=== Contabo Snapshots === Contributors: Claudio Xerez Tags: contabo, snapshot, vps, backup, api Requires at least: 5.8 Requires PHP: 7.4 Tested up to: 6.9 Stable tag: 2.2 License: GPLv2 or later Manage and automate snapshots for your Contabo VPS instances directly from WordPress. == Description == Contabo Snapshots is a WordPress plugin designed to simplify the management of VPS snapshots via the Contabo API. It allows you to trigger snapshots manually or automate them using a secure cron job URL. This plugin is ideal for server administrators who want to ensure their VPS instances have regular backups (snapshots) without logging into the Contabo control panel every time. **Key Features:** * **Instance Discovery**: Automatically lists instances associated with your API credentials. * **Snapshot Rotation**: Automatically removes old snapshots before creating a new one to respect storage limits. It keeps the latest snapshot and deletes older ones created by the plugin. * **Secure Automation**: Provides a protected URL endpoint for external cron jobs. * **Execution Logs**: detailed logs of all operations (manual and automated) displayed directly in the settings page. == Configuration & Requirements == To use this plugin, you need valid API credentials from Contabo. 1. **API User**: Your Contabo API username. 2. **API Password**: Your Contabo API password. **Security Note**: For enhanced security, the password is **never displayed** in the admin interface after saving. It is stored securely in the database. The input field allows you to update it (by entering a new one) but will show a secure placeholder `********` if a password is already set. If you leave the field empty and save, the existing password is preserved. 3. **Client ID**: Your API Client ID. 4. **Client Secret**: Your API Client Secret. Navigate to **Settings > Contabo Snapshots** to enter these details. == Usage == ### Manual Execution You can trigger a snapshot immediately by clicking the **"Generate Snapshot Now"** button on the settings page. The process execution log will be displayed at the bottom of the page. ### Automated Execution (Cron) The plugin generates a unique **Security Token** to secure external access. You can find the Cron URL in the "Cron Scheduling" section. **The Cron URL format is:** `https://your-site.com/index.php?contabo_snapshot=run&token=YOUR_SECURITY_TOKEN` **How the Security Token Works:** The token acts as a key. Only requests containing the correct token in the URL are allowed to trigger the snapshot process. This prevents unauthorized users from flooding your API or deleting snapshots by accessing the endpoint. You can regenerate this token at any time if you believe it has been compromised. **Example Crontab Entry:** To run the snapshot process every day at 3:00 AM: `0 3 * * * wget -q -O - "https://your-site.com/index.php?contabo_snapshot=run&token=YOUR_SECURITY_TOKEN" >/dev/null 2>&1` == Security Features == * **Password Obfuscation**: The API password is never sent back to the browser in the value attribute of the input field. It is completely hidden from the UI using a secure placeholder. * **Input Masking**: API User, Client ID, and Client Secret fields are masked as password fields (with a visibility toggle) to prevent prying eyes. * **Token Authentication**: All external requests require a valid, verifiable security token. * **Log Handling**: Execution logs are stored securely in the WordPress Uploads directory to ensure proper file permissions while keeping them separated from the plugin core files. == Frequently Asked Questions == **Where are the logs stored?** Logs are stored in your site's `wp-content/uploads/contabo_snapshots.log` file. The last 20 execution entries are kept and displayed in the settings page. **Does this support multiple instances?** Yes, the plugin iterates through all instances found in your Contabo account and processes snapshots for each one.