Backups visible on the web? (3 posts)

  1. Robbie
    Posted 3 years ago #

    Using the default settings for local backup the index of mysite.com/wp-content/backups seems to be visible on the web and anyone could download my backups. I've changed the backup location to a non-web accessible location.
    Shouldn't there be a warning about this or a suggestion to change htaccess?


  2. stephankn
    Posted 3 years ago #

    This is a serious issue. I recommend everyone to review the plugin configuration and change the Local folder path. Adding a longer random string at the end should do the trick.

    The plugin author has to initialize the path on initialization with a not guessable value. Or even use a path which is not web-readable at all.

    The logfile exposes existence of the vulnerability. Also consider censoring the exact path in the log output so users do not accidentally publish their site configuration.

  3. iclanzan
    Plugin Author

    Posted 3 years ago #

    Thanks for the input guys. I am working on version 2.1 of the plugin and am addressing this issue.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Backup
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.