Hi,
We don’t recommend storing the backup only in the local wp-content folder, as it is then susceptible to being lost if the site is deleted.
Any backup files in the wp-content directory are as secure as the rest of the directory, and will share the same file permissions.
Hi DNutbourne,
Thank you for your answer. My question was more about whether UpdraftPlus does something to randomize the filenames so the files can’t be directly downloaded by a third party. If the filename is predictable, then someone else could potentially download your zip files and have all your data.
It would be good if we could actually store the backup in a non-public location on the server. Perhaps this is something worth considering as a feature?
Thanks!
Hi,
Yes, UpdraftPlus backup filenames include a randomised string. The structure of the filename is:
backup_2017-10-5-0000_Wordpress_776a6c9a475a-plugins
backup_<DATETIME>_<Site Name>_<Random String>-<section>
This random string is also used to identify the log file.
As such, a third party would need to know the exact time and random string to download the file.
