.
  6. Enable notifications so failed backups are visible quickly.

Troubleshooting

ProblemWhat to check
Access deniedConfirm the IAM policy is attached to the user and that the bucket ARN matches the real bucket name.
Bucket not foundCheck spelling, region and whether the bucket belongs to the same AWS account as the access key.
Upload fails on large filesConfirm multipart upload permissions and check hosting timeouts or memory limits.
Old backups are not deletedConfirm the IAM policy includes s3:DeleteObject for the bucket path.
Unexpected AWS costsReview backup frequency, retention, lifecycle rules, storage class and transfer usage.

Security Notes

Keep the bucket private, use least-privilege IAM permissions, rotate access keys periodically and avoid storing backups in a public prefix. If your site handles sensitive data, consider encryption, lifecycle policies and separate credentials per site or client.

Best practice: combine StifLi Backup Tools retention with S3 lifecycle rules so operational backups stay available while old archives move or expire automatically.