WP-Safety

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Security & Risk Analysis

wordpress.org/plugins/trinity-backup

Backup, migrate, clone, and restore WordPress sites of any size. Scheduled, pre-update backups, email notifications, WP-CLI, white label, encryption.

300 active installs v2.0.9 PHP 8.0+ WP 6.2+ Updated Mar 9, 2026
backupcloneduplicatemigrationrestore
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Safe to Use in 2026?

Generally Safe

Score 100/100

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago
Risk Assessment

The "trinity-backup" v2.0.9 plugin presents a significant security risk primarily due to its large, unprotected attack surface. All 19 identified AJAX handlers lack authentication checks, making them directly accessible to unauthenticated users. This is a critical oversight that could lead to various vulnerabilities depending on the functionality of these handlers.

While the plugin demonstrates some good practices like using prepared statements for most SQL queries and a considerable number of output escaping instances, the lack of authorization on its entry points negates these benefits. The presence of `unserialize` is a potential concern, especially if user-controlled data is ever passed to it without proper sanitization, although the taint analysis did not reveal critical or high severity issues in this version. The absence of known CVEs and a clean vulnerability history is positive, suggesting past development might have been more secure or that this specific version hasn't been targeted. However, the current state of unprotected AJAX handlers demands immediate attention.

Key Concerns

  • 19 unprotected AJAX handlers
  • Use of unserialize function
  • Output escaping only 57% proper
Vulnerabilities
None known

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
11 prepared
Unescaped Output
31
41 escaped
Nonce Checks
1
Capability Checks
1
File Operations
54
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$plugins = @unserialize($activePlugins);src\Engine\Steps\ImportDatabase.php:778

Bundled Libraries

Freemius1.0

SQL Query Safety

92% prepared12 total queries

Output Escaping

57% escaped72 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
handleUploadChunk (src\Core\Router.php:280)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
19 unprotected

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Attack Surface

Entry Points19
Unprotected19

AJAX Handlers 19

authwp_ajax_trinity_backup_startsrc\Core\Router.php:32
authwp_ajax_trinity_backup_runsrc\Core\Router.php:33
authwp_ajax_trinity_backup_uploadsrc\Core\Router.php:36
authwp_ajax_trinity_backup_upload_chunksrc\Core\Router.php:37
authwp_ajax_trinity_backup_check_archivesrc\Core\Router.php:38
authwp_ajax_trinity_backup_import_startsrc\Core\Router.php:39
authwp_ajax_trinity_backup_import_runsrc\Core\Router.php:40
authwp_ajax_trinity_backup_list_backupssrc\Core\Router.php:43
authwp_ajax_trinity_backup_deletesrc\Core\Router.php:44
authwp_ajax_trinity_backup_delete_allsrc\Core\Router.php:45
authwp_ajax_trinity_backup_cleanupsrc\Core\Router.php:46
authwp_ajax_trinity_backup_checksrc\Core\Router.php:49
authwp_ajax_trinity_backup_schedulesrc\Core\Router.php:52
authwp_ajax_trinity_backup_get_settingssrc\Core\Router.php:53
authwp_ajax_trinity_backup_preupdate_savesrc\Core\Router.php:54
authwp_ajax_trinity_backup_email_savesrc\Core\Router.php:55
authwp_ajax_trinity_backup_email_testsrc\Core\Router.php:56
authwp_ajax_trinity_backup_whitelabel_savesrc\Core\Router.php:57
authwp_ajax_trinity_backup_save_themesrc\Core\Router.php:60
WordPress Hooks 5
actionadmin_menusrc\Core\Plugin.php:93
actionadmin_enqueue_scriptssrc\Core\Plugin.php:94
actionwp_mail_failedsrc\Core\Router.php:94
filtershow_deactivation_subscription_cancellationtrinity-backup.php:60
filterdeactivate_on_activationtrinity-backup.php:61
Maintenance & Trust

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version8.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs300
Alternatives

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Alternatives

Clone

Clone

wp-clone-by-wp-academy

A
93

100% FREE clone and migration

50K 5 CVEs
1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1-click-migration

B
71

Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.

400 1 unpatched
SiteVault – Backup, Restore & Migration

SiteVault – Backup, Restore & Migration

sitevault-backup-restore-migration

A
100

Simple WordPress backup, restore, and migration plugin. Create backups, restore your site, and migrate to a new domain with ease.

0 No CVEs
WPvivid — Backup, Migration & Staging

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

B
75

Migrate, staging, backup WordPress, all in one.

900K 26 CVEs
WP STAGING – WordPress Backup, Restore & Migration

WP STAGING – WordPress Backup, Restore & Migration

wp-staging

A
95

Backup, restore, staging, and migration for WordPress. Create full-site backups and test updates safely.

100K 4 CVEs
Developer Profile

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Developer Profile

KingAddons.com

5 plugins · 11K total installs

83
trust score
Avg Security Score
84/100
Avg Patch Time
13 days
View full developer profile
Detection Fingerprints

How We Detect Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/trinity-backup/assets/css/styles.css/wp-content/plugins/trinity-backup/assets/js/trinity-backup-admin.js/wp-content/plugins/trinity-backup/vendor/freemius/assets/css/base.css/wp-content/plugins/trinity-backup/vendor/freemius/assets/js/base.js
Script Paths
/wp-content/plugins/trinity-backup/assets/js/trinity-backup-admin.js/wp-content/plugins/trinity-backup/vendor/freemius/assets/js/base.js
Version Parameters
trinity-backup/assets/css/styles.css?ver=trinity-backup/assets/js/trinity-backup-admin.js?ver=trinity-backup/vendor/freemius/assets/css/base.css?ver=trinity-backup/vendor/freemius/assets/js/base.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-trinity-backup-ajax-url
JS Globals
trinityBackupAjaxUrltrinityBackupNonce
REST Endpoints
/wp-json/trinity-backup/v1/backup/schedule/wp-json/trinity-backup/v1/backup/create/wp-json/trinity-backup/v1/backup/import/wp-json/trinity-backup/v1/backup/download/wp-json/trinity-backup/v1/backup/delete/wp-json/trinity-backup/v1/backup/cancel/wp-json/trinity-backup/v1/setting/save
FAQ

Frequently Asked Questions about Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups