Support » Plugin: WordPress Backup and Migrate Plugin - BackupGuard » Backups visible on the web?

  • Resolved Robbie Link


    Using the default settings for local backup the index of seems to be visible on the web and anyone could download my backups. I’ve changed the backup location to a non-web accessible location.
    Shouldn’t there be a warning about this or a suggestion to change htaccess?

Viewing 2 replies - 1 through 2 (of 2 total)
  • stephankn


    This is a serious issue. I recommend everyone to review the plugin configuration and change the Local folder path. Adding a longer random string at the end should do the trick.

    The plugin author has to initialize the path on initialization with a not guessable value. Or even use a path which is not web-readable at all.

    The logfile exposes existence of the vulnerability. Also consider censoring the exact path in the log output so users do not accidentally publish their site configuration.



    Thanks for the input guys. I am working on version 2.1 of the plugin and am addressing this issue.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Backups visible on the web?’ is closed to new replies.