When Backvera backs up, restores, or installs the plugin on your site, it makes automated HTTP requests to your server from Backvera’s infrastructure. This page shows how those requests identify themselves, so you can recognise Backvera in your access logs or security-plugin logs and allowlist it when needed.
Is this a real threat?
No. These requests come from Backvera’s servers, not from a browser or an attacker. Seeing them in your logs – including occasional “new login location”, “suspicious login”, or “blocked login” notices from a security plugin during a one-click install – is normal and safe. It is the service you connected, doing the work you asked for.
Our user agents
Every request Backvera makes to your site carries one of these User-Agent strings:
Backups, restores, health checks, and clones:
Mozilla/5.0 (compatible; Backvera.com; +https://backvera.com/help/bot/)
One-click plugin install (signing in to wp-admin):
Mozilla/5.0 (compatible; Backvera.com; +https://backvera.com/help/bot/)
If a request to your site claims to be Backvera but does not use one of these user agents, it is not us.
Our IP addresses
The most reliable way to allowlist Backvera is by the user agent above, because our outbound IP addresses can change as our infrastructure scales. If your firewall or host requires specific IP addresses to allow, email [email protected] and we will share our current IP ranges.
Allowlisting Backvera
If a security plugin or firewall is getting in the way – for example a one-click install fails with “wp-admin blocked”, or scheduled backups stop reaching your site – add Backvera to its allowlist:
- Allow the user agent(s) listed above, or
- Allow the IP ranges we provide on request.
In Wordfence and most security plugins you can allowlist by IP address or by user agent in the firewall settings. Once Backvera is allowlisted, retry the action.
Related
Still need help? Email our team at [email protected].