Support » Plugin: WordPress Backup and Migrate Plugin - BackupGuard » Backups visible on the web?

  • Resolved Robbie Link

    (@robbie)


    Using the default settings for local backup the index of mysite.com/wp-content/backups seems to be visible on the web and anyone could download my backups. I’ve changed the backup location to a non-web accessible location.
    Shouldn’t there be a warning about this or a suggestion to change htaccess?

    http://wordpress.org/extend/plugins/backup/

Viewing 2 replies - 1 through 2 (of 2 total)
  • stephankn

    (@stephankn)

    This is a serious issue. I recommend everyone to review the plugin configuration and change the Local folder path. Adding a longer random string at the end should do the trick.

    The plugin author has to initialize the path on initialization with a not guessable value. Or even use a path which is not web-readable at all.

    The logfile exposes existence of the vulnerability. Also consider censoring the exact path in the log output so users do not accidentally publish their site configuration.

    iclanzan

    (@helio-1)

    Thanks for the input guys. I am working on version 2.1 of the plugin and am addressing this issue.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Backups visible on the web?’ is closed to new replies.