diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php
index 474c86fc..0afc7905 100644
--- a/src/Controller/UpdateManagerController.php
+++ b/src/Controller/UpdateManagerController.php
@@ -314,6 +314,80 @@ class UpdateManagerController extends AbstractController
         return $this->json($details);
     }
 
+    /**
+     * Create a manual backup.
+     */
+    #[Route('/backup', name: 'admin_update_manager_backup', methods: ['POST'])]
+    public function createBackup(Request $request): Response
+    {
+        $this->denyAccessUnlessGranted('@system.manage_updates');
+
+        if (!$this->isCsrfTokenValid('update_manager_backup', $request->request->get('_token'))) {
+            $this->addFlash('error', 'Invalid CSRF token.');
+            return $this->redirectToRoute('admin_update_manager');
+        }
+
+        if ($this->updateExecutor->isLocked()) {
+            $this->addFlash('error', 'Cannot create backup while an update is in progress.');
+            return $this->redirectToRoute('admin_update_manager');
+        }
+
+        try {
+            $backupPath = $this->backupManager->createBackup(null, 'manual');
+            $this->addFlash('success', 'update_manager.backup.created');
+        } catch (\Exception $e) {
+            $this->addFlash('error', 'Backup failed: ' . $e->getMessage());
+        }
+
+        return $this->redirectToRoute('admin_update_manager');
+    }
+
+    /**
+     * Delete a backup file.
+     */
+    #[Route('/backup/delete', name: 'admin_update_manager_backup_delete', methods: ['POST'])]
+    public function deleteBackup(Request $request): Response
+    {
+        $this->denyAccessUnlessGranted('@system.manage_updates');
+
+        if (!$this->isCsrfTokenValid('update_manager_delete', $request->request->get('_token'))) {
+            $this->addFlash('error', 'Invalid CSRF token.');
+            return $this->redirectToRoute('admin_update_manager');
+        }
+
+        $filename = $request->request->get('filename');
+        if ($filename && $this->backupManager->deleteBackup($filename)) {
+            $this->addFlash('success', 'update_manager.backup.deleted');
+        } else {
+            $this->addFlash('error', 'update_manager.backup.delete_error');
+        }
+
+        return $this->redirectToRoute('admin_update_manager');
+    }
+
+    /**
+     * Delete an update log file.
+     */
+    #[Route('/log/delete', name: 'admin_update_manager_log_delete', methods: ['POST'])]
+    public function deleteLog(Request $request): Response
+    {
+        $this->denyAccessUnlessGranted('@system.manage_updates');
+
+        if (!$this->isCsrfTokenValid('update_manager_delete', $request->request->get('_token'))) {
+            $this->addFlash('error', 'Invalid CSRF token.');
+            return $this->redirectToRoute('admin_update_manager');
+        }
+
+        $filename = $request->request->get('filename');
+        if ($filename && $this->updateExecutor->deleteLog($filename)) {
+            $this->addFlash('success', 'update_manager.log.deleted');
+        } else {
+            $this->addFlash('error', 'update_manager.log.delete_error');
+        }
+
+        return $this->redirectToRoute('admin_update_manager');
+    }
+
     /**
      * Restore from a backup.
      */
diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php
index 2fe54173..fca7d1fa 100644
--- a/src/Services/System/UpdateExecutor.php
+++ b/src/Services/System/UpdateExecutor.php
@@ -602,6 +602,33 @@ class UpdateExecutor
     }
 
 
+    /**
+     * Delete a specific update log file.
+     */
+    public function deleteLog(string $filename): bool
+    {
+        // Validate filename pattern for security
+        if (!preg_match('/^update-[\w.\-]+\.log$/', $filename)) {
+            $this->logger->warning('Attempted to delete invalid log filename: ' . $filename);
+            return false;
+        }
+
+        $logPath = $this->project_dir . '/' . self::UPDATE_LOG_DIR . '/' . $filename;
+
+        if (!file_exists($logPath)) {
+            return false;
+        }
+
+        try {
+            $this->filesystem->remove($logPath);
+            $this->logger->info('Deleted update log: ' . $filename);
+            return true;
+        } catch (\Exception $e) {
+            $this->logger->error('Failed to delete update log: ' . $e->getMessage());
+            return false;
+        }
+    }
+
     /**
      * Restore from a backup file with maintenance mode and cache clearing.
      *
diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig
index 44b9f8c0..8afa4472 100644
--- a/templates/admin/update_manager/index.html.twig
+++ b/templates/admin/update_manager/index.html.twig
@@ -343,11 +343,26 @@
                                                     {{ log.date|date('Y-m-d H:i') }}
                                                 </td>
                                                 <td><code class="small">{{ log.file }}</code></td>
-                                                <td>
-                                                    <a href="{{ path('admin_update_manager_log', {filename: log.file}) }}"
-                                                       class="btn btn-sm btn-outline-secondary">
-                                                        <i class="fas fa-eye"></i>
-                                                    </a>
+                                                <td class="text-end">
+                                                    <div class="btn-group btn-group-sm">
+                                                        <a href="{{ path('admin_update_manager_log', {filename: log.file}) }}"
+                                                           class="btn btn-outline-secondary"
+                                                           title="{% trans %}update_manager.view_log{% endtrans %}">
+                                                            <i class="fas fa-eye"></i>
+                                                        </a>
+                                                        {% if is_granted('@system.manage_updates') %}
+                                                            <form action="{{ path('admin_update_manager_log_delete') }}" method="post" class="d-inline"
+                                                                  data-turbo-confirm="{% trans %}update_manager.log.delete.confirm{% endtrans %}">
+                                                                <input type="hidden" name="_token" value="{{ csrf_token('update_manager_delete') }}">
+                                                                <input type="hidden" name="filename" value="{{ log.file }}">
+                                                                <button type="submit"
+                                                                    class="btn btn-outline-danger"
+                                                                    title="{% trans %}update_manager.delete{% endtrans %}">
+                                                                    <i class="fas fa-trash-alt"></i>
+                                                                </button>
+                                                            </form>
+                                                        {% endif %}
+                                                    </div>
                                                 </td>
                                             </tr>
                                         {% else %}
@@ -362,6 +377,17 @@
                             </div>
                         </div>
                         <div class="tab-pane fade" id="backups-tab">
+                            {% if is_granted('@system.manage_updates') and status.can_auto_update and not is_locked %}
+                                <div class="p-2 border-bottom">
+                                    <form action="{{ path('admin_update_manager_backup') }}" method="post" class="d-inline"
+                                          data-turbo-confirm="{% trans %}update_manager.backup.create.confirm{% endtrans %}">
+                                        <input type="hidden" name="_token" value="{{ csrf_token('update_manager_backup') }}">
+                                        <button type="submit" class="btn btn-sm btn-success">
+                                            <i class="fas fa-download me-1"></i>{% trans %}update_manager.backup.create{% endtrans %}
+                                        </button>
+                                    </form>
+                                </div>
+                            {% endif %}
                             <div class="table-responsive" style="max-height: 350px; overflow-y: auto;">
                                 <table class="table table-hover table-sm mb-0">
                                     <thead class="sticky-top" style="background-color: #f8f9fa;">
@@ -383,24 +409,38 @@
                                                     {{ (backup.size / 1024 / 1024)|number_format(1) }} MB
                                                 </td>
                                                 <td class="text-end">
-                                                    {% if status.can_auto_update and validation.valid and not backup_restore_disabled %}
-                                                        <form action="{{ path('admin_update_manager_restore') }}" method="post" class="d-inline"
-                                                              data-controller="backup-restore"
-                                                              data-backup-restore-filename-value="{{ backup.file }}"
-                                                              data-backup-restore-date-value="{{ backup.date|date('Y-m-d H:i') }}"
-                                                              data-backup-restore-confirm-title-value="{{ 'update_manager.restore_confirm_title'|trans }}"
-                                                              data-backup-restore-confirm-message-value="{{ 'update_manager.restore_confirm_message'|trans }}"
-                                                              data-backup-restore-confirm-warning-value="{{ 'update_manager.restore_confirm_warning'|trans }}">
-                                                            <input type="hidden" name="_token" value="{{ csrf_token('update_manager_restore') }}">
-                                                            <input type="hidden" name="filename" value="{{ backup.file }}">
-                                                            <input type="hidden" name="restore_database" value="1">
-                                                            <button type="submit"
-                                                                class="btn btn-sm btn-outline-warning"
-                                                                title="{% trans %}update_manager.restore_backup{% endtrans %}">
-                                                                <i class="fas fa-undo"></i>
-                                                            </button>
-                                                        </form>
-                                                    {% endif %}
+                                                    <div class="btn-group btn-group-sm">
+                                                        {% if status.can_auto_update and validation.valid and not backup_restore_disabled %}
+                                                            <form action="{{ path('admin_update_manager_restore') }}" method="post" class="d-inline"
+                                                                  data-controller="backup-restore"
+                                                                  data-backup-restore-filename-value="{{ backup.file }}"
+                                                                  data-backup-restore-date-value="{{ backup.date|date('Y-m-d H:i') }}"
+                                                                  data-backup-restore-confirm-title-value="{{ 'update_manager.restore_confirm_title'|trans }}"
+                                                                  data-backup-restore-confirm-message-value="{{ 'update_manager.restore_confirm_message'|trans }}"
+                                                                  data-backup-restore-confirm-warning-value="{{ 'update_manager.restore_confirm_warning'|trans }}">
+                                                                <input type="hidden" name="_token" value="{{ csrf_token('update_manager_restore') }}">
+                                                                <input type="hidden" name="filename" value="{{ backup.file }}">
+                                                                <input type="hidden" name="restore_database" value="1">
+                                                                <button type="submit"
+                                                                    class="btn btn-outline-warning"
+                                                                    title="{% trans %}update_manager.restore_backup{% endtrans %}">
+                                                                    <i class="fas fa-undo"></i>
+                                                                </button>
+                                                            </form>
+                                                        {% endif %}
+                                                        {% if is_granted('@system.manage_updates') %}
+                                                            <form action="{{ path('admin_update_manager_backup_delete') }}" method="post" class="d-inline"
+                                                                  data-turbo-confirm="{% trans %}update_manager.backup.delete.confirm{% endtrans %}">
+                                                                <input type="hidden" name="_token" value="{{ csrf_token('update_manager_delete') }}">
+                                                                <input type="hidden" name="filename" value="{{ backup.file }}">
+                                                                <button type="submit"
+                                                                    class="btn btn-outline-danger"
+                                                                    title="{% trans %}update_manager.delete{% endtrans %}">
+                                                                    <i class="fas fa-trash-alt"></i>
+                                                                </button>
+                                                            </form>
+                                                        {% endif %}
+                                                    </div>
                                                 </td>
                                             </tr>
                                         {% else %}
diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf
index d9418563..8220e709 100644
--- a/translations/messages.en.xlf
+++ b/translations/messages.en.xlf
@@ -12311,6 +12311,72 @@ Buerklin-API Authentication server:
         <target>Backup restore is disabled by server configuration.</target>
       </segment>
     </unit>
+    <unit id="um_bk_create" name="update_manager.backup.create">
+      <segment state="translated">
+        <source>update_manager.backup.create</source>
+        <target>Create Backup</target>
+      </segment>
+    </unit>
+    <unit id="um_bk_create_confirm" name="update_manager.backup.create.confirm">
+      <segment state="translated">
+        <source>update_manager.backup.create.confirm</source>
+        <target>Create a full backup now? This may take a moment.</target>
+      </segment>
+    </unit>
+    <unit id="um_bk_created" name="update_manager.backup.created">
+      <segment state="translated">
+        <source>update_manager.backup.created</source>
+        <target>Backup created successfully.</target>
+      </segment>
+    </unit>
+    <unit id="um_bk_del_confirm" name="update_manager.backup.delete.confirm">
+      <segment state="translated">
+        <source>update_manager.backup.delete.confirm</source>
+        <target>Are you sure you want to delete this backup?</target>
+      </segment>
+    </unit>
+    <unit id="um_bk_deleted" name="update_manager.backup.deleted">
+      <segment state="translated">
+        <source>update_manager.backup.deleted</source>
+        <target>Backup deleted successfully.</target>
+      </segment>
+    </unit>
+    <unit id="um_bk_del_err" name="update_manager.backup.delete_error">
+      <segment state="translated">
+        <source>update_manager.backup.delete_error</source>
+        <target>Failed to delete backup.</target>
+      </segment>
+    </unit>
+    <unit id="um_log_del_confirm" name="update_manager.log.delete.confirm">
+      <segment state="translated">
+        <source>update_manager.log.delete.confirm</source>
+        <target>Are you sure you want to delete this log?</target>
+      </segment>
+    </unit>
+    <unit id="um_log_deleted" name="update_manager.log.deleted">
+      <segment state="translated">
+        <source>update_manager.log.deleted</source>
+        <target>Log deleted successfully.</target>
+      </segment>
+    </unit>
+    <unit id="um_log_del_err" name="update_manager.log.delete_error">
+      <segment state="translated">
+        <source>update_manager.log.delete_error</source>
+        <target>Failed to delete log.</target>
+      </segment>
+    </unit>
+    <unit id="um_view_log" name="update_manager.view_log">
+      <segment state="translated">
+        <source>update_manager.view_log</source>
+        <target>View log</target>
+      </segment>
+    </unit>
+    <unit id="um_delete" name="update_manager.delete">
+      <segment state="translated">
+        <source>update_manager.delete</source>
+        <target>Delete</target>
+      </segment>
+    </unit>
     <unit id="kHKChQB" name="settings.ips.conrad">
       <segment state="translated">
         <source>settings.ips.conrad</source>