[Plugin: BackUpWordPress] New version 2.0.1 removes .htaccess file!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Tom Willmot

    (@willmot)

    11 years, 6 months ago

    I’ve removed the reliance on using a .htaccess file for security as it didn’t work in all cases (e.g. non apache servers).

    Instead the backups directory is protected from directory browsing by an index.php file and the backup filenames contain a long string of random characters making them very difficult / impossible to guess.

    BackUpWordPress is still secure.

    Thread Starter sabrx

    (@sabrx)

    11 years, 6 months ago

    Dear Tom,

    thanks for you reply. I must disagree with you, because:

    – over 80% of WordPress installations are powered by Apache, hence presence of .htaccess file is meaningful
    – file names of backups do not contain any random characters, but time data. In case I backup every day, an attacker can easily guess the file name by running an automated tool that will check all 86400 (24*60*60) combinations, which is not that many. Don’t you agree?

    Kind regards
    Erich Szabo

    Plugin Author Tom Willmot

    (@willmot)

    11 years, 6 months ago

    Both good points,

    I’ll likely bring back the .htaccess in the next version as that will increase security for all Apache installs.

    Thanks for your points.

    Thread Starter sabrx

    (@sabrx)

    11 years, 6 months ago

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: BackUpWordPress] New version 2.0.1 removes .htaccess file!’ is closed to new replies.