Could you be backing up everything including an old backup file?
I suppose that’s possible. I feel pretty comfortable about my security of my site because I’ve made sure I followed best practices on setting that up. How would I check that? I’m using BackWPUp.
Security isn’t an issue in this case. It’s most likely that a backup file just didn’t get deleted somewhere along the line. That can happen, and sometimes it’s not the fault of the plugin.
The best way to check this is to look for any large files in your file system, like .zip’s, .tar’s, etc. I don’t know how that backup plugin stores the files, but it’s normally done in that sort of way. You might need to use the file explorer of your hosting account, or FTP into your hosting server to poke around.
There’s also other possibilities, like error_log files, or core12344 core dump files being produced by the server. You’ll see those pretty easily as they are normally pretty large.
