A lot of learning on best practices, a few suggestions

Hi! I’m loving this plugin since WP 3.3, using and recommending it to every friend developer. It has teached me a lot to think about vulnerabilities, and I’d like a lot to contribute better, but I just have two suggestions:

Using the hostName to quickly spot which host belongs a backup, I’m currently using this plugin on several WP codebases (not network, different projects), but using only a copy, and symlinked in others, thus putting all the backups inside the same directory. Currently I’m making only a minor change to this:

function execute_backup() {
...
  //save file
  $hostName = $_SERVER['HTTP_HOST'];
  $file = $hostName . '-database-backup-' . current_time( 'timestamp' );

Maybe would be nice a feature to FTP upload to another space?

And finally, I’m using the example given in this thread to block suspicious query strings, yet being able to use an updated version of timthumb. I know timthumb is not the most secure script out there, but may be other plugins deserve a best hint.

I’m looking forward to know what comes in 4.0 release! Maybe IIS support? I’d be happy to help with a friend’s project to test web.config rules.