So the point of backup is to keep your website backed up but if it happens that your website get hacked and someone inject/upload infected files, when you restore the backup, these files remain intact there on the website folder. Why restoring a backup won't wipe out all of your files in website folder and restore everything back from the backup. In my point of view this is how restore backup should work. I don't know if maybe I am missing something or this was somehow overlooked / no one noticed this, or it was intentionally left to work like this. But here are few scenarios I find this maybe a bad solution. So when you restore backup it will only restore back files that were there in the backup and overwrite those files. If new files are present in web folder, they will remain there. In this case if website get infected with code and new malicious .js or .php files get created in the website folder, restore won't do anything as these files will remain there and continue to operate. If I want to update wordpress or theme or plugin and something is wrong there with the new updated theme or plugin, specially if new plugin is installed, the files remain there and this can make a problem sometime. This is specially in case if for example you install wordfence plugin or cache and they tend to create .ini files in website root or subfolder which can mess up functionality of the website and you restore the backup but these files remain there and you are left out with broken website until you figure out that these files are still there. Maybe this can be a feature request to have checkbox or question next to the restore option to wipe out all files from web folder when restoring a backup.
Yes, it will replace the site. But it will not delete the whole site upfront. Besides that, it might be that the backup replaced the hacked files, and they got replaced by the still rerunning malware, so that you still have hacked files after a restore is no real indication that the backup did not replace that files.
Till I am not sure if I explained it well. You could be right about malware, if it's something persistent even if you replace or delete files it will return back but that's not the case. Maybe I can explain it better. Imagine you have a folder /web/wp-content/themes/sometheme/ And you make the backup, the backup will zip all the files and folders. And then I make a new folder /web/wp-content/themes/sometheme-child/ In wordpress child theme overwrite main theme functions, if I mess up something badly this breaks the website. If I want to restore the backup, the backup will restore and overwrite everything from /web/wp-content/themes/sometheme/ But folder /web/wp-content/themes/sometheme-child/ Will still remain there intact, it wont be deleted when I restore the backup, but that folder didn't exist when backup is made so it shouldn't be there after restore.
Ok, I understand that now. I don't think the backup should wipe out all files that do not exist at backup time. The backup is basically to take a tar.gz from your web folder and restore that tar.gz. It's not a snapshot in the way you snapshot a virtual machine. But yes, it might be useful to add an option to wipe out all files in the web folder if someone wants it.
