How to disable “delete backup” option

  • Resolved Jack

    (@theeconomist-1)


    1 year, 9 months ago

    Hi there!

    Many thanks for developing such a handy plugin!

    We’re backing up to Google Drive. In section “existing backups” on a “backup/restore” tab there’s a list of existing backups. And then there’s an action column to the right of each backu with restore, delete and view log buttons.

    If I understand correctly – in case of compromised website (eg. someone gets admin access) all backups can be deleted from remote storage (Google Drive in our case).

    How do we prevent such scenario? Is there an option to disable “delete” button so that backups can only de deleted from the Google Drive itself and not from WP admin?

    Many thanks in advance for your input on the above matter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor aporter

    (@aporter)

    1 year, 9 months ago

    Hi,

    Unfortunately thats a limitation to how OAuth apps work in general (Google Drive, Dropbox, Onedrive) you provide read and write access to your account which is authenticated via a token.

    Even if we got rid of the delete button entirely, someone with admin access would be able to access the database, grab the token and use it outside of UpdraftPlus to delete the backups if they wanted.

    To protect against that you would need to use another remote storage such as AWS which allows you to create a key that can only write files to storage and not delete.

    Best Wishes,

    Ashley

    Thread Starter Jack

    (@theeconomist-1)

    1 year, 9 months ago

    Thanks for prompt reply Ashley,

    Can you provide a link to documentation describing how to configure UpdraftPlus and AWS in such manner?

    Plugin Contributor aporter

    (@aporter)

    1 year, 9 months ago

    Hi Jack,

    No problem, the link here has all the details for setting up UpdraftPlus with Amazon S3.

    Theres a section towards the bottom for setting up the most secure setup:

    https://updraftplus.com/faqs/what-settings-should-i-use-for-amazon-s3-and-how-should-i-configure-my-amazon-s3-account/

    Best Wishes,

    Ashley

    Thread Starter Jack

    (@theeconomist-1)

    1 year, 9 months ago

    Many thanks!

    Have a lovely day Ashley.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How to disable “delete backup” option’ is closed to new replies.